User Guide for Resource Manager Essentials 4.1 (With LMS 3.0)
Chapter 8 : Archiving Configurations and Managing Them Using Archive Management
Downloads: This chapterpdf (PDF - 1.22MB) The complete bookPDF (PDF - 24.7MB) | Feedback

Archiving Configurations and Managing Them Using Archive Management

Table Of Contents

Archiving Configurations and Managing Them Using Archive Management

Performing Archive Management Tasks

Performing Archive Management Administrative Tasks

Performing Configuration Management Administrative Tasks

Preparing to Use the Archive Management

Entering Device Credentials

Modifying Device Configurations

Enabling rcp

Enabling scp

Enabling https

Configuring Devices to Send Syslogs

Modifying Device Security

Router Commands

Switches Commands

Content Networking—Content Service Switch Commands

Content Networking—Content Engine Commands

Cisco Interfaces and Modules—Network Analysis Modules

Security and VPN—PIX Devices

Using Job Approval for Archive Management

Configuring Transport Protocols

Requirements to Use the Supported Protocols

Supported Protocols for Configuration Management Applications

Defining the Protocol Order

Configuring Default Job Policies

Defining the Default Job Policies

Usage Scenarios When Job Password is Configured on Devices

Setting Up Archive Management

Moving the Configuration Archive Directory

Enabling and Disabling the Shadow Directory

Configuring Exclude Commands

Configuring Fetch Settings

Understanding Configuration Retrieval and Archival

Timestamps of Configuration Files

How Running Configuration is Archived

Change Audit Logging

Defining the Configuration Collection Settings

Purging Configurations from the Configuration Archive

Checking Configuration Archival Status

Configuration Archival Reports

Successful Devices Report

Failed Devices Report

Partially Successful Devices Report

Scheduling Sync Archive Job

Generating an Out-of-Sync Report

Scheduling Sync on Device Job

Using the Configuration Version Tree

Understanding the Config Viewer Window

Viewing the Configuration Version Summary

Configuration Quick Deploy

Performing a Configuration Quick Deploy

Configuring Labels

Creating a Label

Editing a Labeled Configuration

Viewing the Labeled Configuration

Deleting the Labeled Configuration

Using Search Archive

Creating a Custom Query

Running a Custom Query

Editing a Custom Query

Deleting the Custom Queries

Searching Archive

Search Archive Result

Device Configuration Quick View Report

Comparing Configuration

Comparing Startup vs. Running Configurations

Comparing Running vs. Latest Archived Configurations

Comparing Two Configuration Versions of the Same Device

Compare Two Configuration Versions of Different Devices

Understanding the Config Diff Viewer Window

Using Archive Management Job Browser

Retrying a Config Job

Stopping a Config Job

Deleting the Config Jobs

Viewing the Archive Management Job Details

Baseline Template

Baseline Templates Window

Creating a Baseline Template

Creating a Basic Baseline Template

Creating an Advanced Baseline Template

Creating an Advanced Baseline Template— Example

Editing a Baseline Template

Exporting a Baseline Template

Importing a Baseline Template

Deleting a Baseline Template

Deploying a Baseline Template

Deploying a Baseline Template Using User Interface

Deploying a Baseline Template Using File System

Using Baseline Jobs

Running Compliance Check

Understanding the Baseline Compliance Report

Deploying the Commands

Deleting the Compliance Jobs


Archiving Configurations and Managing Them Using Archive Management


The Archive Management application maintains an active archive of the configuration of devices managed by RME. It enables you to perform the following tasks:

Fetch, archive, and deploy device configurations.

Search and generate reports on archived data

Compare and label configurations, compare configurations with a baseline, and check for compliance.

You can also perform some of the Archive Management tasks using command line utility cwcli config.

You can also export the configuration data using the
cwcli export config command. See CLI Utilities for further details on cwcli config and cwcli export config commands.

This chapter gives information on performing:

Archive Management tasks (see Archive Management allows you to: for details).

Archive Management administrative tasks (see Performing Archive Management Administrative Tasks for details).

Configuration Management administrative tasks (see Performing Configuration Management Administrative Tasks for details).

Performing Archive Management Tasks

Archive Management allows you to:

Update the archive

In addition to scheduling configuration archive update, you can also update the archive manually. This ensures that you have the latest configurations.

See Scheduling Sync Archive Job and Defining the Configuration Collection Settings for further details.

Check archival status

You can check the overall status of the configuration archive (For example, Successful, Partially Successful, etc.).

See Checking Configuration Archival Status for further details.

Determine out-of-sync configuration files

You can list the devices for which running configurations are out-of-sync- with the startup configuration.

See Generating an Out-of-Sync Report and Scheduling Sync on Device Job for further details.

View Version Tree

You can view all configuration versions of selected devices in the form of a graphical display.

See Using the Configuration Version Tree for further details.

View Version Summary

You can view the latest three archived configurations for selected devices. It also has a link to view a particular configuration running on the device and to generate differences between versions in the archive.

See Viewing the Configuration Version Summary for further details.

Search for device configuration files

You can search the archive for configuration containing text patterns for selected devices.

See Using Search Archive for further details.

Create custom configuration queries (See Creating a Custom Query.)

You can create and run custom queries that generate reports. These reports display device configuration files from the archive for the devices you specify. You can use custom queries while searching archives.

Compare configurations

You can compare startup and running configurations, running and latest archived configurations. You can also compare two configuration versions of the same device, or two configuration versions of different devices.

See Comparing Configuration for further details.

Configuration Quick Deploy

You can create an immediate job to deploy the version of configuration that you are viewing on the device. You can deploy the configuration either in the Overwrite or Merge mode. You can also use job-based password.

See Configuration Quick Deploy for further details.

Archive Management Job Browser

You can see the status of your Archive Management jobs.

See Using Archive Management Job Browser for further details.

Label Configuration

You can select configuration files from different managed devices and then group and label them.

See Configuring Labels for further details.

Baseline Template

You can compare the baseline template with the configuration of devices in the archive. You can also generate a non-compliance configuration report and deploy this template onto the devices to make it compliant.

See Baseline Template for further details.

Set the debug mode for Archive Management application

You can set the debug mode for Archive Management application in the Log Level Settings dialog box (Resource Manager Essentials > Admin > System Preferences > Loglevel Settings).

See Application Log Level Settings for further details.

Using Device Center you can perform these Archive Management tasks:

Viewing the latest configuration archived details

Viewing the differences between the two archived running configuration

Updating the configuration archive

See RME Device Center for further details.

Performing Archive Management Administrative Tasks

The administrative tasks for Archive Management are:

Modify configuration collection and polling settings

You can enable or disable the configuration collection and polling tasks. You can also schedule a periodic job for configuration collection and polling.

See Defining the Configuration Collection Settings for further details.

Move the configuration archive directory (See Moving the Configuration Archive Directory.)

You can move the configuration archive directory to a new location.

Enable and disable the Shadow directory (See Enabling and Disabling the Shadow Directory.)

You can enable or disable the use of the Shadow directory.

The configuration archive Shadow directory is an image of the most recent configurations gathered by the configuration archive. You can use the shadow directory as an alternative method to get the latest configuration information programmatically, using scripts or other means.

Configure Exclude Commands (See Configuring Exclude Commands.)

You can list the commands that have to be excluded while comparing configuration.

Purge configurations files from the archive (See Purging Configurations from the Configuration Archive.)

You can enable or disable the purge task and also modify the schedule. This frees disk space and maintains your archive at a manageable size.

You need to set up your devices for the configuration archive. See Preparing to Use the Archive Management.

Performing Configuration Management Administrative Tasks

The administrative tasks for configuration Management (applicable to Archive Management, Config Editor, cwcli config, and NetConfig) are:

Configure Transport Protocol (See Configuring Transport Protocols.)

You can set the transport protocol order for Archive Mgmt, NetConfig, and Config Editor jobs.

Config Job Policies (See Configuring Default Job Policies.)

You can enable the job password policy for Archive Mgmt, NetConfig, Config Editor, and cwcli config. You can also configure the default job policies if the job fails.

For the new features in this release, see What's New in this Release.

Preparing to Use the Archive Management

Before you start using the Archive Management, you must:

Enter Device Credentials (See Entering Device Credentials for details)

Modify Device Configurations (See Modifying Device Configurations for details)

Modify Device Security (See Modifying Device Security for details)

Entering Device Credentials

Enter the following device credentials in the Device and Credentials window (Common Services > Device and Credentials > Device Management):

Read and write community strings

Primary Username and Password

Primary Enable Password

If you have enabled the Enable Job Password option in the Config Job Policy dialog box ((Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) when you scheduled the Config jobs, you are prompted for the following device credentials:

Login User name

Login Password

Enable Password

The supported Device authentication prompts are:

Routers

"Username:", "Username: "

"Password:", "Password: "

Switches

"username: ", "Username: "

"password: ", "Password: "

Cisco Interfaces and Modules—Network Analysis Modules

"login: "

"Password: " "password: "

Security and VPN—PIX

"username: ", "Username: "

"passwd: ", "password: ", "Password: "

Content Networking—Content Service Switch

"Username: ", "username: ", "login: ","Username:" , "username:" , "login:"

"Password: ", "password: ", "passwd: ","Password:" , "password:" , "passwd:"

Content Networking—Content Engine

"Username: " ,"login: "

"Password: "

Storage Networking—MDS Devices

"Username:", "Username: "

"Password:", "Password: "


Note If you enabled TACACS for a device and configured custom TACACS login and passwords prompts, you may experience Telnet problems, since RME may not recognize the prompts. To make your prompts recognizable, you must edit the TacacsPrompts.ini file. See the procedure given in the Handling Custom Telnet Prompts section of the User Guide for Common Services.


Modifying Device Configurations

To enable the configuration archive to gather the configurations, modify the device configurations for the following:

Enabling rcp

Enabling scp

Enabling https

Configuring Devices to Send Syslogs

Enabling rcp

To enable the configuration archive to gather the configurations using the rcp protocol, modify your device configurations.

Make sure the devices are rcp-enabled by entering the following commands in the device configurations:

# ip rcmd rcp-enable
# ip rcmd remote-host local_username {ip-address | host} remote_username [enable]

Where ip_address | host is the IP address/hostname of the machine where RME is installed. Alternatively, you can enter the hostname instead of the IP address. The default remote_username and local_username are cwuser.

Disable the DNS security check for rcp if your RME server and devices are not registered with the DNS server. To do this, use the command,
no ip rcmd domain-lookup for rcp to fetch the device configuration.

Enabling scp

To enable the configuration archive to gather the configurations using the scp protocol, modify your device configurations.

To configure local User name:

aaa new-model

aaa authentication login default local

aaa authentication enable default none

aaa authorization exec default local

username admin privilege 15 password 0 system

ip ssh authentication-retries 4

ip scp server enable

To configure TACACS User name:

aaa new-model

aaa authentication login default group tacacs+

aaa authentication enable default none

aaa authorization exec default group tacacs+

ip ssh authentication-retries 4

ip scp server enable

User on the TACACS Server should be configured with priv level 15:

user = admin {

default service = permit

login = cleartext "system"

service = exec {

priv-lvl = 15

}

}

Enabling https

To enable the configuration archive to gather the configurations using https protocol you must modify your device configurations.

To modify the device configuration, follow the procedure as described in this URL:

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2284/products_configuration_guide_chapter09186a00801f1d98.html#999607

Configuring Devices to Send Syslogs

Configure your devices for Syslog Analysis if you want the device configurations to be gathered and stored automatically in the configuration archive when Syslog messages are received.

After you perform these tasks and the devices become managed, the configuration files are collected and stored in the configuration archive.

Modifying Device Security

Configuration Management must be able to run certain commands on devices to archive their configurations.

You must disable security on the devices, the configurations of which you want to archive. This is because the security on the device prohibits Configuration Management from running these commands:

Router Commands

Switches Commands

Content Networking—Content Service Switch Commands

Content Networking—Content Engine Commands

Cisco Interfaces and Modules—Network Analysis Modules

Security and VPN—PIX Devices

Router Commands

Command
Description

terminal length 0

Sets the number of lines on the current terminal screen for the current session

terminal width 0

Sets the number of character columns on the terminal screen for the current line for a session

show privilege

Displays your current level of privilege

Show running

Gets running configuration.

Show startup

Gets startup configuration

Show running-brief1

Gets the running configuration in brief by excluding the encryption keys.

1 This is applicable for the IOS release 12.3(7)T release or later.


The commands in the above tables also apply to the following device types:

Universal Gateways and Access Servers

Universal Gateways and Access Servers

Optical Networking

Broadband Cable

Voice and Telephony

Wireless

Storage Networking

Switches Commands

The switches commands are:

Command
Description

set length 0

Configures the number of lines in the terminal display screen

set logging session disable

Disables the sending of system logging messages to the current login session.

write term

Gets running configuration.


Content Networking—Content Service Switch Commands

The Content Service Switch commands are:

Command
Description

no terminal more

Disables support for more functions with the terminal.

show running-config

Gets all components of the running configuration.

show startup-config

Gets the CSS startup configuration (startup-config).


Content Networking—Content Engine Commands

The Content Engine commands are:

Command
Description

terminal length 0

Sets the number of lines on the current terminal screen for the current session

show run

Gets running configuration.

show config

Gets startup configuration.


Cisco Interfaces and Modules—Network Analysis Modules

The Network Analysis Modules commands are:

Command
Description

terminal length 0

Sets the number of lines on the current terminal screen for the current session

show autostart

Displays autostart collections

show configuration

Gets startup configuration.


Security and VPN—PIX Devices

The PIX devices commands are:

Command
Description

terminal width 0

Sets the number of character columns on the terminal screen for the current line for a session

show config

Gets startup configuration.

show running

Gets running configuration.

show curpriv

View the current logged-in user.

no pager

Removes paging control


Using Job Approval for Archive Management

You can enable Job Approval for Archive Management tasks, (Resource Manager Essentials > Admin > Approval > Approval Policies). This means all jobs require approval before they can run.

Only users with Approver permissions can approve Archive Management jobs. Jobs must be approved before they can run if Job Approval is enabled on the system.

For more details on enabling job approval see Setting Up Job Approval in the section Enabling Approval and Approving Jobs Using Job Approval.

The following Archive Management tasks require approval if you have enabled Job Approval:

Out-of-Sync (Config Mgmt > Archive Mgmt > Out-of-Sync Summary)

Deploy (Config Mgmt > Archive Mgmt > Baseline Templates and Config Mgmt > Archive Mgmt > Baseline Templates > Compliance)

Compliance Check (Config Mgmt > Archive Mgmt > Baseline Templates > Compliance)

This is only if you enable the Check Compliance and Deploy option in the Job Schedule and Options dialog box.

Sync Archive jobs do not have Job Approval enabled because this job only archives the configuration from the device and there is no change to the device configuration.

If you have enabled Approval for Archive Management tasks, then in the Job Schedule and Options dialog box, you get these options:

Approval Comment—Approval comments for the job approver.

Maker E-Mail—E-mail-id of the job creator.

Configuring Transport Protocols

You can set the protocol order for Configuration Management applications such as Archive Management, Config Editor, and NetConfig jobs to download configurations and to fetch configurations. For NetShow, you can set the protocol order to download configurations.

This setup allows you to use your preferred protocol order for fetching and downloading the configuration.

The available protocols are:

Telnet

TFTP (Trivial File Transport Protocol)

rcp (remote copy protocol)

SSH (Secure Shell)

SCP (Secure Copy Protocol)

HTTPS (Hyper Text Transfer Protocol Secured)

Requirements to Use the Supported Protocols

If the following requirements are not met, an error message appears.

To use this Protocols
You must...

Telnet

Know Telnet passwords for login and Enable modes for device. If device is configured for TACACS authentication, enter Primary Username and Primary Password.

TFTP

Know read and write community strings for device.

rcp

Configure devices to support incoming rcp requests. To make sure the device is rcp-enabled, enter the following commands in the device configuration:

# ip rcmd rcp-enable

# ip rcmd remote-host local_username {ip-address | host} remote_username [enable]

where ip_address | host is the IP address/hostname of the machine where RME is installed. The default remote_username and local_username are cwuser. For example, you can enter:

# ip rcmd remote-host cwuser 123.45.678.90 cwuser enable

Note Disable the DNS security check for rcp if your RME server and devices are not registered with the DNS server. To do this, use the command,
no ip rcmd domain-lookup for rcp to fetch the device configuration.

SSH

Know the username and password for the device. If device is configured for TACACS authentication, enter the Primary Username and Primary Password.

Know password for Enable modes.

When you select the SSH protocol for the RME applications (Configuration Archive, NetConfig, ConfigEditor, and NetShow) the underlying transport mechanism checks whether the device is running SSHv2.

If so, it tries to connect to the device using SSHv2.

If the device does not run SSHv2 and runs only SSHv1 then it connects to the device through SSHv1.

If the device runs both SSHv2 and SSHv1, then it connects to the device using SSHv2.

If a problem occurs while connecting to the device using SSHv2, then it does not fall back to SSHv1 for the device that is being accessed.

Some useful URLs on configuring SSHv2 are:

Configuring Secure Shell on Routers and Switches Running Cisco IOS:

http://www.cisco.com/warp/public/707/ssh.shtml

How to Configure SSH on Catalyst Switches Running Catalyst OS:

http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a0080094314.shtml

Configuring the Secure Shell Daemon Protocol on CSS:

http://www.cisco.com/en/US/partner/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a00801eea45.html#1105358

Configuration Examples and TechNotes:

http://www.cisco.com/en/US/tech/tk583/tk617/tech_configuration_examples
_list.html

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guides_list.html

SCP

Know the SSH username and password for the device.

To make sure the device is scp-enabled, enter the following commands in the device configuration.

To configure local User name:

aaa new-model

aaa authentication login default local

aaa authentication enable default none

aaa authorization exec default local

username admin privilege 15 password 0 system

ip ssh authentication-retries 4

ip scp server enable

To configure TACACS User name:

aaa new-model

aaa authentication login default group tacacs+

aaa authentication enable default none

aaa authorization exec default group tacacs+

ip ssh authentication-retries 4

ip scp server enable

User on the TACACS Server should be configured with privilege level 15:

user = admin {

default service = permit

login = cleartext "system"

service = exec {

priv-lvl = 15

}

}

HTTPS

Know the username and password for the device. Enter the Primary Username and Password in the Device and Credential Repository (Common Services > Device and Credentials > Device Management).

To enable the configuration archive to gather the configurations using https protocol you must modify your device configurations:

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2284/products_configuration_guide_chapter09186a00801f1d98.html#999607

This is used for VPN 3000 device.


The configuration archive uses Telnet/SSH to gather the module configurations of Catalyst 5000 family devices and vlan.dat file in case of Catalyst IOS switches. Make sure you enter the correct Telnet and Enable passwords.

If you enabled TACACS for a device and configured custom TACACS login and passwords prompts, you may experience Telnet problems, since RME may not recognize the prompts. To make your prompts recognizable, you must edit the TacacsPrompts.ini file. See the procedure given in the Handling Custom Telnet Prompts section of the User Guide for Common Services.

For module configs, the passwords on the module must be same as the password on the supervisor.

Supported Protocols for Configuration Management Applications

For supported protocol at individual device-level, you can either see:

The RME device packages Online help. You can launch the RME device packages Online help using Help > Resource Manager Essentials > Device Packages.

or

The Supported Protocols for Configuration Management table on Cisco.com:

http://www.cisco.com/en/US/products/sw/cscowork/ps2073/products_device_support_tables_list.html

Defining the Protocol Order

The following is the workflow for defining the protocol order for Configuration Management applications to perform either Config fetch or Config update:


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.



Step 1 Select Resource Manager Essentials > Admin > Config Mgmt.

The Config Transport Settings dialog box appears.

Step 2 Go to the first drop-down list box, select the application for which you want to define the protocol order.

Step 3 Select a protocol from the Available Protocols pane and click Add.

If you want to remove a protocol or change the protocol order, you must remove the protocol using the Remove button and add the protocol, again.

The list of protocols that you have selected appears in the Selected Protocol Order pane.

When a configuration fetch or update operation fails, an error message appears. This message displays details about the supported protocol for the particular device and it modules, if there are any.

For the list of supported protocols, see Supported Device Table for Configuration Management application on Cisco.com.

Step 4 Click Apply.

A message appears, New settings saved successfully.

Step 5 Click OK.


Configuring Default Job Policies

Each Configuration Management job has properties that define how the job will run. You can configure a default policy for these properties that applies to all future jobs. You can also specify for each property whether users can change the default when creating a job.

You have the option of entering a username and password for running a specific Archive Management, Config Editor, NetConfig, or NetShow job.

If you enter a username and password, Archive Management, Config Editor, or NetConfig applications use this username and password to connect to the device, instead of taking these credentials from the Device and Credential Repository.

While the job is running, the password is retrieved from the Device and Credential Repository for each of the selected devices.

For example, if the TACACS server is managing the devices, the passwords in the TACACS server and the passwords in the Device and Credential Repository should be synchronized (with every password change).

This option of entering the username and password for running a job is useful in high security installations where device passwords are changed at frequent intervals. In such instances, the passwords may be changed every 60-90 seconds.

To use this option of entering a username and password for running a specific job, you should enable the job password policy for Archive Management, Config Editor, NetConfig, or NetShow jobs.

You can do this by using the Enable Job Password option in the Config Job Policies window.

If you have enabled Enable Job Password option, you can enter these credentials while scheduling a job:

Login Username

Login Password

Enable Password

Defining the Default Job Policies

The following is the workflow for defining the default job policies for Configuration Management applications:


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.



Step 1 Select Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies.

The Job Policy dialog box appears.

Step 2 Select the applications.

Step 3 Based on your selection, enter the following information:

Field Name
Description
Usage Notes

Failure Policy

This appears only if you select either Config Editor or NetConfig application.

Select what the job should do if it fails to run on the device. You can stop or continue the job, and roll back configuration changes to the failed device or to all devices configured by the job.

You can select one of the options:

Stop on failure—Stops the job on failure.

Ignore failure and continue—Continues the job on failure.

Rollback device and stop—Rolls back the changes on the failed device and stops the job. This is applicable only to NetConfig application.

Rollback device and continue—Rolls back the changes on the failed device and continues the job. This is applicable only to NetConfig application.

Rollback job on failure—Rolls back the changes on all devices and stops the job. This is applicable only to NetConfig application.

You can create rollback commands for a job in the following ways:

Using a system-defined template.

Rollback commands are created automatically by the template.

The Banner system-defined template does not support rollback. You cannot create rollback commands using this template.

Creating a user template.

Allows you to enter rollback commands into the template.

When you use the Adhoc and Telnet Password templates, you cannot create rollback commands.

E-mail Notification

This appears for all the applications in the dropdown list.

Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.

You can enter multiple e-mail addresses separated by commas.

Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).

We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).

When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.

Notification is sent when the job is started and completed.

Notification E-mails include a URL to enter to display job details. If you are not logged in, do so using log in panel.

Sync Archive before Job Execution

This appears if you select either Config Editor or NetConfig application.

The job archives the running configuration before making configuration changes.

None.

Copy Running Config to Startup

This appears if you select either Config Editor or NetConfig application.

The job writes the running configuration to the startup configuration on each device after configuration changes are made successfully.

Does not apply to Catalyst OS devices.

Enable Job Password

This appears for all the applications in the dropdown list.

The job Password Policy is enabled for all the jobs.

The Archive Management, Config Editor, and NetConfig jobs use this username and password to connect to the device, instead of taking these credentials from the Device and Credential Repository.

These device credentials are entered while scheduling a job.

None.

You can use this option even if you have configured only the Telnet password (without configuring username) on your device.

You must enter a string in the Login Username field. Do not leave the Login Username field blank.

The Login Username string will be ignored while connecting to the device since the device is configured only for the Telnet password.

See Usage Scenarios When Job Password is Configured on Devices.

Fail on Mismatch of Config Versions

This appears if you select either Config Editor or NetConfig application.

The job is considered a failure when the most recent configuration version in the configuration archive is not identical to the most recent configuration version that was in the configuration archive when you created the job.

None.

Delete Config after download

This appears if you select Config Editor.

The configuration file is deleted after the download.

 

Execution Policy

This appears for all the applications in the dropdown list.

Allows you to configure the job to run on multiple devices at the same time (Parallel execution) or in sequence (Sequential Execution).

If you select sequential execution, you can select Device Order in the Job Schedule and Options dialog box to set the order of the device.

1. Select a device in the Set Device Order dialog box.

2. Either:

Click the Move Up or Move Down arrows to change its place in the order. Click Done to save the current order.

Or

Close the dialog box without making any changes.

You cannot alter the device sequence for Archive Management application jobs such as Sync Archive, Check Compliance and Deploy, etc.

Sequential Execution is not supported for the following jobs:

Manual Sync Archive

Periodic Config Collection and Polling

cwcli config get

User Configurable

Select this check box next to any field to make corresponding policy user configurable.

You can configure a user-configurable policy while defining job. You cannot modify non-user-configurable policies.


Step 4 Click Apply.

A message appears, Policy values changed successfully.

Step 5 Click OK.


Usage Scenarios When Job Password is Configured on Devices

The following tables list the usage scenarios and their implications for Configuration application when job password is configured on devices.

When Device Access is Only Through Job Password and No Access is Available Through Regular Telnet/SSH and SNMP (Read or Write)

When Devices are Configured for Job Password and Access is Available Through SNMP (Read or Write)

When Devices are not Configured for Job Password and Access is Available Through Regular Telnet/SSH but no SNMP

When Devices are not Configured for Job Password and Regular Telnet/SSH is Disabled. Access is Available Only Through SNMP (Read or Write)

Table 8-1 When Device Access is Only Through Job Password and No Access is Available Through Regular Telnet/SSH and SNMP (Read or Write) 

Scenario
Archive Mgmt
cwcli config
NetConfig
Config Editor

Device is added into RME

Fails

Not applicable

Not applicable

Not applicable

Update archive request through user interface

Fails

Not applicable

Not applicable

Not applicable

Update archive request through command line

Not applicable

Fails

Not applicable

Not applicable

Config update when Syslog message is received

Fails

Not applicable

Not applicable

Not applicable

Config update through periodic scheduled process

Fails

Not applicable

Not applicable

Not applicable

Config update through SNMP poller based scheduled process

Fails

Not applicable

Not applicable

Not applicable

Config upload/restore through cwcli config

Not applicable

Fails

Not applicable

Not applicable

NetConfig Job

Not applicable

Fails

Succeeds

Not applicable

Config Editor job

Not applicable

Not applicable

Not applicable

Succeeds


Table 8-2 When Devices are Configured for Job Password and Access is Available Through SNMP (Read or Write) 

Scenario
Archive Mgmt
cwcli config
NetConfig
Config Editor

Device is added into RME

Succeeds for SNMP supported devices

Not applicable

Not applicable

Not applicable

Update archive request through user interface

Succeeds for SNMP supported devices

Not applicable

Not applicable

Not applicable

Update archive request through command line

Succeeds for SNMP supported devices

Succeeds for SNMP supported devices

Not applicable

Not applicable

Config update when Syslog message is received

Succeeds for SNMP supported devices

Not applicable

Not applicable

Not applicable

Config update through periodic scheduled process

Succeeds for SNMP supported devices

Not applicable

Not applicable

Not applicable

Config update through SNMP poller based scheduled process

Succeeds for SNMP supported devices

Not applicable

Not applicable

Not applicable

Config upload/restore through cwcli config

Not applicable

Succeeds for SNMP supported devices

Not applicable

Not applicable

NetConfig Job

Not applicable

Fails

Succeeds

Not applicable

Config Editor job

Not applicable

Not applicable

Not applicable

Succeeds


Table 8-3 When Devices are not Configured for Job Password and Access is Available Through Regular Telnet/SSH but no SNMP 

Scenario
Archive Mgmt
cwcli config
NetConfig
Config Editor

Device is added into RME

Succeeds

Not applicable

Not applicable

Not applicable

Update archive request through user interface

Succeeds

Not applicable

Not applicable

Not applicable

Update archive request through command line

Succeeds

Succeeds

Not applicable

Not applicable

Config update when Syslog message is received

Succeeds

Not applicable

Not applicable

Not applicable

Config update through periodic scheduled process

Succeeds

Not applicable

Not applicable

Not applicable

Config update through SNMP poller based scheduled process

Succeeds

Not applicable

Not applicable

Not applicable

Config upload/restore through cwcli config

Succeeds

Succeeds

Not applicable

Not applicable

NetConfig Job

Not applicable

Not applicable

Succeeds

Not applicable

Config Editor job

Not applicable

Not applicable

Not applicable

Succeeds


Table 8-4 When Devices are not Configured for Job Password and Regular Telnet/SSH is Disabled. Access is Available Only Through SNMP (Read or Write) 

Scenario
Archive Mgmt
cwcli config
NetConfig
Config Editor

Device is added into RME

Succeeds for SNMP supported devices

Not applicable

Not applicable

Not applicable

Update archive request through user interface

Succeeds for SNMP supported devices

Not applicable

Not applicable

Not applicable

Update archive request through command line

Succeeds for SNMP supported devices

Succeeds for SNMP supported devices

Not applicable

Not applicable

Config update when Syslog message is received

Succeeds for SNMP supported devices

Not applicable

Not applicable

Not applicable

Config update through periodic scheduled process

Succeeds for SNMP supported devices

Not applicable

Not applicable

Not applicable

Config update through SNMP poller based scheduled process

Succeeds for SNMP supported devices

Not applicable

Not applicable

Not applicable

Config upload/restore through cwcli config

Succeeds for SNMP supported devices

Succeeds for SNMP supported devices

Not applicable

Not applicable

NetConfig Job

Not applicable

Fails

Fails

Not applicable

Config Editor job

Not applicable

Not applicable

Not applicable

Fails


Setting Up Archive Management

You can move the directory for archiving the RME device configuration and enable and disable the usage of Shadow directory. You can also list the commands that need to be excluded while comparing configuration

To do this select Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt.

Moving the Configuration Archive Directory

Enabling and Disabling the Shadow Directory

Configuring Exclude Commands

Moving the Configuration Archive Directory

You can move the directory where the configuration of the devices can be archived on the RME server.

The default Configuration Archive directory is:

On RME Solaris server,

/var/adm/CSCOpx/files/rme/dcma

On RME Windows server,

NMSROOT\files\rme\dcma

Where NMSROOT is the CiscoWorks installed directory.

The new archive directory location should have the permission for casuser:casusers in Solaris and casuser should have Full Control in Windows. The new archive directory location should not be the root of any drive (F:\) and must be a subdirectory (F:\RMEarchives).


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


The following is the workflow for moving the configuration archive location:


Step 1 Stop the ConfigMgmtServer process. To do this:

a. Select Common Services > Server > Admin > Processes.

The Process Management dialog box appears.

b. Select the ConfigMgmtServer process.

c. Click Stop.

Step 2 Select Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt.

The Archive Settings dialog box appears.

Step 3 Enter the new location in the Archive Location field, or click Browse to select a directory on your system.

Step 4 Click Apply.

A message appears confirming the changes.

Step 5 Restart the ConfigMgmtServer process. To do this:

a. Select Common Services > Server > Admin > Processes.

The Process Management dialog box appears.

b. Select the ConfigMgmtServer process.

c. Click Start.


Enabling and Disabling the Shadow Directory

The configuration archive Shadow directory is an image of the most recent configurations gathered by the configuration archive.

The Shadow directory contains subdirectories that represent each device class and the latest configurations supported by the configuration archive.

Each file name is DisplayName.cfg, where DisplayName is the device's Display Name as defined in the Device and Credential Repository. Each time the archive is updated, the Shadow directory is updated with the corresponding information.

The Shadow directory can be used as an alternative method to derive the latest configuration information programmatically by using scripts or other means.

To access to the Shadow directory, you must be root or casuser on Solaris, or in the administrator group for Windows.

You can find the Shadow directory in the following locations:

On Solaris, /var/adm/CSCOpx/files/rme/dcma/shadow

On Windows, NMSROOT/files/rme/dcma/shadow. Where NMSROOT is the directory in which RME is installed (the default is C:\Program Files\CSCOpx).


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


You can enable or disable the use of Shadow directory by following this workflow:


Step 1 Stop the ConfigMgmtServer process. To do this:

a. Select Common Services > Server > Admin > Processes.

The Process Management dialog box appears.

b. Select the ConfigMgmtServer process.

c. Click Stop.

Step 2 Select Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt.

The Archive Settings dialog box appears.

Step 3 Select the Enable Shadow Directory check box.

Step 4 Click Apply.

A message shows that the changes were made.

Step 5 Restart the ConfigMgmtServer process. To do this:

a. Select Common Services > Server > Admin > Processes.

The Process Management dialog box appears.

b. Select the ConfigMgmtServer process.

c. Click Start.


Configuring Exclude Commands

You can list the commands that have to be excluded while comparing configuration. To do this select Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt > Exclude Commands.

You can enter multiple commands separated by commas.

RME provides default exclude commands for some Device Categories.

For example, the default exclude commands for Router device category are, end,exec-timeout,length,width,certificate,ntp clock-period

You can specify Exclude Commands at all these levels:

Device Category (For example, Routers, Wireless, etc.)

Device Family (For example, Cisco 1000 Series Routers, Cisco 1400 Series Routers, etc.)

Device Type (For example, Cisco 1003 Router, Cisco 1401 Router, etc.)

While comparing configurations, if you have specified exclude commands in the Device Type, Device Family and Device Category, these commands are excluded only at the Device Type level. The commands in the Device Family and Device Category are not excluded.

Example 1:

If you have specified these commands at,

Routers (Device Category) level

end,exec-timeout,length,width,certificate,ntp clock-period

Cisco 1000 Series Routers (Device Family) level

banner incoming,snmp-server location

Cisco 1003 Router (Device Type) level

ip name-server,banner motd,snmp-server manager session-timeout

While comparing configurations, only the Cisco 1003 Router (Device Type) level commands are excluded.

Example 2:

If you have specified these commands only at Device Family and Device Category,

Routers (Device Category) level

end,exec-timeout,length,width,certificate,ntp clock-period

Cisco 1000 Series Routers (Device Family) level

banner incoming,snmp-server location

Cisco 1003 Router (Device Type) level

No commands specified.

While comparing configurations, only the Cisco 1000 Series Routers (Device Family) level commands are excluded.

If the commands are specified only at the Device Category level, these commands are applicable to all devices under that category.

To configure Exclude Commands:


Step 1 Select Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt > Exclude Commands.

The Configure Exclude Commands dialog box appears.

Step 2 Select one of these from the Device Type Selector pane:

Device Category (For example, Routers, Wireless, etc.)

Device Family (For example, Cisco 1000 Series Routers, Cisco 1400 Series Routers, etc.)

Device Type (For example, Cisco 1003 Router, Cisco 1401 Router, etc.)

Step 3 Enter the command in the Exclude Commands pane to add new commands.

You can enter multiple commands separated by commas.

You can also edit or delete the existing commands in the Exclude Commands pane.

Step 4 Click Apply.

A message appears, The commands to be excluded are saved successfully.


Configuring Fetch Settings

You can configure the Job Result Wait Time per device for the Sync Archive Jobs. The default value is 120 seconds. The minimum value can be set to 60 seconds.

Job Result Wait Time is the maximum wait time that Archive Management waits to get the configurations from the device during the sync-archive job execution.

To configure the Job Result Wait Time:


Step 1 Select Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt.

The Fetch Settings dialog box appears.

Step 2 Provide the Job Result wait time in seconds in the Maximum time to wait for Job results per device (seconds) field.

Step 3 Click:

Apply, if you want to submit the Job Result Wait Time entered.

Cancel if you want to cancel the changes made to the Job Result Wait Time.


Understanding Configuration Retrieval and Archival

RME supports five different ways to trigger the retrieval of configuration files from the device for archival purposes.

Schedule Periodic Configuration File Archival

RME will archive both the startup and running configuration files for all devices at the scheduled time (6-hourly, 12-hourly, daily, weekly, monthly), as configured by the user.

Since this method collects the full running configuration and startup configuration files for the entire network, we recommend that you schedule this to run at no more than once per day, especially if the network is large and outside the LAN.

See Defining the Configuration Collection Settings for further details.

Schedule Periodic Configuration Polling

RME can be configured to periodically poll configuration MIB variables on devices that support these MIBs according to a specified schedule, to determine if either the startup or running configuration file has changed.

If it has, RME will retrieve and archive the most current configuration file from the device.

Polling uses fewer resources than full scheduled collection, because configuration files are retrieved only if the configuration MIB variable is set.

On IOS devices the variables ccmHistoryRunningLastChanged and ccmHistoryStartupLastChanged from the CISCO-CONFIG-MAN-MIB MIB, and on CATOS the variable sysConfigChangeTime from CISCO-STACK-MIB are used to detect the change.

Any change in the value of these variables causes the configuration file to be retrieved from the device. SNMP change polling works only in case of IOS and CATOS devices which support these MIBs.

If these MIBs are not supported on the devices, then by default, configuration fetch will be initiated without checking for the changes.

By default, the Periodic Collection and Polling are disabled.

See Defining the Configuration Collection Settings for scheduling the periodic polling.


Note The Syslog application triggers configuration fetch, if configuration change messages like SYS-6-CFG_CHG, CPU_REDUN-6-RUNNING_CONFIG_CHG etc., are received.


Manual Updates (Sync Archive function)

This feature allows the RME user to force the configuration archive to check specified devices for changes to the running configuration file only. Use Sync Archive if you need it to synchronize quickly with the running configuration.

You can also poll the device and compare the time of change currently on the device with the time of last archival of the configuration to determine whether the configuration has changed on a device.

The Startup configuration is not retrieved during manual update archive operation. However, you can retrieve the Startup configuration by enabling the Fetch startup Config option while scheduling Sync Archive job.

See Scheduling Sync Archive Job for further details.

Using Version Summary

You can trigger a configuration file retrieval by clicking on the Running or Startup configuration in the Configuration Version Summary report.

After a configuration file is fetched from the device, as described above, RME submits the configuration file for archival.

See Viewing the Configuration Version Summary for further details.

Timestamps of Configuration Files

These are timestamps of a running configuration file, or the change time (in change audit), indicate the time at which RME system archived the configuration file.

This is not the time at which the configuration actually changed on the device. If changes are detected immediately using Syslog messages, the timestamp should be very close to the actual configuration change time on the device.

Startup configurations are handled differently by RME. Startup configs are simply saved into the system, as they are retrieved from the device (unlike running configurations, which are compared and saved in versioned archives, if different).

The timestamps of Startup Configuration files are just the archival times, and do not indicate the change time.

In the version summary reports, the Running and Startup are links, which when clicked will retrieve in real time, the respective configuration from the device. This column does not have a timestamp associated with it.

In the Out-Of-Sync report, the Startup configuration column indicates the last archived startup configuration along with its timestamp, and the Running configuration column indicate the last archived running config along with its timestamp.

How Running Configuration is Archived

The workflow for archiving the Running configuration is:

1. If RME detects an effective change, the new configuration is queued for Archival.

2. The archiver, calculates the exact effective changes, assigns a new version number for the newly collected archive, and archives it in the system.

3. The archiver, at the end, logs a change audit record that the configuration of the device has changed, along with other Audit information.

4. If you have enabled the Enable Shadow Directory option in the Archive Settings dialog box (Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt) the latest running configuration file is also stored in a raw format for manual TFTP purposes to restore the configuration on the device, in the directory location:

On Solaris, /var/adm/CSCOpx/files/rme/dcma/shadow

On Windows, NMSROOT/files/rme/dcma/shadow. Where NMSROOT is the directory in which RME is installed (the default is C:\Program Files\CSCOpx)


Note Startup configurations are not `versioned' and only one copy of the startup configuration of devices (which supports startup configuration), is saved in the system. No change audit records are logged for changes in the `Startup Configuration' files.


RME first compares the collected configuration file, with the latest configuration in the archive, and checks to see if there are effective configurations changes from what was previously archived.

Change Audit Logging

Config change audit records include information about, who changed (which user) the configuration, when the configuration change was identified by RME, and other change information.

Any configuration change made through the RME system (example, using Config Editor or Netconfig), will have the user name of the user who scheduled the change job.

Any configuration change that was done outside of RME and detected through the configuration retrieval process, has the same user name as reported by the device through the CONFIG-MAN-MIB variable (ccmHistoryEventTerminalUser).

Changes identified through syslog messages, contain the user name identified in the Syslog message, if present.

Defining the Configuration Collection Settings

The configuration archive can be updated with configuration changes in two ways:

Periodic configuration archival (with and without configuration polling). You can enable this using Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt > Collection Settings.

Manual configuration archival using Resource Manager Essentials > Config Mgmt > Archive Mgmt > Sync Archive.

You can modify how and when the configuration archive retrieves configurations by selecting one or all of the following:

Periodic Polling

The configuration archive performs a SNMP query on the device. If there are no configuration changes detected in the devices, no configuration is fetched.

Periodic Collection

The configuration is fetched without checking for any changes in the configuration.

By default, the Periodic Collection and Polling are disabled.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


The following is the workflow for defining the configuration collection setting:


Step 1 Select Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt > Collection Settings.

The Config Collection Settings dialog box appears.

Step 2 Select one or all of the following options:

Periodic Polling

a. Select Enable for Configuration archive to performs a SNMP query on the device to retrieve configuration.

b. Click Schedule.

The Config Collection Schedule dialog box appears.

c. Enter the following information:

Field
Description
Scheduling

Run Type

You can specify when you want to run the configuration polling job.

To do this, select one of these options from the drop-down menu:

Daily—Runs daily at the specified time.

Weekly—Runs weekly on the day of the week and at the specified time.

Monthly—Runs monthly on the day of the month and at the specified time.

The subsequent instances of periodic jobs will run only after the earlier instance of the job is complete.

For example, if you have scheduled a daily job at 10:00 a.m. on November 1, the next instance of this job will run at 10:00 a.m. on November 2 only if the earlier instance of the November 1 job has completed.

If the 10.00 a.m. November 1 job has not completed before 10:00 a.m. November 2, the next job will start only at 10:00 a.m. on November 3.

Date

You can select the date and time (hours and minutes) to schedule.

Job Information

Job Description

The system default job description, Default config polling job is displayed.

You cannot change this description.

E-mail

Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.

You can enter multiple e-mail addresses separated by commas.

Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).

We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences). When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.


d. Click OK.

Periodic Collection

a. Select Enable for Configuration archive to perform a periodic check on the device to retrieve configuration.

b. Click Schedule.

The Config Collection Schedule dialog box appears.

c. Enter the following information:

Field
Description
Scheduling

Run Type

You can specify when you want to run the configuration collection job.

To do this, select one of these options from the drop-down menu:

Daily—Runs daily at the specified time.

Weekly—Runs weekly on the day of the week and at the specified time.

Monthly—Runs monthly on the day of the month and at the specified time.

The subsequent instances of periodic jobs will run only after the earlier instance of the job is complete.

For example, if you have scheduled a daily job at 10:00 a.m. on November 1, the next instance of this job will run at 10:00 a.m. on November 2 only if the earlier instance of the November 1 job has completed.

If the 10.00 a.m. November 1 job has not completed before 10:00 a.m. November 2, the next job will start only at 10:00 a.m. on November 3.

Date

You can select the date and time (hours and minutes) to schedule.

Job Information

Job Description

The system default job description, Default config collection job is displayed.

You cannot change this description.

E-mail

Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.

You can enter multiple e-mail addresses separated by commas.

Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).

We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences). When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.


d. Click OK.

Step 3 Either click Apply to accept the new values provided.

Or

Click Cancel if you want to discard the changes and revert to previously saved values.

If you had clicked Apply, a message appears:

New settings saved successfully.

You can check the status of your scheduled job by selecting Resource Manager Essentials > Job Mgmt > RME Jobs.


Purging Configurations from the Configuration Archive

You can specify when to purge archived configurations. This frees disk space and keeps your archive at a manageable size.

By default, the purging jobs are disabled.

You can purge configurations based on two criteria:

Number of versions to retain. Maximum number of versions of each configuration to retain.

The oldest configuration is purged when the maximum number is reached. For example, if you set the maximum versions to retain to 10, when the eleventh version of a configuration is archived, the earliest (first version) is purged to retain total number of latest archived versions at 10.

Age. Configurations older than the number of days that you specify are purged.

The Labeled configuration files are not purged even if they satisfy either of the purge conditions (Maximum versions to retain and Purge versions older than options in the Archive Purge Settings window) unless you enable the Purge labeled files option in the Archive Purge Settings window.

The labeled files are purged only if they satisfy the conditions given in the Maximum versions to retain and Purge versions older than options.

Archive Management will not purge the configuration files, if there are only two versions of these files in the archive.

Archived configurations that match the purge criteria that you set are purged from the system. This purge policy applies to Running configuration only.


Caution Ensure that the configuration change detection schedule does not conflict with purging, since both processes are database-intensive. Also backup your system frequently to prevent losing versions.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


The workflow to define the Configuration Archive purge policy is:


Step 1 Select Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt > Purge Settings.

The Archive Purge Setup dialog box appears.

Step 2 Select Enable.

Step 3 Click Change to schedule a Purge job.

The Config Purge Job Schedule dialog box appears.

Step 4 Enter the following information:

Field
Description
Scheduling

Run Type

You can specify when you want to purge the configuration archive files.

To do this, select one of these options from the drop-down menu:

Daily—Runs daily at the specified time.

Weekly—Runs weekly on the day of the week and at the specified time.

Monthly—Runs monthly on the day of the month and at the specified time.

The subsequent instances of periodic jobs will run only after the earlier instance of the job is complete.

For example, if you have scheduled a daily job at 10:00 a.m. on November 1, the next instance of this job will run at 10:00 a.m. on November 2 only if the earlier instance of the November 1 job has completed.

If the 10.00 a.m. November 1 job has not completed before 10:00 a.m. November 2, the next job will start only at 10:00 a.m. on November 3.

Date

You can select the date and time (hours and minutes) to schedule.

Job Information

Job Description

The system default job description, Default archive purge job is displayed.

You cannot change this description.

E-mail

Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.

You can enter multiple e-mail addresses separated by commas.

Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).

We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences). When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.


Step 5 Specify when to purge configuration files from the archive by selecting one or all of the following purge policies:

Click Maximum versions to retain and enter the number of configurations to retain.

Click Purge versions older than and enter the number of days, weeks, or months.

Click Purge labeled files to delete the labeled configuration files. See Configuring Labels for information on labeled files.

The Purge labeled files option must be used either with the Maximum versions to retain or Purge versions older than options. You cannot use this option without enabling either Maximum versions to retain or Purge versions older than options.

The labeled files are purged only if they satisfy the conditions given in the Maximum versions to retain and Purge versions older than options.

The Labeled configuration files are not deleted even if they satisfy either of the purge conditions (Maximum versions to retain and Purge versions older than) unless you enable the Purge labeled files option.

These purge policies are applied sequentially. That is, if you have enabled all the three purge policies, RME applies the Purge policies in this sequence:

a. Maximum versions to retain

b. Purge versions older than

c. Purge labeled files

Archive Management does not purge the configuration files, if there are only two versions of these files in the archive.

Step 6 Click Apply.

A message appears, New settings saved successfully.

Step 7 Click OK.

You can check the status of your scheduled job by selecting Resource Manager Essentials >
Job Mgmt > RME Jobs.


Checking Configuration Archival Status

After you add devices into RME, their configurations are gathered and stored in the configuration archive. You can check the overall status of the configuration archive (Successful, Partially Successful, and Failed). It provides the status of the last archival attempt.

Refresh

(Icon)

Click on this icon to refresh the configuration archive status window.



Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


To check the configuration archive status:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt.

The Configuration Archival Summary dialog window appears with the following information.

Archival Status
Description

Successful

Number of devices for which all supported configurations have been fetched successfully.

Click No.of Devices to see the Successful Devices Report.

Failed

Number of devices for which fetch of all supported configurations has failed.

Click No.of Devices to see the Failed Devices Report.

Partial Successful

Number of devices for which fetch of any one of the supported configurations has failed.

Number of Catalyst 5000 devices for which sub-modules were not pulled into archive. Only the main configuration of supervisor engine module is archived for Catalyst 5000 devices.

Click No.of Devices to see the Partially Successful Devices Report.


Step 2 Select one or all of the Config Archival Status and click Sync Archive to schedule an immediate job to update the archive status.

You can check the status of your scheduled Sync Archive job by selecting Config Mgmt > Archive Mgmt > Archive Mgmt Jobs.


Configuration Archival Reports

The following are the Config Archival reports:

Successful Devices Report

Failed Devices Report

Partially Successful Devices Report

Successful Devices Report

A device appears in this report if all supported configurations have been fetched successfully.


Note These dates do not necessarily reflect when the archive was last updated.


This report contains the following information:

Column Names
Description

Device Name

Device Display Name as entered in Device and Credential Repository.

Click on the device name to launch the Device Center.

Config Type

Defines the type of configuration PRIMARY, SECONDARY, or VLAN.

PRIMARY/SECONDARY—Contains the Running and Startup configuration files information.

VLAN—Contains running vlan.dat configuration file information. This config type does not contain Startup configuration file information.

For ONS devices, the PRIMARY configuration type displays the configuration information from the active CPU, at that instance.

File Type

Defines the configuration file type that is either Running or Startup configuration.

Accessed At

Date and time that RME pulled running configuration from device in an attempt to archive. The configuration is archived only if there has been a change.

Description

Displays the archival status.


Failed Devices Report

A device appears in this report if fetch for all of the supported configurations has failed. This report also contains the reasons configuration could not be pulled.

This report contains the following information:

Column Names
Description

Device Name

Device Display Name as entered in Device and Credential Repository.

Click on the device name to launch the Device Center.

Config Type

Defines the type of configuration PRIMARY, SECONDARY, or VLAN.

PRIMARY/SECONDARY—Contains the Running and Startup configuration files information.

VLAN—Contains running vlan.dat configuration file information. This configuration type does not contain Startup configuration file information.

For ONS devices, the PRIMARY configuration type displays the configuration information from the active CPU, at that instance.

File Type

Defines the configuration file type that is either Running or Startup configuration.

Accessed At

Date and time that RME pulled running configuration from device in an attempt to archive. The configuration is archived only if there has been a change.

Description

Reason why RME could not pull running and startup configuration from device.


If you enabled TACACS for a device and configured custom TACACS login and passwords prompts, you may experience Telnet problems, since RME may not recognize the prompts.

To make your prompts recognizable, you must edit the TacacsPrompts.ini file. See the procedure given in the Handling Custom Telnet Prompts section of the User Guide for Common Services.

Partially Successful Devices Report

A device shows up in this report if fetch for any one of the supported configurations has failed.

The Partially Successful Devices report lists the Catalyst 5000 family devices for which sub-module information could not be pulled from the device. Only the main configuration of the supervisory module is archived for Catalyst 5000 devices.

This report contains the following information:

Column Names
Description

Device Name

Device Display Name as entered in Device and Credential Repository.

Click on the device name to launch the Device Center.

Config Type

Defines the type of configuration PRIMARY, SECONDARY, or VLAN.

PRIMARY/SECONDARY—Contains the Running and Startup configuration files information.

VLAN—Contains running vlan.dat configuration file information. This configuration type does not contain Startup configuration file information.

For ONS devices, the PRIMARY configuration type displays the configuration information from the active CPU, at that instance.

File Type

Defines the configuration file type that is either Running or Startup configuration.

Accessed At

Date and time that RME pulled running configuration from device in an attempt to archive. The configuration is archived only if there has been a change.

Description

Reason why RME could not pull running or startup configuration from device.


Scheduling Sync Archive Job

You can schedule a job to update the configuration archive for selected group of devices.

You have an option to poll device configuration before updating the archive and to fetch Startup configuration.

You can also perform this task for a selected device using Device Center (from the CiscoWorks LMS Portal home page, select Device Troubleshooting > Device Center to launch Device Center).


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


To schedule a job to update the device configuration:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Sync Archive.

The Sync Archive dialog box appears.

Step 2 Select either:

Device Selector, if you want to schedule a job for static set of devices. See Using RME Device Selector for information on how to use RME Device Selector.

The sync archive job fails if devices are removed from the DCR. For example, a sync archive job is scheduled to run for all the devices that are part of the selected group in Device Selector. When the job runs if a device is deleted from the DCR, then the job fails for that particular device. However, if the job succeeds for the remaining devices in the group, the status of the job still remain failed.

Or

Group Selector, if you want to schedule a job for dynamic group of devices.

The job is scheduled only for the devices that are present in the selected group at the time when the job is run. The customizable group selector for jobs evaluates static groups also as dynamic during run time.

Step 3 Enter the following information:

Field
Description
Scheduling

Run Type

You can specify when you want to run the Sync Archive job.

To do this, select one of these options from the drop-down menu:

Immediate—Runs this task immediately.

6 - hourly—Runs this task every 6 hours, starting from the specified time.

12 - hourly—Runs this task every 12 hours, starting from the specified time.

Once—Runs this task once at the specified date and time.

Daily—Runs daily at the specified time.

Weekly—Runs weekly on the day of the week and at the specified time.

Monthly—Runs monthly on the day of the month and at the specified time.

The subsequent instances of periodic jobs will run only after the earlier instance of the job is complete.

For example, if you have scheduled a daily job at 10:00 a.m. on November 1, the next instance of this job will run at 10:00 a.m. on November 2 only if the earlier instance of the November 1 job has completed.

If the 10.00 a.m. November 1 job has not completed before 10:00 a.m. November 2, the next job will start only at 10:00 a.m. on November 3.

Date

You can select the date and time (hours and minutes) to schedule.

The Date field is enabled only if you have selected an option other than Immediate in the Run Type field.

Job Information

Job Description

Enter a description for the job. This is mandatory. You can enter only alphanumeric characters.

E-mail

Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.

You can enter multiple e-mail addresses separated by commas.

Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).

We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences). When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.

Job Options

Poll device before configuration collection

Archive Management polls the device and compares the time of change currently on the device with the time of last archival of configuration to determine if configuration has changed on a device.

If the polling is not supported on the device, then configuration fetch will be initiated without checking for the changes.

See Understanding Configuration Retrieval and Archival for further details on configuration polling.

Fetch startup config

Archive Management fetches the startup configuration.


Step 4 Click Submit.

A message appears, Job ID is created successfully.

Where ID is a unique Job number.

Step 5 Click OK.

You can check the status of your scheduled Sync Archive job by selecting Config Mgmt > Archive Mgmt > Archive Mgmt Jobs.


Generating an Out-of-Sync Report

You can generate an Out-of-Sync report for the group of devices for which running configurations are not synchronized with the startup configuration.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Out-of-Sync Summary to generate an Out-of-sync report.

The Startup and Running Out-Of-Sync Summary window displays the following information:

Column Name
Description

Device Name

Device Display Name as entered in Device and Credential Repository.

Startup

Startup configuration of the device. This configuration is fetched from the configuration archive.

Click on the displayed date to view the configuration.

Diff

Difference between the archived Startup and archived Running configuration.

Click on the icon to see the difference between the archived Startup and archived Running configuration.

Running

Running configuration of the device. This configuration is fetched from the configuration archive.

Click on the displayed date to see the detailed information on Running configuration.


Scheduling Sync on Device Job

You can schedule a Sync on device job using the Sync on Device button on Startup and Running Out-Of-Sync Summary window.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


To schedule a Sync on device job:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Out-of-Sync Summary.

The Startup and Running Out-Of-Sync Summary dialog box appears.

Step 2 Select a device.

Step 3 Click Sync on Device.

The Job Schedule and Options dialog box appears.

Step 4 Enter the following information:

Field
Description
Scheduling

Run Type

You can specify when you want to run the Startup and Running Out-Of-Sync Summary report.

To do this, select one of these options from the drop-down menu:

Immediate—Runs the report immediately.

Once—Runs the report once at the specified date and time.

Daily—Runs daily at the specified time.

Weekly—Runs weekly on the day of the week and at the specified time.

Monthly—Runs monthly on the day of the month and at the specified time.

The subsequent instances of periodic jobs will run only after the earlier instance of the job is complete.

For example, if you have scheduled a daily job at 10:00 a.m. on November 1, the next instance of this job will run at 10:00 a.m. on November 2 only if the earlier instance of the November 1 job has completed.

If the 10.00 a.m. November 1 job has not completed before 10:00 a.m. November 2, the next job will start only at 10:00 a.m. on November 3.

Date

You can select the date and time (hours and minutes) to schedule.

The Date field is enabled only if you have selected an option other than Immediate in the Run Type field.

Job Information

Job Description

Enter a description for the job. This is mandatory. You can enter only alphanumeric characters.

E-mail

Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.

You can enter multiple e-mail addresses separated by commas.

Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).

We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences). When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.

Approver Comments

Enter comments for the job approver.

This field appears only if you have enabled Job Approval for Archive Management.

Maker E-Mail

Enter the e-mail-id of the job creator. This is a mandatory field.

This field appears only if you have enabled Job Approval for Archive Management.

Job Options

Job Password

If you have enabled the Enable Job Password option and disabled the User Configurable option in the Job Policy dialog box (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) enter the device login user name and password and device Enable password.

If you have enabled the Enable Job Password option and enabled the User Configurable option in the Job Policy dialog box (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) either:

Enter the device login user name and password and device Enable password

or

Disable the Job Password option in the Job Schedule and Options dialog box.


Step 5 Click Submit.

A message appears, Job ID is created successfully.

Where ID is a unique Job number.

Step 6 Click OK.

You can check the status of your scheduled Copy Running Config to Startup job by selecting Config Mgmt > Archive Mgmt > Archive Mgmt Jobs.


Using the Configuration Version Tree

You can view all configuration versions of the selected devices in the form of a graphical display. You can also perform a configuration quick deploy for a selected device.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


To view the configuration Version Tree:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Version Tree

The Device Selection dialog box appears.

Step 2 Select a device. See Using RME Device Selector for information on how to use RME Device Selector.

Step 3 Click OK.

The Config Version Tree dialog box appears.

Step 4 Click either the configuration version which is a hyper link or select the radio button for the configuration version.

To expand the configuration version folder, click on plus icon and select the configuration version to view the configuration.

The Config Viewer dialog box appears. See Understanding the Config Viewer Window for further information.

If you want to perform a configuration quick deploy (Configuration Quick Deploy), click the Deploy button.


Understanding the Config Viewer Window

The Config Viewer is a HTML-based window which displays the configurations of specified devices.

You can specify how you want to view the contents of the configurations by selecting one of the options under Show:

Click Raw to view data exactly as it appears in the configuration file.

Click Processed to view data with the commands ordered and grouped.

The Config Viewer window contains two columns.

Column
Description
Configlets

Click on any configlets to display the corresponding information. The available configlets vary from device to device; the following are examples:

All—Entire contents of the configuration files.

SNMP—SNMP configuration commands. For example, snmp-server community public RO.

IP Routing—IP routing configuration commands. For example, router abcd 100.

Interface folder—The different interface configuration commands. For example,
Interface Ethernet0 and Interface TokenRing.

Global—Global configuration commands. For example no ip address.

Line con 0—configuration commands for line console 0.

IP—IP configuration commands. For example, ip http server.

Configuration file name

View the contents of configuration file.


The buttons on the Config Viewer are:

Button
Description

Export

(Icon)

Export the configuration file.

If you are using the Raw mode then the exported file format is cfg. The file name convention is DeviceName-VersionNumber.cfg.

If you are using the Processed mode then the exported file format is XML. The file name convention is DeviceName-VersionNumber.xml.

Where DeviceName is the device Display Name as entered in Device and Credential Repository and VersionNumber is the device configuration version.

The default directory where Configuration Archive file is exported is:

On RME Solaris server,

/var/adm/CSCOpx/files/rme/dcma/configexport

On RME Windows server,

NMSROOT\files\rme\dcma\configexport

 

Export (continue)

To export a file:

1. Click on the icon.

The Export Config File dialog box appears.

2. Enter the folder name on the RME server.

You must enter the default export directory. You cannot enter any other directory.

To change the default directory, see the RME 4.x FAQs section:

http://www.cisco.com/en/US/products/sw/cscowork/ps2073/prod_troubleshooting_guide09186a008036dff2.html

or

Browse to select a folder on the RME server.

The Server Side File Browser dialog box appears.

a. Select a folder on the RME server.

b. Click OK.

The Browse button takes you to the default directory. It does not allow you to change this default export directory.

To change the default directory, see the RME 4.x FAQs section:

http://www.cisco.com/en/US/products/sw/cscowork/ps2073/prod_troubleshooting_guide09186a008036dff2.html

3. Click OK.

If you have exported configuration in the Raw mode, the notification message displays, Config file exported as ExportedFolder\DeviceName-VersionNumber.cfg

If you have exported configuration in the Processed mode, the notification message displays, Config file exported as ExportedFolder\DeviceName-VersionNumber.XML

Where ExportedFolder is the location where configuration file is exported.

4. Click OK.

Print

(Icon)

Generates a format that can be printed.

Compare with previous version

Compares configuration with previous version. When you click on this button, a new window Config Diff Viewer opens to show configurations side by side.

See Understanding the Config Diff Viewer Window for further details.

This button gets activated only if you have a previous version of the configuration.

Compare with next version

Compares configuration with next version. When you click on this button, a new window Config Diff Viewer opens to show configurations side by side.

See Understanding the Config Diff Viewer Window for further details.

This button gets activated only if you have a next version of configuration.

Edit

Launches Config Editor window.

This button is active only if you are viewing the configuration version from the archive.

See Editing and Deploying Configurations Using Config Editor for further details.

Deploy

Perform a quick configuration deploy.

This button is active only if you are viewing the configuration version from the archive.

See Configuration Quick Deploy.


Viewing the Configuration Version Summary

You can view all archived configurations for selected devices. It also provides a link to view a particular configuration running on the device and to generate differences between versions in the archive.

You can view the last three configuration versions for each device regardless of number of versions stored in archive.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


To view the Config Summary, follow this workflow:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Version Summary

The Device Selection dialog box appears.

Step 2 Select a device. See Using RME Device Selector for information on how to use RME Device Selector.

Step 3 Click OK.

The Archive Mgmt Version Summary window appears with the information in Table 8-5.

Table 8-5 Fields in the Archive Mgmt Version Summary Window 

Column
Description

Device Name

Device Display Name as entered in Device and Credential Repository.

Click on the device name to launch the Device Center.

Config Type

Defines the type of configuration PRIMARY, SECONDARY, or VLAN.

PRIMARY/SECONDARY—Contains the Running and Startup configuration files information.

VLAN—Contains running vlan.dat configuration file information. This configuration type does not contain Startup configuration file information.

For ONS devices, the PRIMARY configuration type displays the configuration information from the active CPU, at that instance.

Startup

Configuration running when device was started. This configuration is fetched from the device.

Click on the Startup icon to view the Startup configuration

Diff

Differences between Startup and Running configuration.

To view the difference between Startup and Running configuration, click on the Diff icon.

Running

Configuration currently running on device.

Click on the Running icon to view the Running configuration.

The configuration that appears, is fetched from the device. This happens if the fetched configuration is different from the latest configuration that is in the archive. Otherwise, the latest configuration from the archive appears.

Diff

Differences between the Running Configuration on the device and the most recent archived configuration.

To view the difference between the two running configurations, click on the Diff icon.

Latest

Displays date and time of most recent configuration archive. The time shown here is when the file was actually archived. If the file was archived on 03/07/2004 5.00 PM PST, that's the time that will appear in this report. This is in the client's time zone.

To view the device configuration, click on Date and Time.

The Archived At fields that appear in other configuration reports shows the last time configuration was taken from the device in an attempt to archive. The system actually archives the configuration only if there is a change in the newly obtained configuration when compared to the archived one. So there could be different time values.

Diff

Differences between the most recent and the second most recent archived configurations.

To view the difference between the two running configurations, click on Diff icon.

Latest-1

Date and time the second most recent configuration was archived.

To view the device configuration, click on date and time.

Diff

Differences between second most recent and third most recent configuration in archive.

To view the difference between the two running configurations, click on the Diff icon.

Latest-2

Date and time third most recent configuration was archived.

To view the device configuration, click on Date and Time.



Configuration Quick Deploy

You can create an immediate job to deploy the version of configuration being viewed on the device. You can deploy the configuration either in overwrite or merge mode.

Features of Configuration Quick Deploy

The following are the features of Configuration Quick Deploy:

It can be performed for both running and startup configuration of all categories of devices.

The job is executed immediately. Therefore Job approval should not be enabled at the time of Configuration Quick Deploy.

The jobs cannot be rolled back.

The jobs use TFTP, Telnet, SSH, scp, rcp, https transport protocols.

It provides an option to select either merge or overwrite mode when you deploy configuration on a device.

It cannot be performed for VLAN configurations. However, you can deploy VLAN configurations using the CLI command, cwcli config put. See Overview: cwcli config Command for more information.

It is supported for configuration versions in the archive only. That is, you cannot deploy for configuration version available on a device.

The jobs use the same protocol order that you have specified in the Config Transport Settings (Resource Manager Essentials > Admin > Config Mgmt).

Performing a Configuration Quick Deploy

You can perform a configuration quick deploy using the Config Viewer window.

For example, you can launch Config Viewer window by clicking on Startup configuration or Running Configuration links while performing tasks such as generating Out-Of-Sync Summary report, viewing the Version Summary report etc.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.



Step 1 Click Deploy on the Config Viewer (Understanding the Config Viewer Window) window.

The Job Option Details dialog box appears.

Step 2 Enter the following information:

Field
Description
Job Information

E-mail

Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.

You can enter multiple e-mail addresses separated by commas.

Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).

We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences). When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.

Job Options

Job Password

If you have enabled the Enable Job Password option and disabled the User Configurable option in the Job Policy dialog box (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) enter the device login user name and password and device Enable password.

If you have enabled the Enable Job Password option and enabled the User Configurable option in the Job Policy dialog box (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) either:

Enter the device login user name and password and device Enable password

or

Disable the Job Password option in the Job Schedule and Options dialog box.

Deploy Mode

Overwrite

Select the Overwrite option, if you want to replace the existing running configuration on the device, with the selected configuration.

This is the default option for the configuration deployment.

The configuration that you have selected is compared with the latest running configuration in the Configuration Archive. (RME assumes that the latest running configuration in the archive is the same as the configuration currently running on the device.)

The Overwrite mode ensures that the running configuration on the device is overwritten with the selected configuration. This means, after the configuration is successfully deployed, the selected configuration and the running configuration on the device are the same.

Merge

Select the Merge option, if you want to add incremental configuration to the device.

The configuration that you have selected is deployed on to the device as is. This means, the existing running configuration of the device is updated incrementally with the commands in the selected configuration.

The selected running configuration is not compared with the running configuration in the Configuration Archive.

We recommend that you use this option on newly deployed devices. This is because, the Merge option effectively deploys the entire configuration from the archive, on to the device.


Step 3 Click Submit.

An immediate Quick Deploy of Configuration on Device job will be scheduled.

A message appears, Job ID is created successfully.

Where ID is a unique Job number.

Step 4 Click OK.

You can check the status of your scheduled Config Quick Deploy job by selecting Config Mgmt > Archive Mgmt > Archive Mgmt Jobs.


What Happens During Configuration Quick Deploy

Before Configuration Management deploys the configuration on the device, it verifies whether the device is locked.

The deploy process follows the configured transport protocol order and the fallback option is active.

At end of this task, Configuration Management will:

Unlock the device

Checks-in the new version of configuration if the deploy completes successfully.

After uploading the configuration on the device, Configuration Management writes to the Change Audit log.

Configuring Labels

A label is a name given to a group of customized selection of configuration files. You can select configuration files from different RME devices, group and label them.

These labeled files are not purged along with the other configuration files. You have to explicitly select the Purge labeled files option to purge the labeled files. These labeled files are not purged if this option is not enabled.

You can purge the label config files using Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt > Purge Settings.

See Purging Configurations from the Configuration Archive for further details.

The Label Config window displays the following information:

Column
Description

Label Name

Displays the label name.

Description

Displays the label description.

Created by

Displays the user who created this label.

Created on

Displays the label creation time.


You can click on any column heading to sort the information by that column. If you double-click a heading, the order is reversed.

The Label Configs window contains the following buttons:

Button
Description

Create

Create a label. See Creating a Label for further details.

Edit

Edit a labeled configuration. See Editing a Labeled Configuration for further details.

This button is active only after you select a Label.

View

View a labeled configuration. See Viewing the Labeled Configuration for further details.

This button is activate only after you select a Label.

Delete

Delete labeled configuration. See Deleting the Labeled Configuration for further details.

This button is activate only after you select a Label.


Creating a Label

You can use Label Configuration to create a group of configuration files from selected devices.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


You can create a label file using the following workflow:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Label Configs.

The Label Configs dialog box appears.

Step 2 Click Create.

The Device Selection dialog box appears.

Step 3 In Device Selector pane, select the devices. See Using RME Device Selector for information on how to use RME Device Selector.

Step 4 Go to the Label selection pane and:

Enter the Label Name. You can enter up to 64 characters.

Enter the Label Description. You can enter up to 128 characters.

Step 5 Go to the Config Type pane and select Primary or VLAN.

Option
Description

Primary

Contains the Running and Startup configuration files information.

VLAN

Contains running vlan.dat configuration file information. This configuration type does not contain Startup configuration file information.


Step 6 Go to the Version pane and select Latest to include the most recent configuration only, or All to view all configuration versions.

If you have selected Latest, you can click Finish button in the Select Devices page and complete the Label creation.

If you have selected All, go to Step 7.

Step 7 Click Next.

The Select Configs to be Labelled dialog box appears.

To view the configuration, select a configuration version file from the left pane and click View. The Config Viewer (Understanding the Config Viewer Window) window appears.

To add the selected configuration, select a configuration version file from the left pane and click Add.

To remove the selected configuration, select a configuration version file from the right pane and click Remove.

Step 8 Click Finish.

A message appears, Label LabelName created successfully.

Where LabelName is the name of the label that you entered.

Step 9 Click OK.


Editing a Labeled Configuration

You can make the following changes to a label:

Modify the Label Description.

Remove configuration files from the Selected Versions list.

Add new configuration files from the Devices list.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


You can edit a label file using the following workflow:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Label Configs.

The Label Configs dialog box appears.

Step 2 Select a label and click Edit.

The Device Selection dialog box appears. The devices that are already part of the labeled file are selected.

Step 3 Go to the Device Selector pane and select a new device or deselect a device. See Using RME Device Selector for information on how to use RME Device Selector

Step 4 Go to the Version pane and select Latest to include the most recent configuration only, or All to view all configuration versions.

Step 5 Click Next.

The Label Details dialog box appears. This dialog box appears with the current details of the label.

Step 6 Do either of the following:

Change the Label Description. You can enter up to 128 characters.

Select a configuration version file from the left pane, click Add to add the selected configuration file.

If you selected Latest in the previous dialog box, the left pane will show devices and the latest archived configuration file. The right pane contains labeled configuration.

If you selected All in the previous dialog box, the left pane will show devices and all available archived configuration files. The right pane contains labeled configuration.


Note You can select only one configuration file for a device.


To remove the selected configuration, select a configuration version file from the right pane and click Remove.

To view the configuration, select a configuration version file from the left pane and click View. The Config Viewer (Understanding the Config Viewer Window) window appears.

Step 7 Click Finish.

A message appears, Label LabelName updated.

Where LabelName is the name of the label as entered by you.

Step 8 Click OK.


Viewing the Labeled Configuration

You can view configurations of a label from the label listing.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.



Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Label Configs.

The Label Configs dialog box appears.

Step 2 Select a label and click View.

The Label Config Viewer window appears with the following information:

Column Name
Description

Device Name

Device Display Name as entered in Device and Credential Repository.

Config Type

Defines the type of configuration PRIMARY, SECONDARY, or VLAN.

PRIMARY/SECONDARY—Contains the Running and Startup configuration files information.

VLAN—Contains running vlan.dat configuration file information. This configuration type does not contain Startup configuration file information.

For ONS devices, the PRIMARY configuration type displays the configuration information from the active CPU, at that instance.

Version

Version of configuration file.

Click on the version to display Config Viewer (see Understanding the Config Viewer Window), which shows contents of corresponding configuration file.

In the Config Viewer window, you can click the Deploy button if you want to perform a Configuration Quick Deploy (Configuration Quick Deploy)

Created On

Date and time configuration file was created.

Change Description

Description of configuration change.



Deleting the Labeled Configuration

You can delete a label from the list of labels in the label configuration dialog box:


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.



Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Label Configs.

The Label Configs dialog box appears.

Step 2 Select the labels and click Delete.

A message appears, Are you sure you want to delete the label(s)?

Step 3 Click OK to delete the labels.


Using Search Archive

You can search the archive for configuration containing text patterns for selected devices. You can specify ten different combinations of patterns/strings as part of search criteria.

For example:

Search all devices for configurations having pattern set banner motd and set banner exec.

Search all devices for configurations having pattern set banner motd and set banner exec and set password.

You can also specify an option to ignore/consider the case sensitive property.

You can create a custom configuration query that searches information about the specified configuration files.

If you monitor devices X, Y, and Z every morning, you can create a custom query on them. When you run the query, RME quickly gathers all the archived configuration files for these devices and displays them in a report.

The Custom Queries window displays the following information:

Column
Description

Query Name

Custom Query name.

Description

Custom Query description.

Created By

User name of the person who created this Custom Query.

Created On

Custom Query creation time.


You can click on any column heading to sort the information by that column. If you double-click a heading, the order is reversed.

The Custom Queries window contains the following buttons:

Button
Description

Create

Create a custom query. See Creating a Custom Query for further details.

Edit

Edit a custom query. See Editing a Custom Query for further details.

This button is activate only after you select a custom query.

Run

Run a custom query. See Running a Custom Query for further details.

This button is activate only after you select a custom query.

Delete

Delete custom queries. See Deleting the Custom Queries for further details.

This button is activate only after you select a custom query.


The user who creates the custom query has the full permission to perform any tasks such as edit, run, etc,. on the Custom Queries.

See Searching Archive for the procedure to search the configuration with and without search pattern.

Creating a Custom Query

To create a custom query:


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.



Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Search Archive > Custom Queries.

The Custom Queries dialog box appears

Step 2 Click Create.

Step 3 Do any of the following:

Enter the Custom Query name. You can enter up to 64 characters.

Enter the Custom Query description. You can enter up to 128 characters.

Enter patterns to search for, for example, http server. You can enter text patterns up to 64 characters.

To search for more than one pattern, enter the second and third patterns in the Pattern 2 and Pattern 3 fields. You can specify ten different combinations of patterns as part of search criteria.

You cannot search for special characters or regular expressions, for example, Control-C, boot*, etc.

Select the search criteria Contains/Does Not Contain.

If you have entered string as a search pattern, you can select Match Any to search for any given pattern string or Match All to search for all pattern strings.

Click Match Case to perform a case-sensitive search, which is more efficient when you know the exact pattern you want to match. By default, Match Case is disabled.

Step 4 Click OK.

A message appears, Custom Query CustomQueryName created successfully.

Where CustomQueryName is the name of the custom query as entered by you.

Step 5 Click OK.


Running a Custom Query

To run a custom query:


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.



Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Search Archive > Custom Queries.

The Custom Queries dialog box appears.

Step 2 Select a Custom Query and click Run.

The Device Selection dialog box appears.

Step 3 Select the devices. See Using RME Device Selector for information on how to use RME Device Selector.

Step 4 Click OK.

The Custom Query Search Result window appears with the following information:

Column Name
Description

Device Name

Device Display Name as entered in Device and Credential Repository.

Click on the device name to launch the Device Center.

Version

Versions of configuration file.

Click on the version to display Config Viewer (see Understanding the Config Viewer Window), which shows contents of corresponding configuration file.

In the Config Viewer window, you can click on the Deploy button if you want to perform a configuration quick deploy (Configuration Quick Deploy)

Created On

Date and time configuration file was created.


You can perform the following tasks from this window:

Select the devices and click NetConfig to make any changes to the device configuration using NetConfig templates.

Select a device and click Edit to edit the device configuration using the Config Editor application.


Editing a Custom Query

You can edit the Custom Query description and modify the search patterns and their criteria. To edit a custom query:


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.



Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Search Archive > Custom Queries.

The Custom Queries dialog box appears.

Step 2 Select a Custom Query and click Edit.

The Custom Query Window appears.

Step 3 Do any of the following:

Update the Custom Query description. You can enter up to 128 characters.

Either add a new search pattern or delete or update an existing search pattern and their criteria. You can enter up to 64 characters.

Modify the string search options Match Any to Match All or vice versa.

Enable/Disable the case-sensitive search.

Step 4 Click OK.

A message appears, Custom Query CustomQueryName updated successfully.

Where CustomQueryName is the name of the Custom Query.

Step 5 Click OK.


Deleting the Custom Queries

To delete the custom queries:


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.



Step 1 Select Resource Manager Essentials > Config Mgmt Archive Mgmt Search Archive Custom Queries.

The Custom Queries dialog box appears.

Step 2 Select a Custom Query and click Delete.

A message appears, The query will be deleted.

Step 3 Click OK.


Searching Archive

You can search the device configuration file with or without the search pattern. You can also narrow down your search using Label Configuration files and Custom Queries.

You can view the search report in two ways:

Search Archive Result

Device Configuration Quick View Report


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


To search the configuration archive:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Search Archive.

The Search Archive dialog box appears.

Step 2 Enter the following:

Field
Description
Left Pane

Label Config

Enable this option and select a label name.

The configuration version options Latest and All are disabled.

Device Selector

Select the devices. See Using RME Device Selector for information on how to use RME Device Selector.

If you have selected Label Config, you need not select devices. If you have selected any devices, only the devices that are specified in the label configuration are searched. Other devices are ignored.

Version

Select Latest to search the most recent configuration only or All to search all configuration versions.

If you have selected Label Config, then you cannot specify the versions.

View Type

Select one of these view types:

Version to view the Device Configuration Version Report. This displays all versions of the configuration, the time and date the configurations were archived, and reason for archival.

Click Quick View to view the Device Configuration Quick View Report. This displays the contents of the configuration files.

Right Pane

Custom Query

Select a Custom Query.

The search patterns that are defined in the Custom Query appear in the Pattern Details text boxes.

In addition to Custom Query search patterns, you can also add additional search patterns.

Pattern Details

Perform the following tasks:

Enter patterns to search for, for example, http server. You can enter text patterns up to 64 characters.

To search for more than one pattern, enter the second and third patterns in the Pattern 2 and Pattern 3 fields. You can specify ten different combinations of patterns as part of search criteria.

You cannot search for special characters, for example, Control-C, boot*, etc.

You can search the device configuration file without the search pattern too. The search will list all archived configuration for all selected devices.

If you have selected the version as Latest, the search will list latest archived configuration for all selected devices.

If you have selected the version as All, the search will list all archived configurations for all selected devices

Select the search criteria Contains/Does Not Contain.

If you have entered string as a search pattern, you can select Match Any to search for any given pattern string or Match All to search for all pattern strings

Click Match Case to perform a case-sensitive search, which is more efficient when you know the exact pattern you want to match. By default, Match Case is disabled.


Step 3 Click Search.

Based on your View type selection, either Search Archive Result or Device Configuration Quick View Report appears.


Search Archive Result

The Search Archive Result displays information about the device configurations. The Search Archive Result contains the following details of the selected configurations:

Column Name
Description

Device Name

Device Display Name as entered in Device and Credential Repository.

Click on the device name to launch the Device Center.

Config Type

Defines the type of configuration PRIMARY, SECONDARY, or VLAN.

PRIMARY/SECONDARY—Contains the Running and Startup configuration files information.

VLAN—Contains running vlan.dat configuration file information. This config type does not contain Startup configuration file information.

For ONS devices, the PRIMARY config type displays the configuration information from the active CPU, at that instance.

Version

Versions of configuration file.

Click on the version to display Config Viewer (see Understanding the Config Viewer Window), which shows contents of corresponding configuration file.

Created On

Date and time configuration file was created.

Change Description

Cause of configuration change.


You can perform the following tasks from this window:

Select the devices and click NetConfig to make changes to the device configuration using NetConfig templates.

Select a device and click Edit to edit the device configuration using the Config Editor application.


Device Configuration Quick View Report

The Device Configuration Quick View report lists the devices, configuration version numbers, and configuration details of the device configuration version you specified.

You can specify how you want to view the contents of the configurations by selecting one of the options under Show:

Click Raw to view data exactly as it appears in the configuration file. There are two panes, one lists all devices and the other displays the configuration.

Click Processed to view data with the commands ordered and grouped. There are three panes, one lists all devices, the second pane lists all configlets, and the third pane displays the configuration.

Column
Description

Devices

Device Display Name as entered in Device and Credential Repository.

Click on the device name to launch the Device Center.

Configlets

You can click on any configlets to display the corresponding information. The available configlets vary from device to device. The following are examples:

All—The entire contents of the configuration files.

SNMP—SNMP configuration commands. For example, snmp-server community public RO.

IP Routing—IP routing configuration commands. For example, router abcd 100.

Interface folder—The different interface configuration commands. For example,
Interface Ethernet0 and Interface TokenRing.

Global—Global configuration commands. For example no ip address.

Line con 0—Configuration commands for line console 0.

IP—IP configuration commands. For example, ip http server.

Configuration file name

You can view the contents of configuration file.


The following buttons are available on the Config Viewer:

Button
Description

Export

(Icon)

Exports the configuration file.

If you are using the Raw mode then the exported file format is cfg. The file name convention is DeviceName-VersionNumber.cfg.

If you are using the Processed mode then the exported file format is XML. The file name convention is DeviceName-VersionNumber.xml.

Where DeviceName is the device Display Name as entered in Device and Credential Repository and VersionNumber is the device configuration version.

The default directory where Configuration Archive file is exported is:

On RME Solaris server,

/var/adm/CSCOpx/files/rme/dcma/configexport

On RME Windows server,

NMSROOT\files\rme\dcma\configexport

 

Export (continue)

To export a file:

1. Click on the icon.

The Export Config File dialog box appears.

2. Enter the folder name on the RME server.

You must enter the default export directory. You cannot enter any other directory.

To change the default directory, see the RME 4.x FAQs section:

http://www.cisco.com/en/US/products/sw/cscowork/ps2073/prod_troubleshooting_guide09186a008036dff2.html

or

Browse to select a folder on the RME server.

The Server Side File Browser dialog box appears.

a. Select a folder on the RME server.

b. Click OK.

The Browse button takes you to the default directory. It does not allow you to change this default export directory.

To change the default directory, see the RME 4.x FAQs section:

http://www.cisco.com/en/US/products/sw/cscowork/ps2073/prod_troubleshooting_guide09186a008036dff2.html

3. Click OK.

If you have exported configuration in the Raw mode, the notification message displays, Config file exported as ExportedFolder\DeviceName-VersionNumber.cfg

If you have exported configuration in the Processed mode, the notification message displays, Config file exported as ExportedFolder\DeviceName-VersionNumber.XML

Where ExportedFolder is the location where configuration file is exported.

4. Click OK.

Print

(Icon)

Generates a format that can be printed.

Compare with previous version

Compares configuration with the previous version. When you click on this button, a new window Config Diff Viewer opens to show configurations side by side.

See Understanding the Config Diff Viewer Window for further details.

This button is activate only if you have a previous version of configuration.

Compare with next version

Compares configuration with the next version. When you click on this button, a new window Config Diff Viewer opens to show configurations side by side.

See Understanding the Config Diff Viewer Window for further details.

This button is activate only if you have a next version of configuration.

Edit

Launches Config Editor window.

This button is active only if you are viewing the configuration version from the archive.

See Editing and Deploying Configurations Using Config Editor for further details.

Deploy

You can perform a configuration quick deploy.

This button is active only if you are viewing the configuration version from the archive.

See Configuration Quick Deploy.


Comparing Configuration

You can compare two device configuration files from version to version or from device to device. You can also compare the configuration when a device was started with the current configuration, and the current configuration with the most recently archived configuration.

You can list the commands that have to be excluded while comparing configurations.

To do this select Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt > Exclude Commands. See Configuring Exclude Commands for further details.

You can compare the configurations in these ways:

Startup vs. Running—Compares the configuration when the device was started with the current configuration. These configurations are fetched from the device.

See Comparing Startup vs. Running Configurations.

Running vs. Latest Archived—Compares the running configuration with the most recent archived configuration. The Running configuration is fetched from the device.

See Comparing Running vs. Latest Archived Configurations.

Two Versions of the Same Device—Compares two archived configuration versions.

See Comparing Two Configuration Versions of the Same Device.

Two Versions of Different Devices—Compares any two configurations in the configuration archive.

See Compare Two Configuration Versions of Different Devices.

Comparing Startup vs. Running Configurations

You can compare the configuration when a device was started with the current configuration. These configurations are fetched from the device.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


To compare Startup vs. Running configurations:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Compare Configs.

The Compare Configurations dialog box appears.

Step 2 Select Startup vs. Running and click Compare.

The Device Selection dialog box appears.

Step 3 Select a device. See Using RME Device Selector for information on how to use RME Device Selector.

Step 4 Click OK.

The Understanding the Config Diff Viewer Window window appears.


Comparing Running vs. Latest Archived Configurations

You can compare the configuration currently running on a device with the most recent configuration stored in the configuration archive. The Running configuration is fetched from the device.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


To compare Running vs. latest archived configurations:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Compare Configs.

The Compare Configurations dialog box appears.

Step 2 Select Running vs. Latest Archived and click Compare.

The Device Selection dialog box appears.

Step 3 Select a device. See Using RME Device Selector for information on how to use RME Device Selector.

Step 4 Click OK.

The Understanding the Config Diff Viewer Window window appears.


Comparing Two Configuration Versions of the Same Device

You can compare two different archived configurations of the same device.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


To compare two versions of the same device:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Compare Configs.

The Compare Configurations dialog box appears.

Step 2 Select Two Versions of the Same Device and click Compare.

The Device Selection dialog box appears.

Step 3 Select a device. See Using RME Device Selector for information on how to use RME Device Selector.

Step 4 Click Next.

The Select First Configuration dialog box appears with the following information:

Column Name
Description

Config Version

Versions of configuration file.

File Type

Defines the configuration file type that is either Running or Startup configuration.

Config Type

Defines the type of configuration PRIMARY, SECONDARY, or VLAN.

PRIMARY/SECONDARY—Contains the Running and Startup configuration files information.

VLAN—Contains running vlan.dat configuration file information. This configuration type does not contain Startup configuration file information.

For ONS devices, the PRIMARY configuration type displays the configuration information from the active CPU, at that instance.

Created On

Date and time configuration file was created.


Step 5 Click on the first configuration to compare and click Next.

The Select Second Configuration dialog box appears with the same information as the Select First Configuration window.

Step 6 Click on the second configuration to compare it with first configuration and click Finish.

The Understanding the Config Diff Viewer Window window appears.


Compare Two Configuration Versions of Different Devices

You can compare two archived versions of a configuration of the same or different devices.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


To compare two versions of different devices:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Compare Configs.

The Compare Configurations dialog box appears.

Step 2 Select Two Versions of Different Devices and click Compare.

The Select Device and Pattern dialog box appears.

Step 3 Perform the following and click Next:

Field
Description
Left Pane

Device Selector

Select the devices.

See Using RME Device Selector for information on how to use RME Device Selector.

Version

Select Latest to view the most recent configuration or All to view all configuration versions.

Right Pane

Pattern Details

Perform the following tasks:

1. Enter patterns to search for, for example, http server. You can enter text patterns up to 64 characters.

To search for more than one pattern, enter the second and third patterns in the Pattern 2 and Pattern 3 fields. You can specify ten different combinations of patterns as part of search criteria.

You cannot search for special characters or regular expressions, for example, Control-C, boot*, etc.

You can search the device configuration file without the search pattern too.

2. Select the search criteria Contains/Does Not Contain.

If you have entered string as a search pattern, you can select Match Any to search for any given pattern string or Match All to search for all pattern strings.

3. Click Match Case to perform a case-sensitive search, which is more efficient when you know the exact pattern you want to match. By default, Match Case is disabled.


The Select First Configuration dialog box appears with the following information:

Column Name
Description

Device Name

Device Display Name as entered in Device and Credential Repository.

Config Version

Versions of configuration file.

File Type

Defines the configuration file type that is either Running or Startup configuration.

Config Type

Defines the type of configuration PRIMARY, SECONDARY, or VLAN.

PRIMARY/SECONDARY—Contains the Running and Startup configuration files information.

VLAN—Contains running vlan.dat configuration file information. This configuration type does not contain Startup configuration file information.

For ONS devices, the PRIMARY configuration type displays the configuration information from the active CPU, at that instance.

Created On

Date and time configuration file was created.


Step 4 Click on the first configuration to compare and click Next.

The Select Second Configuration dialog box appears with the same information as the Select First Configuration window.

Step 5 Click on the second configuration to compare it with first configuration and click Finish.

The Understanding the Config Diff Viewer Window window appears.


Understanding the Config Diff Viewer Window

The Configuration Version Compare report shows the differences between the two selected configurations. You can access the Configuration Version Compare report by comparing device configurations.

You can specify how you want to view the differences between the configurations by selecting one of the options under Show:

Click Raw to view the differences between the two raw configurations.

Click Processed to view the differences with the commands ordered and grouped.

The color conventions that are used on Config Diff Viewer are:

Black—All unchanged text.

Red—Lines that have changed from one version to another.

Blue—Lines that have been added or deleted from one of the versions.

The Configuration Versions Compare report has three columns:

Column
Description

Configlets

You can click on any configlet to display the corresponding information. The available configlets vary from device to device. The following are examples:

Diffs—Displays the differences between the two configuration files (if you selected more than one).

All—The entire contents of the configuration files.

SNMP—SNMP configuration commands. For example, snmp-server community public RO.

IP Routing—IP routing configuration commands. For example, router abcd 100.

Interface folder—The different interface configuration commands. For example, Interface Ethernet0 and Interface TokenRing.

Global—Displays global configuration commands. For example no ip address.

Line con 0—Displays configuration commands for line console 0.

IP—Displays IP configuration commands. For example, ip http server.

First configuration file

Contains the contents of the first configuration file.

Second configuration file

Contains the contents of the second configuration file.


The buttons on the Config Diff Viewer are:

Button
Description

Export

(Icon)

Export the configuration file.

If you are using the Raw mode then the exported file format is cfg. The file name convention is DeviceName-VersionNumber.cfg.

If you are using the Processed mode then the exported file format is XML. The file name convention is DeviceName-VersionNumber.xml.

Where DeviceName is the device Display Name as entered in Device and Credential Repository and VersionNumber is the device configuration version.

The default directory where Configuration Archive file is exported is:

On RME Solaris server,

/var/adm/CSCOpx/files/rme/dcma/configexport

On RME Windows server,

NMSROOT\files\rme\dcma\configexport

 

Export (continue)

To export a file:

1. Click on the icon.

The Export Config File dialog box appears.

2. Enter the folder name on the RME server.

You must enter the default export directory. You cannot enter any other directory.

To change the default directory, see the RME 4.x FAQs section:

http://www.cisco.com/en/US/products/sw/cscowork/ps2073/prod_troubleshooting_guide09186a008036dff2.html

or

Browse to select a folder on the RME server.

The Server Side File Browser dialog box appears.

a. Select a folder on the RME server.

b. Click OK.

The Browse button takes you to the default directory. It does not allow you to change this default export directory.

To change the default directory, see the RME 4.x FAQs section:

http://www.cisco.com/en/US/products/sw/cscowork/ps2073/prod_troubleshooting_guide09186a008036dff2.html

3. Click OK.

If you have exported configuration in the Raw mode, the notification message displays, Config file exported as ExportedFolder\DeviceName-VersionNumber.cfg

If you have exported configuration in the Processed mode, the notification message displays, Config file exported as ExportedFolder\DeviceName-VersionNumber.XML

Where ExportedFolder is the location where configuration file is exported.

4. Click OK.

Print

(Icon)

Generates a format that can be printed.


Using Archive Management Job Browser

You can browse the Archive Management jobs that are registered on the system. From the Archive Mgmt Jobs dialog box you can also retry, delete, stop jobs and view a job's details.

The Archive Management Jobs window displays the following information:

Column Name
Description

Job ID

Unique number assigned to the job when it is created.

For periodic jobs such as Daily, Weekly, etc., the job IDs are in the number.x format. The x represents the number of instances of the job. For example, 1001.3 indicates that this is the third instance of the job ID 1001.

Click on the Job ID to view the Archive Management Job Details (see Viewing the Archive Management Job Details).

Job Type

Type of the configuration job.

Sync Archive—Appears if you had scheduled a Sync Archive job (Resource Manager Essentials > Config Mgmt > Archive Mgmt > Sync Archive).

Get Config—Appears if you had scheduled a configuration fetch job using the CLI command, cwcli config get.

Put Config—Appears if you had scheduled a configuration retrieve job using the CLI command, cwcli config put.

Import Config—Appears if you had scheduled a job that retrieved the configuration from a file and if you had transferred it to the device using the CLI command, cwcli config import.

Write to Running Config—Appears if you had scheduled a job that downloaded the differences between the specified configuration file and the latest configuration version in the archive for the specified device, using the CLI command, cwcli config write2run.

Job Type

(Continue)

Write to Startup Config—Appears if you had scheduled a job that erased the contents of the device Startup configuration and if wrote contents of a specified file as new Startup configuration, using the CLI command, cwcli config write2start.

Copy Running Config to Startup—Appears if you had scheduled a job that overwrote with the Startup configuration of the device with the Running configuration, using the CLI command, cwcli config run2start.

Copy Startup Config to Running—Appears if you had scheduled a job that merged the Startup configuration with the Running configuration, using the CLI command, cwcli config start2run.

Reload Device—Appears if you had scheduled a job that rebooted the devices, using the CLI command cwcli config reload.

Config Quick Deploy—Appears if you had created an immediate Configuration Quick Deploy job, using the Config Viewer window.

Compliance Check—Appears if you had scheduled a Compliance Check job (Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates > Compliance and clicked the Compliance Check button).

Deploy Compliance Results—Appears if you had scheduled a Deploy job on the non-complaint devices (Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates > Compliance and clicked the Deploy button).

Check Compliance and Deploy—Appears if you had scheduled a Compliance Check job with the job option, Check compliance and deploy enabled (Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates > Compliance and clicked the Compliance Check button).

Deploy Baseline template—Appears if you had scheduled a Baseline Template deploy job (Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates and clicked the Deploy button).

Status

Job states:

Cancelled—Running job stopped by you.

Failed—Failed job. Click on the Job ID to view the job details.

The number, within brackets, next to Failed status indicates the count of the devices that had failed for that job. This count is displayed only if the status is Failed.

For example, If the status displays Failed(5), then the count of devices that had failed amounts to 5.

This count of failed devices is not displayed for jobs restored from RME 4.0.4 or lesser versions.

Running—Job still running.

Scheduled—Job scheduled to run.

Rejected—Job rejected by an approver. Click on the Job ID to view the rejection details.

Successful—Job completed successfully

Waiting for Approval—Job waiting for approval.

Description

Job description entered during job definition

Owner

User who created this job.

Scheduled at

Date and time job is scheduled to run.

Completed at

Date and time at which job completed.

Schedule Type

Run type of the job: Immediate, Once, 6 - hourly, 12 - hourly, Daily, Weekly, and Monthly.


You can click on any column heading to sort information by that column. If you double-click on a heading, the order is reversed.

You can use the Filter button to do a quick search on the Archive Management jobs. You can perform filters by using these options:

Filter Options
Description

Job ID

Unique number assigned to the job when it is created.

For periodic jobs such as Daily, Weekly, etc., the job IDs are in the number.x format. The x represents the number of instances of the job.

For example, 1001.3 indicates that this is the third instance of the job ID 1001.

Job Type

Types of Archive Management jobs.

For example: Sync Archive, Write to Running Config, etc.

Status

Status of the job.

For example: Successful, Failed, etc.

Description

Job description.

Owner

Owner of the job.

Schedule Type

Job schedule Type.

For example: Immediate, Weekly, etc.


Refresh

(Icon)

Click on this icon to refresh the Archive Management Job Browser.


You can perform the following tasks on this window:

Retrying a Config Job

Stopping a Config Job

Deleting the Config Jobs

Viewing the Archive Management Job Details

Scheduling Sync Archive Job

Generating an Out-of-Sync Report

Scheduling Sync on Device Job

Baseline Template

Retrying a Config Job

You can retry only a failed job. You cannot retry a job that are scheduled to run periodically (Daily, Weekly, and Monthly).


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


To retry a job:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Archive Mgmt Jobs.

The Archive Management Jobs dialog box appears.

Step 2 Select a failed job and click Retry.

The Job Schedule and Options dialog box appears.

Step 3 Enter the following information:

Based on your retry job selection, some of the options may not be visible.

For example, 6 - hourly and 12 -hourly Run Type options are visible only if you are retrying a Sync Archive job. This is not visible for other types of Archive Management jobs.

Field
Description
Scheduling

Run Type

You can specify when you want to run the selected retry job.

To do this, select one of these options from the drop-down menu:

6 - hourly—Runs this task every 6 hours, starting from the specified time.

12 - hourly—Runs this task every 12 hours, starting from the specified time.

Immediate—Runs this task immediately.

Once—Runs this task once at the specified date and time.

Daily—Runs daily at the specified time.

Weekly—Runs weekly on the day of the week and at the specified time.

Monthly—Runs monthly on the day of the month and at the specified time.

The subsequent instances of periodic jobs will run only after the earlier instance of the job is complete.

For example, if you have scheduled a daily job at 10:00 a.m. on November 1, the next instance of this job will run at 10:00 a.m. on November 2 only if the earlier instance of the November 1 job has completed.

If the 10.00 a.m. November 1 job has not completed before 10:00 a.m. November 2, the next job will start only at 10:00 a.m. on November 3.

Date

You can select the date and time (hours and minutes) to schedule.

The Date field is enabled only if you have selected an option other than Immediate in the Run Type field.

Job Information

Approver Comments

Enter comments for the job approver.

This field appears only if you have enabled job approval for Archive Management.

Maker E-Mail

Enter the e-mail-id of the job creator. This is a mandatory field.

This field appears only if you have enabled job approval for Archive Management.

Job Password

If you have enabled the Enable Job Password option and disabled the User Configurable option in the Job Policy dialog box (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) enter the device login user name and password and device Enable password.

If you have enabled the Enable Job Password option and enabled the User Configurable option in the Job Policy dialog box (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) either:

Enter the device login user name and password and device Enable password

Or

Disable the Job Password option in the Job Schedule and Options dialog box.

E-mail

Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.

You can enter multiple e-mail addresses separated by commas.

Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).

We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences). When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.


Step 4 Click Submit.

A message appears, Job resubmitted successfully.

Step 5 Click OK.


Stopping a Config Job

You can stop the following running job types (See Using Archive Management Job Browser for details on the job types):

Put Config

Import Config

Write to Running Config

Write to Startup Config

Copy Running Config to Startup

Copy Startup Config to Running

Reload Device

Config Quick Deploy

Check Compliance and Deploy

Deploy Baseline template

Compliance check


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


To stop a Archive Management job:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Archive Mgmt Jobs.

The Archive Management Jobs dialog box appears.

Step 2 Select a running job and click Stop.

A message appears, Selected job(s) will be stopped.

Step 3 Click OK.


Deleting the Config Jobs

You can delete the job in these status:

Cancelled

Failed

Scheduled

Rejected

Successful

Waiting for Approval

You cannot delete a running job.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


To delete jobs:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Archive Mgmt Jobs.

The Archive Management Jobs dialog box appears.

Step 2 Select a running job and click Delete.

A message appears, Selected job(s) will be deleted.

Step 3 Click OK.


Viewing the Archive Management Job Details

From the Archive Management Jobs window, you can learn more about one job by viewing its details. You can view this details by clicking the Job ID on the Config Job window.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


The Archive Management Job Details window contains the following information:

Page/Folder
Description

Execution Summary

Displays summary of completed job:

Execution Summary—Information about the job status, start time and end time.

Device Summary—Information about the job completion status on the devices you have selected. For example, number of successful devices where the job is executed successfully.

Click on Device Details folder and device status link and on the Device link to see the complete job execution details.

Execution Message (Pre-Execution and Post-Execution)—Information about any e-mails sent.

Device Details

Contains detailed job results for each device. Displays status folders that correspond to possible device status:

Successful Devices—Devices were successfully executed.

Failed Devices—Devices were not successfully executed.

Partially Failed Devices—Job partially failed to run on these devices.

Pending Devices—Job did not try to update devices, even though they were selected.

Not Attempted—Job did not attempt to run on these devices.

Click on Status to see the job details. Details include a record of the entire CLI session between RME and the device. To launch the Device Center, click on the device display name.

When the configuration fetch takes unusually long, this error message appears,

Unable to get results of job execution for device. Please retry the job

This could happen because of slow device response, Network latency, etc.

Work Order

Contains the Summary of the job definition such as,

Detailed information, such as owner, schedule type, and Job Approval state.

Policies configured for the job, such as E-mail Notification and Job Based Password.

Devices on which the job runs. Also, gives details about the commands.

For retried jobs, these job definitions are not updated. For such jobs the original job definitions are retained.


The buttons on the Job Details window are:

Delete—You can delete jobs with the following Job Status:

Cancelled

Failed

Scheduled

Rejected

Successful

Waiting for Approval

You cannot delete a running job.

Stop—You can stop the following running job types (See Using Archive Management Job Browser for details on the job types):

Put Config

Import Config

Write to Running Config

Write to Startup Config

Copy Running Config to Startup

Copy Startup Config to Running

Reload Device

Config Quick Deploy

Check Compliance and Deploy

Deploy Baseline template

Compliance check

Baseline Template

You can identify a set of standardized policy based commands that you would want to have on a set of devices.

You can create a Baseline template which is a set of commands identified through the process of baselining, which contain placeholders for device-specific values to be substituted.

For example:

set vtp domain [name] password [xxx]

set snmp community read-write [Read write community string]

When you add a new device of the same type to the network, you can use the existing Baseline template, which consists of two parts, command and values. You can create configurations for any device of the same type to the network by specifying the values for the variables in the baseline template.

The following section contains:

Features of Baseline Template

Defining Commandsets

Features of Baseline Template

The features of Baseline Template are:

You can use this Baseline template to compare with other device configuration and generate a report that lists all the devices which are non-compliant to the Baseline template.

You can easily deploy the Baseline template to the same category of devices in the network.

You can schedule a compliance check job and deploy the Baseline template onto the non-compliant devices. This can be performed as a single job or as a separate job.

You can import or export a Baseline template. This template is stored in XML format.

The rules for specifying the Baseline templates are:

All the commands that are disallowed should begin with a "-".

All commands that are mandatory should begin with a "+".

Commands that do not begin with (- or +) are considered as comments and ignored.

The command values can be a wildcard match.

+ ip address [ip-address] [netmask]

+ ip address [#10\.76\.38\..*#] [netmask]

+ ip address [#10\.72\..*\..*#] [netmask]

To find a match for any octet in an IP address you must use \..*.

In the examples shown above, the command will apply for all the devices with the IP address starting with 10.76.38.* [netmask] and 10.72.*.* [netmask].

The regular expressions must be enclosed with #.

For example:

snmp-server location [#.*#]

This command will fail compliance check for snmp-server location loc1 loc2 loc3, because the check will be performed only for one word after snmp-server location.

To overcome this, you have to define the command as:

+ [# snmp-server location .*#]

Then the compliance check will be performed for all forms of snmp-server commands like snmp-server location loc1 loc2.....n,etc.

Negation in Regular expressions :

Use Case 1:When there are more than one entry in the Config files.

Commands in Device Config :

logging name1

logging name2

logging name3

Template: +logging [#!name1#]

Details : The negation of the name1 is done which returns true, since there are other logging commands present with other names. So the template is compliant.

Use Case 2: When there is only one entry in the Config files.

Commands in Device Config :

logging name1

Template: +logging [#!name1#]

Details : The negation of the name1 is done which returns False. Since there is no other command with logging statement except "logging name1" , the template is Non-Compliant.

Use Case 3: When there is no logging commands

Commands in Device config :

No logging commands

Template :+ logging [# !name1 #]

Details: First the negation of the name1 is done which returns False. Since there are no login commands, the template is Non-compliant.

The Baseline template uses java.util.regex engine for regular expressions. For more information, see the regex API guide for Java 1.4.2 from Sun:

http://java.sun.com/j2se/1.4.2/docs/api/java/util/regex/Pattern.html

Submode commands are provided only if the commands are to be compared inside a submode.

For example:

interface [#Ethernet.*#]

+ no shutdown

no shutdown command will apply to all interfaces with Ethernet.

Defining Commandsets

The commandsets are a set of one or more CLI commands. You can define a commandset while creating a Baseline template in the Advanced mode.

The features of the commandsets are:

If the commands in commandset are in a submode (ip/interface etc.) a submode command must be specified for such a commandset.

Commandsets can have one or more child commandsets.

Child commandsets inherit parent's sub-mode command.

You can define commandsets that have to be checked before running the actual commands.

The features of the prerequisite commandsets are:

A commandset can have another commandset as its prerequisite.

A prerequisite commandset is used only for comparison and is not deployed onto the device.

A commandset is compared with the config only if its prerequisite condition is satisfied.

The RME evaluates the commandsets in different ways depending on whether you have defined the commandset as Parent or Prerequisite.

For example assume that you have defined two commandsets, commandset1 and commandset2:

Commandset defined as Prerequisite

commandset1 as the Prerequisite of commandset2. While RME evaluates the Baseline template, commandset1 is evaluated first and commandset2 is evaluated next.

If commandset1 does not contain submode and is not present in a device, then commandset2 is not evaluated and the device is displayed in excluded list in compliance report.

If commandset1 contains submode and is not present in applicable submodes , then commandset2 is not evaluated and the device is displayed in excluded list in compliance report.

Commandset defined as Parent

commandset1 as the Parent of commandset2. While RME evaluates the Baseline template, commandset1 is evaluated first and commandset2 is evaluated next.

If either of these commandsets is missing, the template is considered non-compliant.

Baseline Templates Window

This window lists all the user-defined Baseline templates. It also displays the following details of the Baseline template:

Column Name
Description

Name

Name of the Baseline template.

Device Type

Type of the device for which the defined Baseline template can be used.

Description

Description of the Baseline template.

If you have imported Baseline templates, the description given is Imported baseline.

Created On

Displays the Baseline template creation date and time.


You can click on any column (except Baseline Name) to sort the information by that column. If you double-click a heading, the order is reversed.

This window contains the following buttons:

Button
Description

Create

Create a Baseline template.

See Creating a Baseline Template for further details.

Edit

Edit a Baseline template.

This button is activate only after you select a Baseline Name.

See Editing a Baseline Template for further details

Export

Export a Baseline template file.

This button is activate only after you select a Baseline Name.

See Exporting a Baseline Template for further details.

Import

Import a Baseline template file.

See Importing a Baseline Template for further details.

Delete

Delete a Baseline template.

This button is activate only after you select a Baseline Name.

See Deleting a Baseline Template for further details.

Deploy

Deploy a Baseline template.

This button is activate only after you select a Baseline Name.

See Deploying a Baseline Template for further details.

Compliance Check

Perform compliance check with Baseline template.

This button is activate only after you select a Baseline Name.

See Running Compliance Check for further details.


Creating a Baseline Template

You can create a Baseline Template by:

Creating a Basic Baseline Template

Creating an Advanced Baseline Template

There are few example templates which are available. You can use these templates as a base to create new templates.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


Creating a Basic Baseline Template

To create a Basic Baseline template:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates.

The Baseline Templates window appears.

Step 2 Click Create.

The Select Creation Mode dialog box appears.

Step 3 In the Template Details section, select Basic as the mode.

Step 4 Enter the following information:

Field
Description

Name

Name of the Baseline template.

You can enter only alphanumeric characters (including spaces) up to 254 characters. Do not enter any special characters. This includes underscores and hyphens.

Description

Description for the Baseline template. You can enter up to 254 characters.

Device Type Selector

Device family for which you can apply this template.

Click the check box to select the device family.


Step 5 Click Next.

Step 6 The Add Template Details dialog box appears.

Enter the CLI command under the Baseline Template.

CLI Commands

This is a mandatory field.

Enter the CLI commands.

For example:

Routers CLI Commands

+ set snmp community read-write [read-write-community-name-string]

- set snmp community read-only public

Explanation:

The first line is considered as a comments since it does not begin with either "+" or "-".

The second line is mandatory since it begins with "+".

The third line is disallowed since it begins with "-".

In the above example, read-write-community-name-string is a command value. The command value should not contain spaces.


A message appears, Successfully created the template BaselineTemplateName.

Where BaselineTemplateName is the Template Name as given by you.

Step 7 Click OK.

The Baseline Templates window appears with the newly created Baseline template.


Creating an Advanced Baseline Template

To create an Advanced Baseline template:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates.

The Baseline Templates dialog box appears.

Step 2 Click Create.

The select Creation Mode dialog box appears.

Step 3 Select Advance as the mode from the Template Details section.

Step 4 Enter the following information:

Field
Description

Name

Name of the Baseline template.

You can enter only alphanumeric characters (including spaces) up to 254 characters. Do not enter any special characters. This includes underscores and hyphens.

Description

Description for the Baseline template. You can enter up to 254 characters.

Device Type Selector

Device family for which you can apply this template.

Check the check box to select the device family.


Step 5 Click Next.

The Add Template Details dialog box appears.

Step 6 Enter the following information:

Field
Description

Commandset Options

Name

Name of the commandset.

You can enter only alphanumeric characters up to 254 characters. Do not enter any special characters. This includes spaces, underscores and hyphens.

Parent

Enter the parent name for the commandset, if required. This is case sensitive.

You can also use this to logically group the commandsets.

For example: To work on ATM permanent virtual connections (PVCs) commands, you must first get into the interface mode from the global mode and then run the PVC specific-commands.

Commandset 1: ATM

interface [#atm.*#]

+ ip address [ip-addr] [net-mask]

Commandset 2: PVC

[#pvc.*#]

+ encapsulation aal5 [encap-type]

+ abr [output-pcr1] [output-mcr]

+ ubr [output-pcr2]

+ vbr-nrt [output-pcr3] [output-scr] [output-mbs]

+ vbr-rt [peak-rate] [average-rate] [burst]

+ protocol ip [proto-ip] [type]

+ exit

Here, commandset 1 is the parent for commandset 2.

While RME evaluates the Baseline template, commandset1 is evaluated first and commandset2 is evaluated next. If either of these commandsets is missing, the template is considered non-compliant.

Prerequisite

Select the mandatory commandset name that you must enter before running the current commandset.

In the example (See Mark as Prerequisite row), if you had marked commandset 1 as the Prerequisite, you can select commandset 1: IntCheck from the drop-down menu.

Before running the commandset 2, the commandset 1 is run. That is, commandset1 is evaluated first and commandset2 is evaluated next.

If there is no commandset1, commandset2 is not evaluated and the template is considered compliant.

Mark as Prerequisite

1. Select the checkbox to mark a particular commandset as a prerequisite.

For example,

Commandset 1: IntCheck

interface [intname]

+ ip address [#10\.76\.38\..*#] [net-mask]

(To find a match for any octet in an IP address you must use \..*.)

2. Select the Mark as Prerequisite check box for the Commandset 1: IntCheck.

For example,

Commandset 2: IntDownload

interface [intname]

+ no cdp enable

3. Select the Prerequisite from the dropdown menu for the Commandset 2: IntDownload.

If a commandset has a Prerequisite commandset, you cannot select the Mark as Prerequisite check box for that particular commandset.

That is, in the above example, you cannot select the checkbox Mark as Prerequisite for Commandset 2:IntDownload.

CLI Commands

Submode

Enter the command to get into interface mode from the global mode.

For example: interface [intname]

Here, interface is a command keyword and intname is command value. The command value should not contain spaces.

You can also run the command for a set of interfaces.

For example: interface [#Ethernet.*#]

Here, the command will be executed on all the interfaces having Ethernet.

Ordered Set

Select this option to make the system consider the order of the commands while performing compliance check.

In other words, the commands in the device config should appear in the same order as that of the CLI commands definition order in the Command Set.

CLI Commands

Enter the CLI commands.

For example:

# Routers CLI Commands

+ set snmp community read-write [read-write-community-name-string]

- set snmp community read-only public

Explanation:

The first line is considered as a comment since it begins with a "#".

The second line is mandatory as it begins with "+".

The third line is disallowed as it begins with "-".

There should be a space between the commands and the "-" or "+". If there is no space, the commands are considered as comments and ignored.

In the above example, read-write-community-name-string is a command value. The command value should not contain spaces.


If you want to add a new commandset to the template click Add. The CLI Commands window is displayed with the default help comments. These help comments serve as guidelines to create commandsets.

If you want to delete a Commandset from the Command set list, click Delete.

If you want to preview the changes to the Commandset details before finishing up the creation of the template, click Preview. The changed Commandset details is displayed in a window.

If you click Save, for the first time, a message appears,
Do you wish to create a new template?.

If you click Save, for the second time, a message appears,
Successfully updated the template BaselineTemplateName.

If the Commandsets consist of Prerequisite commandset then these commandsets appear in red color in the Preview details.

If you want to reset the changes made to a Commandset, click Reset

Step 7 Click OK.

A message appears,

Successfully created the template BaselineTemplateName.

Where BaselineTemplateName is the name of the Baseline Template.

Step 8 Click OK.

If you want to add one more commandset repeat this procedure from Step 4.

Step 9 Click Finish.

A message appears,

Do you wish to save the changes?.

Step 10 Click OK.

A message appears,

Successfully created the template.

Step 11 Click OK.

The Baseline Configs window appears with all the available Baseline templates.


Creating an Advanced Baseline Template— Example

Example 1

This is a procedure to create a Baseline template to disable CDP on an interface that belongs to a specific subnet.


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates.

The Baseline Templates dialog box appears.

Step 2 Click Create.

The Select Creation Mode dialog box appears.

Step 3 Select Advanced and click Next.

The Create a Baseline dialog box appears.

Step 4 Enter the following information:

Field
User data

Template Name

DisablingCDP

You can enter only alphanumeric characters up to 254 characters. Do not enter any special characters except underscores.

Device Type

Routers

Description

Baseline Template for DisablingCDP

Commandset Option

Name

PrerequisiteCheck.

You can enter only alphanumeric characters up to 254 characters. Do not enter any special characters. This includes spaces, underscores and hyphens.

Parent

Global

Prerequisite

Do not select any value.

Mark as Prerequisite

Select the check box to mark the commandset as prerequisite.

CLI Commands

Submode

interface [intname]

Where, intname is a variable. The variables should not contain spaces.

Ordered Set

Select this so that the system considers ordering of commands while performing compliance check.

CLI Commands

+ ip address [#10\.76\.38\...*#] [netmask]

To find a match for any octet in an IP address you must use \..*.

This checks for subnet mask with IP address starting from 10.76.38.*.


Step 5 Click Save.

A confirmation message appears that the template will be created.

Step 6 Click OK.

A confirmation message appears that the template is created.

Step 7 Click OK.

To add another commandset within the same Baseline template, Disabling-CDP, enter the following information.

Field
User data
Commandset Option

Name

DisableCDP.

You can enter only alphanumeric characters up to 254 characters. Do not enter any special characters. This includes spaces, underscores and hyphens.

Parent

Global

Prerequisite

Select the PrerequisiteCheck from the dropdown menu.

Mark as Prerequisite

Do not select the checkbox.

CLI Commands

Submode

interface [intname]

Ordered Set

Select this so that the system considers ordering of commands while performing compliance check.

CLI Commands

+ no cdp enable

This will disable the CDP in all the interfaces even if any one interface contains the subnet mask starting with IP address 10.76.38.*.


Step 8 Click Save.

A confirmation message appears that the template is updated.

Step 9 Click OK.

Step 10 Click Finish.

A confirmation message appears that the template will be saved.

Step 11 Click OK.

A confirmation message appears that the template is updated.

Step 12 Click OK.

The Baseline Configs window appears with the details of Disabling-CDP Baseline template.


Example 2

This is a procedure to create an Advanced Baseline Template to check the presence of the command "ip address 10.77.209.8 255.255.255.224" in the Ethernet interfaces which has cdp disabled.


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates.

The Baseline Templates dialog box appears.

Step 2 Click Create.

The Select Creation Mode dialog box appears.

Step 3 Select Advanced and click Next.

The Create a Baseline dialog box appears.

Step 4 Enter the following information:

Field
User data

Template Name

CheckIPTemplate

You can enter only alphanumeric characters up to 254 characters. Do not enter any special characters except underscores.

Device Type

Routers

Description

Baseline Template for Interface level check.

Commandset Option

Name

PrerequisiteCheck.

You can enter only alphanumeric characters up to 254 characters. Do not enter any special characters. This includes spaces, underscores and hyphens.

Parent

Do not enter anything.

Prerequisite

Do not select any value.

Mark as Prerequisite

Select the check box to mark the commandset as prerequisite.

CLI Commands

Submode

interface [#Ethernet.*#]

Ordered Set

Do not select the checkbox.

CLI Commands

+ no cdp enable


Step 5 Click Save.

A confirmation message appears that the template will be created.

Step 6 Click OK.

A confirmation message appears that the template is created.

Step 7 Click OK.

To add another commandset within the same Baseline template, CheckIPTemplate, enter the following information.

Field
User data
Commandset Option

Name

IPCheck.

You can enter only alphanumeric characters up to 254 characters. Do not enter any special characters. This includes spaces, underscores and hyphens.

Parent

PrerequisiteCheck

Submode

Do not enter anything

Prerequisite

Select the PrerequisiteCheck from the dropdown menu.

Mark as Prerequisite

Do not select the checkbox.

CLI Commands

Submode

Do not enter anything

Ordered Set

Do not select the checkbox.

CLI Commands

+ ipaddress 10.77.209.8 255.255.255.224

The above command will be deployed in the Ethernet interfaces which have the CDP disabled.


Step 8 Click Save.

A confirmation message appears that the template is updated.

Step 9 Click OK.

Step 10 Click Finish.

A confirmation message appears that the template will be saved.

Step 11 Click OK.

A confirmation message appears that the template is updated.

Step 12 Click OK.

The Baseline Configs window appears with the details of CheckIPTemplate Baseline template.


Editing a Baseline Template

You can edit all the Baseline template fields except for Template Name.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


To edit the Baseline templates:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates.

The Baseline Templates dialog box appears.

Step 2 Select a Baseline template.

Step 3 Click Edit.

The Select Creation Mode dialog box appears. The mode that you have selected while creating the Baseline template is retained. You cannot change this mode.

You can provide a description in the Description text field.

You can select or deselect devices in the Device Type Selector listbox.

Step 4 Click Next.

The Add Template Details dialog box appears.

Step 5 Select the commandset which you want to edit.

Step 6 Edit the required information.

See Creating an Advanced Baseline Template for more information on field descriptions for the fields that appear in the Add Template Details dialog box.

Step 7 Click Finish.

A message appears, Template is modified. Do you wish to save the changes?

Step 8 Click OK.

A notification appears, Successfully updated the template BaselineTemplateName.

Step 9 Click OK to save changes.


Exporting a Baseline Template

You can export a Baseline template. The exported file is in XML format.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


To export a Baseline Template:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates.

The Baseline Templates dialog box appears.

Step 2 Select one or many Baseline templates and click Export.

The Export a Baseline Template dialog box appears.

Step 3 Either:

Enter the folder name. The file will be exported on the RME server.

or

a. Click Browse.

The Server Side File Browser dialog box appears.

b. Select a folder.

c. Click OK.

Step 4 Click OK.

A message appears, Template exported as \User_Specificed_Directory\Template Name.xml

The naming convention followed for the baseline parameter file is Template Name.xml.

The file will be exported on the RME server at the specified path.


Importing a Baseline Template

To import a Baseline Template:


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.



Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates.

The Baseline Templates dialog box appears.

Step 2 Select a Baseline template and click Import.

The Import a Baseline Template dialog box appears.

Step 3 Enter the name of the Template file.

The file will be imported.

or

a. Click Browse.

The Server Side File Browser dialog box appears.

b. Select the XML file.

c. Click OK.

Step 4 Click OK.

A message appears, Template successfully imported.

Step 5 Click OK.

The imported file appears in the Baseline Templates window with the description, Imported baseline.


Deleting a Baseline Template

To delete a baseline template:


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.



Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates.

The Baseline Templates dialog box appears.

Step 2 Select one or more Baseline templates and click Delete.

A message appears, The selected Template will be permanently deleted.

Step 3 Click OK.

A message appears, Successfully deleted the template.

Step 4 Click OK.

The selected Baseline Template is removed from the Baseline Templates window



Note You can delete Example Templates.


Deploying a Baseline Template

When you add a new device of the same type to the network, you can use the existing Baseline template. This template consists of two parts, command and values.

You can create configurations for any device of the same type to the network by specifying the values for the variables in the Baseline template.

You can deploy Baseline template on the RME devices in two ways:

User Interface (See Deploying a Baseline Template Using User Interface for the procedure.)

File System (See Deploying a Baseline Template Using File System for the procedure.)


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


Deploying a Baseline Template Using User Interface

To deploy a Baseline template using User Interface:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates.

The Baseline Templates dialog box appears.

Step 2 Select a Baseline template and click Deploy.

The Deploy Input Options dialog box appears.

Step 3 Select Enter Data From User Interface and click Next.

The Select Devices dialog box appears.

The device list contains only that particular Device Type devices that you have selected while creating the Baseline Template.

For example, if you have selected Device Type as Router, only routers are listed.

Step 4 Select devices under the following tabs:

In the All tab,

Devices are grouped under All Applicable Devices and All Applicable Device Groups. All Applicable Device Groups categories devices under Routers, Switches, and so on.

In the Search Results tab,

The results of simple search and advanced search are listed here. For details on Search, see Using RME Device Selector, page 3-68

In the Selection tab,

All the devices that are selected are listed and you can deselect the devices.

Step 5 Click Next.

The Commands Generation dialog box appears.

Step 6 Perform the following tasks:

Field Name
Description and Action

Device list

This pane lists the selected devices that you have selected in the Select Devices dialog box.

Select the device for which you want to deploy the Baseline template.

Edit

Select a device from the device drop down list and click on Edit button to edit information for the device.

Save

Click Save to save the changes made for the selected device.

You can change the details for multiple devices in one go, by using the Save button.

Device

The selected device in the Device List pane is displayed in this text box.

Commandsets

The pane contains all the commandsets that are defined in the Baseline template.

Select a commandset.

While creating the Baseline template, if you have defined the multiple occurrences as the commandset feature, after selecting that particular commandset, the Add Instance button is activated.

Add Instance

This button is activate only if you have selected a commandset with multiple occurrences.

The occurrences of a commandset are defined while creating the Baseline template.

When you click on the Add Instance button, one more instance of multiple commandset is added in the Commandsets pane.

Enter the command value for that commandset in the Device Data pane.

Delete Instance

Use the Delete Instance button to delete the instance after selecting the instance from the Commanlets pane. You can select one or more instances and click on the Delete Instance button to delete the instances.

You can delete the selected instances. The exception being that atleast one instance of the commandlet is available.

Templates

The pane contains the CLI commands for the selected commandset.

You cannot modify the commands in this pane.

Device Data

The field displays the command values that you have defined in your Baseline template.

The command value is appended with a unique number.

Enter the command value.

For example: If your Baseline template contains this command:

Interface [#Ethernet[.*]#]

+ no shutdown

Then, #Ethernet[.*]# is the command value.

The Device Data field names appear as:

#Ethernet.*[0]

If the commandset is a prerequisite commandset, you do not need to specify parameter values for the Device data field as they are not deployed.


Step 7 Click Next.

The Job Schedule dialog box appears.

Step 8 Enter the following information:

Field
Description
Scheduling

Run Type

You can specify when you want to run the Baseline template deploy job.

To do this, select one of these options from the drop-down menu:

Immediate—Runs this task immediately.

Once—Runs this task once at the specified date and time.

Daily—Runs daily at the specified time.

Weekly—Runs weekly on the day of the week and at the specified time.

Monthly—Runs monthly on the day of the month and at the specified time.

The subsequent instances of periodic jobs will run only after the earlier instance of the job is complete.

For example, if you have scheduled a daily job at 10:00 a.m. on November 1, the next instance of this job will run at 10:00 a.m. on November 2 only if the earlier instance of the November 1 job has completed.

If the 10.00 a.m. November 1 job has not completed before 10:00 a.m. November 2, the next job will start only at 10:00 a.m. on November 3.

Date

You can select the date and time (hours and minutes) to schedule.

The Date field is enabled only if you have selected an option other than Immediate in the Run Type field.

Job Info

Job Description

Enter a description for the job. This is mandatory. You can enter only alphanumeric characters.

E-mail

Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.

You can enter multiple e-mail addresses separated by commas.

Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).

We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences). When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.

Job Options

Approver Comments

Enter comments for the job approver.

This field appears only if you have enabled job approval for Archive Management.

Maker E-Mail

Enter the e-mail-id of the job creator. This is a mandatory field.

This field appears only if you have enabled job approval for Archive Management.

Copy Running Config to Startup

Select to cause job to write the running configuration to the startup configuration on each device after configuration changes are made successfully.

Does not apply to Catalyst OS devices.

Job Password

If you have enabled the Enable Job Password option and disabled the User Configurable option in the Job Policy dialog box (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) enter the device login user name and password and device Enable password.

If you have enabled the Enable Job Password option and enabled the User Configurable option in the Job Policy dialog box (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) either:

Enter the device login user name and password and device Enable password

Or

Disable the Job Password option in the Job Schedule and Options dialog box.


Step 9 Click Next.

The Work Order dialog box appears with job details that you have entered.

Step 10 Click Finish.

A message appears, Job JobID is created successfully.

Where JobID is a unique Job number.

Step 11 Click OK.

You can check the status of your scheduled job using Config Mgmt > Archive Mgmt > Archive Mgmt Jobs. The Job Type for this deploy job is Deploy Baseline template result.


Deploying a Baseline Template Using File System

You can deploy a Baseline template using the Baseline Parameter file.

You can generate this parameter file using Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates > View (button).

See Exporting a Baseline Template for further information.

To deploy a Baseline template using File System:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates.

The Baseline Templates dialog box appears.

Step 2 Select a Baseline template and click Deploy.

The Deploy Input Options dialog box appears.

Step 3 Select Enter Data From File System and click Next.

The Select Input File dialog box appears.

Step 4 Enter the folder name and the file name with the file format extension XML.

or

a. Click Browse.

The Server Side File Browser dialog box appears.

b. Select the XML file.

c. Click OK.

The Select Input File dialog box appears with the selected Baseline Parameter file.

Step 5 Click Next.

The Job Schedule dialog box appears.

Step 6 Enter the following information:

Field
Description
Scheduling

Run Type

You can specify when you want to run the Baseline template deploy job.

To do this, select one of these options from the drop-down menu:

Immediate—Runs this task immediately.

Once—Runs this task once at the specified date and time.

Daily—Runs daily at the specified time.

Weekly—Runs weekly on the day of the week and at the specified time.

Monthly—Runs monthly on the day of the month and at the specified time.

The subsequent instances of periodic jobs will run only after the earlier instance of the job is complete.

For example, if you have scheduled a daily job at 10:00 a.m. on November 1, the next instance of this job will run at 10:00 a.m. on November 2 only if the earlier instance of the November 1 job has completed.

If the 10.00 a.m. November 1 job has not completed before 10:00 a.m. November 2, the next job will start only at 10:00 a.m. on November 3.

Date

You can select the date and time (hours and minutes) to schedule.

The Date field is enabled only if you have selected an option other than Immediate in the Run Type field.

Job Info

Job Description

Enter a description for the job. This is mandatory. You can enter only alphanumeric characters.

E-mail

Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.

You can enter multiple e-mail addresses separated by commas.

Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).

We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences). When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.

Job Options

Approver Comments

Enter comments for the job approver.

This field appears only if you have enabled job approval for Archive Management.

Maker E-Mail

Enter the e-mail-id of the job creator. This is a mandatory field.

This field appears only if you have enabled job approval for Archive Management.

Copy Running Config to Startup

Select to make the job to write the Running configuration to the Startup configuration on each device after configuration changes are made successfully.

Does not apply to Catalyst OS devices.

Job Password

If you have enabled the Enable Job Password option and disabled the User Configurable option in the Job Policy dialog box (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) enter the device login user name and password and device Enable password.

If you have enabled the Enable Job Password option and enabled the User Configurable option in the Job Policy dialog box (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) either

Enter the device login user name and password and device Enable password

Or

Disable the Job Password option in the Job Schedule and Options dialog box.


Step 7 Click Next.

The Work Order dialog box appears with job details that you have entered.

Step 8 Click Finish.

A message appears, Job JobID is created successfully.

Where JobID is a unique Job number.

If you have specified incorrect filename/XML file format or if the hostname field is not updated, an error message appears, Specified file could not be read. Please specify a valid file name.

See Exporting a Baseline Template for further information.

Check the XML file format or update the hostname field and restart this procedure from Step 2.

Step 9 Click OK.

You can check the status of your scheduled job using Config Mgmt > Archive Mgmt > Archive Mgmt Jobs. The Job Type for this deploy job is Deploy Baseline template result.


Using Baseline Jobs

You can check the status of the Baseline jobs using Config Mgmt > Archive Mgmt > Baseline Templates > Baseline Jobs.

This window contains the following information:

Field Name
Description

Job ID

Unique number assigned to the job when it is created.

For periodic jobs such as Daily, Weekly, etc., the job IDs are in the number.x format. The x represents the number of instances of the job. For example, 1001.3 indicates that this is the third instance of the job ID 1001.

Description

Job description entered during job definition.

Compliant/Deployed Device(s)

Displays how many devices are complaint out of total number of devices that were selected while creating the compliance job.

Click on the link to view the Baseline Compliance Report (see Understanding the Baseline Compliance Report).

Status

Status of the job. The displayed job states are Successful, Failed, and Running.

The jobs may have failed either because:

The device configuration is not archived.

Or

The device is not reachable.

The further details of the failed job is given in the Config Mgmt > Archive Mgmt > Archive Mgmt Jobs (see Using Archive Management Job Browser).

You can also check the status of the Baseline job at Config Mgmt > Archive Mgmt > Archive Mgmt Jobs (see Using Archive Management Job Browser).


The Compliance Jobs window contains the following buttons:

Buttons
Description

Deploy

You can schedule a job to deploy the standard configuration to all non-compliance devices.

This button is activate only after selecting a Compliance Jobs.

See Deploying the Commands.

Delete

You can delete the compliance jobs.

This button is activate only after selecting a Compliance Jobs.

See Deleting the Compliance Jobs


Refresh

(Icon)

Click on this icon to refresh the Compliance Jobs Window.


Running Compliance Check

To execute a compliance check:


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.



Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates.

The Baseline Templates dialog box appears.

Select the template and click Compliance Check.

The Select Devices dialog box appears.

Step 2 Select either:

Device Selector, if you want to schedule a job for static set of devices. See Using RME Device Selector for information on how to use RME Device Selector.

Or

Group Selector, if you want to schedule a job for dynamic group of devices.

The job is scheduled only for the devices that are present in the selected group at the time when the job is run. The customizable group selector for jobs evaluate static groups also as dynamic during run time.

Step 3 Click Next.

The Schedule dialog box appears.

Step 4 Enter the following information:

Field
Description
Scheduling

Run Type

You can specify when you want to run the Baseline template compliance job.

To do this, select one of these options from the drop-down menu:

Immediate—Runs this task immediately.

Once—Runs this task once at the specified date and time.

Daily—Runs daily at the specified time.

Weekly—Runs weekly on the day of the week and at the specified time.

Monthly—Runs monthly on the day of the month and at the specified time.

The subsequent instances of periodic jobs will run only after the earlier instance of the job is complete.

For example, if you have scheduled a daily job at 10:00 a.m. on November 1, the next instance of this job will run at 10:00 a.m. on November 2 only if the earlier instance of the November 1 job has completed.

If the 10.00 a.m. November 1 job has not completed before 10:00 a.m. November 2, the next job will start only at 10:00 a.m. on November 3.

Date

You can select the date and time (hours and minutes) to schedule.

The Date field is enabled only if you have selected an option other than Immediate in the Run Type field.

Job Info

Job Description

Enter a description for the job. This is mandatory. You can enter only alphanumeric characters.

E-mail

Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.

You can enter multiple e-mail addresses separated by commas.

Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).

We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences). When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.

Job Options

Check compliance and deploy

Enable this to check the compliance of the archived file with that of the Baseline template and deploy the commands if it non-compliant.

Copy Running Config to Startup

This option is active only if you select the Check compliance and deploy option.

Select to make the job to write the Running configuration to the Startup configuration on each device after configuration changes are made successfully.

Does not apply to Catalyst OS devices.

Job Password

If you have enabled the Job Password option and disabled the User Configurable option in the Job Policy dialog box (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) enter the device login user name and password and device Enable password.

If you have enabled the Enable Job Password option and enabled the User Configurable option in the Job Policy dialog box (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) either:

Enter the device login user name and password and device Enable password

Or

Disable the Job Password option in the Job Schedule and Options dialog box.


Step 5 Click Next.

The Job Work Order window appears with the job details that you have selected.

Step 6 Click Finish.

A message appears, Job JobID is created successfully.

Where JobID is a unique Job number.

Step 7 Click OK.

You can check the status of your scheduled job by selecting Config Mgmt > Archive Mgmt > Baseline Template > Compliance or Config Mgmt > Archive Mgmt > Archive Mgmt Jobs.


Understanding the Baseline Compliance Report

The Baseline Compliance Report contains the following information:

Field Name
Description
Summary

Template Name

Name of the Baseline template entered at the time of creating the Baseline template.

Number of Non-Compliant device(s)

Number of devices that are non-compliant.

Number of Compliant device(s)

Number of devices that are compliant.

Number of Excluded device(s):

List of devices where the job did not run. The jobs may have failed either because:

The device configuration was not archived.

Or

The device was not reachable.

The further details of the failed job is given in the Config Mgmt > Archive Mgmt > Archive Mgmt Jobs (See Using Archive Management Job Browser).

Compliant Devices

Device Name

Device Display Name as entered in Device and Credential Repository.

Latest Version

Version of configuration file against which the compliance was checked.

Click on the version to display Config Viewer (see Understanding the Config Viewer Window). This shows the contents of corresponding configuration file against which the compliance was checked.

Created On

Date and time configuration file was created.

Non-Compliant Devices

Device Name

Device Display Name as entered in Device and Credential Repository.

Latest Version

Version of configuration file against which the compliance was checked.

Click on the version to display Config Viewer (see Understanding the Config Viewer Window). This shows the contents of corresponding configuration file against which the compliance was checked.

Created On

Date and time configuration file was created.

Command(s) to Deploy

List the commands where the device configuration is non-compliant.

Excluded Devices

Device Name

Device Display Name as entered in Device and Credential Repository.

Reason for Exclusion

Displays the cause for exclusion.


In addition, this report contains two buttons:

Button
Description

Export to File

(Icon)

Exports this report in either PDF or CSV format.

Print

(Icon)

Generates a format that can be printed.


Deploying the Commands

You can deploy the commands on the devices that are non-complaint.

Before you use this Deploy button, you must run the Compliance Report,

If there are any non-complaint device, you must select the relevant compliance job and deploy the baseline template.

If there are no non-complaint device and if you click on the Deploy button, a message appears,

Could not deploy selected Job.
Reason: No Non-Compliant devices present in the report.

Click on the Job ID to view the Baseline Compliance Report. See Understanding the Baseline Compliance Report for further details.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


To deploy the commands:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates > Compliance.

The Compliance Jobs dialog box appears.

Step 2 Select a Compliance Job.

Step 3 Click Deploy.

The Substitute Parameters for Devices dialog box appears.

Step 4 Perform the following:

Field Name
Description and Action

Device list

The list contains all the devices which are non-complaint.

Select a device.

Device

The selected device in the Device List pane appears in this text box.

Commandsets

The pane contains all the commandsets that are defined in the Baseline template.

In the Baseline template, if you have defined the multiple occurrences as the commandset feature then based on the compliance check, the commandset will appear more than once.

Select a commandset.

Templates

The pane contains the CLI commands for the selected commandset.

You cannot modify the commands in this pane.

Device Data

The field displays the command values that you have defined in your Baseline template.

The command value is appended with a unique number.

Enter the command value.

For example: If your Baseline template contains this command:

+ ip address [#10\.76\.38\..*#] [netmask]

Then, #10\.76\.38\..*# and netmask are the command values.

The Device Data field names appear as:

#10\.76\.38\..*#[1000]

netmask[1000]


If you have more than one device to deploy then you have to repeat Step 4 for all the devices.

Step 5 Click Next.

The Job Schedule dialog box appears.

Step 6 Enter the following information:

Field
Description
Scheduling

Run Type

You can specify when you want to run the deploy configuration job.

To do this, select one of these options from the drop-down menu:

Immediate—Runs this task immediately.

Once—Runs this task once at the specified date and time.

Date

You can select the date and time (hours and minutes) to schedule.

The Date field is enabled only if you have selected an option other than Immediate in the Run Type field.

Job Info

Job Description

Enter a description for the job. This is mandatory. You can enter only alphanumeric characters.

E-mail

Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.

You can enter multiple e-mail addresses separated by commas.

Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).

We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences). When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.

Job Options

Approver Comments

Enter comments for the job approver.

This field appears only if you have enabled job approval for Archive Management.

Maker E-Mail

Enter the e-mail-id of the job creator. This is a mandatory field.

This field appears only if you have enabled job approval for Archive Management.

Copy Running Config to Startup

Select to make the job to write the Running configuration to the Startup configuration on each device after configuration changes are made successfully.

Does not apply to Catalyst OS devices.

Job Password

If you have enabled the Enable Job Password option and disabled the User Configurable option in the Job Policy dialog box (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) enter the device login user name and password and device Enable password.

If you have enabled the Enable Job Password option and enabled the User Configurable option in the Job Policy dialog box (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) either:

Enter the device login user name and password and device Enable password

Or

disable the Job Password option in the Job Schedule and Options dialog box.


Step 7 Click Next.

The Work Order dialog box appears with job details that you have entered.

Step 8 Click Finish.

A message appears, Job ID is created successfully.

Where ID is a unique Job number.

Step 9 Click OK.

You can check the status of your scheduled job using Config Mgmt > Archive Mgmt > Archive Mgmt Jobs. The Job Type for this deploy job is Deploy Baseline comparison result.


Deleting the Compliance Jobs

You can delete the job that have been completed or stopped. You cannot delete a running job.


Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.


To delete Compliance jobs:


Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates > Compliance.

The Compliance Jobs dialog box appears.

Step 2 Select a job and click Delete.

A message appears, The selected job will be deleted.

Step 3 Click OK.

The selected Compliance job is removed from the Compliance Jobs window.


You can also delete the compliance jobs from Config Mgmt > Archive Mgmt > Archive Mgmt Jobs window (see Using Archive Management Job Browser)