Table Of Contents
Archiving Configurations and Managing Them Using Archive Management
Preparing to Use the Archive Management
Entering Device Credentials
Modifying Device Configurations
Enabling rcp
Enabling scp
Enabling https
Configuring Devices to Send Syslogs
Modifying Device Security
Router Commands
Switches Commands
Content Networking—Content Service Switch Commands
Content Networking—Content Engine Commands
Cisco Interfaces and Modules—Network Analysis Modules
Security and VPN—PIX Devices
Using Job Approval for Archive Management
Configuring Transport Protocols
Requirements to Use the Supported Protocols
Supported Protocols for Configuration Management Applications
Defining the Protocol Order
Configuring Default Job Policies
Defining the Default Job Policies
Usage Scenarios When Job Password is Configured on Devices
Setting Up Archive Management
Moving the Configuration Archive Directory
Enabling and Disabling the Shadow Directory
Configuring Exclude Commands
Configuring Fetch Settings
Understanding Configuration Retrieval and Archival
Timestamps of Configuration Files
How Running Configuration is Archived
Change Audit Logging
Defining the Configuration Collection Settings
Purging Configurations from the Configuration Archive
Checking Configuration Archival Status
Configuration Archival Reports
Successful Devices Report
Failed Devices Report
Partially Successful Devices Report
Scheduling Sync Archive Job
Generating an Out-of-Sync Report
Scheduling Sync on Device Job
Using the Configuration Version Tree
Understanding the Config Viewer Window
Viewing the Configuration Version Summary
Configuration Quick Deploy
Performing a Configuration Quick Deploy
Configuring Labels
Creating a Label
Editing a Labeled Configuration
Viewing the Labeled Configuration
Deleting the Labeled Configuration
Using Search Archive
Creating a Custom Query
Running a Custom Query
Editing a Custom Query
Deleting the Custom Queries
Searching Archive
Search Archive Result
Device Configuration Quick View Report
Comparing Configuration
Comparing Startup vs. Running Configurations
Comparing Running vs. Latest Archived Configurations
Comparing Two Configuration Versions of the Same Device
Compare Two Configuration Versions of Different Devices
Understanding the Config Diff Viewer Window
Using Archive Management Job Browser
Retrying a Config Job
Stopping a Config Job
Deleting the Config Jobs
Viewing the Archive Management Job Details
Baseline Template
Baseline Templates Window
Creating a Baseline Template
Creating a Basic Baseline Template
Creating an Advanced Baseline Template
Creating an Advanced Baseline Template—An Example
Editing a Baseline Template
Exporting a Baseline Template
Importing a Baseline Template
Deleting a Baseline Template
Deploying a Baseline Template
Deploying a Baseline Template Using User Interface
Deploying a Baseline Template Using File System
Using Baseline Jobs
Running Compliance Check
Understanding the Baseline Compliance Report
Deploying the Commands
Deleting the Compliance Jobs
Archiving Configurations and Managing Them Using Archive Management
The Archive Management application maintains an active archive of the configuration of devices managed by RME. It enables you to perform the following tasks:
•
Fetch, archive, and deploy device configurations.
•Search and generate reports on archived data
•Compare and label configurations, compare configurations with a baseline, and check for compliance.
You can also perform some of the Archive Management tasks using command line utility cwcli config.
You can also export the configuration data using the
cwcli export config command. See Using cwcli Commands for further details on cwcli config and cwcli export config commands.
This chapter gives information on performing:
•Archive Management tasks (see Performing Archive Management Tasks for details).
•Archive Management administrative tasks (see Performing Archive Management Administrative Tasks for details).
•Configuration Management administrative tasks (see Performing Configuration Management Administrative Tasks for details).
Performing Archive Management Tasks
Archive Management allows you to:
•Update the archive
In addition to scheduling configuration archive update, you can also update the archive manually. This ensures that you have the latest configurations.
See Scheduling Sync Archive Job and Defining the Configuration Collection Settings for further details.
•Check archival status
You can check the overall status of the configuration archive (For example, Successful, Partially Successful, etc.).
See Checking Configuration Archival Status for further details.
•Determine out-of-sync configuration files
You can list the devices for which running configurations are out-of-sync- with the startup configuration.
See Generating an Out-of-Sync Report and Scheduling Sync on Device Job for further details.
•View Version Tree
You can view all configuration versions of selected devices in the form of a graphical display.
See Using the Configuration Version Tree for further details.
•View Version Summary
You can view the latest three archived configurations for selected devices. It also has a link to view a particular configuration running on the device and to generate differences between versions in the archive.
See Viewing the Configuration Version Summary for further details.
•Search for device configuration files
You can search the archive for configuration containing text patterns for selected devices.
See Using Search Archive for further details.
•Create custom configuration queries (See Creating a Custom Query.)
You can create and run custom queries that generate reports. These reports display device configuration files from the archive for the devices you specify. You can use custom queries while searching archives.
•Compare configurations
You can compare startup and running configurations, running and latest archived configurations. You can also compare two configuration versions of the same device, or two configuration versions of different devices.
See Comparing Configuration for further details.
•Configuration Quick Deploy
You can create an immediate job to deploy the version of configuration that you are viewing on the device. You can deploy the configuration either in the Overwrite or Merge mode. You can also use job-based password.
See Configuration Quick Deploy for further details.
•Archive Management Job Browser
You can see the status of your Archive Management jobs.
See Using Archive Management Job Browser for further details.
•Label Configuration
You can select configuration files from different managed devices and then group and label them.
See Configuring Labels for further details.
•Baseline Template
You can compare the baseline template with the configuration of devices in the archive. You can also generate a non-compliance configuration report and deploy this template onto the devices to make it compliant.
See Baseline Template for further details.
•Set the debug mode for Archive Management application
You can set the debug mode for Archive Management application in the Log Level Settings dialog box (Resource Manager Essentials > Admin > System Preferences > Loglevel Settings).
See Log Level Settings for further details.
•Using Device Center you can perform these Archive Management tasks:
–Viewing the latest configuration archived details
–Viewing the differences between the two archived running configuration
–Updating the configuration archive
See RME Device Center for further details.
Performing Archive Management Administrative Tasks
The administrative tasks for Archive Management are:
•Modify configuration collection and polling settings
You can enable or disable the configuration collection and polling tasks. You can also schedule a periodic job for configuration collection and polling.
See Defining the Configuration Collection Settings for further details.
•Move the configuration archive directory (See Moving the Configuration Archive Directory.)
You can move the configuration archive directory to a new location.
•Enable and disable the Shadow directory (See Enabling and Disabling the Shadow Directory.)
You can enable or disable the use of the Shadow directory.
The configuration archive Shadow directory is an image of the most recent configurations gathered by the configuration archive. You can use the shadow directory as an alternative method to get the latest configuration information programmatically, using scripts or other means.
•Configure Exclude Commands (See Configuring Exclude Commands.)
You can list the commands that have to be excluded while comparing configuration.
•Purge configurations files from the archive (See Purging Configurations from the Configuration Archive.)
You can enable or disable the purge task and also modify the schedule. This frees disk space and maintains your archive at a manageable size.
You need to set up your devices for the configuration archive. See Preparing to Use the Archive Management.
Performing Configuration Management Administrative Tasks
The administrative tasks for configuration Management (applicable to Archive Management, Config Editor, cwcli config, and NetConfig) are:
•Configure Transport Protocol (See Configuring Transport Protocols.)
You can set the transport protocol order for Archive Mgmt, NetConfig, and Config Editor jobs.
•Config Job Policies (See Configuring Default Job Policies.)
You can enable the job password policy for Archive Mgmt, NetConfig, Config Editor, and cwcli config. You can also configure the default job policies if the job fails.
For the new features in this release, see What's New in this Release.
Preparing to Use the Archive Management
Before you start using the Archive Management, you must:
•Enter Device Credentials (See Entering Device Credentials for details)
•Modify Device Configurations (See Modifying Device Configurations for details)
•Modify Device Security (See Modifying Device Security for details)
Entering Device Credentials
Enter the following device credentials in the Device and Credentials window (Common Services > Device and Credentials > Device Management):
•Read and write community strings
•Primary Username and Password
•Primary Enable Password
If you have enabled the Enable Job Password option in the Config Job Policy dialog box ((Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) when you scheduled the Config jobs, you are prompted for the following device credentials:
•Login User name
•Login Password
•Enable Password
The supported Device authentication prompts are:
•Routers
"Username:", "Username: "
"Password:", "Password: "
•Switches
"username: ", "Username: "
"password: ", "Password: "
•Cisco Interfaces and Modules—Network Analysis Modules
"login: "
"Password: " "password: "
•Security and VPN—PIX
"username: ", "Username: "
"passwd: ", "password: ", "Password: "
•Content Networking—Content Service Switch
"Username: ", "username: ", "login: ","Username:" , "username:" , "login:"
"Password: ", "password: ", "passwd: ","Password:" , "password:" , "passwd:"
•Content Networking—Content Engine
"Username: " ,"login: "
"Password: "
•Storage Networking—MDS Devices
"Username:", "Username: "
"Password:", "Password: "
Note If you enabled TACACS for a device and configured custom TACACS login and passwords prompts, you may experience Telnet problems, since RME may not recognize the prompts. To make your prompts recognizable, you must edit the TacacsPrompts.ini file. See the procedure given in the Handling Custom Telnet Prompts section of the User Guide for Common Services.
Modifying Device Configurations
To enable the configuration archive to gather the configurations, modify the device configurations for the following:
•Enabling rcp
•Enabling scp
•Enabling https
•Configuring Devices to Send Syslogs
Enabling rcp
To enable the configuration archive to gather the configurations using the rcp protocol, modify your device configurations.
Make sure the devices are rcp-enabled by entering the following commands in the device configurations:
# ip rcmd rcp-enable
# ip rcmd remote-host local_username {ip-address | host} remote_username [enable]
Where ip_address | host is the IP address/hostname of the machine where RME is installed. Alternatively, you can enter the hostname instead of the IP address. The default remote_username and local_username are cwuser.
Note Disable the DNS security check for rcp if your RME server and devices are not registered with the DNS server. To do this, use the command,
no ip rcmd domain-lookup for rcp to fetch the device configuration.
Enabling scp
To enable the configuration archive to gather the configurations using the scp protocol, modify your device configurations.
To configure local User name:
aaa authentication login default local
aaa authentication enable default none
aaa authorization exec default local
username admin privilege 15 password 0 system
ip ssh authentication-retries 4
To configure TACACS User name:
aaa authentication login default group tacacs+
aaa authentication enable default none
aaa authorization exec default group tacacs+
ip ssh authentication-retries 4
User on the TACACS Server should be configured with priv level 15:
login = cleartext "system"
Enabling https
To enable the configuration archive to gather the configurations using https protocol you must modify your device configurations.
To modify the device configuration, follow the procedure as described in this URL:
http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2284/products_configuration_guide_chapter09186a00801f1d98.html#999607
Configuring Devices to Send Syslogs
Configure your devices for Syslog Analysis if you want the device configurations to be gathered and stored automatically in the configuration archive when Syslog messages are received.
After you perform these tasks and the devices become managed, the configuration files are collected and stored in the configuration archive.
Modifying Device Security
Configuration Management must be able to run certain commands on devices to archive their configurations.
You must disable security on the devices, the configurations of which you want to archive. This is because the security on the device prohibits Configuration Management from running these commands:
•Router Commands
•Switches Commands
•Content Networking—Content Service Switch Commands
•Content Networking—Content Engine Commands
•Cisco Interfaces and Modules—Network Analysis Modules
•Security and VPN—PIX Devices
Router Commands
Command
|
Description
|
terminal length 0
|
Sets the number of lines on the current terminal screen for the current session
|
terminal width 0
|
Sets the number of character columns on the terminal screen for the current line for a session
|
show privilege
|
Displays your current level of privilege
|
Show running
|
Gets running configuration.
|
Show startup
|
Gets startup configuration
|
Show running-brief1
|
Gets the running configuration in brief by excluding the encryption keys.
|
The commands in the above tables also apply to the following device types:
•Universal Gateways and Access Servers
•Universal Gateways and Access Servers
•Optical Networking
•Broadband Cable
•Voice and Telephony
•Wireless
•Storage Networking
Switches Commands
The switches commands are:
Command
|
Description
|
set length 0
|
Configures the number of lines in the terminal display screen
|
set logging session disable
|
Disables the sending of system logging messages to the current login session.
|
write term
|
Gets running configuration.
|
Content Networking—Content Service Switch Commands
The Content Service Switch commands are:
Command
|
Description
|
no terminal more
|
Disables support for more functions with the terminal.
|
show running-config
|
Gets all components of the running configuration.
|
show startup-config
|
Gets the CSS startup configuration (startup-config).
|
Content Networking—Content Engine Commands
The Content Engine commands are:
Command
|
Description
|
terminal length 0
|
Sets the number of lines on the current terminal screen for the current session
|
show run
|
Gets running configuration.
|
show config
|
Gets startup configuration.
|
Cisco Interfaces and Modules—Network Analysis Modules
The Network Analysis Modules commands are:
Command
|
Description
|
terminal length 0
|
Sets the number of lines on the current terminal screen for the current session
|
show autostart
|
Displays autostart collections
|
show configuration
|
Gets startup configuration.
|
Security and VPN—PIX Devices
The PIX devices commands are:
Command
|
Description
|
terminal width 0
|
Sets the number of character columns on the terminal screen for the current line for a session
|
show config
|
Gets startup configuration.
|
show running
|
Gets running configuration.
|
show curpriv
|
View the current logged-in user.
|
no pager
|
Removes paging control
|
Using Job Approval for Archive Management
You can enable Job Approval for Archive Management tasks, (Resource Manager Essentials > Admin > Approval > Approval Policies). This means all jobs require approval before they can run.
Only users with Approver permissions can approve Archive Management jobs. Jobs must be approved before they can run if Job Approval is enabled on the system.
For more details on enabling job approval see Setting Up Job Approval in the section Enabling Approval and Approving Jobs Using Job Approval.
The following Archive Management tasks require approval if you have enabled Job Approval:
•Out-of-Sync (Config Mgmt > Archive Mgmt > Out-of-Sync Summary)
•Deploy (Config Mgmt > Archive Mgmt > Baseline Templates and Config Mgmt > Archive Mgmt > Baseline Templates > Compliance)
•Compliance Check (Config Mgmt > Archive Mgmt > Baseline Templates > Compliance)
Only if you enable the Check Compliance and Deploy option in the Job Schedule and Options dialog box.
Sync Archive jobs do not have job Approval enabled because this job only archives the configuration from the device and there is no change to the device configuration.
If you have enabled Approval for Archive Management tasks, then in the Job Schedule and Options dialog box, you get these options:
•Approval Comment—Approval comments for the job approver.
•Maker E-Mail—E-mail-id of the job creator.
Configuring Transport Protocols
You can set the protocol order for Configuration Management applications such as Archive Management, Config Editor, and NetConfig jobs to download configurations and to fetch configurations. For NetShow, you can set the protocol order to download configurations.
This setup allows you to use your preferred protocol order for fetching and downloading the configuration.
The available protocols are:
•Telnet
•TFTP (Trivial File Transport Protocol)
•rcp (remote copy protocol)
•SSH (Secure Shell)
•SCP (Secure Copy Protocol)
•HTTPS (Hyper Text Transfer Protocol Secured)
Requirements to Use the Supported Protocols
If the following requirements are not met, an error message appears.
To use this Protocols
|
You must...
|
Telnet
|
Know Telnet passwords for login and Enable modes for device. If device is configured for TACACS authentication, enter Primary Username and Primary Password.
|
TFTP
|
Know read and write community strings for device.
|
rcp
|
Configure devices to support incoming rcp requests. To make sure the device is rcp-enabled, enter the following commands in the device configuration:
# ip rcmd rcp-enable
# ip rcmd remote-host local_username {ip-address | host} remote_username [enable]
where ip_address | host is the IP address/hostname of the machine where RME is installed. The default remote_username and local_username are cwuser. For example, you can enter:
# ip rcmd remote-host cwuser 123.45.678.90 cwuser enable
Note Disable the DNS security check for rcp if your RME server and devices are not registered with the DNS server. To do this, use the command,
no ip rcmd domain-lookup for rcp to fetch the device configuration.
|
SSH
|
Know the username and password for the device. If device is configured for TACACS authentication, enter the Primary Username and Primary Password.
Know password for Enable modes.
When you select the SSH protocol for the RME applications (Configuration Archive, NetConfig, ConfigEditor, and NetShow) the underlying transport mechanism checks whether the device is running SSHv2.
If so, it tries to connect to the device using SSHv2.
If the device does not run SSHv2 and runs only SSHv1 then it connects to the device through SSHv1.
If the device runs both SSHv2 and SSHv1, then it connects to the device using SSHv2.
If a problem occurs while connecting to the device using SSHv2, then it does not fall back to SSHv1 for the device that is being accessed.
Some useful URLs on configuring SSHv2 are:
•Configuring Secure Shell on Routers and Switches Running Cisco IOS:
http://www.cisco.com/warp/public/707/ssh.shtml
•How to Configure SSH on Catalyst Switches Running Catalyst OS:
http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a0080094314.shtml
•Configuring the Secure Shell Daemon Protocol on CSS:
http://www.cisco.com/en/US/partner/products/hw/contnetw/ps792/
products_configuration_guide_chapter09186a00801eea45.html#1105358
•Configuration Examples and TechNotes:
–http://www.cisco.com/en/US/tech/tk583/tk617/tech_configuration_examples
_list.html
–http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft
123t/123t_4/gt_ssh2.htm
|
SCP
|
Know the SSH username and password for the device.
To make sure the device is scp-enabled, enter the following commands in the device configuration.
To configure local User name:
aaa authentication login default local
aaa authentication enable default none
aaa authorization exec default local
username admin privilege 15 password 0 system
ip ssh authentication-retries 4
To configure TACACS User name:
aaa authentication login default group tacacs+
aaa authentication enable default none
aaa authorization exec default group tacacs+
ip ssh authentication-retries 4
User on the TACACS Server should be configured with privilege level 15:
login = cleartext "system"
|
HTTPS
|
Know the username and password for the device. Enter the Primary Username and Password in the Device and Credential Repository (Common Services > Device and Credentials > Device Management).
To enable the configuration archive to gather the configurations using https protocol you must modify your device configurations:
http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2284/products_configuration_guide_chapter09186a00801f1d98.html#999607
This is used for VPN 3000 device.
|
The configuration archive uses Telnet/SSH to gather the module configurations of Catalyst 5000 family devices and vlan.dat file in case of Catalyst IOS switches. Make sure you enter the correct Telnet and Enable passwords.
If you enabled TACACS for a device and configured custom TACACS login and passwords prompts, you may experience Telnet problems, since RME may not recognize the prompts. To make your prompts recognizable, you must edit the TacacsPrompts.ini file. See the procedure given in the Handling Custom Telnet Prompts section of the User Guide for Common Services.
For module configs, the passwords on the module must be same as the password on the supervisor.
Supported Protocols for Configuration Management Applications
For supported protocol at individual device-level, you can either see:
•The RME device packages Online help. You can launch the RME device packages Online help using Help > Resource Manager Essentials > Device Packages.
or
•The Supported Protocols for Configuration Management table on Cisco.com:
http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_resource_manager_essentials/4.0.3/device_support/table/RME403CM.html
Defining the Protocol Order
The following is the workflow for defining the protocol order for Configuration Management applications to perform either Config fetch or Config update:
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
Step 1 Select Resource Manager Essentials > Admin > Config Mgmt.
The Config Transport Settings dialog box appears.
Step 2 From the first drop-down list box, select the application for which you want to define the protocol order.
Step 3 Select a protocol from the Available Protocols pane and click Add.
If you want to remove a protocol or change the protocol order, you must remove the protocol using the Remove button and add the protocol, again.
The list of protocols that you have selected appears in the Selected Protocol Order pane.
When a configuration fetch or update operation fails, an error message appears. This message displays details about the supported protocol for the particular device and it modules, if there are any.
For the list of supported protocols, see Supported Device Table for Configuration Management application on Cisco.com.
Step 4 Click Apply.
A message appears, New settings saved successfully.
Step 5 Click OK.
Configuring Default Job Policies
Each Configuration Management job has properties that define how the job will run. You can configure a default policy for these properties that applies to all future jobs. You can also specify for each property whether users can change the default when creating a job.
You have the option of entering a username and password for running a specific Archive Management, Config Editor, NetConfig, or NetShow job.
If you enter a username and password, Archive Management, Config Editor, or NetConfig applications use this username and password to connect to the device, instead of taking these credentials from the Device and Credential Repository.
While the job is running, the password is retrieved from the Device and Credential Repository for each of the selected devices.
For example, if the TACACS server is managing the devices, the passwords in the TACACS server and the passwords in the Device and Credential Repository should be synchronized (with every password change).
This option of entering the username and password for running a job is useful in high security installations where device passwords are changed at frequent intervals. In such instances, the passwords may be changed every 60-90 seconds.
To use this option of entering a username and password for running a specific job, you should enable the job password policy for Archive Management, Config Editor, NetConfig, or NetShow jobs.
You can do this by using the Enable Job Password option in the Config Job Policies window.
If you have enabled Enable Job Password option, you can enter these credentials while scheduling a job:
•Login Username
•Login Password
•Enable Password
Defining the Default Job Policies
The following is the workflow for defining the default job policies for Configuration Management applications:
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
Step 1 Select Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies.
The Job Policy dialog box appears.
Step 2 Select the applications.
Step 3 Based on your selection, enter the following information:
Field Name
|
Description
|
Usage Notes
|
Failure Policy
This appears only if you select either Config Editor or NetConfig application.
|
Select what the job should do if it fails to run on the device. You can stop or continue the job, and roll back configuration changes to the failed device or to all devices configured by the job.
You can select one of the options:
•Stop on failure—Stops the job on failure.
•Ignore failure and continue—Continues the job on failure.
•Rollback device and stop—Rolls back the changes on the failed device and stops the job. This is applicable only to NetConfig application.
•Rollback device and continue—Rolls back the changes on the failed device and continues the job. This is applicable only to NetConfig application.
•Rollback job on failure—Rolls back the changes on all devices and stops the job. This is applicable only to NetConfig application.
|
You can create rollback commands for a job in the following ways:
•Using a system-defined template.
Rollback commands are created automatically by the template.
Note The Banner system-defined template does not support rollback. You cannot create rollback commands using this template.
•Creating a user template.
Allows you to enter rollback commands into the template.
Note When you use the Adhoc and Telnet Password templates, you cannot create rollback commands.
|
|
E-mail Notification
This appears for all the applications in the dropdown list.
|
Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.
You can enter multiple e-mail addresses separated by commas.
Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).
We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).
When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.
|
Notification is sent when the job is started and completed.
Notification E-mails include a URL to enter to display job details. If you are not logged in, do so using log in panel.
|
Sync Archive before Job Execution
This appears if you select either Config Editor or NetConfig application.
|
The job archives the running configuration before making configuration changes.
|
None.
|
Copy Running Config to Startup
This appears if you select either Config Editor or NetConfig application.
|
The job writes the running configuration to the startup configuration on each device after configuration changes are made successfully.
|
Does not apply to Catalyst OS devices.
|
Enable Job Password
This appears for all the applications in the dropdown list.
|
The job Password Policy is enabled for all the jobs.
The Archive Management, Config Editor, and NetConfig jobs use this username and password to connect to the device, instead of taking these credentials from the Device and Credential Repository.
These device credentials are entered while scheduling a job.
|
None.
You can use this option even if you have configured only the Telnet password (without configuring username) on your device.
You must enter a string in the Login Username field. Do not leave the Login Username field blank.
The Login Username string will be ignored while connecting to the device since the device is configured only for Telnet password.
See Usage Scenarios When Job Password is Configured on Devices.
|
Fail on Mismatch of Config Versions
This appears if you select either Config Editor or NetConfig application.
|
The job is considered a failure when the most recent configuration version in the configuration archive is not identical to the most recent configuration version that was in the configuration archive when you created the job.
|
None.
|
Delete Config after download
This appears if you select Config Editor.
|
The configuration file is deleted after the download.
|
|
Execution Policy
This appears for all the applications in the dropdown list.
|
Allows you to configure the job to run on multiple devices at the same time (Parallel execution) or in sequence (Sequential Execution).
|
If you select sequential execution, you can select Device Order in the Job Schedule and Options dialog box to set the order of the device.
1. Select a device in the Set Device Order dialog box.
2. Either:
•Click the Move Up or Move Down arrows to change its place in the order. Click Done to save the current order.
Or
•Close the dialog box without making any changes.
You cannot alter the device sequence for Archive Management application jobs such as Sync Archive, Check Compliance and Deploy, etc.
|
User Configurable
|
Select this check box next to any field to make corresponding policy user configurable.
|
You can configure a user-configurable policy while defining job. You cannot modify non-user-configurable policies.
|
Step 4 Click Apply.
A message appears, Policy values changed successfully.
Step 5 Click OK.
Usage Scenarios When Job Password is Configured on Devices
The following tables list the usage scenarios and their implications for Configuration application when job password is configured on devices.
•When Device Access is Only Through Job Password and No Access is Available Through Regular Telnet/SSH and SNMP (Read or Write)
•When Devices are Configured for Job Password and Access is Available Through SNMP (Read or Write)
•When Devices are not Configured for Job Password and Access is Available Through Regular Telnet/SSH but no SNMP
•When Devices are not Configured for Job Password and Regular Telnet/SSH is Disabled. Access is Available Only Through SNMP (Read or Write)
Table 8-1 When Device Access is Only Through Job Password and No Access is Available Through Regular Telnet/SSH and SNMP (Read or Write)
Scenario
|
Archive Mgmt
|
cwcli config
|
NetConfig
|
Config Editor
|
Device is added into RME
|
Fails
|
Not applicable
|
Not applicable
|
Not applicable
|
Update archive request through user interface
|
Fails
|
Not applicable
|
Not applicable
|
Not applicable
|
Update archive request through command line
|
Not applicable
|
Fails
|
Not applicable
|
Not applicable
|
Config update when Syslog message is received
|
Fails
|
Not applicable
|
Not applicable
|
Not applicable
|
Config update through periodic scheduled process
|
Fails
|
Not applicable
|
Not applicable
|
Not applicable
|
Config update through SNMP poller based scheduled process
|
Fails
|
Not applicable
|
Not applicable
|
Not applicable
|
Config upload/restore through cwcli config
|
Not applicable
|
Fails
|
Not applicable
|
Not applicable
|
NetConfig Job
|
Not applicable
|
Fails
|
Succeeds
|
Not applicable
|
Config Editor job
|
Not applicable
|
Not applicable
|
Not applicable
|
Succeeds
|
Table 8-2 When Devices are Configured for Job Password and Access is Available Through SNMP (Read or Write)
Scenario
|
Archive Mgmt
|
cwcli config
|
NetConfig
|
Config Editor
|
Device is added into RME
|
Succeeds for SNMP supported devices
|
Not applicable
|
Not applicable
|
Not applicable
|
Update archive request through user interface
|
Succeeds for SNMP supported devices
|
Not applicable
|
Not applicable
|
Not applicable
|
Update archive request through command line
|
Succeeds for SNMP supported devices
|
Succeeds for SNMP supported devices
|
Not applicable
|
Not applicable
|
Config update when Syslog message is received
|
Succeeds for SNMP supported devices
|
Not applicable
|
Not applicable
|
Not applicable
|
Config update through periodic scheduled process
|
Succeeds for SNMP supported devices
|
Not applicable
|
Not applicable
|
Not applicable
|
Config update through SNMP poller based scheduled process
|
Succeeds for SNMP supported devices
|
Not applicable
|
Not applicable
|
Not applicable
|
Config upload/restore through cwcli config
|
Not applicable
|
Succeeds for SNMP supported devices
|
Not applicable
|
Not applicable
|
NetConfig Job
|
Not applicable
|
Fails
|
Succeeds
|
Not applicable
|
Config Editor job
|
Not applicable
|
Not applicable
|
Not applicable
|
Succeeds
|
Table 8-3 When Devices are not Configured for Job Password and Access is Available Through Regular Telnet/SSH but no SNMP
Scenario
|
Archive Mgmt
|
cwcli config
|
NetConfig
|
Config Editor
|
Device is added into RME
|
Succeeds
|
Not applicable
|
Not applicable
|
Not applicable
|
Update archive request through user interface
|
Succeeds
|
Not applicable
|
Not applicable
|
Not applicable
|
Update archive request through command line
|
Succeeds
|
Succeeds
|
Not applicable
|
Not applicable
|
Config update when Syslog message is received
|
Succeeds
|
Not applicable
|
Not applicable
|
Not applicable
|
Config update through periodic scheduled process
|
Succeeds
|
Not applicable
|
Not applicable
|
Not applicable
|
Config update through SNMP poller based scheduled process
|
Succeeds
|
Not applicable
|
Not applicable
|
Not applicable
|
Config upload/restore through cwcli config
|
Succeeds
|
Succeeds
|
Not applicable
|
Not applicable
|
NetConfig Job
|
Not applicable
|
Not applicable
|
Succeeds
|
Not applicable
|
Config Editor job
|
Not applicable
|
Not applicable
|
Not applicable
|
Succeeds
|
Table 8-4 When Devices are not Configured for Job Password and Regular Telnet/SSH is Disabled. Access is Available Only Through SNMP (Read or Write)
Scenario
|
Archive Mgmt
|
cwcli config
|
NetConfig
|
Config Editor
|
Device is added into RME
|
Succeeds for SNMP supported devices
|
Not applicable
|
Not applicable
|
Not applicable
|
Update archive request through user interface
|
Succeeds for SNMP supported devices
|
Not applicable
|
Not applicable
|
Not applicable
|
Update archive request through command line
|
Succeeds for SNMP supported devices
|
Succeeds for SNMP supported devices
|
Not applicable
|
Not applicable
|
Config update when Syslog message is received
|
Succeeds for SNMP supported devices
|
Not applicable
|
Not applicable
|
Not applicable
|
Config update through periodic scheduled process
|
Succeeds for SNMP supported devices
|
Not applicable
|
Not applicable
|
Not applicable
|
Config update through SNMP poller based scheduled process
|
Succeeds for SNMP supported devices
|
Not applicable
|
Not applicable
|
Not applicable
|
Config upload/restore through cwcli config
|
Succeeds for SNMP supported devices
|
Succeeds for SNMP supported devices
|
Not applicable
|
Not applicable
|
NetConfig Job
|
Not applicable
|
Fails
|
Fails
|
Not applicable
|
Config Editor job
|
Not applicable
|
Not applicable
|
Not applicable
|
Fails
|
Setting Up Archive Management
You can move the directory for archiving the RME device configuration and enable and disable the usage of Shadow directory. You can also list the commands that need to be excluded while comparing configuration
To do this select Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt.
•Moving the Configuration Archive Directory
•Enabling and Disabling the Shadow Directory
•Configuring Exclude Commands
Moving the Configuration Archive Directory
You can move the directory where the configuration of the devices can be archived on the RME server.
The default Configuration Archive directory is:
On RME Solaris server,
/var/adm/CSCOpx/files/rme/dcma
On RME Windows server,
NMSROOT\files\rme\dcma
Where NMSROOT is the CiscoWorks installed directory.
The new location specified by you should have the permission for casuser:casusers in Solaris and casuser should have Full Control in Windows.
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
The following is the workflow for moving the configuration archive location:
Step 1 Stop the ConfigMgmtServer process. To do this:
a. Select Common Services > Server > Admin > Processes.
The Process Management dialog box appears.
b. Select the ConfigMgmtServer process.
c. Click Stop.
Step 2 Select Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt.
The Archive Settings dialog box appears.
Step 3 Enter the new location in the Archive Location field, or click Browse to select a directory on your system.
Step 4 Click Apply.
A message shows that the changes were made.
Step 5 Restart the ConfigMgmtServer process. To do this:
a. Select Common Services > Server > Admin > Processes.
The Process Management dialog box appears.
b. Select the ConfigMgmtServer process.
c. Click Start.
Enabling and Disabling the Shadow Directory
The configuration archive Shadow directory is an image of the most recent configurations gathered by the configuration archive.
The Shadow directory contains subdirectories that represent each device class and the latest configurations supported by the configuration archive.
Each file name is DisplayName.cfg, where DisplayName is the device's Display Name as defined in the Device and Credential Repository. Each time the archive is updated, the Shadow directory is updated with the corresponding information.
The Shadow directory can be used as an alternative method to derive the latest configuration information programmatically by using scripts or other means.
To access to the Shadow directory, you must be root or casuser on Solaris, or in the administrator group for Windows.
You can find the Shadow directory in the following locations:
•On Solaris, /var/adm/CSCOpx/files/rme/dcma/shadow
•On Windows, NMSROOT/files/rme/dcma/shadow. Where NMSROOT is the directory in which RME is installed (the default is C:\Program Files\CSCOpx).
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
You can enable or disable the use of Shadow directory by following this workflow:
Step 1 Stop the ConfigMgmtServer process. To do this:
a. Select Common Services > Server > Admin > Processes.
The Process Management dialog box appears.
b. Select the ConfigMgmtServer process.
c. Click Stop.
Step 2 Select Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt.
The Archive Settings dialog box appears.
Step 3 Select the Enable Shadow Directory check box.
Step 4 Click Apply.
A message shows that the changes were made.
Step 5 Restart the ConfigMgmtServer process. To do this:
a. Select Common Services > Server > Admin > Processes.
The Process Management dialog box appears.
b. Select the ConfigMgmtServer process.
c. Click Start.
Configuring Exclude Commands
You can list the commands that have to be excluded while comparing configuration. To do this select Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt > Exclude Commands.
You can enter multiple commands separated by commas.
RME provides default exclude commands for some Device Categories.
For example, the default exclude commands for Router device category are, end,exec-timeout,length,width,certificate,ntp clock-period
You can specify Exclude Commands at all these levels:
•Device Category (For example, Routers, Wireless, etc.)
•Device Family (For example, Cisco 1000 Series Routers, Cisco 1400 Series Routers, etc.)
•Device Type (For example, Cisco 1003 Router, Cisco 1401 Router, etc.)
While comparing configurations, if you have specified exclude commands in the Device Type, Device Family and Device Category, these commands are excluded only at the Device Type level. The commands in the Device Family and Device Category are not excluded.
Example 1:
If you have specified these commands at,
•Routers (Device Category) level
end,exec-timeout,length,width,certificate,ntp clock-period
•Cisco 1000 Series Routers (Device Family) level
banner incoming,snmp-server location
•Cisco 1003 Router (Device Type) level
ip name-server,banner motd,snmp-server manager session-timeout
While comparing configurations, only the Cisco 1003 Router (Device Type) level commands are excluded.
Example 2:
If you have specified these commands only at Device Family and Device Category,
•Routers (Device Category) level
end,exec-timeout,length,width,certificate,ntp clock-period
•Cisco 1000 Series Routers (Device Family) level
banner incoming,snmp-server location
•Cisco 1003 Router (Device Type) level
No commands specified.
While comparing configurations, only the Cisco 1000 Series Routers (Device Family) level commands are excluded.
If the commands are specified only at the Device Category level, these commands are applicable to all devices under that category.
To configure Exclude Commands:
Step 1 Select Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt > Exclude Commands.
The Configure Exclude Commands dialog box appears.
Step 2 Select one of these from the Device Type Selector pane:
•Device Category (For example, Routers, Wireless, etc.)
•Device Family (For example, Cisco 1000 Series Routers, Cisco 1400 Series Routers, etc.)
•Device Type (For example, Cisco 1003 Router, Cisco 1401 Router, etc.)
Step 3 Enter the command in the Exclude Commands pane to add new commands.
You can enter multiple commands separated by commas.
You can also edit or delete the existing commands in the Exclude Commands pane.
Step 4 Click Apply.
A message appears, The commands to be excluded are saved successfully.
Comparing Configuration
Configuring Fetch Settings
You can configure the Job Result Wait Time per device for the Sync Archive Jobs. The default value is 120 seconds. The minimum value can be set to 60 seconds.
Job Result Wait Time is the maximum wait time that ArchiveManagement waits to get the configurations from the device during the sync-archive job execution.
To configure the Job Result Wait Time:
Step 1 Select Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt.
The Fetch Settings dialog box appears.
Step 2 Provide the Job Result wait time in seconds in the Maximum time to wait for Job results per device (seconds) field.
Step 3 Click either of these:
•Click Apply, if you want to submit the Job Result Wait Time entered.
•Click Cancel if you want to cancel the changes made to the job result wait time.
•Viewing the Archive Management Job Details
•Scheduling Sync Archive Job
•Scheduling Sync on Device Job
Understanding Configuration Retrieval and Archival
RME supports five different ways to trigger the retrieval of configuration files from the device for archival purposes.
Schedule Periodic Configuration File Archival
RME will archive both the startup and running configuration files for all devices at the scheduled time (6-hourly, 12-hourly, daily, weekly, monthly), as configured by the user.
Since this method collects the full running configuration and startup configuration files for the entire network, we recommend that you schedule this to run at no more than once per day, especially if the network is large and outside the LAN.
See Defining the Configuration Collection Settings for further details.
Schedule Periodic Configuration Polling
RME can be configured to periodically poll configuration MIB variables on devices that support these MIBs according to a specified schedule, to determine if either the startup or running configuration file has changed.
If it has, RME will retrieve and archive the most current configuration file from the device.
Polling uses fewer resources than full scheduled collection, because configuration files are retrieved only if the configuration MIB variable is set.
On IOS devices the variables ccmHistoryRunningLastChanged and ccmHistoryStartupLastChanged from the CISCO-CONFIG-MAN-MIB MIB, and on CATOS the variable sysConfigChangeTime from CISCO-STACK-MIB are used to detect the change.
Any change in the value of these variables causes the configuration file to be retrieved from the device. SNMP change polling works only in case of IOS and CATOS devices which support these MIBs.
If these MIBs are not supported on the devices, then by default, configuration fetch will be initiated without checking for the changes.
By default, the Periodic Collection and Polling are disabled.
See Defining the Configuration Collection Settings for scheduling the periodic polling.
Note The Syslog application triggers configuration fetch, if configuration change messages like SYS-6-CFG_CHG, CPU_REDUN-6-RUNNING_CONFIG_CHG etc., are received.
Manual Updates (Sync Archive function)
This feature allows the RME user to force the configuration archive to check specified devices for changes to the running configuration file only. Use Sync Archive if you need it to synchronize quickly with the running configuration.
You can also poll the device and compare the time of change currently on the device with the time of last archival of the configuration to determine whether the configuration has changed on a device.
The Startup configuration is not retrieved during manual update archive operation. However, you can retrieve the Startup configuration by enabling the Fetch startup Config option while scheduling Sync Archive job.
See Scheduling Sync Archive Job for further details.
Using Version Summary
You can trigger a configuration file retrieval by clicking on the Running or Startup configuration in the Configuration Version Summary report.
After a configuration file is fetched from the device, as described above, RME submits the configuration file for archival.
See Viewing the Configuration Version Summary for further details.
Timestamps of Configuration Files
These are timestamps of a running configuration file, or the change time (in change audit), indicate the time at which RME system archived the configuration file.
This is not the time at which the configuration actually changed on the device. If changes are detected immediately using Syslog messages, the timestamp should be very close to the actual config change time on the device.
Startup configurations are handled differently by RME. Startup configs are simply saved into the system, as they are retrieved from the device (unlike running configurations, which are compared and saved in versioned archives, if different).
The timestamps of Startup Configuration files are just the archival times, and do not indicate the change time.
In the version summary reports, the Running and Startup are links, which when clicked will retrieve in real time, the respective configuration from the device. This column does not have a timestamp associated with it.
In the Out-Of-Sync report, the Startup configuration column indicates the last archived startup configuration along with its timestamp, and the Running configuration column indicate the last archived running config along with its timestamp.
How Running Configuration is Archived
The workflow for archiving the Running configuration is:
1. If RME detects an effective change, the new configuration is queued for Archival.
2. The archiver, calculates the exact effective changes, assigns a new version number for the newly collected archive, and archives it in the system.
3. The archiver, at the end, logs a change audit record that the configuration of the device has changed, along with other Audit information.
4. If you have enabled the Enable Shadow Directory option in the Archive Settings dialog box (Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt) the latest running configuration file is also stored in a raw format for manual TFTP purposes to restore the configuration on the device, in the directory location:
–On Solaris, /var/adm/CSCOpx/files/rme/dcma/shadow
–On Windows, NMSROOT/files/rme/dcma/shadow. Where NMSROOT is the directory in which RME is installed (the default is C:\Program Files\CSCOpx)
Note Startup configurations are not `versioned' and only one copy of the startup configuration of devices (which supports startup configuration), is saved in the system. No change audit records are logged for changes in the `Startup Configuration' files.
RME first compares the collected configuration file, with the latest configuration in the archive, and checks to see if there are effective configurations changes from what was previously archived.
Change Audit Logging
Config change audit records include information about, who changed (which user) the configuration, when the configuration change was identified by RME, and other change information.
•Any configuration change made through the RME system (example, using Config Editor or Netconfig), will have the user name of the user who scheduled the change job.
•Any configuration change that was done outside of RME and detected through the configuration retrieval process, has the same user name as reported by the device through the CONFIG-MAN-MIB variable (ccmHistoryEventTerminalUser).
•Changes identified through syslog messages, contain the user name identified in the Syslog message, if present.
Defining the Configuration Collection Settings
The configuration archive can be updated with configuration changes in two ways:
•Periodic configuration archival (with and without configuration polling). You can enable this using Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt > Collection Settings.
•Manual configuration archival using Resource Manager Essentials > Config Mgmt > Archive Mgmt > Sync Archive.
You can modify how and when the configuration archive retrieves configurations by selecting one or all of the following:
Periodic Polling
The configuration archive performs a SNMP query on the device. If there are no configuration changes detected in the devices, no configuration is fetched.
Periodic Collection
The configuration is fetched without checking for any changes in the configuration.
By default, the Periodic Collection and Polling are disabled.
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
The following is the workflow for defining the configuration collection setting:
Step 1 Select Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt > Collection Settings.
The Config Collection Settings dialog box appears.
Step 2 Select one or all of the following options:
Periodic Polling
a. Select Enable for Configuration archive to performs a SNMP query on the device to retrieve configuration.
b. Click Change.
The Config Collection Schedule dialog box appears.
c. Enter the following information:
Field
|
Description
|
Scheduling
|
Run Type
|
You can specify when you want to run the configuration polling job.
To do this, select one of these options from the drop-down menu:
•Daily—Runs daily at the specified time.
•Weekly—Runs weekly on the day of the week and at the specified time.
•Monthly—Runs monthly on the day of the month and at the specified time.
The subsequent instances of periodic jobs will run only after the earlier instance of the job is complete.
For example, if you have scheduled a daily job at 10:00 a.m. on November 1, the next instance of this job will run at 10:00 a.m. on November 2 only if the earlier instance of the November 1 job has completed.
If the 10.00 a.m. November 1 job has not completed before 10:00 a.m. November 2, the next job will start only at 10:00 a.m. on November 3.
|
Date
|
You can select the date and time (hours and minutes) to schedule.
|
Job Information
|
Job Description
|
The system default job description, Default config polling job is displayed.
You cannot change this description.
|
E-mail
|
Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.
You can enter multiple e-mail addresses separated by commas.
Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).
We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences). When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.
|
d. Click OK.
Periodic Collection
a. Select Enable for Configuration archive to perform a periodic check on the device to retrieve configuration.
b. Click Change.
The Config Collection Schedule dialog box appears.
c. Enter the following information:
Field
|
Description
|
Scheduling
|
Run Type
|
You can specify when you want to run the configuration collection job.
To do this, select one of these options from the drop-down menu:
•Daily—Runs daily at the specified time.
•Weekly—Runs weekly on the day of the week and at the specified time.
•Monthly—Runs monthly on the day of the month and at the specified time.
The subsequent instances of periodic jobs will run only after the earlier instance of the job is complete.
For example, if you have scheduled a daily job at 10:00 a.m. on November 1, the next instance of this job will run at 10:00 a.m. on November 2 only if the earlier instance of the November 1 job has completed.
If the 10.00 a.m. November 1 job has not completed before 10:00 a.m. November 2, the next job will start only at 10:00 a.m. on November 3.
|
Date
|
You can select the date and time (hours and minutes) to schedule.
|
Job Information
|
Job Description
|
The system default job description, Default config collection job is displayed.
You cannot change this description.
|
E-mail
|
Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.
You can enter multiple e-mail addresses separated by commas.
Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).
We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences). When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.
|
d. Click OK.
Step 3 Click Apply.
A message appears, New settings saved successfully.
Step 4 Click OK.
You can check the status of your scheduled job by selecting Resource Manager Essentials > Job Mgmt > RME Jobs.
Purging Configurations from the Configuration Archive
You can specify when to purge archived configurations. This frees disk space and keeps your archive at a manageable size.
By default, the purging jobs are disabled.
You can purge configurations based on two criteria:
•Number of versions to retain. Maximum number of versions of each configuration to retain.
The oldest configuration is purged when the maximum number is reached. For example, if you set the maximum versions to retain to 10, when the eleventh version of a configuration is archived, the earliest (first version) is purged to retain total number of latest archived versions at 10.
•Age. Configurations older than the number of days that you specify are purged.
The Labeled configuration files are not purged even if they satisfy either of the purge conditions (Maximum versions to retain and Purge versions older than options in the Archive Purge Settings window) unless you enable the Purge labeled files option in the Archive Purge Settings window.
The labeled files are purged only if they satisfy the conditions given in the Maximum versions to retain and Purge versions older than options.
Archive Management will not purge the configuration files, if there are only two versions of these files in the archive.
Archived configurations that match the purge criteria that you set are purged from the system. This purge policy applies to Running configuration only.
Caution Ensure that the configuration change detection schedule does not conflict with purging, since both processes are database-intensive. Also backup your system frequently to prevent losing versions.
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
The workflow to define the Configuration Archive purge policy is:
Step 1 Select Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt > Purge Settings.
The Archive Purge Setup dialog box appears.
Step 2 Select Enable.
Step 3 Click Change to schedule a purge job.
The Config Purge Job Schedule dialog box appears.
Step 4 Enter the following information:
Field
|
Description
|
Scheduling
|
Run Type
|
You can specify when you want to purge the configuration archive files.
To do this, select one of these options from the drop-down menu:
•Daily—Runs daily at the specified time.
•Weekly—Runs weekly on the day of the week and at the specified time.
•Monthly—Runs monthly on the day of the month and at the specified time.
The subsequent instances of periodic jobs will run only after the earlier instance of the job is complete.
For example, if you have scheduled a daily job at 10:00 a.m. on November 1, the next instance of this job will run at 10:00 a.m. on November 2 only if the earlier instance of the November 1 job has completed.
If the 10.00 a.m. November 1 job has not completed before 10:00 a.m. November 2, the next job will start only at 10:00 a.m. on November 3.
|
Date
|
You can select the date and time (hours and minutes) to schedule.
|
Job Information
|
Job Description
|
The system default job description, Default archive purge job is displayed.
You cannot change this description.
|
E-mail
|
Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.
You can enter multiple e-mail addresses separated by commas.
Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).
We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences). When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.
|
Step 5 Specify when to purge configuration files from the archive by selecting one or all of the following purge policies:
•Click Maximum versions to retain and enter the number of configurations to retain.
•Click Purge versions older than and enter the number of days, weeks, or months.
•Click Purge labeled files to delete the labeled configuration files. See Configuring Labels for information on labeled files.
The Purge labeled files option must be used either with the Maximum versions to retain or Purge versions older than options. You cannot use this option without enabling either Maximum versions to retain or Purge versions older than options.
The labeled files are purged only if they satisfy the conditions given in the Maximum versions to retain and Purge versions older than options.
The Labeled configuration files are not deleted even if they satisfy either of the purge conditions (Maximum versions to retain and Purge versions older than) unless you enable the Purge labeled files option.
These purge policies are applied sequentially. That is, if you have enabled all the three purge policies, RME applies the Purge policies in this sequence:
a. Maximum versions to retain
b. Purge versions older than
c. Purge labeled files
Archive Management does not purge the configuration files, if there are only two versions of these files in the archive.
Step 6 Click Apply.
A message appears, New settings saved successfully.
Step 7 Click OK.
You can check the status of your scheduled job by selecting Resource Manager Essentials > Job Mgmt > RME Jobs.
Checking Configuration Archival Status
After you add devices into RME, their configurations are gathered and stored in the configuration archive. You can check the overall status of the configuration archive (Successful, Partially Successful, and Failed). It provides the status of the last archival attempt.
|
Click on this icon to refresh the configuration archive status window.
|
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
To check the configuration archive status:
Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt.
The Configuration Archival Summary dialog window appears with the following information.
Archival Status
|
Description
|
Successful
|
Number of devices for which all supported configurations have been fetched successfully.
Click No.of Devices to see the Successful Devices Report.
|
Failed
|
Number of devices for which fetch of all supported configurations has failed.
Click No.of Devices to see the Failed Devices Report.
|
Partial Successful
|
Number of devices for which fetch of any one of the supported configurations has failed.
Number of Catalyst 5000 devices for which sub-modules were not pulled into archive. Only the main configuration of supervisor engine module is archived for Catalyst 5000 devices.
Click No.of Devices to see the Partially Successful Devices Report.
|
Step 2 Select one or all of the Config Archival Status and click Sync Archive to schedule an immediate job to update the archive status.
You can check the status of your scheduled Sync Archive job by selecting Config Mgmt > Archive Mgmt > Archive Mgmt Jobs.
Configuration Archival Reports
The following are the Config Archival reports:
•Successful Devices Report
•Failed Devices Report
•Partially Successful Devices Report
Successful Devices Report
A device appears in this report if all supported configurations have been fetched successfully.
Note These dates do not necessarily reflect when the archive was last updated.
This report contains the following information:
Column Names
|
Description
|
Device Name
|
Device Display Name as entered in Device and Credential Repository.
Click on the device name to launch the Device Center.
|
Config Type
|
Defines the type of configuration PRIMARY, SECONDARY, or VLAN.
•PRIMARY/SECONDARY—Contains the Running and Startup configuration files information.
•VLAN—Contains running vlan.dat configuration file information. This config type does not contain Startup configuration file information.
For ONS devices, the PRIMARY configuration type displays the configuration information from the active CPU, at that instance.
|
File Type
|
Defines the configuration file type that is either Running or Startup configuration.
|
Accessed At
|
Date and time that RME pulled running configuration from device in an attempt to archive. The configuration is archived only if there has been a change.
|
Description
|
Displays the archival status.
|
Failed Devices Report
A device appears in this report if fetch for all of the supported configurations has failed. This report also contains the reasons configuration could not be pulled.
This report contains the following information:
Column Names
|
Description
|
Device Name
|
Device Display Name as entered in Device and Credential Repository.
Click on the device name to launch the Device Center.
|
Config Type
|
Defines the type of configuration PRIMARY, SECONDARY, or VLAN.
•PRIMARY/SECONDARY—Contains the Running and Startup configuration files information.
•VLAN—Contains running vlan.dat configuration file information. This configuration type does not contain Startup configuration file information.
For ONS devices, the PRIMARY configuration type displays the configuration information from the active CPU, at that instance.
|
File Type
|
Defines the configuration file type that is either Running or Startup configuration.
|
Accessed At
|
Date and time that RME pulled running configuration from device in an attempt to archive. The configuration is archived only if there has been a change.
|
Description
|
Reason RME could not pull running and startup configuration from device.
|
Note If you enabled TACACS for a device and configured custom TACACS login and passwords prompts, you may experience Telnet problems, since RME may not recognize the prompts. To make your prompts recognizable, you must edit the TacacsPrompts.ini file. See the procedure given in the Handling Custom Telnet Prompts section of the User Guide for Common Services.
Partially Successful Devices Report
A device shows up in this report if fetch for any one of the supported configurations has failed.
The Partially Successful Devices report lists the Catalyst 5000 family devices for which sub-module information could not be pulled from the device. Only the main configuration of the supervisory module is archived for Catalyst 5000 devices.
This report contains the following information:
Column Names
|
Description
|
Device Name
|
Device Display Name as entered in Device and Credential Repository.
Click on the device name to launch the Device Center.
|
Config Type
|
Defines the type of configuration PRIMARY, SECONDARY, or VLAN.
•PRIMARY/SECONDARY—Contains the Running and Startup configuration files information.
•VLAN—Contains running vlan.dat configuration file information. This configuration type does not contain Startup configuration file information.
For ONS devices, the PRIMARY configuration type displays the configuration information from the active CPU, at that instance.
|
File Type
|
Defines the configuration file type that is either Running or Startup configuration.
|
Accessed At
|
Date and time that RME pulled running configuration from device in an attempt to archive. The configuration is archived only if there has been a change.
|
Description
|
Reason RME could not pull running or startup configuration from device.
|
Scheduling Sync Archive Job
You can a schedule a job to update the configuration archive for selected group of devices.
You have an option to poll device configuration before updating the archive and to fetch Startup configuration.
You can also perform this task for a selected device using Device Center (from the CiscoWorks homepage, select Device Troubleshooting > Device Center to launch Device Center).
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
To schedule a job to update the device configuration:
Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Sync Archive.
The Sync Archive dialog box appears.
Step 2 Select devices. See Using RME Device Selector for information on how to use RME Device Selector.
Step 3 Enter the following information:
Field
|
Description
|
Scheduling
|
Run Type
|
You can specify when you want to run the Sync Archive job.
To do this, select one of these options from the drop-down menu:
•Immediate—Runs this task immediately.
•6 - hourly—Runs this task every 6 hours, starting from the specified time.
•12 - hourly—Runs this task every 12 hours, starting from the specified time.
•Once—Runs this task once at the specified date and time.
•Daily—Runs daily at the specified time.
•Weekly—Runs weekly on the day of the week and at the specified time.
•Monthly—Runs monthly on the day of the month and at the specified time.
The subsequent instances of periodic jobs will run only after the earlier instance of the job is complete.
For example, if you have scheduled a daily job at 10:00 a.m. on November 1, the next instance of this job will run at 10:00 a.m. on November 2 only if the earlier instance of the November 1 job has completed.
If the 10.00 a.m. November 1 job has not completed before 10:00 a.m. November 2, the next job will start only at 10:00 a.m. on November 3.
|
Date
|
You can select the date and time (hours and minutes) to schedule.
The Date field is enabled only if you have selected an option other than Immediate in the Run Type field.
|
Job Information
|
Job Description
|
Enter a description for the job. This is mandatory. You can enter only alphanumeric characters.
|
E-mail
|
Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.
You can enter multiple e-mail addresses separated by commas.
Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).
We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences). When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.
|
Job Options
|
Poll device before configuration collection
|
Archive Management polls the device and compares the time of change currently on the device with the time of last archival of configuration to determine if configuration has changed on a device.
If the polling is not supported on the device, then configuration fetch will be initiated without checking for the changes.
See Understanding Configuration Retrieval and Archival for further details on configuration polling.
|
Fetch startup config
|
Archive Management fetches the startup configuration.
|
Step 4 Click Submit.
A message appears, Job ID is created successfully.
Where ID is a unique Job number.
Step 5 Click OK.
You can check the status of your scheduled Sync Archive job by selecting Config Mgmt > Archive Mgmt > Archive Mgmt Jobs.
Generating an Out-of-Sync Report
You can generate an Out-of-Sync report for the group of devices for which running configurations are not synchronized with the startup configuration.
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Out-of-Sync Summary to generate an Out-of-sync report. The Startup and Running Out-Of-Sync Summary window displays the following information:
Column Name
|
Description
|
Device Name
|
Device Display Name as entered in Device and Credential Repository.
|
Startup
|
Startup configuration of the device. This configuration is fetched from the configuration archive.
Click on the displayed date to view the configuration.
|
Diff
|
Difference between the archived Startup and archived Running configuration.
Click on the icon to see the difference between the archived Startup and archived Running configuration.
|
Running
|
Running configuration of the device. This configuration is fetched from the configuration archive.
Click on the displayed date to see the detailed information on Running configuration.
|
Scheduling Sync on Device Job
You can schedule a Sync on device job using the Sync on Device button on Startup and Running Out-Of-Sync Summary window.
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
To schedule a Sync on device job:
Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Out-of-Sync Summary.
The Startup and Running Out-Of-Sync Summary dialog box appears.
Step 2 Select a device.
Step 3 Click Sync on Device.
The Job Schedule and Options dialog box appears.
Step 4 Enter the following information:
Field
|
Description
|
Scheduling
|
Run Type
|
You can specify when you want to run the Startup and Running Out-Of-Sync Summary report.
To do this, select one of these options from the drop-down menu:
•Immediate—Runs the report immediately.
•Once—Runs the report once at the specified date and time.
•Daily—Runs daily at the specified time.
•Weekly—Runs weekly on the day of the week and at the specified time.
•Monthly—Runs monthly on the day of the month and at the specified time.
The subsequent instances of periodic jobs will run only after the earlier instance of the job is complete.
For example, if you have scheduled a daily job at 10:00 a.m. on November 1, the next instance of this job will run at 10:00 a.m. on November 2 only if the earlier instance of the November 1 job has completed.
If the 10.00 a.m. November 1 job has not completed before 10:00 a.m. November 2, the next job will start only at 10:00 a.m. on November 3.
|
Date
|
You can select the date and time (hours and minutes) to schedule.
The Date field is enabled only if you have selected an option other than Immediate in the Run Type field.
|
Job Information
|
Job Description
|
Enter a description for the job. This is mandatory. You can enter only alphanumeric characters.
|
E-mail
|
Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.
You can enter multiple e-mail addresses separated by commas.
Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).
We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences). When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.
|
Approver Comments
|
Enter comments for the job approver.
This field appears only if you have enabled Job Approval for Archive Management.
|
Maker E-Mail
|
Enter the e-mail-id of the job creator. This is a mandatory field.
This field appears only if you have enabled Job Approval for Archive Management.
|
Job Options
|
Job Password
|
•If you have enabled the Enable Job Password option and disabled the User Configurable option in the Job Policy dialog box (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) enter the device login user name and password and device Enable password.
•If you have enabled the Enable Job Password option and enabled the User Configurable option in the Job Policy dialog box (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) either:
–Enter the device login user name and password and device Enable password
or
–Disable the Job Password option in the Job Schedule and Options dialog box.
|
Step 5 Click Submit.
A message appears, Job ID is created successfully.
Where ID is a unique Job number.
Step 6 Click OK.
You can check the status of your scheduled Copy Running Config to Startup job by selecting Config Mgmt > Archive Mgmt > Archive Mgmt Jobs.
Using the Configuration Version Tree
You can view all configuration versions of the selected devices in the form of a graphical display. You can also perform a configuration quick deploy for a selected device.
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
To view the configuration Version Tree:
Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Version Tree
The Device Selection dialog box appears.
Step 2 Select a device. See Using RME Device Selector for information on how to use RME Device Selector.
Step 3 Click OK.
The Config Version Tree dialog box appears.
Step 4 Click either the configuration version which is a hyper link or select the radio button for the configuration version.
Note To expand the configuration version folder, click on plus icon and select the configuration version to view the configuration.
The Config Viewer dialog box appears. See Understanding the Config Viewer Window for further information.
If you want to perform a configuration quick deploy (Configuration Quick Deploy), click the Deploy button.
Understanding the Config Viewer Window
The Config Viewer is a HTML-based window which displays the configurations of specified devices.
You can specify how you want to view the contents of the configurations by selecting one of the options under Show:
•Click Raw to view data exactly as it appears in the configuration file.
•Click Processed to view data with the commands ordered and grouped.
The Config Viewer window contains two columns.
Column
|
Description
|
Configlets
|
Click on any configlets to display the corresponding information. The available configlets vary from device to device; the following are examples:
•All—Entire contents of the configuration files.
•SNMP—SNMP configuration commands. For example, snmp-server community public RO.
•IP Routing—IP routing configuration commands. For example, router abcd 100.
•Interface folder—The different interface configuration commands. For example,
Interface Ethernet0 and Interface TokenRing.
•Global—Global configuration commands. For example no ip address.
•Line con 0—configuration commands for line console 0.
•IP—IP configuration commands. For example, ip http server.
|
Configuration file name
|
View the contents of configuration file.
|
The buttons on the Config Viewer are:
Button
|
Description
|
|
Export the configuration file.
•If you are using the Raw mode then the exported file format is cfg. The file name convention is DeviceName-VersionNumber.cfg.
•If you are using the Processed mode then the exported file format is XML. The file name convention is DeviceName-VersionNumber.xml.
Where DeviceName is the device Display Name as entered in Device and Credential Repository and VersionNumber is the device configuration version.
The default directory where Configuration Archive file is exported is:
On RME Solaris server,
/var/adm/CSCOpx/files/rme/dcma/configexport
On RME Windows server,
NMSROOT\files\rme\dcma\configexport
|
|
Export (continue)
|
To export a file:
1. Click on the icon.
The Export Config File dialog box appears.
2. Enter the folder name on the RME server.
You must enter the default export directory. You cannot enter any other directory.
To change the default directory, see the RME 4.x FAQs section:
http://www.cisco.com/en/US/products/sw/cscowork/ps2073/prod_troubleshooting_guide09186a008036dff2.html
or
Browse to select a folder on the RME server.
The Server Side File Browser dialog box appears.
a. Select a folder on the RME server.
b. Click OK.
The Browse button takes you to the default directory. It does not allow you to change this default export directory.
To change the default directory, see the RME 4.x FAQs section:
http://www.cisco.com/en/US/products/sw/cscowork/ps2073/prod_troubleshooting_guide09186a008036dff2.html
3. Click OK.
If you have exported configuration in the Raw mode, the notification message displays, Config file exported as ExportedFolder\DeviceName-VersionNumber.cfg
If you have exported configuration in the Processed mode, the notification message displays, Config file exported as ExportedFolder\DeviceName-VersionNumber.XML
Where ExportedFolder is the location where configuration file is exported.
4. Click OK.
|
|
Generates a format that can be printed.
|
Compare with previous version
|
Compares configuration with previous version. When you click on this button, a new window Config Diff Viewer opens to show configurations side by side.
See Understanding the Config Diff Viewer Window for further details.
This button gets activated only if you have a previous version of the configuration.
|
Compare with next version
|
Compares configuration with next version. When you click on this button, a new window Config Diff Viewer opens to show configurations side by side.
See Understanding the Config Diff Viewer Window for further details.
This button gets activated only if you have a next version of configuration.
|
Edit
|
Launches Config Editor window.
This button is active only if you are viewing the configuration version from the archive.
See Editing and Deploying Configurations Using Config Editor for further details.
|
Deploy
|
Perform a quick configuration deploy.
This button is active only if you are viewing the configuration version from the archive.
See Configuration Quick Deploy.
|
Viewing the Configuration Version Summary
You can view all archived configurations for selected devices. It also provides a link to view a particular configuration running on the device and to generate differences between versions in the archive.
You can view the last three configuration versions for each device regardless of number of versions stored in archive.
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
To view the Config Summary, follow this workflow:
Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Version Summary
The Device Selection dialog box appears.
Step 2 Select a device. See Using RME Device Selector for information on how to use RME Device Selector.
Step 3 Click OK.
The Archive Mgmt Version Summary window appears with the information in Table 8-5.
Table 8-5 Fields in the Archive Mgmt Version Summary Window
Column
|
Description
|
Device Name
|
Device Display Name as entered in Device and Credential Repository.
Click on the device name to launch the Device Center.
|
Config Type
|
Defines the type of configuration PRIMARY, SECONDARY, or VLAN.
•PRIMARY/SECONDARY—Contains the Running and Startup configuration files information.
•VLAN—Contains running vlan.dat configuration file information. This configuration type does not contain Startup configuration file information.
For ONS devices, the PRIMARY configuration type displays the configuration information from the active CPU, at that instance.
|
|
Startup
|
Configuration running when device was started. This configuration is fetched from the device.
Click on the Startup icon to view the Startup configuration
|
Diff
|
Differences between Startup and Running configuration.
To view the difference between Startup and Running configuration, click on the Diff icon.
|
Running
|
Configuration currently running on device.
Click on the Running icon to view the Running configuration.
The configuration that appears, is fetched from the device. This happens if the fetched configuration is different from the latest configuration that is in the archive. Otherwise, the latest configuration from the archive appears.
|
Diff
|
Differences between the Running Configuration on the device and the most recent archived configuration.
To view the difference between the two running configurations, click on the Diff icon.
|
|
Latest
|
Displays date and time of most recent configuration archive. The time shown here is when the file was actually archived. If the file was archived on 03/07/2004 5.00 PM PST, that's the time that will appear in this report. This is in the client's time zone.
To view the device configuration, click on Date and Time.
Note The "Archived At" fields that appear in other configuration reports shows the last time configuration was taken from the device in an attempt to archive. The system actually archives the configuration only if there is a change in the newly obtained configuration when compared to the archived one. So there could be different time values.
|
Diff
|
Differences between the most recent and the second most recent archived configurations.
To view the difference between the two running configurations, click on Diff icon.
|
Latest-1
|
Date and time the second most recent configuration was archived.
To view the device configuration, click on date and time.
|
Diff
|
Differences between second most recent and third most recent configuration in archive.
To view the difference between the two running configurations, click on the Diff icon.
|
Latest-2
|
Date and time third most recent configuration was archived.
To view the device configuration, click on Date and Time.
|
Configuration Quick Deploy
You can create an immediate job to deploy the version of configuration being viewed on the device. You can deploy the configuration either in overwrite or merge mode.
Features of Configuration Quick Deploy
The following are the features of Configuration Quick Deploy:
•It can be performed for both running and startup configuration of all categories of devices.
•The job is executed immediately. Therefore Job approval should not be enabled at the time of Configuration Quick Deploy.
•The jobs cannot be rolled back.
•The jobs use TFTP, Telnet, SSH, scp, rcp, https transport protocols.
•It provides an option to select either merge or overwrite mode when you deploy configuration on a device.
•It cannot be performed for VLAN configurations. However, you can deploy VLAN configurations using the CLI command, cwcli config put. See Overview: cwcli config Command for more information.
•It is supported for configuration versions in the archive only. That is, you cannot deploy for configuration version available on a device.
•The jobs use the same protocol order that you have specified in the Config Transport Settings (Resource Manager Essentials > Admin > Config Mgmt).
Performing a Configuration Quick Deploy
You can perform a configuration quick deploy using the Config Viewer window.
For example, you can launch Config Viewer window by clicking on Startup configuration or Running Configuration links while performing tasks such as generating Out-Of-Sync Summary report, viewing the Version Summary report etc.
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
Step 1 Click Deploy on the Config Viewer (Understanding the Config Viewer Window) window.
The Job Option Details dialog box appears.
Step 2 Enter the following information:
Field
|
Description
|
Job Information
|
E-mail
|
Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.
You can enter multiple e-mail addresses separated by commas.
Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).
We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences). When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.
|
Job Options
|
Job Password
|
•If you have enabled the Enable Job Password option and disabled the User Configurable option in the Job Policy dialog box (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) enter the device login user name and password and device Enable password.
•If you have enabled the Enable Job Password option and enabled the User Configurable option in the Job Policy dialog box (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) either:
–Enter the device login user name and password and device Enable password
or
–Disable the Job Password option in the Job Schedule and Options dialog box.
|
Deploy Mode
|
Overwrite
|
Select the Overwrite option, if you want to replace the existing running configuration on the device, with the selected configuration.
This is the default option for the configuration deployment.
The configuration that you have selected is compared with the latest running configuration in the Configuration Archive. (RME assumes that the latest running configuration in the archive is the same as the configuration currently running on the device.)
The Overwrite mode ensures that the running configuration on the device is overwritten with the selected configuration. This means, after the configuration is successfully deployed, the selected configuration and the running configuration on the device are the same.
|
Merge
|
Select the Merge option, if you want to add incremental configuration to the device.
The configuration that you have selected is deployed on to the device as is. This means, the existing running configuration of the device is updated incrementally with the commands in the selected configuration.
The selected running configuration is not compared with the running configuration in the Configuration Archive.
We recommend that you use this option on newly deployed devices. This is because, the Merge option effectively deploys the entire configuration from the archive, on to the device.
|
Step 3 Click Submit.
An immediate Quick Deploy of Configuration on Device job will be scheduled.
A message appears, Job ID is created successfully.
Where ID is a unique Job number.
Step 4 Click OK.
You can check the status of your scheduled Config Quick Deploy job by selecting Config Mgmt > Archive Mgmt > Archive Mgmt Jobs.
What Happens During Configuration Quick Deploy
Before Configuration Management deploys the configuration on the device, it verifies whether the device is locked.
The deploy process follows the configured transport protocol order and the fallback option is active.
At end of this task, Configuration Management will:
•Unlock the device
•Checks-in the new version of configuration if the deploy completes successfully.
After uploading the configuration on the device, Configuration Management writes to the Change Audit log.
Configuring Labels
A label is a name given to a group of customized selection of configuration files. You can select configuration files from different RME devices, group and label them.
These labeled files are not purged along with the other configuration files. You have to explicitly select the Purge labeled files option to purge the labeled files. These labeled files are not purged if this option is not enabled.
You can purge the label config files using Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt > Purge Settings.
See Purging Configurations from the Configuration Archive for further details.
The Label Config window displays the following information:
Column
|
Description
|
Label Name
|
Displays the label name.
|
Description
|
Displays the label description.
|
Created by
|
Displays the user who created this label.
|
Created on
|
Displays the label creation time.
|
You can click on any column heading to sort the information by that column. If you double-click a heading, the order is reversed.
The Label Configs window contains the following buttons:
Creating a Label
You can use Label Configuration to create a group of configuration files from selected devices.
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
You can create a label file using the following workflow:
Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Label Configs.
The Label Configs dialog box appears.
Step 2 Click Create.
The Device Selection dialog box appears.
Step 3 In Device Selector pane, select the devices. See Using RME Device Selector for information on how to use RME Device Selector.
Step 4 In Label selection pane:
•Enter the Label Name. You can enter up to 64 characters.
•Enter the Label Description. You can enter up to 128 characters.
Step 5 In Config Type pane, select Primary or VLAN.
Option
|
Description
|
Primary
|
Contains the Running and Startup configuration files information.
|
VLAN
|
Contains running vlan.dat configuration file information. This configuration type does not contain Startup configuration file information.
|
Step 6 In Version pane, select Latest to include the most recent configuration only, or All to view all configuration versions.
Step 7 Click Next.
The Select Configs to be Labelled dialog box appears.
•To view the configuration, select a configuration version file from the left pane and click View. The Config Viewer (Understanding the Config Viewer Window) window appears.
•To add the selected configuration, select a configuration version file from the left pane and click Add.
•To remove the selected configuration, select a configuration version file from the right pane and click Remove.
Step 8 Click Finish.
A message appears, Label LabelName created successfully.
Where LabelName is the name of the label that you entered.
Step 9 Click OK.
Editing a Labeled Configuration
You can make the following changes to a label:
•Modify the Label Description.
•Remove configuration files from the Selected Versions list.
•Add new configuration files from the Devices list.
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
You can edit a label file using the following workflow:
Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Label Configs.
The Label Configs dialog box appears.
Step 2 Select a label and click Edit.
The Device Selection dialog box appears. The devices that are already part of the labeled file are selected.
Step 3 In Device Selector pane, select a new device or deselect a device. See Using RME Device Selector for information on how to use RME Device Selector
Step 4 In Version pane, select Latest to include the most recent configuration only, or All to view all configuration versions.
Step 5 Click Next.
The Label Details dialog box appears. This dialog box appears with the current details of the label.
Step 6 You can:
•Change the Label Description. You can enter up to 128 characters.
•Select a configuration version file from the left pane, click Add to add the selected configuration file.
–If you selected Latest in the previous dialog box, the left pane will show devices and the latest archived configuration file. The right pane contains labeled configuration.
–If you selected All in the previous dialog box, the left pane will show devices and all available archived configuration files. The right pane contains labeled configuration.
Note You can select only one configuration file for a device.
•To remove the selected configuration, select a configuration version file from the right pane and click Remove.
•To view the configuration, select a configuration version file from the left pane and click View. The Config Viewer (Understanding the Config Viewer Window) window appears.
Step 7 Click Finish.
A message appears, Label LabelName updated.
Where LabelName is the name of the label as entered by you.
Step 8 Click OK.
Viewing the Labeled Configuration
You can view configurations of a label from the label listing.
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Label Configs.
The Label Configs dialog box appears.
Step 2 Select a label and click View.
The Label Config Viewer window appears with the following information:
Column Name
|
Description
|
Device Name
|
Device Display Name as entered in Device and Credential Repository.
|
Config Type
|
Defines the type of configuration PRIMARY, SECONDARY, or VLAN.
•PRIMARY/SECONDARY—Contains the Running and Startup configuration files information.
•VLAN—Contains running vlan.dat configuration file information. This configuration type does not contain Startup configuration file information.
For ONS devices, the PRIMARY configuration type displays the configuration information from the active CPU, at that instance.
|
Version
|
Version of configuration file.
Click on the version to display Config Viewer (see Understanding the Config Viewer Window), which shows contents of corresponding configuration file.
In the Config Viewer window, you can click the Deploy button if you want to perform a Configuration Quick Deploy (Configuration Quick Deploy)
|
Created On
|
Date and time configuration file was created.
|
Change Description
|
Description of configuration change.
|
Deleting the Labeled Configuration
You can delete a label from the list of labels in the label configuration dialog box:
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Label Configs.
The Label Configs dialog box appears.
Step 2 Select the labels and click Delete.
A message appears, Are you sure you want to delete the label(s)?
Step 3 Click OK to delete the labels.
Using Search Archive
You can search the archive for configuration containing text patterns for selected devices. You can specify ten different combinations of patterns/strings as part of search criteria.
For example:
•Search all devices for configurations having pattern set banner motd and set banner exec.
•Search all devices for configurations having pattern set banner motd and set banner exec and set password.
You can also specify an option to ignore/consider the case sensitive property.
You can create a custom configuration query that searches information about the specified configuration files.
If you monitor devices X, Y, and Z every morning, you can create a custom query on them. When you run the query, RME quickly gathers all the archived configuration files for these devices and displays them in a report.
The Custom Queries window displays the following information:
Column
|
Description
|
Query Name
|
Custom Query name.
|
Description
|
Custom Query description.
|
Created By
|
User name who created this Custom Query.
|
Created On
|
Custom Query creation time.
|
You can click on any column heading to sort the information by that column. If you double-click a heading, the order is reversed.
The Custom Queries window contains the following buttons:
Button
|
Description
|
Create
|
Create a custom query. See Creating a Custom Query for further details.
|
Edit
|
Edit a custom query. See Editing a Custom Query for further details.
This button is activate only after you select a custom query.
|
Run
|
Run a custom query. See Running a Custom Query for further details.
This button is activate only after you select a custom query.
|
Delete
|
Delete custom queries. See Deleting the Custom Queries for further details.
This button is activate only after you select a custom query.
|
The user who creates the custom query has the full permission to perform any tasks such as edit, run, etc,. on the Custom Queries.
See Searching Archive for the procedure to search the configuration with and without search pattern.
Creating a Custom Query
To create a custom query:
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Search Archive > Custom Queries.
The Custom Queries dialog box appears
Step 2 Click Create.
Step 3 Perform the following tasks:
•Enter the Custom Query name. You can enter up to 64 characters.
•Enter the Custom Query description. You can enter up to 128 characters.
•Enter patterns to search for, for example, http server. You can enter text patterns up to 64 characters.
To search for more than one pattern, enter the second and third patterns in the Pattern 2 and Pattern 3 fields. You can specify ten different combinations of patterns as part of search criteria.
You cannot search for special characters or regular expressions, for example, Control-C, boot*, etc.
•Select the search criteria Contains/Does Not Contain.
•If you have entered string as a search pattern, you can select Match Any to search for any given pattern string or Match All to search for all pattern strings.
•Click Match Case to perform a case-sensitive search, which is more efficient when you know the exact pattern you want to match. By default, Match Case is disabled.
Step 4 Click OK.
A message appears, Custom Query CustomQueryName created successfully.
Where CustomQueryName is the name of the custom query as entered by you.
Step 5 Click OK.
Running a Custom Query
To run a custom query:
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Search Archive > Custom Queries.
The Custom Queries dialog box appears.
Step 2 Select a Custom Query and click Run.
The Device Selection dialog box appears.
Step 3 Select the devices. See Using RME Device Selector for information on how to use RME Device Selector.
Step 4 Click OK.
The Custom Query Search Result window appears with the following information:
Column Name
|
Description
|
Device Name
|
Device Display Name as entered in Device and Credential Repository.
Click on the device name to launch the Device Center.
|
Version
|
Version of configuration file.
Click on the version to display Config Viewer (see Understanding the Config Viewer Window), which shows contents of corresponding configuration file.
In the Config Viewer window, you can click on the Deploy button if you want to perform a configuration quick deploy (Configuration Quick Deploy)
|
Created On
|
Date and time configuration file was created.
|
You can perform the following tasks from this window:
•Select the devices and click NetConfig to make any changes to the device configuration using NetConfig templates.
•Select a device and click Edit to edit the device configuration using the Config Editor application.
Editing a Custom Query
You can edit the Custom Query description and modify the search patterns and their criteria. To edit a custom query:
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Search Archive > Custom Queries.
The Custom Queries dialog box appears.
Step 2 Select a Custom Query and click Edit.
The Custom Query Window appears.
Step 3 You can:
•Update the Custom Query description. You can enter up to 128 characters.
•Either add a new search pattern or delete or update an existing search pattern and their criteria. You can enter up to 64 characters.
•Modify the string search options Match Any to Match All or vice versa.
•Enable/Disable the case-sensitive search.
Step 4 Click OK.
A message appears, Custom Query CustomQueryName updated successfully.
Where CustomQueryName is the name of the Custom Query.
Step 5 Click OK.
Deleting the Custom Queries
To delete the custom queries:
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
Step 1 Select Resource Manager Essentials > Config Mgmt Archive Mgmt Search Archive Custom Queries.
The Custom Queries dialog box appears.
Step 2 Select a Custom Query and click Delete.
A message appears, The query will be deleted.
Step 3 Click OK.
Searching Archive
You can search the device configuration file with or without the search pattern. You can also narrow down your search using Label Configuration files and Custom Queries.
You can view the search report in two ways:
•Search Archive Result
•Device Configuration Quick View Report
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
To search the configuration archive:
Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Search Archive.
The Search Archive dialog box appears.
Step 2 Enter the following:
Field
|
Description
|
Left Pane
|
Label Config
|
Enable this option and select a label name.
The configuration version options Latest and All are disabled.
|
Device Selector
|
Select the devices. See Using RME Device Selector for information on how to use RME Device Selector.
If you have selected Label Config, you need not select devices. If you have selected any devices, only the devices that are specified in the label configuration are searched. Other devices are ignored.
|
Version
|
Select Latest to search the most recent configuration only or All to search all configuration versions.
If you have selected Label Config, then you cannot specify the versions.
|
View Type
|
Select one of these view types:
•Version to view the Device Configuration Version Report. This displays all versions of the configuration, the time and date the configurations were archived, and reason for archival.
•Click Quick View to view the Device Configuration Quick View Report. This displays the contents of the configuration files.
|
Right Pane
|
Custom Query
|
Select a Custom Query.
The search patterns that are defined in the Custom Query appear in the Pattern Details text boxes.
In addition to Custom Query search patterns, you can also add additional search patterns.
|
Pattern Details
|
Perform the following tasks:
•Enter patterns to search for, for example, http server. You can enter text patterns up to 64 characters.
To search for more than one pattern, enter the second and third patterns in the Pattern 2 and Pattern 3 fields. You can specify ten different combinations of patterns as part of search criteria.
You cannot search for special characters, for example, Control-C, boot*, etc.
You can search the device configuration file without the search pattern too. The search will list all archived configuration for all selected devices.
–If you have selected the version as Latest, the search will list latest archived configuration for all selected devices.
–If you have selected the version as All, the search will list all archived configurations for all selected devices
•Select the search criteria Contains/Does Not Contain.
•If you have entered string as a search pattern, you can select Match Any to search for any given pattern string or Match All to search for all pattern strings
•Click Match Case to perform a case-sensitive search, which is more efficient when you know the exact pattern you want to match. By default, Match Case is disabled.
|
Step 3 Click Search.
Based on your View type selection, either Search Archive Result or Device Configuration Quick View Report appears.
Search Archive Result
The Search Archive Result displays information about the device configurations. The Search Archive Result contains the following details of the selected configurations:
Column Name
|
Description
|
Device Name
|
Device Display Name as entered in Device and Credential Repository.
Click on the device name to launch the Device Center.
|
Config Type
|
Defines the type of configuration PRIMARY, SECONDARY, or VLAN.
•PRIMARY/SECONDARY—Contains the Running and Startup configuration files information.
•VLAN—Contains running vlan.dat configuration file information. This config type does not contain Startup configuration file information.
For ONS devices, the PRIMARY config type displays the configuration information from the active CPU, at that instance.
|
Version
|
Versions of configuration file.
Click on the version to display Config Viewer (see Understanding the Config Viewer Window), which shows contents of corresponding configuration file.
|
Created On
|
Date and time configuration file was created.
|
Change Description
|
Cause of configuration change.
|
You can perform the following tasks from this window:
•Select the devices and click NetConfig to make changes to the device configuration using NetConfig templates.
•Select a device and click Edit to edit the device configuration using the Config Editor application.
Device Configuration Quick View Report
The Device Configuration Quick View report lists the devices, configuration version numbers, and configuration details of the device configuration version you specified.
You can specify how you want to view the contents of the configurations by selecting one of the options under Show:
•Click Raw to view data exactly as it appears in the configuration file. There are two panes, one lists all devices and the other displays the configuration.
•Click Processed to view data with the commands ordered and grouped. There are three panes, one lists all devices, the second pane lists all configlets, and the third pane displays the configuration.
Column
|
Description
|
Devices
|
Device Display Name as entered in Device and Credential Repository.
Click on the device name to launch the Device Center.
|
Configlets
|
You can click on any configlets to display the corresponding information. The available configlets vary from device to device. The following are examples:
•All—The entire contents of the configuration files.
•SNMP—SNMP configuration commands. For example, snmp-server community public RO.
•IP Routing—IP routing configuration commands. For example, router abcd 100.
•Interface folder—The different interface configuration commands. For example,
Interface Ethernet0 and Interface TokenRing.
•Global—Global configuration commands. For example no ip address.
•Line con 0—Configuration commands for line console 0.
•IP—IP configuration commands. For example, ip http server.
|
Configuration file name
|
You can view the contents of configuration file.
|
The following buttons are available on the Config Viewer:
Button
|
Description
|
|
Exports the configuration file.
•If you are using the Raw mode then the exported file format is cfg. The file name convention is DeviceName-VersionNumber.cfg.
•If you are using the Processed mode then the exported file format is XML. The file name convention is DeviceName-VersionNumber.xml.
Where DeviceName is the device Display Name as entered in Device and Credential Repository and VersionNumber is the device configuration version.
The default directory where Configuration Archive file is exported is:
On RME Solaris server,
/var/adm/CSCOpx/files/rme/dcma/configexport
On RME Windows server,
NMSROOT\files\rme\dcma\configexport
|
|
Export (continue)
|
To export a file:
1. Click on the icon.
The Export Config File dialog box appears.
2. Enter the folder name on the RME server.
You must enter the default export directory. You cannot enter any other directory.
To change the default directory, see the RME 4.x FAQs section:
http://www.cisco.com/en/US/products/sw/cscowork/ps2073/prod_troubleshooting_guide09186a008036dff2.html
or
Browse to select a folder on the RME server.
The Server Side File Browser dialog box appears.
a. Select a folder on the RME server.
b. Click OK.
The Browse button takes you to the default directory. It does not allow you to change this default export directory.
To change the default directory, see the RME 4.x FAQs section:
http://www.cisco.com/en/US/products/sw/cscowork/ps2073/prod_troubleshooting_guide09186a008036dff2.html
3. Click OK.
If you have exported configuration in the Raw mode, the notification message displays, Config file exported as ExportedFolder\DeviceName-VersionNumber.cfg
If you have exported configuration in the Processed mode, the notification message displays, Config file exported as ExportedFolder\DeviceName-VersionNumber.XML
Where ExportedFolder is the location where configuration file is exported.
4. Click OK.
|
|
Generates a format that can be printed.
|
Compare with previous version
|
Compares configuration with the previous version. When you click on this button, a new window Config Diff Viewer opens to show configurations side by side.
See Understanding the Config Diff Viewer Window for further details.
This button is activate only if you have a previous version of configuration.
|
Compare with next version
|
Compares configuration with the next version. When you click on this button, a new window Config Diff Viewer opens to show configurations side by side.
See Understanding the Config Diff Viewer Window for further details.
This button is activate only if you have a next version of configuration.
|
Edit
|
Launches Config Editor window.
This button is active only if you are viewing the configuration version from the archive.
See Editing and Deploying Configurations Using Config Editor for further details.
|
Deploy
|
You can perform a configuration quick deploy.
This button is active only if you are viewing the configuration version from the archive.
See Configuration Quick Deploy.
|
Comparing Configuration
You can compare two device configuration files from version to version or from device to device. You can also compare the configuration when a device was started with the current configuration, and the current configuration with the most recently archived configuration.
You can list the commands that have to be excluded while comparing configuration.
To do this select Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt > Exclude Commands. See Configuring Exclude Commands for further details.
You can compare the configurations in these ways:
•Startup vs. Running—Compares the configuration when the device was started with the current configuration. These configurations are fetched from the device.
See Comparing Startup vs. Running Configurations.
•Running vs. Latest Archived—Compares the running configuration with the most recent archived configuration. The Running configuration is fetched from the device.
See Comparing Running vs. Latest Archived Configurations.
•Two Versions of the Same Device—Compares two archived configuration versions.
See Comparing Two Configuration Versions of the Same Device.
•Two Versions of Different Devices—Compares any two configurations in the configuration archive.
See Compare Two Configuration Versions of Different Devices.
Comparing Startup vs. Running Configurations
You can compare the configuration when a device was started with the current configuration. These configurations are fetched from the device.
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
To compare Startup vs. Running configurations:
Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Compare Configs.
The Compare Configurations dialog box appears.
Step 2 Select Startup vs. Running and click Compare.
The Device Selection dialog box appears.
Step 3 Select a device. See Using RME Device Selector for information on how to use RME Device Selector.
Step 4 Click OK.
The Understanding the Config Diff Viewer Window window appears.
Comparing Running vs. Latest Archived Configurations
You can compare the configuration currently running on a device with the most recent configuration stored in the configuration archive. The Running configuration is fetched from the device.
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
To compare Running vs. latest archived configurations:
Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Compare Configs.
The Compare Configurations dialog box appears.
Step 2 Select Running vs. Latest Archived and click Compare.
The Device Selection dialog box appears.
Step 3 Select a device. See Using RME Device Selector for information on how to use RME Device Selector.
Step 4 Click OK.
The Understanding the Config Diff Viewer Window window appears.
Comparing Two Configuration Versions of the Same Device
You can compare two different archived configurations of the same device.
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
To compare two versions of the same device:
Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Compare Configs.
The Compare Configurations dialog box appears.
Step 2 Select Two Versions of the Same Device and click Compare.
The Device Selection dialog box appears.
Step 3 Select a device. See Using RME Device Selector for information on how to use RME Device Selector.
Step 4 Click Next.
The Select First Configuration dialog box appears with the following information:
Column Name
|
Description
|
Config Version
|
Versions of configuration file.
|
File Type
|
Defines the configuration file type that is either Running or Startup configuration.
|
Config Type
|
Defines the type of configuration PRIMARY, SECONDARY, or VLAN.
•PRIMARY/SECONDARY—Contains the Running and Startup configuration files information.
•VLAN—Contains running vlan.dat configuration file information. This configuration type does not contain Startup configuration file information.
For ONS devices, the PRIMARY configuration type displays the configuration information from the active CPU, at that instance.
|
Created On
|
Date and time configuration file was created.
|
Step 5 Click on the first configuration to compare and click Next.
The Select Second Configuration dialog box appears with the same information as the Select First Configuration window.
Step 6 Click on the second configuration to compare it with first configuration and click Finish.
The Understanding the Config Diff Viewer Window window appears.
Compare Two Configuration Versions of Different Devices
You can compare two archived versions of a configuration of the same or different devices.
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
To compare two versions of different devices:
Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Compare Configs.
The Compare Configurations dialog box appears.
Step 2 Select Two Versions of Different Devices and click Compare.
The Select Device and Pattern dialog box appears.
Step 3 Perform the following and click Next:
Field
|
Description
|
Left Pane
|
Device Selector
|
Select the devices.
See Using RME Device Selector for information on how to use RME Device Selector.
|
Version
|
Select Latest to view the most recent configuration or All to view all configuration versions.
|
Right Pane
|
Pattern Details
|
Perform the following tasks:
•Enter patterns to search for, for example, http server. You can enter text patterns up to 64 characters.
To search for more than one pattern, enter the second and third patterns in the Pattern 2 and Pattern 3 fields. You can specify ten different combinations of patterns as part of search criteria.
You cannot search for special characters or regular expressions, for example, Control-C, boot*, etc.
You can search the device configuration file without the search pattern too.
•Select the search criteria Contains/Does Not Contain.
•If you have entered string as a search pattern, you can select Match Any to search for any given pattern string or Match All to search for all pattern strings.
•Click Match Case to perform a case-sensitive search, which is more efficient when you know the exact pattern you want to match. By default, Match Case is disabled.
|
The Select First Configuration dialog box appears with the following information:
Column Name
|
Description
|
Device Name
|
Device Display Name as entered in Device and Credential Repository.
|
Config Version
|
Versions of configuration file.
|
File Type
|
Defines the configuration file type that is either Running or Startup configuration.
|
Config Type
|
Defines the type of configuration PRIMARY, SECONDARY, or VLAN.
•PRIMARY/SECONDARY—Contains the Running and Startup configuration files information.
•VLAN—Contains running vlan.dat configuration file information. This configuration type does not contain Startup configuration file information.
For ONS devices, the PRIMARY configuration type displays the configuration information from the active CPU, at that instance.
|
Created On
|
Date and time configuration file was created.
|
Step 4 Click on the first configuration to compare and click Next.
The Select Second Configuration dialog box appears with the same information as the Select First Configuration window.
Step 5 Click on the second configuration to compare it with first configuration and click Finish.
The Understanding the Config Diff Viewer Window window appears.
Understanding the Config Diff Viewer Window
The Configuration Version Compare report shows the differences between the two selected configurations. You can access the Configuration Version Compare report by comparing device configurations.
You can specify how you want to view the differences between the configurations by selecting one of the options under Show:
•Click Raw to view the differences between the two raw configurations.
•Click Processed to view the differences with the commands ordered and grouped.
The color conventions that are used on Config Diff Viewer are:
•Black—All unchanged text.
•Red—Lines that have changed from one version to another.
•Blue—Lines that have been added or deleted from one of the versions.
The Configuration Versions Compare report has three columns:
Column
|
Description
|
Configlets
|
You can click on any configlet to display the corresponding information. The available configlets vary from device to device. The following are examples:
•Diffs—Displays the differences between the two configuration files (if you selected more than one).
•All—The entire contents of the configuration files.
•SNMP—SNMP configuration commands. For example, snmp-server community public RO.
•IP Routing—IP routing configuration commands. For example, router abcd 100.
•Interface folder—The different interface configuration commands. For example, Interface Ethernet0 and Interface TokenRing.
•Global—Displays global configuration commands. For example no ip address.
•Line con 0—Displays configuration commands for line console 0.
•IP—Displays IP configuration commands. For example, ip http server.
|
First configuration file
|
Contains the contents of the first configuration file.
|
Second configuration file
|
Contains the contents of the second configuration file.
|
The buttons on the Config Diff Viewer are:
Button
|
Description
|
|
Export the configuration file.
•If you are using the Raw mode then the exported file format is cfg. The file name convention is DeviceName-VersionNumber.cfg.
•If you are using the Processed mode then the exported file format is XML. The file name convention is DeviceName-VersionNumber.xml.
Where DeviceName is the device Display Name as entered in Device and Credential Repository and VersionNumber is the device configuration version.
The default directory where Configuration Archive file is exported is:
On RME Solaris server,
/var/adm/CSCOpx/files/rme/dcma/configexport
On RME Windows server,
NMSROOT\files\rme\dcma\configexport
|
|
Export (continue)
|
To export a file:
1. Click on the icon.
The Export Config File dialog box appears.
2. Enter the folder name on the RME server.
You must enter the default export directory. You cannot enter any other directory.
To change the default directory, see the RME 4.x FAQs section:
http://www.cisco.com/en/US/products/sw/cscowork/ps2073/prod_troubleshooting_guide09186a008036dff2.html
or
Browse to select a folder on the RME server.
The Server Side File Browser dialog box appears.
a. Select a folder on the RME server.
b. Click OK.
The Browse button takes you to the default directory. It does not allow you to change this default export directory.
To change the default directory, see the RME 4.x FAQs section:
http://www.cisco.com/en/US/products/sw/cscowork/ps2073/prod_troubleshooting_guide09186a008036dff2.html
3. Click OK.
If you have exported configuration in the Raw mode, the notification message displays, Config file exported as ExportedFolder\DeviceName-VersionNumber.cfg
If you have exported configuration in the Processed mode, the notification message displays, Config file exported as ExportedFolder\DeviceName-VersionNumber.XML
Where ExportedFolder is the location where configuration file is exported.
4. Click OK.
|
|
Generates a format that can be printed.
|
Using Archive Management Job Browser
You can browse the Archive Management jobs that are registered on the system. From the Archive Mgmt Jobs dialog box you can also retry, delete, stop jobs and view a job's details.
The Archive Management Jobs window displays the following information:
Column Name
|
Description
|
Job ID
|
Unique number assigned to the job when it is created.
For periodic jobs such as Daily, Weekly, etc., the job IDs are in the number.x format. The x represents the number of instances of the job. For example, 1001.3 indicates that this is the third instance of the job ID 1001.
Click on the Job ID to view the Archive Management Job Details (see Viewing the Archive Management Job Details).
|
Job Type
|
Type of the configuration job.
•Sync Archive—Appears if you had scheduled a Sync Archive job (Resource Manager Essentials > Config Mgmt > Archive Mgmt > Sync Archive).
•Get Config—Appears if you had scheduled a configuration fetch job using the CLI command, cwcli config get.
•Put Config—Appears if you had scheduled a configuration retrieve job using the CLI command, cwcli config put.
•Import Config—Appears if you had scheduled a job that retrieved the configuration from a file and if you had transferred it to the device using the CLI command, cwcli config import.
•Write to Running Config—Appears if you had scheduled a job that downloaded the differences between the specified configuration file and the latest configuration version in the archive for the specified device, using the CLI command, cwcli config write2run.
|
Job Type
(Continue)
|
• Write to Startup Config—Appears if you had scheduled a job that erased the contents of the device Startup configuration and if wrote contents of a specified file as new Startup configuration, using the CLI command, cwcli config write2start.
•Copy Running Config to Startup—Appears if you had scheduled a job that overwrote with the Startup configuration of the device with the Running configuration, using the CLI command, cwcli config run2start.
•Copy Startup Config to Running—Appears if you had scheduled a job that merged the Startup configuration with the Running configuration, using the CLI command, cwcli config start2run.
•Reload Device—Appears if you had scheduled a job that rebooted the devices, using the CLI command cwcli config reload.
•Config Quick Deploy—Appears if you had created an immediate Configuration Quick Deploy job, using the Config Viewer window.
•Compliance Check—Appears if you had scheduled a Compliance Check job (Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates > Compliance and clicked the Compliance Check button).
•Deploy Compliance Results—Appears if you had scheduled a Deploy job on the non-complaint devices (Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates > Compliance and clicked the Deploy button).
•Check Compliance and Deploy—Appears if you had scheduled a Compliance Check job with the job option, Check compliance and deploy enabled (Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates > Compliance and clicked the Compliance Check button).
•Deploy Baseline template—Appears if you had scheduled a Baseline Template deploy job (Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates and clicked the Deploy button).
|
Status
|
Job states:
•Cancelled—Running job stopped by you.
•Failed—Failed job. Click on the Job ID to view the job details.
•Running—Job still running.
•Scheduled—Job scheduled to run.
•Rejected—Job rejected by an approver. Click on the Job ID to view the rejection details.
•Successful—Job completed successfully
•Waiting for Approval—Job waiting for approval.
|
Description
|
Job description entered during job definition
|
Owner
|
User who created this job.
|
Scheduled at
|
Date and time job is scheduled to run.
|
Completed at
|
Date and time at which job completed.
|
Schedule Type
|
Run type of the job: Immediate, Once, 6 - hourly, 12 - hourly, Daily, Weekly, and Monthly.
|
You can click on any column heading to sort information by that column. If you double-click on a heading, the order is reversed.
You can use the Filter button to do a quick search on the Archive Management jobs. You can perform filters by using these options:
Filter Options
|
Description
|
Job ID
|
Unique number assigned to the job when it is created.
For periodic jobs such as Daily, Weekly, etc., the job IDs are in the number.x format. The x represents the number of instances of the job.
For example, 1001.3 indicates that this is the third instance of the job ID 1001.
|
Job Type
|
Types of Archive Management jobs.
For example: Sync Archive, Write to Running Config, etc.
|
Status
|
Status of the job.
For example: Successful, Failed, etc.
|
Description
|
Job description.
|
Owner
|
Owner of the job.
|
Schedule Type
|
Job schedule Type.
For example: Immediate, Weekly, etc.
|
|
Click on this icon to refresh the Archive Management Job Browser.
|
You can perform the following tasks on this window:
•Retrying a Config Job
•Stopping a Config Job
•Deleting the Config Jobs
•Viewing the Archive Management Job Details
•Scheduling Sync Archive Job
•Generating an Out-of-Sync Report
•Scheduling Sync on Device Job
•Baseline Template
Retrying a Config Job
You can retry only a failed job. You cannot retry a job that are scheduled to run periodically (Daily, Weekly, and Monthly).
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
To retry a job:
Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Archive Mgmt Jobs.
The Archive Management Jobs dialog box appears.
Step 2 Select a failed job and click Retry.
The Job Schedule and Options dialog box appears.
Step 3 Enter the following information:
Based on your retry job selection, some of the options may not be visible.
For example, 6 - hourly and 12 -hourly Run Type options are visible only if you are retrying a Sync Archive job. This is not visible for other types of Archive Management jobs.
Field
|
Description
|
Scheduling
|
Run Type
|
You can specify when you want to run the selected retry job.
To do this, select one of these options from the drop-down menu:
•6 - hourly—Runs this task every 6 hours, starting from the specified time.
•12 - hourly—Runs this task every 12 hours, starting from the specified time.
•Immediate—Runs this task immediately.
•Once—Runs this task once at the specified date and time.
•Daily—Runs daily at the specified time.
•Weekly—Runs weekly on the day of the week and at the specified time.
•Monthly—Runs monthly on the day of the month and at the specified time.
The subsequent instances of periodic jobs will run only after the earlier instance of the job is complete.
For example, if you have scheduled a daily job at 10:00 a.m. on November 1, the next instance of this job will run at 10:00 a.m. on November 2 only if the earlier instance of the November 1 job has completed.
If the 10.00 a.m. November 1 job has not completed before 10:00 a.m. November 2, the next job will start only at 10:00 a.m. on November 3.
|
Date
|
You can select the date and time (hours and minutes) to schedule.
The Date field is enabled only if you have selected an option other than Immediate in the Run Type field.
|
Job Information
|
Approver Comments
|
Enter comments for the job approver.
This field appears only if you have enabled job approval for Archive Management.
|
Maker E-Mail
|
Enter the e-mail-id of the job creator. This is a mandatory field.
This field appears only if you have enabled job approval for Archive Management.
|
Job Password
|
•If you have enabled the Enable Job Password option and disabled the User Configurable option in the Job Policy dialog box (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) enter the device login user name and password and device Enable password.
•If you have enabled the Enable Job Password option and enabled the User Configurable option in the Job Policy dialog box (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) either:
–Enter the device login user name and password and device Enable password
Or
–Disable the Job Password option in the Job Schedule and Options dialog box.
|
E-mail
|
Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.
You can enter multiple e-mail addresses separated by commas.
Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).
We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences). When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.
|
Step 4 Click Submit.
A message appears, Job resubmitted successfully.
Step 5 Click OK.
Stopping a Config Job
You can stop the following running job types (See Using Archive Management Job Browser for details on the job types):
•Put Config
•Import Config
•Write to Running Config
•Write to Startup Config
•Copy Running Config to Startup
•Copy Startup Config to Running
•Reload Device
•Config Quick Deploy
•Check Compliance and Deploy
•Deploy Baseline template
•Compliance check
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
To stop a Archive Management job:
Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Archive Mgmt Jobs.
The Archive Management Jobs dialog box appears.
Step 2 Select a running job and click Stop.
A message appears, Selected job(s) will be stopped.
Step 3 Click OK.
Deleting the Config Jobs
You can delete the job in these status:
•Cancelled
•Failed
•Scheduled
•Rejected
•Successful
•Waiting for Approval
You cannot delete a running job.
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
To delete jobs:
Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Archive Mgmt Jobs.
The Archive Management Jobs dialog box appears.
Step 2 Select a running job and click Delete.
A message appears, Selected job(s) will be deleted.
Step 3 Click OK.
Viewing the Archive Management Job Details
From the Archive Management Jobs window, you can learn more about one job by viewing its details. You can view this details by clicking the Job ID on the Config Job window.
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
The Archive Management Job Details window contains the following information:
Page/Folder
|
Description
|
Execution Summary
|
Displays summary of completed job:
•Execution Summary—Information about the job status, start time and end time.
•Device Summary—Information about the job completion status on the devices you have selected. For example, number of successful devices where the job is executed successfully.
Click on Device Details folder and device status link and on the Device link to see the complete job execution details.
•Execution Message (Pre-Execution and Post-Execution)—Information about any e-mails sent.
|
|
Device Details
|
Contains detailed job results for each device. Displays status folders that correspond to possible device status:
•Successful Devices—Devices were successfully executed.
•Failed Devices—Devices were not successfully executed.
•Partially Failed Devices—Job partially failed to run on these devices.
•Pending Devices—Job did not try to update devices, even though they were selected.
•Not Attempted—Job did not attempt to run on these devices.
Click on Status to see the job details. Details include a record of the entire CLI session between RME and the device. To launch the Device Center, click on the device display name.
When the configuration fetch takes unusually long, this error message appears,
Unable to get results of job execution for device. Please retry the job
This could happen because of slow device response, Network latency, etc.
|
Work Order
|
Contains the Summary of the job definition such as,
•Detailed information, such as owner, schedule type, and Job Approval state.
•Policies configured for the job, such as E-mail Notification and Job Based Password.
•Devices on which the job runs. Also, gives details about the commands.
For retried jobs, these job definitions are not updated. For such jobs the original job definitions are retained.
|
The buttons on the Job Details window are:
•Delete—You can delete jobs with the following Job Status:
–Cancelled
–Failed
–Scheduled
–Rejected
–Successful
–Waiting for Approval
You cannot delete a running job.
•Stop—You can stop the following running job types (See Using Archive Management Job Browser for details on the job types):
–Put Config
–Import Config
–Write to Running Config
–Write to Startup Config
–Copy Running Config to Startup
–Copy Startup Config to Running
–Reload Device
–Config Quick Deploy
–Check Compliance and Deploy
–Deploy Baseline template
–Compliance check
Baseline Template
You can identify a set of standardized policy based commands that you would want to have on a set of devices.
You can create a Baseline template which is a set of commands identified through the process of baselining, which contain placeholders for device-specific values to be substituted.
For example:
set vtp domain [name] password [xxx]
set snmp community read-write [Read write community string]
When you add a new device of the same type to the network, you can use the existing Baseline template, which consists of two parts, command and values. You can create configurations for any device of the same type to the network by specifying the values for the variables in the baseline template.
The following section contains:
•Features of Baseline Template
•Defining Commandsets
Features of Baseline Template
The features of Baseline Template are:
•You can use this Baseline template to compare with other device configuration and generate a report that lists all the devices which are non-compliant to the Baseline template.
•You can easily deploy the Baseline template to the same category of devices in the network.
•You can schedule a compliance check job and deploy the Baseline template onto the non-compliant devices. This can be performed as a single job or as a separate job.
•You can import or export a Baseline template. This template is stored in XML format.
The rules for specifying the Baseline templates are:
•All the commands that are disallowed should begin with a "-".
•All commands that are mandatory should begin with a "+".
•Commands that do not begin with (- or +) are considered as comments and ignored.
•There should be a space between the commands and the "-" or "+". If there is no space, the commands are considered as comments and ignored.
•The command values can be a wildcard match.
+ ip address [ip-address] [netmask]
+ ip address [#10\.76\.38\..*#] [netmask]
+ ip address [#10\.72\..*\..*#] [netmask]
To find a match for any octet in an IP address you must use \..*.
In the examples shown above, the command will apply for all the devices with the IP address starting with 10.76.38.* [netmask] and 10.72.*.* [netmask].
•The regular expressions must be enclosed with #.
For example:
snmp-server location [#.*#]
This command will fail compliance check for snmp-server location loc1 loc2 loc3, because the check will be performed only for one word after snmp-server location.
To overcome this, you have to define the command as:
+ [# snmp-server location .*#]
Then the compliance check will be performed for all forms of snmp-server commands like snmp-server location loc1 loc2.....n,etc.
•Negation in Regular expressions :
Use Case 1:When there are more than one entry in the Config files.
Commands in Device Config :
logging name1
logging name2
logging name3
Template: +logging [#!name1#]
Details :
–First the negation of the name1 is done which returns true, since there are other logging commands present with someother names.
–So the template is compliant.
Use Case 2: When there is only one entry in the Config files.
Commands in Device Config :
logging name1
Template: +logging [#!name1#]
Details :
First the negation of the name1 is done which returns False.Since there is no other command with logging statement except "logging name1" , the template is Non-Compliant.
Use Case 3: When there is no logging commands
Commands in Device config :
No logging commands
Template :+ logging [# !name1 #]
Details :
–First the negation of the name1 is done which returns false.
–Since there is no login commands, the template is Non-compliant.
•The Baseline template uses java.util.regex engine for regular expressions. For more information, see the regex API guide for Java 1.4.2 from Sun:
http://java.sun.com/j2se/1.4.2/docs/api/java/util/regex/Pattern.html
•Submode commands are provided only if the commands are to be compared inside a submode.
For example:
interface [#Ethernet.*#]
+ no shutdown
no shutdown command will apply for all interfaces having Ethernet.
Defining Commandsets
The commandsets are a set of one or more CLI commands. You can define a commandset while creating a Baseline template in the Advanced mode.
The features of the commandsets are:
•If the commands in commandset are in a submode (ip/interface etc.) a submode command must be specified for such a commandset.
•Commandsets can have one or more child commandsets.
•Child commandsets inherit parent's sub-mode command.
You can define commandsets that have to be checked before running the actual commands.
The features of the prerequisite commandsets are:
•A commandset can have another commandset as its prerequisite.
•A prerequisite commandset is used only for comparison and is not deployed onto the device.
•A commandset is compared with the config only if its prerequisite condition is satisfied.
The RME evaluates the commandsets in different ways depending on whether you have defined the commandset as Parent or Prerequisite.
For example assume that you have defined two commandsets, commandset1 and commandset2:
•Commandset defined as Prerequisite
commandset1 as the Prerequisite of commandset2. While RME evaluates the Baseline template, commandset1 is evaluated first and commandset2 is evaluated next.
If commandset1 is not present, commandset2 is not evaluated and the template is considered compliant.
•Commandset defined as Parent
commandset1 as the Parent of commandset2. While RME evaluates the Baseline template, commandset1 is evaluated first and commandset2 is evaluated next.
If either of these commandsets is missing, the template is considered non-compliant.
The limitations of Baseline template command are:
•It does not take into account the order of commands.
•Some of the commands have no negation. For example, set summertime recurring. In such cases, no negation commands are generated.
•
Baseline Templates Window
This window lists all the user-defined Baseline templates. It also displays the following details of the Baseline template:
Column Name
|
Description
|
Name
|
Name of the Baseline template.
|
Device Type
|
Type of the device for which the defined Baseline template can be used.
|
Description
|
Description of the Baseline template.
If you have imported Baseline templates, the description given is Imported baseline.
|
Created On
|
Displays the Baseline template creation date and time.
|
You can click on any column (except Baseline Name) to sort the information by that column. If you double-click a heading, the order is reversed.
This window contains the following buttons:
Button
|
Description
|
Create
|
Create a Baseline template.
See Creating a Baseline Template for further details.
|
Edit
|
Edit a Baseline template.
This button is activate only after you select a Baseline Name.
See Editing a Baseline Template for further details
|
Export
|
Export a Baseline template file.
This button is activate only after you select a Baseline Name.
See Exporting a Baseline Template for further details.
|
Import
|
Import a Baseline template file.
See Importing a Baseline Template for further details.
|
Delete
|
Delete a Baseline template.
This button is activate only after you select a Baseline Name.
See Deleting a Baseline Template for further details.
|
Deploy
|
Deploy a Baseline template.
This button is activate only after you select a Baseline Name.
See Deploying a Baseline Template for further details.
|
Compliance Check
|
Perform compliance check with Baseline template.
This button is activate only after you select a Baseline Name.
See Running Compliance Check for further details.
|
Creating a Baseline Template
You can create a Baseline Template by:
•Creating a Basic Baseline Template
•Creating an Advanced Baseline Template
There are few example templates which are available. You can use these templates as a base to create new templates.
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
Creating a Basic Baseline Template
To create a Basic Baseline template:
Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates.
The Baseline Templates window appears.
Step 2 Click Create.
The Select Creation Mode dialog box appears.
Step 3 In the Template Details section, select Basic as the mode.
Step 4 Enter the following information:
Field
|
Description
|
Name
|
Name of the Baseline template.
You can enter only alphanumeric characters (including spaces) up to 254 characters. Do not enter any special characters. This includes underscores and hyphens.
|
Description
|
Description for the Baseline template. You can enter up to 254 characters.
|
Device Type Selector
|
Device family for which you can apply this template.
Click the check box to select the device family.
|
Step 5 Click Next.
Step 6 The Add Template Details dialog box appears.
Enter the CLI command under the Baseline Template.
CLI Commands
|
This is a mandatory field.
Enter the CLI commands.
For example:
Routers CLI Commands
+ set snmp community read-write [read-write-community-name-string]
- set snmp community read-only public
Explanation:
•The first line is considered as a comments since it does not begin with either "+" or "-".
•The second line is mandatory since it begins with "+".
•The third line is disallowed since it begins with "-".
Note There should be a space between the commands and the "-" or "+". If there is no space, the commands are considered as comments and ignored.
In the above example, read-write-community-name-string is a command value. The command value should not contain spaces.
|
A message appears, Successfully created the template BaselineTemplateName.
Where BaselineTemplateName is the Template Name as given by you.
Step 7 Click OK.
The Baseline Templates window appears with the newly created Baseline template.
Creating an Advanced Baseline Template
To create an Advanced Baseline template:
Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates.
The Baseline Templates dialog box appears.
Step 2 Click Create.
The select Creation Mode dialog box appears.
Step 3 Select Advance as the mode from the Template Details section.
Step 4 Enter the following information:
Field
|
Description
|
Name
|
Name of the Baseline template.
You can enter only alphanumeric characters (including spaces) up to 254 characters. Do not enter any special characters. This includes underscores and hyphens.
|
Description
|
Description for the Baseline template. You can enter up to 254 characters.
|
Device Type Selector
|
Device family for which you can apply this template.
Check the check box to select the device family.
|
Step 5 Click Next.
The Add Template Details dialog box appears.
Step 6 Enter the following information:
Commandset Option
|
Field
|
Description
|
Name
|
Name of the commandset.
You can enter only alphanumeric characters up to 254 characters. Do not enter any special characters. This includes spaces, underscores and hyphens.
|
Parent
|
Enter the parent name for the commandset, if required. This is case sensitive.
You can also use this to logically group the commandsets.
For example: To work on ATM permanent virtual connections (PVCs) commands, you must first get into the interface mode from the global mode and then run the PVC specific-commands.
Commandset 1: ATM
interface [#atm.*#]
+ ip address [ip-addr] [net-mask]
Commandset 2: PVC
[#pvc.*#]
+ encapsulation aal5 [encap-type]
+ abr [output-pcr1] [output-mcr]
+ ubr [output-pcr2]
+ vbr-nrt [output-pcr3] [output-scr] [output-mbs]
+ vbr-rt [peak-rate] [average-rate] [burst]
+ protocol ip [proto-ip] [type]
+ exit
Here, commandset 1 is the parent for commandset 2.
While RME evaluates the Baseline template, commandset1 is evaluated first and commandset2 is evaluated next. If either of these commandsets is missing, the template is considered non-compliant.
|
Submode
|
Enter the command to get into interface mode from the global mode.
For example: interface [intname]
Here, interface is a command keyword and intname is command value. The command value should not contain spaces.
You can also run the command for a set of interfaces.
For example: interface [#Ethernet.*#]
Here, the command will be executed on all the interfaces having Ethernet.
|
Prerequisite
|
Select the manadatory commandset name that you must enter before running the current commandset.
In the example (See Mark as Prerequisite row), if you had marked commandset 1 as the Prerequisite, you can select commandset 1: IntCheck from the drop-down menu.
Before running the commandset 2, the commandset 1 is run. That is, commandset1 is evaluated first and commandset2 is evaluated next.
If there is no commandset1, commandset2 is not evaluated and the template is considered compliant.
|
Mark as Prerequisite
|
1. Select the checkbox to mark a particular commandset as a prerequisite.
For example,
Commandset 1: IntCheck
interface [intname]
+ ip address [#10\.76\.38\..*#] [net-mask]
(To find a match for any octet in an IP address you must use \..*.)
2. Select the Mark as Prerequisite check box for the Commandset 1: IntCheck.
For example,
Commandset 2: IntDownload
interface [intname]
+ no cdp enable
3. Select the Prerequisite from the dropdown menu for the Commandset 2: IntDownload.
If a commandset has a Prerequisite commandset, you cannot select the Mark as Prerequisite check box for that particular commandset.
That is, in the above example, you cannot select the checkbox Mark as Prerequisite for Commandset 2:IntDownload.
|
Ordered Set
|
Select this option to make the system consider the order of the commands while performing compliance check.
In other words, the commands in the device config should appear in the same order as that of the CLI commands definition order in the Command Set.
|
CLI Commands
|
Enter the CLI commands.
For example:
# Routers CLI Commands
+ set snmp community read-write [read-write-community-name-string]
- set snmp community read-only public
Explanation:
•The first line is considered as a comment since it begins with a "#".
•The second line is mandatory as it begins with "+".
•The third line is disallowed as it begins with "-".
There should be a space between the commands and the "-" or "+". If there is no space, the commands are considered as comments and ignored.
In the above example, read-write-community-name-string is a command value. The command value should not contain spaces.
|
•If you want to add help comments into the CLI Commands window, click Add.
•If you want to delete a Commandset from the Command set list, click Delete.
•If you want to preview the changes to the Commandset details before finishing up the creation of the template, click Preview. The changed Commandset details is displayed in a window.
•If you click Save, for the first time, a message appears,
Do you wish to create a new template?.
•If you click Save, for the second time, a message appears,
Successfully updated the template BaselineTemplateName.
Note If the Commandsets consist of Prerequisite commandset then these commandsets appear in red color in the Preview details.
•If you want to reset the changes made to a Commandset, click Reset
Step 7 Click OK.
A message appears,
Successfully created the template BaselineTemplateName.
Where BaselineTemplateName is the name of the Baseline Template.
Step 8 Click OK.
If you want to add one more commandset repeat this procedure from Step 4.
Step 9 Click Finish.
A message appears,
Do you wish to save the changes?.
Step 10 Click OK.
A message appears,
Successfully created the template.
Step 11 Click OK.
The Baseline Configs window appears with all the available Baseline templates.
Creating an Advanced Baseline Template—An Example
This is a procedure to create a Baseline template to disable CDP on an interface that belongs to a specific subnet.
Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Configs.
The Baseline Configs dialog box appears.
Step 2 Click Create.
The Select Creation Mode dialog box appears.
Step 3 Select Advanced and click Next.
The Create a Baseline dialog box appears.
Step 4 Enter the following information:
Field
|
User data
|
Template Name
|
DisablingCDP
You can enter only alphanumeric characters (including spaces) up to 254 characters. Do not enter any special characters. This includes underscores and hyphens.
|
Device Type
|
Routers
|
Description
|
Baseline Template for DisablingCDP
|
Commandset Option
|
Name
|
PrerequisiteCheck.
You can enter only alphanumeric characters up to 254 characters. Do not enter any special characters. This includes spaces, underscores and hyphens.
|
Parent
|
Global
|
Submode
|
interface [intname]
Where, intname is a variable. The variables should not contain spaces.
|
Prerequisite
|
Do not select any value.
|
Mark as Prerequisite
|
Select the check box to mark the
|
Ordered Set
|
Select this so that the system considers ordering of commands while performing compliance check.
|
CLI Commands
|
+ ip address [#10\.76\.38\...*#] [netmask]
To find a match for any octet in an IP address you must use \..*.
This checks for subnet mask with IP address starting from 10.76.38.*.
|
Step 5 Click Save.
A confirmation message appears that the template will be created.
Step 6 Click OK.
A confirmation message appears that the template is created.
Step 7 Click OK.
To add another commandset within the same Baseline template, Disabling-CDP, enter the following information.
Field
|
User data
|
Commandset Option
|
Name
|
DisableCDP.
You can enter only alphanumeric characters up to 254 characters. Do not enter any special characters. This includes spaces, underscores and hyphens.
|
Parent
|
Global
|
Submode
|
interface [intname]
|
Prerequisite
|
Select the PrerequisiteCheck from the dropdown menu.
|
Mark as Prerequisite
|
Do not select the checkbox.
|
Ordered Set
|
Select this so that the system considers ordering of commands while performing compliance check.
|
CLI Commands
|
+ no cdp enable
This will disable the CDP for the devices with the subnet mask starting with IP address 10.76.38.*.
|
Step 8 Click Save.
A confirmation message appears that the template is updated.
Step 9 Click OK.
Step 10 Click Finish.
A confirmation message appears that the template will be saved.
Step 11 Click OK.
A confirmation message appears that the template is updated.
Step 12 Click OK.
The Baseline Configs window appears with the details of Disabling-CDP Baseline template.
•Exporting a Baseline Template
Editing a Baseline Template
You can edit all the Baseline template fields except for:
•Template Name
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
To edit the Baseline templates:
Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates.
The Baseline Templates dialog box appears.
Step 2 Select a Baseline template.
Step 3 Click Edit.
The Select Creation Mode dialog box appears. The mode that you have selected while creating the Baseline template is retained. You cannot change this mode.
•You can provide a description in the Description text field.
•You can select or deselect devices in the Device Type Selector listbox.
Step 4 Click Next.
The Add Template Details dialog box appears.
Step 5 Select the commandset which you want to edit.
Edit the required information.
See Creating an Advanced Baseline Template for more information on field descriptions for the fields that appear in the Add Template Details dialog box.
Step 6 Click Finish.
A message appears, Template is modified. Do you wish to save the changes?
Step 7 Click OK.
A notification appears, Successfully updated the template BaselineTemplateName.
Step 8 Click OK to save changes.
•Exporting a Baseline Template
Exporting a Baseline Template
You can export a Baseline template. The exported file is in XML format.
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
To export a Baseline Template:
Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates.
The Baseline Templates dialog box appears.
Step 2 Select a Baseline template and click Export.
The Export a Baseline Template dialog box appears.
Step 3 Either:
•Enter the folder name. The file will be exported on the RME server.
or
a. Click Browse.
The Server Side File Browser dialog box appears.
b. Select a folder.
c. Click OK.
Step 4 Click OK.
A message appears, Template exported as \User_Specificed_Directory\Template Name.xml
The naming convention followed for the baseline parameter file is Template Name.xml.
The file will be exported on the RME server at the specified path.
•Exporting a Baseline Template
Importing a Baseline Template
To import a Baseline Template:
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates.
The Baseline Templates dialog box appears.
Step 2 Select a Baseline template and click Import.
The Import a Baseline Template dialog box appears.
Step 3 Enter the name of the Template file.
The file will be imported.
or
a. Click Browse.
The Server Side File Browser dialog box appears.
b. Select the XML file.
c. Click OK.
Step 4 Click OK.
A message appears, Template successfully imported.
Step 5 Click OK.
The imported file appears in the Baseline Templates window with the description, Imported baseline.
•Exporting a Baseline Template
Deleting a Baseline Template
To delete a baseline template:
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates.
The Baseline Templates dialog box appears.
Step 2 Select a Baseline template and click Delete.
A message appears, The selected Template will be permanently deleted.
Step 3 Click OK.
A message appears, Successfully deleted the template.
Step 4 Click OK.
The selected Baseline Template is removed from the Baseline Templates window
•Exporting a Baseline Template
Deploying a Baseline Template
When you add a new device of the same type to the network, you can use the existing Baseline template. This template consists of two parts, command and values.
You can create configurations for any device of the same type to the network by specifying the values for the variables in the Baseline template.
You can deploy Baseline template on the RME devices in two ways:
•User Interface (See Deploying a Baseline Template Using User Interface for the procedure.)
•File System (See Deploying a Baseline Template Using File System for the procedure.)
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
Deploying a Baseline Template Using User Interface
To deploy a Baseline template using User Interface:
Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates.
The Baseline Templates dialog box appears.
Step 2 Select a Baseline template and click Deploy.
The Deploy Input Options dialog box appears.
Step 3 Select Enter Data From User Interface and click Next.
The Select Devices dialog box appears.
The device list contains only that particular Device Type devices that you have selected while creating the Baseline Template.
For example, if you have selected Device Type as Router, then only routers are listed.
Step 4 Select devices.
In the All tab,
•If you select devices at the folder-level, all devices listed under this folder are selected.
•If you expand a device folder (using +), you cannot select devices at the folder-level (the check-box is grayed). You must select devices individually.
•If you select devices at a folder-level and expand that particular folder, you can deselect the devices only at the device-level and not at the folder-level.
•You can select multiple device folders.
In the Selection tab,
•All the devices that are selected are listed.
•You can deselect the devices.
Step 5 Click Next.
The Commands Generation dialog box appears.
Step 6 Perform the following tasks:
Field Name
|
Description and Action
|
Device list
|
This pane lists the selected devices that you have selected in the Select Devices dialog box.
Select the device for which you want to deploy the Baseline template.
|
Edit
|
Select a device from the device drop down list and click on Edit button to edit information for the device.
|
Save
|
Click Save button to save the changes made for the selected device.
You can change the details for multiple devices in one go, by using the Save button.
|
Device
|
The selected device in the Device List pane is displayed in this text box.
|
Commandsets
|
The pane contains all the commandsets that are defined in the Baseline template.
Select a commandset.
While creating the Baseline template, if you have defined the multiple occurrences as the commandset feature, after selecting that particular commandset, the Add Instance button is activated.
|
Add Instance
|
This button is activate only if you have selected a commandset with multiple occurrences.
The occurrences of a commandset are defined while creating the Baseline template.
When you click on the Add Instance button, one more instance of multiple commandset is added in the Commandsets pane.
Enter the command value for that commandset in the Device Data pane.
|
Delete Instance
|
Use the Delete Instance button to delete the instance after selecting the instance from the Commanlets pane. You can select one or more instances and click on the Delete Instance button to delete the instances.
You can delete the selected instances. The exception being that atleast one instance of the commandlet is available.
|
Templates
|
The pane contains the CLI commands for the selected commandset.
You cannot modify the commands in this pane.
|
Device Data
|
The field displays the command values that you have defined in your Baseline template.
The command value is appended with a unique number.
Enter the command value.
For example: If your Baseline template contains this command:
Interface [#Ethernet[.*]#]
+ no shutdown
Then, #Ethernet[.*]# is the command value.
The Device Data field names appear as:
#Ethernet.*[0]
|
Step 7 Click Next.
The Job Schedule dialog box appears.
Step 8 Enter the following information:
Field
|
Description
|
Scheduling
|
Run Type
|
You can specify when you want to run the Baseline template deploy job.
To do this, select one of these options from the drop-down menu:
•Immediate—Runs this task immediately.
•Once—Runs this task once at the specified date and time.
•Daily—Runs daily at the specified time.
•Weekly—Runs weekly on the day of the week and at the specified time.
•Monthly—Runs monthly on the day of the month and at the specified time.
The subsequent instances of periodic jobs will run only after the earlier instance of the job is complete.
For example, if you have scheduled a daily job at 10:00 a.m. on November 1, the next instance of this job will run at 10:00 a.m. on November 2 only if the earlier instance of the November 1 job has completed.
If the 10.00 a.m. November 1 job has not completed before 10:00 a.m. November 2, the next job will start only at 10:00 a.m. on November 3.
|
Date
|
You can select the date and time (hours and minutes) to schedule.
The Date field is enabled only if you have selected an option other than Immediate in the Run Type field.
|
Job Info
|
Job Description
|
Enter a description for the job. This is mandatory. You can enter only alphanumeric characters.
|
E-mail
|
Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.
You can enter multiple e-mail addresses separated by commas.
Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).
We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences). When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.
|
Job Options
|
Approver Comments
|
Enter comments for the job approver.
This field appears only if you have enabled job approval for Archive Management.
|
Maker E-Mail
|
Enter the e-mail-id of the job creator. This is a mandatory field.
This field appears only if you have enabled job approval for Archive Management.
|
Copy Running Config to Startup
|
Select to cause job to write the running configuration to the startup configuration on each device after configuration changes are made successfully.
Does not apply to Catalyst OS devices.
|
Job Password
|
•If you have enabled the Enable Job Password option and disabled the User Configurable option in the Job Policy dialog box (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) enter the device login user name and password and device Enable password.
•If you have enabled the Enable Job Password option and enabled the User Configurable option in the Job Policy dialog box (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) either:
–Enter the device login user name and password and device Enable password
Or
–Disable the Job Password option in the Job Schedule and Options dialog box.
|
Step 9 Click Next.
The Work Order dialog box appears with job details that you have entered.
Step 10 Click Finish.
A message appears, Job JobID is created successfully.
Where JobID is a unique Job number.
Step 11 Click OK.
You can check the status of your scheduled job using Config Mgmt > Archive Mgmt > Archive Mgmt Jobs. The Job Type for this deploy job is Deploy Baseline template result.
Deploying a Baseline Template Using File System
You can deploy a Baseline template using the Baseline Parameter file.
You can generate this parameter file using Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates > View (button).
See Exporting a Baseline Template for further information.
To deploy a Baseline template using File System:
Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates.
The Baseline Templates dialog box appears.
Step 2 Select a Baseline template and click Deploy.
The Deploy Input Options dialog box appears.
Step 3 Select Enter Data From File System and click Next.
The Select Input File dialog box appears.
Step 4 Enter the folder name and the file name with the file format extension XML.
or
a. Click Browse.
The Server Side File Browser dialog box appears.
b. Select the XML file.
c. Click OK.
The Select Input File dialog box appears with the selected Baseline Parameter file.
Step 5 Click Next.
The Job Schedule dialog box appears.
Step 6 Enter the following information:
Field
|
Description
|
Scheduling
|
Run Type
|
You can specify when you want to run the Baseline template deploy job.
To do this, select one of these options from the drop-down menu:
•Immediate—Runs this task immediately.
•Once—Runs this task once at the specified date and time.
•Daily—Runs daily at the specified time.
•Weekly—Runs weekly on the day of the week and at the specified time.
•Monthly—Runs monthly on the day of the month and at the specified time.
The subsequent instances of periodic jobs will run only after the earlier instance of the job is complete.
For example, if you have scheduled a daily job at 10:00 a.m. on November 1, the next instance of this job will run at 10:00 a.m. on November 2 only if the earlier instance of the November 1 job has completed.
If the 10.00 a.m. November 1 job has not completed before 10:00 a.m. November 2, the next job will start only at 10:00 a.m. on November 3.
|
Date
|
You can select the date and time (hours and minutes) to schedule.
The Date field is enabled only if you have selected an option other than Immediate in the Run Type field.
|
Job Info
|
Job Description
|
Enter a description for the job. This is mandatory. You can enter only alphanumeric characters.
|
E-mail
|
Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.
You can enter multiple e-mail addresses separated by commas.
Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).
We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences). When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.
|
Job Options
|
Approver Comments
|
Enter comments for the job approver.
This field appears only if you have enabled job approval for Archive Management.
|
Maker E-Mail
|
Enter the e-mail-id of the job creator. This is a mandatory field.
This field appears only if you have enabled job approval for Archive Management.
|
Copy Running Config to Startup
|
Select to make the job to write the Running configuration to the Startup configuration on each device after configuration changes are made successfully.
Does not apply to Catalyst OS devices.
|
Job Password
|
•If you have enabled the Enable Job Password option and disabled the User Configurable option in the Job Policy dialog box (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) enter the device login user name and password and device Enable password.
•If you have enabled the Enable Job Password option and enabled the User Configurable option in the Job Policy dialog box (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) either
–Enter the device login user name and password and device Enable password
Or
–Disable the Job Password option in the Job Schedule and Options dialog box.
|
Step 7 Click Next.
The Work Order dialog box appears with job details that you have entered.
Step 8 Click Finish.
A message appears, Job JobID is created successfully.
Where JobID is a unique Job number.
If you have specified incorrect filename/XML file format or if the hostname field is not updated, an error message appears, Specified file could not be read. Please specify a valid file name.
See Exporting a Baseline Template for further information.
Check the XML file format or update the hostname field and restart this procedure from Step 2.
Step 9 Click OK.
You can check the status of your scheduled job using Config Mgmt > Archive Mgmt > Archive Mgmt Jobs. The Job Type for this deploy job is Deploy Baseline template result.
•Exporting a Baseline Template
Using Baseline Jobs
You can check the status of the Baseline jobs using Config Mgmt > Archive Mgmt > Baseline Templates > Baseline Jobs.
This window contains the following information:
Field Name
|
Description
|
Job ID
|
Unique number assigned to the job when it is created.
For periodic jobs such as Daily, Weekly, etc., the job IDs are in the number.x format. The x represents the number of instances of the job. For example, 1001.3 indicates that this is the third instance of the job ID 1001.
|
Description
|
Job description entered during job definition.
|
Compliant/Deployed Device(s)
|
Displays how many devices are complaint out of total number of devices that were selected while creating the compliance job.
Click on the link to view the Baseline Compliance Report (see Understanding the Baseline Compliance Report).
|
Status
|
Status of the job. The displayed job states are Successful, Failed, and Running.
The jobs may have failed either because:
•The device configuration is not archived.
Or
•The device is not reachable.
The further details of the failed job is given in the Config Mgmt > Archive Mgmt > Archive Mgmt Jobs (see Using Archive Management Job Browser).
You can also check the status of the Baseline job at Config Mgmt > Archive Mgmt > Archive Mgmt Jobs (see Using Archive Management Job Browser).
|
The Compliance Jobs window contains the following buttons:
Buttons
|
Description
|
Deploy
|
You can schedule a job to deploy the standard configuration to all non-compliance devices.
This button is activate only after selecting a Compliance Jobs.
See Deploying the Commands.
|
Delete
|
You can delete the compliance jobs.
This button is activate only after selecting a Compliance Jobs.
See Deleting the Compliance Jobs
|
|
Click on this icon to refresh the Compliance Jobs Window.
|
Running Compliance Check
To execute a compliance check:
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates.
The Baseline Templates dialog box appears.
Select the template and click Compliance Check.
The Select Devices dialog box appears.
Step 2 Select the devices.
In the All tab,
•If you select devices at the folder-level, all devices listed under this folder are selected.
•If you expand a device folder (using +), you cannot select devices at the folder-level (the check-box is grayed). You must select devices individually.
•If you select devices at a folder-level and expand that particular folder, then you can deselect the devices only at the device-level and not at the folder-level.
•You can select multiple device folders.
In the Selection tab,
•All the devices that are selected are listed.
•You can deselect the devices.
Step 3 Click Next.
The Schedule dialog box appears.
Step 4 Enter the following information:
Field
|
Description
|
Scheduling
|
Run Type
|
You can specify when you want to run the Baseline template compliance job.
To do this, select one of these options from the drop-down menu:
•Immediate—Runs this task immediately.
•Once—Runs this task once at the specified date and time.
•Daily—Runs daily at the specified time.
•Weekly—Runs weekly on the day of the week and at the specified time.
•Monthly—Runs monthly on the day of the month and at the specified time.
The subsequent instances of periodic jobs will run only after the earlier instance of the job is complete.
For example, if you have scheduled a daily job at 10:00 a.m. on November 1, the next instance of this job will run at 10:00 a.m. on November 2 only if the earlier instance of the November 1 job has completed.
If the 10.00 a.m. November 1 job has not completed before 10:00 a.m. November 2, the next job will start only at 10:00 a.m. on November 3.
|
Date
|
You can select the date and time (hours and minutes) to schedule.
The Date field is enabled only if you have selected an option other than Immediate in the Run Type field.
|
Job Info
|
Job Description
|
Enter a description for the job. This is mandatory. You can enter only alphanumeric characters.
|
E-mail
|
Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.
You can enter multiple e-mail addresses separated by commas.
Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).
We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences). When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.
|
Job Options
|
Check compliance and deploy
|
Enable this to check the compliance of the archived file with that of the Baseline template and deploy the commands if it non-compliant.
|
Copy Running Config to Startup
|
This option is active only if you select the Check compliance and deploy option.
Select to make the job to write the Running configuration to the Startup configuration on each device after configuration changes are made successfully.
Does not apply to Catalyst OS devices.
|
Job Password
|
•If you have enabled the Job Password option and disabled the User Configurable option in the Job Policy dialog box (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) enter the device login user name and password and device Enable password.
•If you have enabled the Enable Job Password option and enabled the User Configurable option in the Job Policy dialog box (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) either:
–Enter the device login user name and password and device Enable password
Or
–Disable the Job Password option in the Job Schedule and Options dialog box.
|
Step 5 Click Next.
The Job Work Order window appears with the job details that you have selected.
Step 6 Click Finish.
A message appears, Job JobID is created successfully.
Where JobID is a unique Job number.
Step 7 Click OK.
You can check the status of your scheduled job by selecting Config Mgmt > Archive Mgmt > Baseline Template > Compliance or Config Mgmt > Archive Mgmt > Archive Mgmt Jobs.
•Exporting a Baseline Template
Understanding the Baseline Compliance Report
The Baseline Compliance Report contains the following information:
Field Name
|
Description
|
Summary
|
Template Name
|
Name of the Baseline template entered at the time of creating the Baseline template.
|
Number of Non-Compliant device(s)
|
Number of devices that are non-compliant.
|
Number of Compliant device(s)
|
Number of devices that are compliant.
|
Number of Excluded device(s):
|
List of devices where the job did not run. The jobs may have failed either because:
•The device configuration was not archived.
Or
•The device was not reachable.
The further details of the failed job is given in the Config Mgmt > Archive Mgmt > Archive Mgmt Jobs (See Using Archive Management Job Browser).
|
Compliant Devices
|
Device Name
|
Device Display Name as entered in Device and Credential Repository.
|
Latest Version
|
Version of configuration file against which the compliance was checked.
Click on the version to display Config Viewer (see Understanding the Config Viewer Window). This shows the contents of corresponding configuration file against which the compliance was checked.
|
Created On
|
Date and time configuration file was created.
|
Non-Compliant Devices
|
Device Name
|
Device Display Name as entered in Device and Credential Repository.
|
Latest Version
|
Version of configuration file against which the compliance was checked.
Click on the version to display Config Viewer (see Understanding the Config Viewer Window). This shows the contents of corresponding configuration file against which the compliance was checked.
|
Created On
|
Date and time configuration file was created.
|
Command(s) to Deploy
|
List the commands where the device configuration is non-compliant.
|
Excluded Devices
|
Device Name
|
Device Display Name as entered in Device and Credential Repository.
|
Reason for Exclusion
|
Displays the cause for exclusion.
|
In addition, this report contains two buttons:
Button
|
Description
|
|
Exports this report in either PDF or CSV format.
|
|
Generates a format that can be printed.
|
Deploying the Commands
You can deploy the commands on the devices that are non-complaint.
Before you use this Deploy button, you must run the Compliance Report,
•If there are any non-complaint device, you must select the relevant compliance job and deploy the baseline template.
•If there are no non-complaint device and if you click on the Deploy button, a message appears,
Could not deploy selected Job.
Reason: No Non-Compliant devices present in the report.
Click on the Job ID to view the Baseline Compliance Report. See Understanding the Baseline Compliance Report for further details.
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
To deploy the commands:
Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates > Compliance.
The Compliance Jobs dialog box appears.
Step 2 Select a Compliance Job.
Step 3 Click Deploy.
The Substitute Parameters for Devices dialog box appears.
Step 4 Perform the following:
Field Name
|
Description and Action
|
Device list
|
The list contains all the devices which are non-complaint.
Select a device.
|
Device
|
The selected device in the Device List pane appears in this text box.
|
Commandsets
|
The pane contains all the commandsets that are defined in the Baseline template.
In the Baseline template, if you have defined the multiple occurrences as the commandset feature then based on the compliance check, the commandset will appear more than once.
Select a commandset.
|
Templates
|
The pane contains the CLI commands for the selected commandset.
You cannot modify the commands in this pane.
|
Device Data
|
The field displays the command values that you have defined in your Baseline template.
The command value is appended with a unique number.
Enter the command value.
For example: If your Baseline template contains this command:
+ ip address [#10\.76\.38\..*#] [netmask]
Then, #10\.76\.38\..*# and netmask are the command values.
The Device Data field names appear as:
#10\.76\.38\..*#[1000]
netmask[1000]
|
If you have more than one device to deploy then you have to repeat Step 4 for all the devices.
Step 5 Click Next.
The Job Schedule dialog box appears.
Step 6 Enter the following information:
Field
|
Description
|
Scheduling
|
Run Type
|
You can specify when you want to run the deploy configuration job.
To do this, select one of these options from the drop-down menu:
•Immediate—Runs this task immediately.
•Once—Runs this task once at the specified date and time.
|
Date
|
You can select the date and time (hours and minutes) to schedule.
The Date field is enabled only if you have selected an option other than Immediate in the Run Type field.
|
Job Info
|
Job Description
|
Enter a description for the job. This is mandatory. You can enter only alphanumeric characters.
|
E-mail
|
Enter e-mail addresses to which the job sends messages at the beginning and at the end of the job.
You can enter multiple e-mail addresses separated by commas.
Configure the SMTP server to send e-mails in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences).
We recommend that you configure the CiscoWorks E-mail ID in the View / Edit System Preferences dialog box (Common Services > Server > Admin > System Preferences). When the job starts or completes, an e-mail is sent with the CiscoWorks E-mail ID as the sender's address.
|
Job Options
|
Approver Comments
|
Enter comments for the job approver.
This field appears only if you have enabled job approval for Archive Management.
|
Maker E-Mail
|
Enter the e-mail-id of the job creator. This is a mandatory field.
This field appears only if you have enabled job approval for Archive Management.
|
Copy Running Config to Startup
|
Select to make the job to write the Running configuration to the Startup configuration on each device after configuration changes are made successfully.
Does not apply to Catalyst OS devices.
|
Job Password
|
•If you have enabled the Enable Job Password option and disabled the User Configurable option in the Job Policy dialog box (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) enter the device login user name and password and device Enable password.
•If you have enabled the Enable Job Password option and enabled the User Configurable option in the Job Policy dialog box (Resource Manager Essentials > Admin > Config Mgmt > Config Job Policies) either:
–Enter the device login user name and password and device Enable password
Or
–disable the Job Password option in the Job Schedule and Options dialog box.
|
Step 7 Click Next.
The Work Order dialog box appears with job details that you have entered.
Step 8 Click Finish.
A message appears, Job ID is created successfully.
Where ID is a unique Job number.
Step 9 Click OK.
You can check the status of your scheduled job using Config Mgmt > Archive Mgmt > Archive Mgmt Jobs. The Job Type for this deploy job is Deploy Baseline comparison result.
Deleting the Compliance Jobs
You can delete the job that have been completed or stopped. You cannot delete a running job.
Note View Permission Report (Common Services > Server > Reports) to check if you have the required privileges to perform this task.
To delete Compliance jobs:
Step 1 Select Resource Manager Essentials > Config Mgmt > Archive Mgmt > Baseline Templates > Compliance.
The Compliance Jobs dialog box appears.
Step 2 Select a job and click Delete.
A message appears, The selected job will be deleted.
Step 3 Click OK.
The selected Compliance job is removed from the Compliance Jobs window.
You can also delete the compliance jobs from Config Mgmt > Archive Mgmt > Archive Mgmt Jobs window (see Using Archive Management Job Browser).
