Compliance Type
|
Compliance Check
|
Compliance Status
|
Startup versus Running Configuration
|
This compliance check helps network administrator to see whether startup and running configuration of a device are same or
not. Compliance identify, compute and shows a summarized as well as detail report of out of band changes in the running configuration. When there is a change in the startup or running configuration in the device, the compliance
check will be automatically scheduled to run after five minutes of delay.
|
-
Non-Compliant: The Startup and Running configuration are not the same. On detail view, the system shows different startup
versus running between or running versus previous running.
-
Compliant: Startup and Running Configuration are the same.
-
NA (Not Applicable): The device is not supported for this compliance type (for example, AireOS).
|
Software Image
|
This compliance check helps network administrator to see if tagged golden image in Cisco DNA Center is running on the device or not. It shows the difference in golden image and running image for a device. When there is a
change in the software image, the compliance check is triggered immediately without any delay.
|
-
Non-Compliant: The device is not running the tagged golden image of the device family.
-
Compliant: The device is running the tagged golden image of the device family.
-
NA (Not Applicable): The golden image is not available for the selected device family.
|
Critical Security (PSIRT)
|
PSIRT Compliance check enables the network administrator in checking whether the network devices are running without any critical
security vulnerabilities or not.
|
-
Non-Compliant: The device has critical advisories. A detailed report displays various other information.
-
Compliant: There are no critical vulnerabilities in the device.
-
NA (Not Applicable): The security advisory scan has not been done by network administrator in Cisco DNA Center or the device is not supported.
|
Network Profile
|
Cisco DNA Center allows you to define its intent configuration via Network Profile and pushes to device via provisioning. The Intent must
be running on a device. If any violations are found at any time due to out of band changes, compliance identify, compute and flag it off. The violations are shown to the user under Network Profiles on the compliance summary page. The automatic compliance check is scheduled to run after a period of 5 hours.
|
-
Non-Compliant: The device is not running the intent configuration of profile.
-
Compliant: The intent configurations are running on the device.
-
Error: The compliance could not compute status because of an underlying error. For more details, please refer to the error
log.
|
Fabric (SDA Profile)
|
|
|
Application Visibility
|
Cisco DNA Center allows you to create application visibility intent and provision it to devices via CBAR and NBAR. If intent is not running
on devices, compliance identify, compute and shows the violation as compliant or non-compliant under Application Visibility. The automatic compliance check is scheduled to run after a period of 5 hours.
|
|