Compliance Type |
Compliance Check |
Compliance Status |
Startup versus Running Configuration
|
This compliance check helps in identifying whether the startup and running configurations of a device are in sync. If the
startup and running configurations of a device are out of sync, then compliance is triggered and a detailed report of the
out of band changes is displayed. The compliance for startup vs running configurations is triggered within five minutes of
any out of band changes.
|
-
Noncompliant: The Startup and Running configuration are not the same. On detail view, the system shows different startup versus
running between or running versus previous running.
-
Compliant: Startup and Running Configuration are the same.
-
NA (Not Applicable): The device is not supported for this compliance type (for example, AireOS).
|
Software Image
|
This compliance check helps network administrator to see if tagged golden image in Cisco DNA Center is running on the device or not. It shows the difference in golden image and running image for a device. When there is a
change in the software image, the compliance check is triggered immediately without any delay.
|
-
Noncompliant: The device is not running the tagged golden image of the device family.
-
Compliant: The device is running the tagged golden image of the device family.
-
NA (Not Applicable): The golden image is not available for the selected device family.
|
Critical Security (PSIRT)
|
PSIRT Compliance check enables the network administrator in checking whether the network devices are running without any critical
security vulnerabilities or not.
|
-
Noncompliant: The device has critical advisories. A detailed report displays various other information.
-
Compliant: There are no critical vulnerabilities in the device.
-
NA (Not Applicable): The security advisory scan has not been done by network administrator in Cisco DNA Center or the device is not supported.
|
Network Profile
|
Cisco DNA Center allows you to define its intent configuration via Network Profile and pushes to device via provisioning. The Intent must
be running on a device. If any violations are found at any time due to out of band changes, compliance identify, assess and flag it off. The violations are shown to the user under Network Profiles on the compliance summary page. The automatic compliance check is scheduled to run after a period of 5 hours.
Note
|
Network profile compliance is only applicable for routers and wireless LAN controllers and not for switches.
|
|
-
Noncompliant: The device is not running the intent configuration of profile.
-
Compliant: The intent configurations are running on the device.
-
Error: The compliance could not compute status because of an underlying error. For more details, please refer to the error
log.
|
Fabric (SDA Profile)
|
Fabric compliance helps to identify the fabric intent violations such as any out of band changes for fabric related configurations.
|
|
Application Visibility
|
Cisco DNA Center allows you to create application visibility intent and provision it to devices via CBAR and NBAR. If there is an intent violation
on devices, compliance identity, assess, and show the violaion as compliant or noncompliant under Application Visibility. The automatic compliance check is scheduled to run after a period of 5 hours.
|
|