Startup versus Running Configuration
|
This compliance check helps in identifying whether the startup and running configurations of a device are in sync. If the
startup and running configurations of a device are out of sync, compliance is triggered and a detailed report of the out-of-band
changes is displayed. The compliance for startup vs. running configurations is triggered within 5 minutes of any out-of-band
changes.
|
-
Noncompliant: The startup and running configurations are not the same. In the detailed view, the system shows different startup
vs. running between or running vs. previous running.
-
Compliant: The startup and running configurations are the same.
-
NA (Not Applicable): The device, such as AireOS, is not supported for this compliance type.
|
Software Image
|
This compliance check helps a network administrator to see if the tagged golden image in Cisco DNA Center is running on the device. It shows the difference between the golden image and the running image for a device. When there
is a change in the software image, the compliance check is triggered immediately without any delay.
|
-
Noncompliant: The device is not running the tagged golden image of the device family.
-
Compliant: The device is running the tagged golden image of the device family.
-
NA (Not Applicable): The golden image is not available for the selected device family.
|
Critical Security (PSIRT)
|
This compliance check enables a network administrator to check whether the network devices are running without critical security
vulnerabilities.
|
-
Noncompliant: The device has critical advisories. A detailed report displays various other information.
-
Compliant: There are no critical vulnerabilities in the device.
-
NA (Not Applicable): The security advisory scan has not been done by the network administrator in Cisco DNA Center, or the device is not supported.
|
Network Profile
|
Cisco DNA Center allows you to define its intent configuration using Network Profiles and push the intent to the device. If any violations
are found at any time due to out-of-band or any other changes, this check identifies, assesses, and flags it off. The violations
are shown to the user under Network Profiles in the compliance summary window.
Note
|
Network profile compliance is applicable for routers and wireless LAN controllers.
|
|
-
Noncompliant: The device is not running the intent configuration of the profile.
-
Compliant: While applying a network profile to the device, the device configurations that are pushed to Cisco DNA Center are actively running on the device.
-
Error: The compliance could not compute the status because of an underlying error. For details, see the error log.
|
Fabric (SDA)
This feature is in beta.
|
Fabric compliance helps to identify fabric intent violations, such as any out-of-band changes for fabric-related configurations.
|
|
Application Visibility
|
Cisco DNA Center allows you to create an application visibility intent and provision it to a device through CBAR and NBAR. If there is an
intent violation on the device, this check identifies, assesses, and shows the violation as compliant or noncompliant under
Application Visibility. The automatic compliance check is scheduled to run every 5 hours.
|
|