Startup versus Running Configuration
|
This compliance check helps in identifying whether the startup and running configurations of a device are in sync. If the
startup and running configurations of a device are out of sync, compliance is triggered and a detailed report of the out-of-band
changes is displayed. The compliance for startup vs. running configurations is triggered within 5 minutes of any out-of-band
changes.
|
-
Noncompliant: The startup and running configurations are not the same. In the detailed view, the system shows different startup
vs. running between or running vs. previous running.
-
Compliant: The startup and running configurations are the same.
-
NA (Not Applicable): The device, such as AireOS, is not supported for this compliance type.
|
Software Image
|
This compliance check helps a network administrator to see if the tagged golden image in Cisco DNA Center is running on the device. It shows the difference between the golden image and the running image for a device. When there
is a change in the software image, the compliance check is triggered immediately without any delay.
|
-
Noncompliant: The device is not running the tagged golden image of the device family.
-
Compliant: The device is running the tagged golden image of the device family.
-
NA (Not Applicable): The golden image is not available for the selected device family.
|
For Cisco Switch Stacks: Cisco DNA Center allows the network administrator to check if the tagged golden image is running on master switch and members of switch stacks.
|
-
Noncompliant: The tagged golden image is not running on master switch and member switches.
-
Compliant: The tagged golden image is running on master switch and member switches.
-
NA (Not Applicable): The golden image is not available for the selected device.
|
Critical Security (PSIRT)
|
This compliance check enables a network administrator to check whether the network devices are running without critical security
vulnerabilities.
|
-
Noncompliant: The device has critical advisories. A detailed report displays various other information.
-
Compliant: There are no critical vulnerabilities in the device.
-
NA (Not Applicable): The security advisory scan has not been done by the network administrator in Cisco DNA Center, or the device is not supported.
|
Network Profile
|
Cisco DNA Center allows you to define its intent configuration using network profiles and push the intent to the device. If any violations
are found at any time due to out-of-band or any other changes, this check identifies, assesses, and flags it off. The violations
are shown to the user under Network Profiles in the compliance summary window.
Note
|
Network profile compliance is applicable for routers, switches and wireless controllers.
|
|
-
Noncompliant: The device is not running the intent configuration of the profile.
-
Compliant: While applying a network profile to the device, the device configurations that are pushed through Cisco DNA Center are actively running on the device.
-
Error: The compliance could not compute the status because of an underlying error. For details, see the error log.
|
Fabric (SDA)
This feature is in beta.
|
Fabric compliance helps to identify fabric intent violations, such as any out-of-band changes for fabric-related configurations.
|
|
Application Visibility
|
Cisco DNA Center allows you to create an application visibility intent and provision it to a device through CBAR and NBAR. If there is an
intent violation on the device, this check identifies, assesses, and shows the violation as compliant or noncompliant under
the Application Visibility window.
The automatic compliance checks are scheduled to run after 5 hours of receiving traps.
|
|
Model Config
|
This compliance check enables the network administrator to check any mismatch from the designed intent of Model Config. The
mismatch is shown under Network Profile in the Compliance Summary window.
|
|
CLI Template
|
Cisco DNA Center allows the network administrator to compare the CLI template with the running configuration of the device. The mismatch in
the configuration is flagged. The mismatch is shown under Network Profile in the Compliance Summary window.
The running configuration for CLI Template Compliance is taken from the latest archive that is available for the device. Event
based archive takes at least 5 minutes to get updated, once traps are received. Hence, we advise you to wait for at least
5 minutes before running Compliance manually after configuration change, to get accurate results.
|
-
Noncompliant: There is mismatch between the CLI template and the running configuration of the device.
-
Compliant: There is no mismatch between the CLI template and the running configuration of the device.
|
EoX - End of Life
|
Cisco DNA Center allows you to check compliance status for hardware, software, and module of EoX devices. You can check the EoX compliance
status from the Compliance Summary > EoX - End of Life tile.
You can also view the EoX status of devices from the Inventory window, under the EoX Status column.
|
-
Compliant: The device is compliant if enough time remains until the last date of support.
-
Noncompliant: The device is noncompliant if the last date of support has ended.
-
Compliant with Warning: The device is compliant with warning if the last date of support is nearing.
|