Candidate Configuration

Overview

Candidate configuration is a subset of the running-config which checks whether the Candidate config exists in the running-config without any additions or modifications or deletions.

To check the integrity of the candidate config, use the following commands:

  • show diff running-config
  • show diff startup-config

For more information on the CLIs, refer to Perform Integrity Check for Candidate Config.

Examples

No Difference Between Running and Candidate Config

switch# show diff running-config bootflash:base_running.cfg 
switch#

Difference Between Running and Candidate

switch# show diff running-config bootflash:modified-running.cfg unified 
--- running-config
+++ User-config
@@ -32,11 +32,11 @@

interface Ethernet1/1
   mtu 9100
   link debounce time 0
   beacon
-  ip address 2.2.2.2/24
+  ip address 1.1.1.1/24
   no shutdown

interface Ethernet1/2

interface Ethernet1/3
switch#

Difference Between Running and Partial Candidate

switch# show file bootflash:intf_vlan.cfg
interface Vlan101
  no shutdown
  no ip redirects
  ip address 1.1.2.1/24 secondary
  ip address 1.1.1.1/24
switch# 
switch# show diff running-config bootflash:intf_vlan.cfg partial unified 
--- running-config
+++ User-config
@@ -3897,10 +3883,14 @@
   mtu 9100
   ip access-group IPV4_EDGE in
   ip address 2.2.2.12/26 tag 54321

 interface Vlan101
+ no shutdown
+ no ip redirects
+ ip address 1.1.2.1/24 secondary
+ ip address 1.1.1.1/24

 interface Vlan102
   description Vlan102
   no shutdown
   mtu 9100
switch#

Partial Configuration Diff Merged

switch# show file po.cfg
interface port-channel500
description po-123
switch#
switch# sh run int po500
 
!Command: show running-config interface port-channel500
!Running configuration last done at: Fri Sep 29 12:27:28 2023
!Time: Fri Sep 29 12:30:24 2023
 
version 10.4(2) Bios:version 07.69 
 
interface port-channel500
  ip address 192.0.2.0/24
  ipv6 address 2001:DB8:0:ABCD::1/48
 
switch#
 
switch# show diff running-config po.cfg partial merged unified 
--- running-config
+++ User-config
@@ -124,10 +110,11 @@
interface port-channel100
 interface port-channel500
   ip address 192.0.2.0/24
   ipv6 address 2001:DB8:0:ABCD::1/48
+ description po-123
 interface port-channel4096
 interface Ethernet1/1
switch#

Guidelines and Limitations

  • The line numbers that are displayed in the generated running config do not match with the candidate config as they are internally generated one.

  • If there is any difference between the configuration of running and candidate, then it is displayed inline as output.

  • If the whole block of configuration in the candidate file is a new addition, it will be appended at the end of the generated running config.

  • When the candidate config has an SNMP or an AAA user CLI with clear-text password, the SNMP user is seen as a diff even when the user is already configured.

Integrity Check Guidelines

  1. If you must perform an integrity check on a full running configuration as input instead of a partial config, then it is recommended not to use the partial keyword.

Release Specific Guidelines

  1. Beginning with Cisco NX-OS Release 10.2(3)F, Candidate config integrity check option is introduced on all Cisco Nexus switches.

Perform Integrity Check for Candidate Config

To perform the integrity check, use the following commands:

Before you begin


Note

Before performing the integrity check, ensure that the running config and the candidate config belong to the same image version.

Procedure

Step 1

Display the differences between the running and user given candidate config using the command show diff running-config file_url [ unified ]

Example:

switch# show diff running-config bootflash:candidate.cfg partial unified

  • file_url : File path to compare with.

  • unified : Displays the difference between running and user configuration in unified format.

Step 2

Display the differences between the startup and user given candidate config using the command show diff startup-config file_url [ unified ]

Example:

switch# show diff startup-config bootflash:candidate.cfg unified

  • file_url : File path to compare with.

  • unified : Displays the difference between startup and user configuration in unified format.