Set Up Device Configuration File Management
Make Sure Devices Are Configured Correctly
Cisco Evolved Programmable Network Manager can transfer files to and from devices only if the SNMP read-write community strings configured on your devices match the strings that were specified when the devices were added to Cisco Evolved Programmable Network Manager. In addition, devices must be configured according to the settings in How Is Inventory Collected?.
Note |
To improve security, Cisco Evolved Programmable Network Manager no longer uses some of the SSH CBC (Cipher Block Chaining) ciphers that older Cisco IOS-XE and IOS-XR versions use, as they have been deemed weak. For devices running Cisco IOS-XE, ensure that you upgrade to version 16.5.x or later. And for devices running Cisco IOS-XR, upgrade to version 6.1.2 or later. Otherwise, several Software Image Management operations will fail. Although we do not recommend doing so (since it weakens security), you also have the option to add the CBC ciphers that Cisco Evolved Programmable Network Manager stopped using back to its SSHD service configuration file. To do so, first configure the CBC ciphers in the ciphers line of the file located in the /etc/ssh/sshd_config directory (as shown in the example below), then restart the sshd service using the service sshd stop/start command.
|
Note |
Software Image Management is not supported in the NAT environment. This means that image management features such as image import, upgrade, distribution, and activation, will not function in the NAT environment. |
Control How Archiving is Triggered
By default, Cisco EPN Manager saves device configuration files to the archive when:
-
A new device is added to Cisco EPN Manager.
-
When a device change notification is received.
-
Archive collection is not carried out in case of full or granular sync.
Note
If there is an event occurrence, archive data is collected after the period of configured hold off timer.
Users with Administrator privileges can change these settings.
Procedure
Step 1 |
Choose , then choose . |
||||||
Step 2 |
Adjust the archiving settings depending on the following criteria.
|
||||||
Step 3 |
To schedule regular archiving for groups of devices (or single devices):
|
Set Up Event-Triggered Archiving
By default, Cisco EPN Manager backs up a device’s configuration files whenever it receives a change notification event. This works only if devices are configured correctly, see How Is Inventory Collected?. For example, for devices running Cisco IOS XR and Cisco IOS XE, the following setting must be configured:
logging server-IP
When Cisco EPN Manager receives a configuration change event, it waits 10 minutes (by default) before archiving in case more configuration change events are received. This prevents multiple collection processes from running at the same time. To check or change this setting, choose Hold Off Timer (min).
, then choose and adjust theNote |
The Hold Off Timer may be set to a shorter period for certain events, called expedited events. For more information, see Change the Behavior of Expedited Events. |
To turn off event-triggered archiving, choose Collect Configuration Archive whenever configuration is changed check box.
, then choose and uncheck theSpecify Items to be Excluded When Configuration Files Are Checked for Changes
Some lines in device configuration files should be excluded when Cisco Evolved Programmable Network Manager compares different versions to identify changes. Cisco Evolved Programmable Network Manager excludes some lines by default, such as clock settings for routers and switches. If you have Administrator privileges, you can check which lines are excluded, and add more lines to be excluded.
Procedure
Step 1 |
Choose , then choose . |
Step 2 |
Click the Advanced tab. |
Step 3 |
In the Product Family list, choose the devices or groups to which you want to apply the command exclusions. |
Step 4 |
In the Command Exclude List, enter a comma-separated list of configuration commands you want to exclude for that selection. These are the parameters Cisco Evolved Programmable Network Manager will ignore when checking devices for configuration changes. |
Step 5 |
Click Save. |
Control the Timeouts for Configuration Archive Operations
The Configuration Archive task uses the Device CLI Timeout value for each fetch activity. A single Configuration Archive task entails 1 to 5 files. Consequently, the overall job timeout value is determined using the following logic:Overall job timeout = Number of files*Device CLI Timeout
To configure a CLI timeout value, choose Telnet/SSH option, and then enter a value in the Timeout field.
, click the edit device icon, select theNote |
You must increase the Device CLI timeout value if the Configuration Archive task fails due to CLI timeout. |
Control How Often Alarms are Triggered
By default, Cisco Evolved Programmable Network Manager saves device configuration files to the archive based on the configured settings. However, when these jobs fail, you can choose to generate an alarm notification.
When a Configuration Archive job fails, Cisco Evolved Programmable Network Manager waits for 7 days or for more than 5 (by default) configuration files before triggering an alarm. The alarm has information about the cause for the trigger of the alarm and other related details associated with the configuration archives. To change the default settings for how often the alarms are generated, choose , then choose , and adjust the Alarm Threshold parameter for maximum number of configuration files (exceeding which an alarm is generated) and the number of days to wait before the alarm is triggered.
Control When Device Configuration Files are Purged from the Database
Device configuration files cannot be automatically deleted from the database (you can manually delete the files); they can be periodically purged by Cisco Evolved Programmable Network Manager based on your settings. Users with Administrator privileges can adjust when configuration files are purged as follows. If you do not want any configuration files purged, follow this procedure but leave both fields blank.
Note |
For a description of how to manually delete a configuration file, see Delete Archived Device Configuration Files. |
Procedure
Step 1 |
Choose , then choose . |
||||||
Step 2 |
Adjust the archiving settings depending on the following criteria.
|