Tuesday, September 27, 2022
HomeHealthcareCisco DNA Heart and Machine configuration administration

Cisco DNA Heart and Machine configuration administration

In my conversations with clients and companions, there are two matters which might be completely different however considerably associated: compliance and system configuration administration.  In my newest weblog, “Compliant or not? Cisco DNA Heart will enable you to determine this out”, we mentioned compliance capabilities in Cisco DNA Heart 2.3.3.  On this weblog, I’ll tackle system configuration administration.

Let me begin by saying that DNA Heart at all times has the most recent system configuration in its inner databases. This has at all times been the case. The configuration of a tool is first collected and saved when the system is added to the stock, it’s then up to date by periodic triggers in addition to event-based triggers. Occasion-based triggers occur when there’s a change within the configuration. DNA Heart makes use of these up-to-date configurations for all its capabilities together with, however not restricted to, assurance, system alternative, and compliance. Community directors may leverage these configurations so, on this weblog, we’ll discover alternative ways to entry them.

Visualize Configuration in Stock

For sure system sorts, like switches, DNA Heart has the choice to indicate and export the complete system configuration. This permits the community administrator to have fast visibility into the configuration. For safety causes, delicate information is masked which implies that we will’t instantly use this system config to revive a tool.

Configuration Visualization in Inventory
Determine 1: Configuration Visualization in Stock: delicate information is masked

Export the system configuration

Configuration archive is the DNA Heart function that permits community directors to export uncooked configurations to an exterior server. Uncooked configurations are helpful to revive a tool for instance.

Configuration Archive
Determine 2: Configuration Archive: exporting uncooked configurations to an exterior server

Machine configuration backup may be scheduled with the specified recurrence and the configurations are despatched to an exterior server. For every configuration backup, DNA Heart creates a password-protected zip file. This zip file accommodates one listing per system and every listing accommodates three recordsdata: running-config, startup-config, and VLAN database.

Password-protected zip file
Determine 3: Password-protected zip file


Running, Startup configs and VLAN DB
Determine 4: One listing per system containing working config, startup configs and VLAN DB

APIs to retrieve system configuration

One other strategy to entry the clear textual content system configurations is through APIs. The API obtainable in Cisco DNA Heart permits to retrieve uncooked startup, working configs, and VLAN DB within the type of a zipper file in an analogous method because the configuration archive functionality.

API particulars:

POST /network-device-archive/cleartext

Visualize Configuration Drifts

Arguably, I’m leaving essentially the most attention-grabbing functionality for final!

Firstly of the weblog, we talked about that DNA Heart shops the system configuration and updates the configurations periodically and upon modifications. Each time there’s a change within the configuration, DNA Heart will retailer and timestamp this new configuration for a most of fifty. We name these configurations config drifts. Furthermore, DNA Heart can present variations between these saved configurations to assist the community administrator determine any modifications. For out-of-band modifications, Config Drift instrument will even present the username of the person who made the change.

Within the instance beneath, we’re evaluating two configurations taken on September 2nd, 2022, one at 1:56pm and the opposite at 2:57pm. We will see within the latter, {that a} “description” command was faraway from “interface GigabitEthernet 1/0/10”. As soon as we determine these modifications within the working configuration, the community administrator can take particular actions to remediate the problem. For instance, the system may be re-provisioned.

Config Drift
Determine 5: Config Drift

We will additionally determine and label a particular configuration that we deem “commonplace”. That method, it is going to be simpler to match the present working configuration with the chosen labeled configuration.

Within the instance beneath, we’ll first choose the popular configuration and identify it with the label of our selection, on this case, “TBRANCH-Std-Config“:

Label Config
Determine 6: Label Config

As soon as we label our commonplace configuration, we will then examine it to the present configuration. On this instance, the present working configuration is recognized as “September 2nd at 3:10pm”. On this case, each working configuration and commonplace configurations match.

Comparing running-config to labeled config
Determine 7: Evaluating running-config to labeled config

Have you ever tried these capabilities?

Are there another matters you’d prefer to see in these blogs?

Let me know within the feedback beneath.





Please enter your comment!
Please enter your name here

Most Popular

Recent Comments