Home > Cisco > Network Hardware > Cisco Prime Nerk 43 User Guide

Cisco Prime Nerk 43 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Prime Nerk 43 User Guide. The Cisco manuals for Network Hardware are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 191

    Page 191 9-43 Cisco Prime Network 4.3.2 User Guide Chapter 9 Manage Device Configurations and Software Images Making Sure Devices Conform to Policies Using Compliance Audit Creating a Rule For a policy to run against devices and generate violations, you must specify rules within the policy and define the conditions and the relevant fixes for violations. Rules are platform-specific. Each policy must contain at least one rule; however, there is no limitation on the number of rules you can define for a... 
      
9-43
Cisco Prime Network 4.3.2 User Guide
Chapter 9      Manage Device Configurations and Software Images
  Making Sure Devices Conform to Policies Using Compliance Audit
Creating a Rule
For a policy to run against devices and generate violations, you must specify rules within the policy and 
define the conditions and the relevant fixes for violations. Rules are platform-specific. Each policy must 
contain at least one rule; however, there is no limitation on the number of rules you can define for a...

    Page 192

    Page 192 9-44 Cisco Prime Network 4.3.2 User Guide EDCS-1524415 Chapter 9 Manage Device Configurations and Software Images Making Sure Devices Conform to Policies Using Compliance Audit Rule Inputs New Input Click New to add inputs for the new rule. The input you create in this pane reflects in the Policy Profile page. You must provide rule inputs for the rule you have selected. For example, you can create an input to be IP Address. Any user who wants to run this rule can enter an IP address specific... 
      
9-44
Cisco Prime Network 4.3.2 User Guide
EDCS-1524415
Chapter 9      Manage Device Configurations and Software Images
  Making Sure Devices Conform to Policies Using Compliance Audit
Rule Inputs
New Input Click New to add inputs for the new rule. The input you create in this pane reflects in the Policy 
Profile page. You must provide rule inputs for the rule you have selected. For example, you can 
create an input to be IP Address. Any user who wants to run this rule can enter an IP address specific...

    Page 193

    Page 193 9-45 Cisco Prime Network 4.3.2 User Guide Chapter 9 Manage Device Configurations and Software Images Making Sure Devices Conform to Policies Using Compliance Audit New Conditions and Actions—Conditions Details tab Condition Scope DetailsCondition Scope—Select the scope of the conditions from one of the below: –Configuration—Checks the complete running configuration. –Device Command Outputs—Checks the output of show commands. –Device Properties—Checks against the device properties and not the... 
      
9-45
Cisco Prime Network 4.3.2 User Guide
Chapter 9      Manage Device Configurations and Software Images
  Making Sure Devices Conform to Policies Using Compliance Audit
New Conditions and Actions—Conditions Details tab
Condition Scope 
DetailsCondition Scope—Select the scope of the conditions from one of the below:
–Configuration—Checks the complete running configuration.
–Device Command Outputs—Checks the output of show commands.
–Device Properties—Checks against the device properties and not the...

    Page 194

    Page 194 9-46 Cisco Prime Network 4.3.2 User Guide EDCS-1524415 Chapter 9 Manage Device Configurations and Software Images Making Sure Devices Conform to Policies Using Compliance Audit Rule Pass Criteria Check the option, as required. If you select: All Sub Blocks—The rule is marked a success only if all the blocks fulfill the specified condition. Any Sub Block—The rule is marked a success even if one of the sub blocks fulfill the condition. Raise One Violation for Each Failing Instance—If you check... 
      
9-46
Cisco Prime Network 4.3.2 User Guide
EDCS-1524415
Chapter 9      Manage Device Configurations and Software Images
  Making Sure Devices Conform to Policies Using Compliance Audit
Rule Pass Criteria  Check the option, as required. If you select:
All Sub Blocks—The rule is marked a success only if all the blocks fulfill the specified 
condition.
Any Sub Block—The rule is marked a success even if one of the sub blocks fulfill the condition.
Raise One Violation for Each Failing Instance—If you check...

    Page 195

    Page 195 9-47 Cisco Prime Network 4.3.2 User Guide Chapter 9 Manage Device Configurations and Software Images Making Sure Devices Conform to Policies Using Compliance Audit Violation Message Ty p eSelect one of the following message type: Default Violation Message—Select this option if you determine a violation as not fixable (or requiring manual intervention). User defined Violation Message—Select this option to enter a fix or to provide a command script to fix a violation. This field is available... 
      
9-47
Cisco Prime Network 4.3.2 User Guide
Chapter 9      Manage Device Configurations and Software Images
  Making Sure Devices Conform to Policies Using Compliance Audit
Violation Message 
Ty p eSelect one of the following message type:
Default Violation Message—Select this option if you determine a violation as not fixable (or 
requiring manual intervention).
User defined Violation Message—Select this option to enter a fix or to provide a command script 
to fix a violation.
This field is available...

    Page 196

    Page 196 9-48 Cisco Prime Network 4.3.2 User Guide EDCS-1524415 Chapter 9 Manage Device Configurations and Software Images Making Sure Devices Conform to Policies Using Compliance Audit Fix CLINoteThis field is available only if you selected User defined Violation Message in the Violation Message Type field. Enter a relevant CLI fix if the device does not meet the condition specified. Do not enter config t, configure, and its exit commands. Rule inputs and Grep outputs can be used here. NoteThe exit... 
      
9-48
Cisco Prime Network 4.3.2 User Guide
EDCS-1524415
Chapter 9      Manage Device Configurations and Software Images
  Making Sure Devices Conform to Policies Using Compliance Audit
Fix CLINoteThis field is available only if you selected User defined Violation Message in the Violation 
Message Type field.
Enter a relevant CLI fix if the device does not meet the condition specified. Do not enter config t, 
configure, and its exit commands. Rule inputs and Grep outputs can be used here. 
NoteThe exit...

    Page 197

    Page 197 9-49 Cisco Prime Network 4.3.2 User Guide Chapter 9 Manage Device Configurations and Software Images Making Sure Devices Conform to Policies Using Compliance Audit After you complete adding rules to the policy, a profile must be created. For more information, see Creating a Policy Profile. Creating Rules—Samples This section explains four scenarios in which rules can be created. ProblemThis policy checks if at least one of the pre-defined DNS servers are configured on device. The following... 
      
9-49
Cisco Prime Network 4.3.2 User Guide
Chapter 9      Manage Device Configurations and Software Images
  Making Sure Devices Conform to Policies Using Compliance Audit
After you complete adding rules to the policy, a profile must be created. For more information, see 
Creating a Policy Profile.
Creating Rules—Samples
This section explains four scenarios in which rules can be created.
ProblemThis policy checks if at least one of the pre-defined DNS servers are configured on device. 
The following...

    Page 198

    Page 198 9-50 Cisco Prime Network 4.3.2 User Guide EDCS-1524415 Chapter 9 Manage Device Configurations and Software Images Making Sure Devices Conform to Policies Using Compliance Audit ProblemThis policy checks if the device is not configured with any prohibited community strings or community strings that must be avoided for SNMP. This condition checks if either snmp-server community public or snmp-server community private is configured on the device. If configured, Compliance Audit raises a... 
      
9-50
Cisco Prime Network 4.3.2 User Guide
EDCS-1524415
Chapter 9      Manage Device Configurations and Software Images
  Making Sure Devices Conform to Policies Using Compliance Audit
ProblemThis policy checks if the device is not configured with any prohibited community strings or 
community strings that must be avoided for SNMP.
This condition checks if either snmp-server community public or snmp-server community private is 
configured on the device. If configured, Compliance Audit raises a...

    Page 199

    Page 199 9-51 Cisco Prime Network 4.3.2 User Guide Chapter 9 Manage Device Configurations and Software Images Making Sure Devices Conform to Policies Using Compliance Audit Creating a Policy Profile After you have created policies, create a policy profile that will contain a set of policies. Go to Compliance Audit > Policy Profile. The Policy Profile page (Figure 9-16) appears. Figure 9-16 Policy Profile Page Follow the procedure below to create a new policy profile: Step 1From the left navigation... 
      
9-51
Cisco Prime Network 4.3.2 User Guide
Chapter 9      Manage Device Configurations and Software Images
  Making Sure Devices Conform to Policies Using Compliance Audit
Creating a Policy Profile
After you have created policies, create a policy profile that will contain a set of policies. Go to 
Compliance Audit > Policy Profile. The Policy Profile page (Figure 9-16) appears.
Figure 9-16 Policy Profile Page
Follow the procedure below to create a new policy profile:
Step 1From the left navigation...

    Page 200

    Page 200 9-52 Cisco Prime Network 4.3.2 User Guide EDCS-1524415 Chapter 9 Manage Device Configurations and Software Images Making Sure Devices Conform to Policies Using Compliance Audit Table 9-4 Policy Group Details Policy Group Name Policies AAA Services AAA AAA Accounting—Commands AAA Accounting—Connections AAA Accounting—Exec AAA Accounting—Network AAA Accounting—System AAA Authentication—Enable AAA Authentication—Login AAA Authorization—Commands AAA Authorization—Configuration AAA... 
      
9-52
Cisco Prime Network 4.3.2 User Guide
EDCS-1524415
Chapter 9      Manage Device Configurations and Software Images
  Making Sure Devices Conform to Policies Using Compliance Audit
Table 9-4 Policy Group Details
Policy Group Name Policies
AAA Services
AAA
AAA Accounting—Commands
AAA Accounting—Connections
AAA Accounting—Exec
AAA Accounting—Network
AAA Accounting—System
AAA Authentication—Enable
AAA Authentication—Login
AAA Authorization—Commands
AAA Authorization—Configuration
AAA...
    Start reading Cisco Prime Nerk 43 User Guide

    Related Manuals for Cisco Prime Nerk 43 User Guide

    All Cisco manuals