Cisco Prime Nerk 43 User Guide
Have a look at the manual Cisco Prime Nerk 43 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
9-33 Cisco Prime Network 4.3.2 User Guide Chapter 9 Manage Device Configurations and Software Images Managing Device Configurations This topic explains how to perform a manual backup. CCM also performs automatic backups according to the specifications on the Global Settings page (see Checking Prime Network Global Settings for CCM Operations, page 3-4). Manual backups do not affect the automatic backups that are controlled from the Global Settings page; they are completely independent of each other. What Is Backed Up to the Archive The following table provides the types of configuration files that are backed up to the archive per different types of devices. Files are automatically backed up to the archive according to the values on the Configuration Management Settings page. To perform an on-demand backup of configuration files to the archive: Step 1Choose Configurations > Backup. CCM lists all devices with the following status symbols as shown in Figure 9-7. Device Type Configuration File Exported Condition(s) Cisco IOS device Only the latest running configurationIf there is no running version, the latest startup configuration is exported Cisco IOS XR device Latest running and startup configuration; includes active packagesDevices must be managed with system user because copy command is not available in command-line interface (CLI) for non-system users Cisco StarOS devices Boot configuration file (CCM always overwrites the existing boot configuration in the archive)If there is no running version, boot configuration is NOT exported Cisco 7600 device with ACE cardStartup and running configurations of the ACE cardIf there is no running version, the latest startup configuration is exported Cisco Nexus OS device Startup and running configurations for all VDCs configured in the device.If there is no running version, the latest startup configuration is exported Cisco CPT devices Startup and memory configuration operations.CCM supports memory configuration operation. Since the memory configuration is in binary format, viewing, comparing, and editing is not possible. NoteCPT devices are not supported in Compliance Manager. Symbol Description Device is available for backup. Device is not available for backup. The device is most likely in the Maintenance investigation state or the Unreachable communication state. Click the device hyperlink and open the device properties popup to see details about the device.
9-34 Cisco Prime Network 4.3.2 User Guide EDCS-1524415 Chapter 9 Manage Device Configurations and Software Images Managing Device Configurations Step 2Choose the devices with files you want to back up. Figure 9-7 Configuration Backup Page Step 3 To choose devices from a specific device group, click Select Groups. Click the hyperlinked device group name to view the list of devices that belong to the group. Step 4Select the required device group in the Device Groups page and click OK. The devices that belong to the selected device group are highlighted in the Configuration Backup page. You can also schedule a backup simultaneously for all the devices existing in a group: Select a device group and click Backup Groups. Enter the scheduling information as explained after Step 5 and click Backup Groups. Step 5In the Configuration Backup page, click Backup to configure the backup schedule. By default, the backup is performed as soon as possible. Other schedule choices (once, periodically, weekly, and so forth) are activated when you deselect Start as Soon as Possible. The time you specify here to schedule the backup job is the gateway time. NoteYou might be prompted to enter your device access credentials. This option is enabled if, from the Administration client, Global Settings > Security Settings > User Account Settings > Execution of Configuration Operations, you checked the option Ask for user credentials when running configuration operations. This is an enhanced security measure restrict access to devices. Step 6Enter the e-mail ID(s) to which to send a notification after the schedule backup job is complete. For two or more users, enter a comma-separated list of e-mail IDs. A notification e-mail is sent based on the e-mail option specified in the Configuration Management Settings page. Step 7Click Backup. CCM schedules the job and when the job is completed a pop-up appears as shown in Figure 9-8. Figure 9-8 Job Create Successfully Message
9-35 Cisco Prime Network 4.3.2 User Guide Chapter 9 Manage Device Configurations and Software Images Managing Device Configurations Step 8Click the hyperlinked Click here to open the Configuration Management Jobs page or click OK to close and return to the Configuration Backup page. NoteIf a backup is scheduled for an entire device group and if there is a change in the group by addition or deletion of devices after job creation, CCM updates the job accordingly such that all the devices available in the group at the time of execution of the job are considered for backup. Step 9In the Configuration Management Jobs page, click the hyperlinked LastRun Result (Success/Partial Success/Failure) against a particular job in the Jobs table. To export completed job results in XLS format, click the hyperlinked Success lastrun result. The Job Details page appears as shown in Figure 9-9. Figure 9-9 Job Details Step 10 Click Export Result to export and download the job results in a XLS format. To view the archived backup job details: Step 11In the Job Details page, click the Include Archive Details check box, and then click Export Result. This allows you to export and download the backup information with the latest archived version in XLS format. NoteIf devices do not have previous archive details, IP Address, Device Type, and the Last Archived Details columns in the Exported Result report shows NA status.
9-36 Cisco Prime Network 4.3.2 User Guide EDCS-1524415 Chapter 9 Manage Device Configurations and Software Images Managing Device Configurations Figure 9-10 Include Archive Details If you clear the Include Archive Details check box, the Export Result report will have only the current job details Step 12Click OK to close and return to the Configuration Management Jobs page. Fixing a Live Device Configuration (Restore) CCM performs the configuration restore operation in either overwrite or merge mode. As part of restore operation, the configuration files are backed up again after the restore procedure is complete. Overwrite mode—CCM supports restoring configuration in overwrite mode on all supported devices. CCM overwrites the existing configuration on the device with a configuration file from the archive. After the restore operation is performed, the device configuration is identical to the configuration that was chosen from the archive. Merge mode—CCM merges the selected configuration file from the archive with the configuration on the device. New commands in the archived version—that is, commands that are not in the device’s current configuration—are pushed to the device. After the restore operation, the device configuration file retains its original commands, but it also contains new commands from the archived version. For information on the devices that support restore operation in overwrite and merge modes, see the Cisco Prime Network 4.3.2 Supported VNEs and the Cisco Prime Network 4.3.2 Supported VNEs - Addendum. By default, CCM uses the restore mode setting (overwrite or merge) that is specified in the Configuration Management Settings page (see Checking Prime Network Global Settings for CCM Operations, page 3-4. However, you can modify the default mode while scheduling the restore operation. If you have selected the overwrite mode, you can use the Use Merge on Failure option to restore the files in merge mode, if overwrite mode fails. If you select the devices by checking the check box next to Devices (in the table headline), only the first 100 devices in the first page are selected. Click Next to move to the next 100 devices. If you filter the devices based on a parameter, only the filtered details are displayed, and by default, no row is selected.
9-37 Cisco Prime Network 4.3.2 User Guide Chapter 9 Manage Device Configurations and Software Images Managing Device Configurations If you selected all the entries in a page, and then deselected one or few options from the selection, and then move to the subsequent pages to select all the devices from the Devices (in the table headline), the selection in the previous page disappears. Before You Begin Make sure you have installed Flash Player version 10 or higher to view the Configuration Restore page. Make sure you have the permissions to perform the restore operation. You will not be allowed to schedule a restore job, if you do not have permissions. To restore a configuration: Step 1Choose Configurations > Restore. CCM lists all configuration files in the archive. Figure 9-11 shows an example of a filtered page. Figure 9-11 Configuration Restore Page Step 2 (Cisco IOS only) Specify the type of configuration files you want to restore: Running, Startup, or both. If you choose to restore to startup configuration, CCM will first copy the file to running configuration and then to startup configuration. If you choose to restore to Running and Startup configuration, CCM will first deploy the configuration archive to the running configuration on the device and then CCM will replace the startup configuration on the device with the modified running configuration. Step 3Choose the configuration files you want to restore. You can click the arrow mark next to the device name to view the different versions of the configuration file of the device. You can also click the Version hyperlink to view the contents of a file. If the file is a binary file, clicking the version hyperlink does not open the various versions of the configuration file. If you prefer to restore an edited archive file, open the Edited Archive tab. Select the files and click Next. The list of devices that belong to the same device family with respect to the selected edited configuration is displayed. Select the required devices. Skip to Step 5. Step 4If you want to edit a file before restoring it, click Edit Config (edited files are restored only in merge mode). You can view the details of the selected configuration file in the Configuration Editor page as shown in Figure 9-12.
9-38 Cisco Prime Network 4.3.2 User Guide EDCS-1524415 Chapter 9 Manage Device Configurations and Software Images Managing Device Configurations NoteIf you selected non-Cisco or OLT (GPON) devices, the Edit Config button is disabled. Figure 9-12 Configuration Edit Edit the configuration 4.3.2, as required. Note the following: To remove a command, add no in front of the command. To update a command, add no in front of the command and then add the new command. Step 5Click Restore. The Config Restore Schedule dialog box opens. Step 6(Optional) Override the default transport protocol and default restore mode. Step 7Enter a comma-separated list of e-mail ID(s) to which to send a notification after the scheduled restore job is complete. NoteYou might be prompted to enter your device access credentials. This option is enabled if, from the Administration client, Global Settings > Security Settings > User Account Settings > Execution of Configuration Operations, you checked the option Ask for user credentials when running configuration operations. This is an enhanced security measure to restrict access to devices.
9-39 Cisco Prime Network 4.3.2 User Guide Chapter 9 Manage Device Configurations and Software Images Managing Device Configurations Step 8Click Restore. CCM schedules the job and redirects you to the Jobs page, where you can monitor the status of the job. Cleaning Up the Archive Deleting a file removes it from the archive. You cannot delete an archived file if: It is marked “do not purge.” Deleting it would bring the number of versions below the minimum number of versions that must be retained (as specified on the Configuration Management Settings page). When a device is removed from CCM, its configuration files are also removed from the archive. To delete a configuration file from the archive: Step 1Choose Configurations > Archives. Step 2Choose the configuration file you want to delete. You can click the Version hyperlink to verify the contents of the configuration file. Step 3To delete a single configuration file, click the delete icon (red X) at the end of the row. If the delete icon is disabled, this means the archive is assigned a label that is marked “do not purge.” To delete this type of configuration, you must first unassign the label from the configuration. Step 4To delete multiple configuration files, select the required files and then click the Delete button in the table header. Step 5Confirm your choice. CCM schedules the job and redirects you to the Jobs page, where you can monitor the status of the job. Finding Out What Changed on Live Devices The Change Logs page displays a list of the latest device configuration changes detected by CCM. How CCM responds to these changes depends on the values on the Configuration Management Settings page. By default, CCM does not get new information from the device and copy it to the archive when a change occurs, but you can set it to do so. See Checking Prime Network Global Settings for CCM Operations, page 3-4. All users can view the change logs, regardless of the user access role or assigned device scopes. To view the latest changes, choose Configurations > Change Logs. Figure 9-13 provides an example.
9-40 Cisco Prime Network 4.3.2 User Guide EDCS-1524415 Chapter 9 Manage Device Configurations and Software Images Making Sure Devices Conform to Policies Using Compliance Audit Figure 9-13 Configuration Change Logs The Configuration Change Logs page displays change information, sorted according to the latest time stamp. (For a description of common fields, see Managing Device Configurations, page 9-26.) The date and time stamps are displayed according to the local time zone settings of the client. You can view a maximum of 2000 records in the Configuration Change Logs page. These fields are specific to the Configuration Change Logs page: Making Sure Devices Conform to Policies Using Compliance Audit NoteStarting in Prime Network 4.1, Compliance Audit replaces the Configuration Audit feature. In Prime Network 4.3.2, Configuration Audit is deprecated. However, if you enabled the option to retain Configuration Audit during an upgrade procedure from Prime Network 3.11 (or earlier), the feature will Field Description Diff (Cisco IOS XR only) Displays only the commands that were changed. For long text, hover the cursor over the hyperlink to display the entire contents. Compare This field is enabled only if two or more versions of the configuration file are available. Click the Compare icon to launch the Compare Configuration window, which displays the associated archive version and the earlier versions of the file. Additions and deletions are color-coded. From here, you can: Click Show All 4.3.2 or Only Differences to display the entire file contents or just the differences between the two files. Click Previous Diff or Next Diff to jump forward or backward to the previous or next difference between the two files. Click the arrow buttons or enter the page number to jump forward or backward to view the file contents that are running across pages. Click Differences Without Excluded 4.3.2 to eliminate excluded 4.3.2 from comparison.
9-41 Cisco Prime Network 4.3.2 User Guide Chapter 9 Manage Device Configurations and Software Images Making Sure Devices Conform to Policies Using Compliance Audit still be available from CCM. Compliance Audit ensures that existing device configurations comply to your deployment’s policies. Using Compliance Audit, you can create policies that can contain multiple rules, and policies can be grouped together to create a policy profile which can be run on a set of devices, called audit of devices. There is no limit on the number of policies, profiles, rules, and conditions that you can create using Compliance Audit. There are 11 system-defined policy groups available in Compliance Audit. Each policy group comprises a set of system-defined policies. You can combine system-defined policies and user-defined policies to create a policy profile. But, you cannot edit, clone, or delete a system-defined policy group or a system-defined policy. When CCM detects a violation, it can recommend a fix if one is configured by the administrator. Violation details are saved in the database for later reference. In some scenarios, a fix may be readily available (as configured by the administrator) and can be directly applied, while in some others, the fix has to be carefully scrutinized by the administrator before it is run. Automatic application of some of the fixes can be disabled since it may conflict with other policies and configurations that may be specific to the device and the setup. These topics explain how to use Compliance Audit: Wokrflow for Creating Policies and Profiles, and Running a Compliance Audit Job, page 9-41 Creating a Policy, page 9-42 Creating a Policy Profile, page 9-51 Choosing the Devices for the Compliance Audit, page 9-59 Viewing the Results of a Compliance Audit Job and Running Fixes for Violations, page 9-60 Using Compliance Audit for Device Compliance, page 9-66 Wokrflow for Creating Policies and Profiles, and Running a Compliance Audit Job Running an audit job the first time requires you to follow a specific workflow: Description See: Step 1Create a policy containing multiple rulesCreating a Policy, page 9-42 Step 2Group policies into policy profiles so you can apply them Creating a Policy Profile, page 9-51 Step 3Run the policy against your specified devicesChoosing the Devices for the Compliance Audit, page 9-59 Step 4View the results and fix any violationsViewing the Results of a Compliance Audit Job and Running Fixes for Violations, page 9-60
9-42 Cisco Prime Network 4.3.2 User Guide EDCS-1524415 Chapter 9 Manage Device Configurations and Software Images Making Sure Devices Conform to Policies Using Compliance Audit Creating a Policy Create a policy by choosing Compliance Audit > Compliance Policies. The Compliance Policy page (Figure 9-14) appears. Figure 9-14 Compliance Policy Page You can either create a new policy or you can import an existing policy by clicking the Import icon. You can export existing policies as XML files to your local drive. Step 1Click the Create Compliance Policy icon and enter the policy details. The policy is listed in the left pane. Step 2From the Rule Selector pane, click New Rule icon. For more information on creating a new rule, see Creating a Rule. 1Create Compliance Policy icon5New Rule icon 2Edit Policy Description icon6Edit Rule icon 3Import Policy as XML icon7Duplicate Rule icon. 4Search field8Filter icon