Documentation forNetwork Configuration Manager

Establish baselines as a comparison point for network config changes

The following sections provide information about creating and managing baselines:

What is a baseline?

A baseline is a template that defines the approved configuration (or part of the approved configuration) for a device. After you define the baseline and assign it to one or more devices, NCM compares the baseline to downloaded configs and reports any mismatched lines.

Use baselines to standardize configurations across similar devices and ensure that all devices are in compliance. Assigning baselines allows you to:

  • Know when a config doesn't match the baseline.
  • Compare updated configs against the baseline to determine what changed.
  • Quickly roll back to a known good configuration in case of a network outage or unauthorized changes.

NCM uses an algorithm based on line contents to match lines in the config with the selected lines in the baseline.

Complete configurations vs. snippets

A baseline can represent either a complete config or a config snippet:

  • If a baseline is the template for a complete config, the baseline must exactly match any config it is compared to (excluding lines that are ignored during the comparison). If the config contains lines that are not in the baseline, the config is flagged as not matching.

  • A baseline snippet is the template for a section of the config. The baseline is only compared to that section, and any lines outside that section are automatically ignored. For example, a baseline snippet could define the template for a set of interfaces or access lists. You can assign multiple baseline snippets to a device.

    A baseline snippet can be as short as a single line.

Permissions required for baseline management

Baseline management requires the following NCM roles (or higher).

Action Minimum NCM Role
Access the Baseline Management tab and view existing baselines WebViewer
Create, update, or assign baselines from the Baseline Management tab WebUploader
Promote a config to a baseline from the Config Management tab WebUploader

Create a baseline

When you create a baseline, you define the baseline contents, identify lines to ignore, and assign it to one or more devices.

Task 1: Define the baseline contents

Specify the contents of the baseline in one of the following ways:

  • Use an existing config:

    1. Click My Dashboards > Network Configuration > Configuration Management.

    2. On the Config Management tab, expand a node to display the list of associated configs.

    3. Identify the config to use, and click Promote to Baseline.

      The Promote to Baseline option is visible to users with the NCM role WebUploader or above.

    4. On the New Baseline Config page, update the default name and (optionally) add a description.

    5. Specify whether this is a complete config file or a snippet.

  • Select a file on the server:

    1. Click My Dashboards > Network Configuration > Configuration Management.

    2. Click the Baseline Management tab.

    3. Click New Baseline.

    4. On the New Baseline Config page, enter a name and (optionally) add a description.

    5. Specify whether this is a complete config file or a snippet.

    6. Click Browse and select the file.

  • Cut and paste the baseline contents:

    1. Click My Dashboards > Network Configuration > Configuration Management.

    2. Click the Baseline Management tab.

    3. Click New Baseline.

    4. On the New Baseline Config page, enter a name and (optionally) add a description.

    5. Specify whether this is a complete config file or a snippet.

    6. Click Paste, paste the contents, and click Save.

The Configure section of the New Baseline Config page lists each line in the baseline.

Task 2: Identify lines to ignore

To avoid flagging inconsequential changes, identify lines or sections to ignore when the baseline is compared to configs.

On the New Baseline Config page, select one or both of the following options:

  • Apply global comparison criteria

    Use global comparison criteria to exclude individual lines or blocks of text (such as certificate blocks) from comparison.

  • Choose lines to ignore

    Select each line in the configuration to be ignored during a comparison.

    NCM ignores the selected lines when the content doesn't match, but NCM reports an issue if an ignored line is missing from the configuration. For example, if you select the hostname line in the baseline, the corresponding line in the config file can have any value, but the line must be present.

    To change the number of lines shown per page, click the highlighted line range at the bottom of the dialog and select a new maximum. This change remains in effect while the current baseline is open.

If you selected individual lines to ignore, the Ignored Lines section of the New Baseline Config page lists them.

Task 3: Assign the baseline to one or more devices

  1. On the New Baseline Config page, click Assign to Nodes.
  2. Select the nodes.

    If you promoted an existing config file, the associated node is selected by default.

    If you do not have administrator privileges, your account might include limitations that prevent you from seeing all nodes.

  3. Under Apply To, select one or more config types (for example, Running and Startup) that this baseline should be compared to.

  4. Click Save to apply your selections.
  5. Click Save again to save the baseline.

    The baseline is enabled by default, and NCM automatically compares it to configs of the corresponding types downloaded from the selected devices.

Edit a baseline

You can edit a baseline to update the content of the baseline, or to make other changes:

  • When you update the content of the baseline, you must replace the existing content. Any ignored lines are reset. You must apply global comparison criteria and choose the lines to ignore again.

    If you have a baseline with a large number of ignored lines, consider creating a new baseline and using the existing baseline as a reference to make sure that you select all ignored lines. Then you can delete the original baseline.

  • Updating other information (for example, adding or removing ignored lines, changing the name, or assigning the baseline to other devices) does not reset your previous selections.

You can assign or remove devices when you edit the baseline, or you can use the Apply/Remove option to change the associated devices without editing the baseline.

  1. Click My Dashboards > Network Configuration > Configuration Management.
  2. Click Baseline Management.
  3. (Optional) To prevent comparison to the baseline until after the edits are complete, select the baseline and click Disable.

    The baseline is deselected automatically.

  4. Select the baseline, and click Edit.
  5. Make your changes, and click Save.
  6. If you disabled the baseline, select it and click Enable.

    If you assign the baseline to additional devices, NCM automatically compares the updated baseline to the associated configs. If you make other changes, you can manually run a comparison.

Assign an existing baseline to devices

  1. Click My Dashboards > Network Configuration > Configuration Management.
  2. Click the Baseline Management tab.

    To see what nodes a baseline is currently assigned to, click the arrow on the right end of the baseline's row.

  3. Select the baseline.
  4. Click Apply/Remove to open the Apply/Remove dialog box.
  5. Select the nodes to assign this baseline to. Use filters or the search box to locate nodes.

    If you do not have administrator privileges, your account might include limitations that prevent you from seeing all nodes.

  6. Select the config types this baseline should be compared to.
  7. Click Save.

    If you assigned the baseline to additional devices, NCM automatically compares the baseline to the associated configs.

Learn more

Use NCM to Find and review differences between baselines and network configs.