Establish baselines to define approved configurations and identify changes
A baseline is a template that defines the approved configuration (or part of the approved configuration) for a device. After you define the baseline and assign it to one or more devices, NCM compares the baseline to downloaded configs and reports any mismatched lines. Use baselines to standardize configurations across similar devices and ensure that all devices are in compliance. Assigning baselines allows you to:
- Know when a config doesn't match the baseline.
- Compare updated configs against the baseline to determine what changed.
- Quickly roll back to a known good configuration in case of a network outage or unauthorized changes.
Promote a config to a baseline and apply it to multiple devices
The following example promotes an existing config as the basis for the baseline, selects the lines to ignore, and applies the baseline to multiple devices.
You can also create baselines by copying text and you can define "snippets" (baselines that represent only part of a config). For complete information about all options available with baselines, see Establish baselines as a comparison point for network config changes in the NCM admin guide.
Click My Dashboards > Network Configuration > Configuration Management.
On the Config Management tab, expand a node to display the list of associated configs.
Identify the config to use, and click Promote to Baseline.
The Promote to Baseline option is visible to users with the NCM role WebUploader or above.
On the New Baseline Config page, change the default name to a unique, descriptive name and (optionally) add a description.
For this example, choose A complete config file.
The Configure section of the New Baseline Config page lists each line in the baseline.
To avoid flagging inconsequential changes, identify to ignore when the baseline is compared to configs.
NCM ignores the selected lines when the content doesn't match, but NCM reports an issue if an ignored line is missing from the configuration. For example, if you select the hostname line in the baseline, the corresponding line in the config file can have any value, but the line must be present.
For this example, under Mark Up Baseline, select Choose lines to ignore.
Select the last configuration change line and the hostname line.
- Assign the baseline to devices:
- To the left of the Save button, click Assign to Nodes.
Apply filters to narrow the list of devices.
Select the devices. (The device associated with the config file you promoted is selected by default.)
Under Apply To, select one or more config types (for example, Running and Startup) that this baseline should be compared to.
- Click Save to apply your selections.
Click Save again to save the baseline.
The baseline is enabled by default, and NCM automatically compares it to the configs downloaded from the selected devices.
Identify configs that do not match the baseline
NCM compares baselines to the associated configs and reports any differences. When NCM runs the comparison, it compares baselines to the most recently downloaded configs of the specified type.
If you discover that some configs have deviated from their baselines, you compare them to locate the differences.
On the Baseline Management page
The Baseline Management page shows the baselines that do not match the latest configs from their assigned devices:
- Click My Dashboards > Network Configuration > Configuration Management.
Click the Baseline Management tab.
If any configs don't match, NCM displays the message Mismatched lines.
On the Config Summary page
If you are using the classic Config Summary page, you can use it to see what percentage of configs do not match their baselines:
- Click My Dashboards > Network Configuration > Config Summary.
Scroll down to see the Baseline vs. Config Conflicts widget.