Filter
Top Products
4-45
Cisco Prime Network 4.0 User Guide
OL-29343-01
Chapter 4 Device Configurations and Software Images
Configuration Audit
Note In the Configuration Management and Image Management Settings pages, CCM does not support the
following special characters:
• For Password fields—>, <, ', /, \, !, :, ;, and "
• For all other fields—`, ~, @, #, $, %, ^, &, *, (, ), +, =, |, {, }, [, ], ', ?, >, <, /, \, !, :, ;, and "
Configuration Audit
Note Starting Prime Network 4.0, Configuration Audit is being replaced by Compliance Audit. However, if
you enabled the option to retain Configuration Audit during an upgrade procedure from Prime Network
3.11 (or earlier), the feature will still available from CCM. For more information on Compliance Audit,
see Compliance Audit, page 4-50.
CCM facilitates a configuration compliance mechanism, which enables auditing configurations on a
device against a specified configuration policy file (also called as a baseline or expected configuration).
Prime Network facilitates administering multiple configuration policy files through a Configuration
Audit Policy Manager. Each configuration policy is a set of CLI commands that define a desired baseline
or expected configuration. Configuration policies can also be configured using valid, Java-based regular
expressions. Table 4-4 provides examples of configuration policy CLIs.
Sample Configuration Policy
The following example shows a policy that performs audit for BGP configuration for a Cisco IOS router:
#BGP Configuration Audit
router bgp (.*)
neighbor (.*) remote-as (.*)
address-family ipv4
If you want an audit check for specific BGP AS or neighbor IP address, the above CLI can be changed
accordingly. For example:
router bgp 65000
neighbor (.*) remote-as 65001
address-family ipv4
Table 4-4 Configuration Policy CLI Examples
Policy Name Policy Description Policy CLI
SamplePolicy1 Sample policy for global
configuration auditing
spanning-tree mode rapid-pvst
SamplePolicy2 Sample policy for global regex and
first sub level cli matching audit
interface GigabitEthernet(.*)
port-type nni
SamplePolicy3 Sample policy for global regex,
first sub level cli matching, and
second sub level regex matching
router (.*)
address-family ipv4 unicast
network (.*)
SamplePolicy4 Sample policy for fixed cli
matching
interface GigabitEthernet3/4
address-family ipv4 unicast