4-45
Cisco Prime Network 4.0 User Guide
OL-29343-01
Chapter 4 Device Configurations and Software Images Configuration Audit
Note In the Configuration Management and Image Management Settings pages, CCM does not support the
following special characters:
• For Password fields—>, <, ', /, \, !, :, ;, and "
• For all other fields—`, ~, @, #, $, %, ^, &, *, (, ), +, =, |, {, }, [, ], ', ?, >, <, /, \, !, :, ;, and "
Configuration AuditNote Starting Prime Network 4.0, Configuration Audit is being replaced by C ompl iance A udit. However, if
you enabled the option to retain Configuration Audit during an upgr ade procedure from Prime Network
3.11 (or earlier), the feature will still available from CCM. For more information on Compliance Audit,
see Compliance Audit, page 4-50.
CCM facilitates a configuration compliance mechanism, which enables auditing configurations on a
device against a specified configuration policy file (also called as a baseline or expected configuration).
Prime Network facilitates administering multiple configuration policy files through a Configuration
Audit Policy Manager. Each configuration policy is a set of CLI commands that define a desired baseline
or expected configuration. Configuration policies can also be configured u sing valid, Java-based regular
expressions. Tabl e 4-4 provides examples of configuration policy CLIs.
Sample Configuration Policy
The following example shows a polic y that pe rform s audit for B GP con fig urat ion fo r a Cisc o IOS router:
#BGP Configuration Audit
router bgp (.*)
neighbor (.*) remote-as (.*)
address-family ipv4
If you want an audit check for specific BGP AS or neighbor IP address, the above CLI can be changed
accordingly. For example:
router bgp 65000
neighbor (.*) remote-as 65001
address-family ipv4
Table 4-4 Configuration Policy CLI Examples
Policy Name Policy Description Policy CLI
SamplePolicy1 Sample policy for global
configuration auditing
spanning-tree mode rapid-pvst
SamplePolicy2 Sample policy for global regex and
first sub level cli matching audit
interface GigabitEthernet(.*)
port-type nni
SamplePolicy3 Sample policy for global regex,
first sub level cli matching, and
second sub level regex matching
router (.*)
address-family ipv4 unicast
network (.*)
SamplePolicy4 Sample policy for fixed cli
matching
interface GigabitEthernet3/4
address-family ipv4 unicast