Cisco Systems 78-15693-03 User Manual

APPENDIX

IDU Updates

This appendix provides details about new features and devices that are supported in the Incremental Device Update (IDU) on Resource Manager Essentials 3.5.

To access IDU 13.0 on Essentials 3.5, log into Cisco.com and download it from

http://www.cisco.com/cgi-bin/tablebuild.pl/cw2000-rme.

This appendix contains:

• Baseline Configuration Compare Command feature, page F-1

• Supported Devices in IDU on RME 3.5, page F-11

• Other Supported Features in IDU on RME 3.5, page F-19

Baseline Configuration Compare Command feature

78-15693-03

The new Baseline Configuration Compare Command feature in this release, lists the differences between versions of device configurations against a baseline configuration or a template.

This section contains the following:

• Usage

• Argument Explanations

• Online Help

• Defining Baseline Templates

• Substituting Parameters

• Example of Using Baseline Configuration Command

User Guide for CiscoWorks Small Network Management Solution

F-1

Baseline Configuration Compare Command feature

• Running the Command

• Baseline Configuration Compare Report

• Report Description

• Limitations of Baseline Configuration Command

Usage

To run the Baseline Configuration Compare command, enter:

cwconfig comparewithbaseline -u userid -p password

[-d debuglevel] [-m email] [-l logfile] {-device list | -view name | -device name} [-version version] {-baseline baselinefile -outputdir outputdir

-report reportfile} [-generatecmdfile commandfile]

[ -substitute mappingfile] [-input argumentfile] [-continue]

Appendix F IDU Updates

Argument Explanations

The explanations of the arguments in the baseline configuration command are given below:

Argument Explanation

-u userid

-p

password

-d debuglevel

-m email Email address to send the results.

-l logfile File to log the results of the cwconfig

User Guide for CiscoWorks Small Network Management Solution

F-2

CiscoWorks user name. Password for the CiscoWorks

username. Debug level (1 - 5).

command.

78-15693-03

Appendix F IDU Updates

Baseline Configuration Compare Command feature

Argument Explanation

-device list One or more device names as a

comma-separated list. Do not use this with the -input option.

-view name Confines the devices search to the

specified view.

-device name Name of the device.

-version version Configuration version number. Enter

either a valid version number for the device or enter latest. If you do not enter a version number, the default of latest is taken.

-baseline baselinefile Baseline file.

-outputdir outputdir Directory containing the files with the

missing commands.

-report reportfile Filename report in XML format.

-generatecmdfile commandfile Filename created for input to the

cwconfig import command.

-substitute mappingfile Filename containing the values for the

parameters.

-input argumentfile Text file containing arguments for

multiple devices. Do not use this with the -device option.

-continue

Causes the command to continue running even if errors are encountered on devices.

78-15693-03

You can specify the devices using either the -device or the -view option. To specify multiple devices, separate each device name with a comma. You can specify the version to be compared with the baseline file by using the -version option.

You can specify the value, “latest” for the -version option to compare the latest archived configuration of the devices with the baseline configuration. If you do not specify a value, the latest version is taken. You can specify the baseline configuration or template using the -baseline option.

User Guide for CiscoWorks Small Network Management Solution

F-3

Baseline Configuration Compare Command feature

After comparing the versions, all the missing commands for each of the devices or versions are written to a separate file created under a directory. This is the directory specified by the -outputdir option. This file name is in the following format:

Devicename -Ver-version -Vs-Baselinefile For commands that are disallowed on the device, the negation of the commands

will be generated and stored in the file. If they contain parameters, all commands that areinthe device configurationthat match this command pattern are taken and their negation commands are generated and stored in the file.

To specify the report file name, use the -report option. This generates a report in XML format, specifying versions of devices that are or are not compliant with the specified baseline file. It also lists the missing commands for the non-compliant devices or versions.

Todownload themissing commandsonto thedevice to ensure compliance,use the

-generatecmdfile option. This option logs entries to a command file. These

entries are logged in the following format:

-device Device name1 -f file

This is done for each of the non-compliant devices, with -f specifying the appropriate file, containing the missing commands. This file was created under the output directory, specified by the -outputdir option.

You can then use the cwconfig import command, specifying the command fileas the value for the -input option, to download the missing commands onto the device.

Appendix F IDU Updates

Online Help

User Guide for CiscoWorks Small Network Management Solution

F-4

To access Online help enter:

cwconfig comparewithbaseline -help

Using Baseline Configuration Compare Command

78-15693-03

Appendix F IDU Updates

Defining Baseline Templates

The baselinetemplate can contain place-holders for device-specific values. These are called parameters. Youmust embed such parameters within a “[“ and “]” with no spaces in between.

For example:

set snmp community read-only [read-only-community-name] set snmp community read-write [read-write-community-name]

In this example, there are two place-holders in [read-only-community-name] and [read-write-community-name].

This means that the actual values forthese two place holders are irrelevant aslong as these two commands are on the device.

The rules for specifying the baseline template are:

• All the commands that are disallowed should begin with a (-).

• All commands that are mandatory can begin with a (+).

• Commands that do not begin with (-) are also treated as mandatory.

• Comments in the baseline file should begin with a “#”.

For example:

#Mandatory (+)set port disable [port-range] (+)set port trap [port-range] enable (+)set vtp domain [name] password [read-only-community-name-string] (+)set vtp mode transparent (+)set snmp community read-write [read-write-community-name-string] #DisAllowed (-)set snmp community read-only public (-)set udld enable [Ports]

Baseline Configuration Compare Command feature

78-15693-03

The last command in this example, verifies that “udld” is not enabled on any of the ports. To ensure this, the parameter [Ports] is used.

User Guide for CiscoWorks Small Network Management Solution

F-5

Baseline Configuration Compare Command feature

Substituting Parameters

If the commands to be downloaded onto the device contain parameters, you can specify the values for these parameters in a mapping file. You can specify the mapping file using the -substitute option.

Before writing the missing commands to the file, the parameters are substituted with the appropriate values as specified in the mapping file. The mapping file contains entries in the format specified below:

[Device:Global]

Parameter1=value1 Parameter2=value2 Parameter3=value3 Parameter4=value4 [Device:Dev1] Parameter1=value11 Parameter2=value12 Parameter5=value15

Parametersspecificto adevice can be specified by entering them underthe subject [Device:Dev].

If you do not specify a valuefor that device,then the values specified globally are taken. That is, the value under the subject [Device:Global], is taken. If there are no values specified even at the global level, then the parameters are retained.

In the above example, the values for the parameters Parameter1, Parameter2,

Parameter5 and Parameter3 in the context of the device Dev1 are value11, value12, value15 and value3 respectively.

Note that the value for Parameter3 is taken from the value specified globally whereas the values for Parameter1 and Parameter2 override the value specified globally.

Appendix F IDU Updates

F-6

User Guide for CiscoWorks Small Network Management Solution

78-15693-03

Appendix F IDU Updates

Baseline Configuration Compare Command feature

Example of Using Baseline Configuration Command

The following is an example of using the Baseline Configuration Command to compare the latest configurations of 5 devices: Cat-Dev1, Cat-Dev2, Cat-Dev3, Cat-Dev4 and Cat-Dev5 with the contents of the baseline template given below:

#Mandatory (+)set logging console disable (+)set vtp domain mydomain password [domain-password] (+)set vtp mode transparent (+)set snmp community read-write [read-write-community-name-string] #DisAllowed (-)set snmp community read-only public (-)set udld enable [Ports] (-)set errordetection inband disable (-)set feature supmon enable (-)set spantree macreduction disable

This baseline template is in a file, d:\temp\Baseline\BaseLineMandDis.cfg. With this template, you need the commands:

set logging console disable set vtp mode transparent

78-15693-03

to be in the configuration of the 5 devices. You also need a password for the vtp domain, mydomain. However,the value of this password is not important. Hence, this password is specified as a parameter, [domain-password] as shown below:

(+)set vtp domain mydomain password [domain-password]

Using the command,

(+)set snmp community read-write [read-write-community-name-string]

you need a read-write community string on the device. However, its value is not important.

With this template you do not need the following commands on the device

set snmp community read-only public set errordetection inband disable set feature supmon enable set spantree macreduction disable

User Guide for CiscoWorks Small Network Management Solution

F-7

Baseline Configuration Compare Command feature

Using the command (-)set udld enable [Ports], you have specifiedthat none of the ports should have udld enabled. If udld is enabled on any of the ports, it is treated as a misconfiguration.

Running the Command

To run this command, enter:

cwconfig comparewithbaseline -u username -p password -device Cat-Dev1,Cat-Dev2,Cat-Dev3,Cat-Dev4,Cat-Dev5

-baseline d:\temp\Baseline\BaseLineMandDis.cfg

-report d:\temp\Baseline\MisConfig.xml

-outputdir d:\temp\Baseline\output

-generatecmdfile d:\temp\baseline\commandfile.txt

-substitute d:\temp\Baseline\Mapping.ini

Baseline Configuration Compare Report

After this command has been run successfully, the following report is generated.

********************************************************************** <?xml version="1.0" ?> <Report Name = "Baseline Compliance Report" BaseLineFile="d:\temp\Baseline\BaseLineMandDis.cfg" NoOfDevices="5"> <StartTime> Fri Jun 20 12:30:18 GMT+05:30 2003 </StartTime> <Non-Compliant-Devices total="3"> <Device name="Cat-Dev1" Version ="latest"> <command> (+)set snmp community read-write [read-write-community-name-string] </command> <command> (-)set snmp community read-only public </command> <command> (-)set udld enable 2/34 </command> <command> (-)set udld enable 3/48 </command> <command> (-)set spantree macreduction disable </command> </Device> <Device name="Cat-Dev2" Version ="latest"> <command> (+)set snmp community read-write [read-write-community-name-string] </command> <command> (-)set snmp community read-only public </command> <command> (-)set spantree macreduction disable </command>

Appendix F IDU Updates

F-8

User Guide for CiscoWorks Small Network Management Solution

78-15693-03

Appendix F IDU Updates

</Device> <Device name="Cat-Dev3" Version ="latest"> <command> (+)set snmp community read-write [read-write-community-name-string] </command> <command> (-)set udld enable 2/34 </command> <command> (-)set udld enable 3/48 </command> <command> (-)set spantree macreduction disable </command> </Device> </Non-Compliant-Devices> <Compliant-Devices total="2"> <Device name="Cat-Dev4" Version ="latest"> </Device> <Device name="Cat-Dev5" Version ="latest"> </Device> </Compliant-Devices> <EndTime> Fri Jun 20 12:30:29 GMT+05:30 2003 </EndTime> </Report> **********************************************************************

Report Description

Baseline Configuration Compare Command feature

78-15693-03

In this report the following devices are compliant:

• Cat-Dev4

• Cat-Dev5

The following devices are non-compliant:

• Cat-Dev1

• Cat-Dev2

• Cat-Dev3

For the non-compliant devices, the commands in their configuration file that caused non-compliance are also listed.

For example, for the device Cat-Dev1, the non-compliance is caused by the following disallowed commands:

set snmp community read-only public set udld enable 2/34 set udld enable 3/48 set spantree macreduction disable

User Guide for CiscoWorks Small Network Management Solution

F-9

+ 21 hidden pages