nanog mailing list archives

Re: configuration sanity check

From: Chuck Anderson <cra () WPI EDU>
Date: Thu, 29 Oct 2015 08:23:41 -0400

On Thu, Oct 29, 2015 at 09:16:48AM +0100, marcel.duregards () yahoo fr wrote:

Hi Nanogers,

Any recommendation about a software which check the live config of
cisco/juniper devices against some templates ?

The goal is to have a template about different function device, like:
- CORE device must have this bloc and this clock
- PE device must have at least that and that
- CPE must have this and that
- Distrib switch block 1 and block2
- etc...

And the software run once every day to check which device do not
comply with those rules and generate an alert.


For Juniper at least, you can use "commit scripts" to enforce these
rules in real time each time a configuration commit is performed--if
the candidiate configuration change doesn't follow the rules, the
commit fails (or the configuration can be changed automatically to do
something).  For example "all interfaces must have a description on
them", or "changes to MSTI configuration are not allowed".

Current thread:

configuration sanity check marcel.duregards () yahoo fr (Oct 29)
- Re: configuration sanity check Daniel Corbe (Oct 29)
- Re: configuration sanity check Joe Abley (Oct 29)
- RE: configuration sanity check Naslund, Steve (Oct 29)
- Re: configuration sanity check Chuck Anderson (Oct 29)
- Re: configuration sanity check Jason Lixfeld (Oct 29)
- Re: configuration sanity check Michal Loncek (Oct 29)
- Re: configuration sanity check chip (Oct 29)
- Re: configuration sanity check Justin Seabrook-Rocha (Oct 29)
- Re: configuration sanity check Jesse McGraw (Oct 29)
  - Re: configuration sanity check Paul Ferguson (Oct 29)
- RE: configuration sanity check Andrew Bosch (Oct 29)