Cisco Automation without python/linux scripting

Version 2

    Version NCM 7.5

     

     

    Hey Everyone,

     

    I found very little information on these when I was trying to build this out and wanted to share it with the community. Compliance reports can literally automate your entire network without scripting or linux knowledge. I am currently using NCM 7.5.

     

    My Scenario: I'm a senior engineer for a major enterprise and need to bring alot of switches / routers up to best practices in security, spanning-tree, and design. Using Solarwinds NCM, i was able to do 500+ devices in a matter of hours, not weeks or months. Below you'll find screenshots of an example that we used to change our configs at the interface level.

     

    Switchport Security - this rule matches on "switchport access vlan" string within each interface but rejects any interface that is assigned to vlan 3. If it finds that match, it runs the remediation script below.

     

     

     

    Not only can you do this for interfaces on switches, you can also do this for new SNMP commands, username changes, AAA changes, updating DNS servers, ect... You simply have to change the variable in "strings" and apply the configuration to the "Entire config file". See below:

     

     

    Apply this rule(s) to a policy, and that policy to a report. Run the report and allow the remediation scripts to run. I currently have 70 rules configured and its working flawlessly.

     

    To build a rule follow: My Dashboards -> Compliance -> Manage Reports -> Manage Rules -> Add New Rule

    To build a policy: My Dashboards -> Compliance -> Manage Reports -> Manage Policies -> Add New Policy (add your rules to this policy)

    To build a new report: My Dashboards -> Compliance -> Manage Reports -> Add New Report (add your policy to this report)

     

    By scheduling this compliance report to run every 6 hours - the compliance will change any bad config to what you and your team deem to be correct. If you have any questions, ask below and ill try to answer them as quickly as possible.

     

    Thanks and good luck!