Marking a configuration as trusted
For configuration revision control, the Mark as Trusted action enables authorized users to designate for a device the trusted (that is, desired state) Running and Startup configurations. For recommendations on managing the trusted configuration see . The trusted configuration acts as a snapshot with which future configuration changes are compared, monitored, audited, and reported. The Dashboard displays network-wide configuration discrepancies. A discrepancy occurs when one or more of the following conditions exist:
- Current Running configuration is different from the Startup configuration
- Current Running configuration is different from its Trusted Running configuration
- Current Startup configuration is different from its Trusted Startup configuration
- Current Running configuration OS version is different from its Trusted Running OS version
To run the Mark As Trusted action
- On the Add Job page, select Add Action > Span Actions > Mark As Trusted.
Enter information in the following fields:
(Optional) Annotation describing the purpose or reason for running this action.
Select a realm, group, multiple devices, or a single device for the Mark as Trusted action. When the Network Span is Realm or Group, you can use Filter Devices to select which devices to include in the action.
When the action is triggered in an event-based Policy, additional options include: Same as Triggering Realm, Same as Triggering Group, Same as Triggering Device.
Specify which configuration file, Running or Startup, to mark as trusted. If you select both configurations, specify the Running and Startup configuration to mark as trusted on a given date. BMC Network Automation picks the configurations that were active at the specified date and time.
- Click OK to add the action to the job.