Performing the initial configuration

The following procedures, which are specific to an environment consisting of Cisco IOS routers contain steps that can be performed to establish the initial configuration in a quick start stand-alone TrueSight Network Automation configuration:

Adding device records

The following example procedure adds device records to your Network Automation environment.

  1. Create a device security profile.
  2. Configure the local device agent.
  3. Create a device record for a Cisco IOS Router.

Viewing configuration files

The example procedures in this section are used to confirm that the initial snapshot of the Cisco IOS Router configuration was performed, and to view the content of the configuration file.

To view configuration files for the Cisco IOS Router

  1. View the Devices page.
  2. View the value of the Status column.
    This indicates the status of the last Snapshot operation on the device. Just after the addition of a device it should say Pending and then Successful. If it says Failed, go to To check the device access status of the Cisco IOS Router.
  3. In the Name column, click the Cisco IOS Router link. Device details are displayed.
  4. In the window that appears, scroll down to the Configurations section and note that the Running and Startup configuration files are listed.
  5. Click on one of the configurations to view the actual configuration file along with configuration details like the Date/Time the snapshot was taken, and whether the configuration is Trusted. If this is the first configuration snapshot on this device, Trusted should be Yes.

Scalability Note

You can create your own dynamic fields for each database object. This is particularly useful for maintaining device inventory information and auto-grouping devices during database import. See Managing-dynamic-fields.

Back to top

To check the device access status of the Cisco IOS Router

  1. View the Devices page.
  2. In the Name column, click the Cisco IOS Router link. Device details are displayed.
  3. In the window that appears, scroll down to the Actions section and click the Succeeded or Failed link next to the Snapshot action to view the transcript.
    This will display the interaction between the system and the device and is a good way to troubleshoot access difficulties.

Scalability Note

The Device Inventory report can be run on groups of devices or on the entire network. The report displays status and date for all actions (Snapshot, Deploy to Stored, Deploy to Active, Commit, and Reboot) for all devices in the group or network. See Viewing-a-Device-Inventory-report.

Back to top

Configuring automatic detection of change

Now that the system can access the Cisco IOS Router to perform the Snapshot, Change, Commit, and Deploy to Stored actions on the configuration files, you want to configure the system so that external changes are automatically detected. This example procedure will enable the system to make snapshots automatically and then take actions based on the policies you define.

To enable the Auto-Archive policy

  1. Open the Policies page.
  2. Find the policy named Auto Archive, and click Enable Icon_Enable.png in the Actions column to enable the policy.
  3. Click OK at the confirmation prompt.

To configure a Cisco IOS Router to send syslog messages

This can be done in several ways. In this example procedure, you configure the Cisco IOS Router to send a syslog message directly to the server indicating that a configuration change has occurred.

There are two ways to make the syslog change:

  • Use a Network Automation template to push the changes to the Cisco IOS Router.
  • Log on directly to the Cisco IOS Router to make the syslog changes.

Back to top

To configure a Cisco IOS Router to send syslog messages using a template

  1. Open the Templates page.
  2. Find the Syslog template and click Edit Icon_Edit.png in the Actions column.
  3. In the Edit Template page, click the Contents tab.
  4. Select the Cisco IOS Switch/Router template, and click Edit.
  5. In the Contents field of the Edit Template Contents section, find logging ${agent.localhostAddress}.

    This is an example of the use of a global substitution parameter. To update the logging command you can:
    • Directly enter the IP address of the syslog server in the logging command, or
    • Set the value of the logserver1 global substitution parameter to the IP address of the syslog server. See Adding-global-substitution-parameters.
  6. Click Enter to save the changes to the template.
  7. Click Save.
  8. Open the Add Job page.
  9. Add a Deploy to Active action to the job.
    1. In the Annotation field enter syslog change for BCA-Networks.
    2. In the Network Span field, select Device.
    3. Click Icon_Browse.png and select the Cisco Router in the pop-up.
    4. In the Configuration field, select Template.
    5. Click Icon_Browse.png and select the Syslog template in the pop-up.
      The syslog Cisco IOS template you just modified is in Syslog template group.
    6. Click OK.
  10. Click Save and Submit.
  11. In the Jobs page, click Refresh after a moment, and check the Status column, which should display In Progress and then Completed.

Scalability Note

Actions (Snapshot, Deploy to Stored, Deploy to Active, Custom Actions, Commit, and Reboot) can be carried out on groups of devices. Groups can be statically defined, automatically maintained based on field values, or combined using Boolean operators. You may also use the Filter Devices option when Entire Network or Group is selected as a Network Span to identify an ad-hoc set of devices based on selected filter criteria.

Back to top

To configure a Cisco IOS Router to send syslog messages using Cisco CLI

Log on to the Cisco Router, and make the following changes:

Note

Type the text that is in bold, and substitute the italicized variables (for example, privileged_password). Ctrl+z means press z while holding down the Ctrl key.

cisco1720-01> enable
Password: privileged_password
cisco1720-01# config terminal
cisco1720-01(config)# logging on
cisco1720-01(config)#logging facility local7
cisco1720-01(config)#logging trap notifications
cisco1720-01(config)#logging server_ip_address
cisco1720-01(config)#Ctrl+z
cisco1720-01#exit

Back to top

Making the new configuration as trusted from the Discrepancy and Compliance Violation Details dashboard

The Discrepancy and Compliance Violation Details dashboard is not displayed by default. Enable the Display Discrepancy and Compliance Violation Details Dashboard system parameter to display it.

Upon performing the syslog change, you create a discrepancy from the Trusted configuration. Use the following example procedure to view and confirm the changes and accept the change into the Trusted configuration.

  1. Click the Home tab to view the Dashboard page.
    On the Discrepancy and Compliance Violation Details Dashboard tab, the Cisco IOS Router appears in the list with an Icon_Discrepancy.png in the Running vs. Startup and the Running vs. Trusted Running columns. Icon_Discrepancy.png represents a discrepancy.
  2. Click Icon_Discrepancy.png in the Running vs. Trusted Running column to display the Discrepancy Details Report. Note the syslog changes.
  3. Click Close in the menu to return to the Dashboard page and click the name of the Cisco IOS Router.
  4. In the Reports section of the pop-up, click the View Running Change Summary link and note that this report indicates who made the change and when the changes were made. If multiple changes had occurred since the device went into a discrepancy, all the changes would be listed.
  5. Click the Home tab, and again click the name of the Cisco router. A pop-up window is displayed.
  6. In the Actions section of the pop-up, click the Commit link.
    The Add Job page and the Commit window are displayed.
  7. In the Commit window, enter the following details:
    1. In the Annotation field, enter syslog changes accepted.
    2. Select the Mark As Trusted option.
    3. Click OK.
  8. In the Run At field of the Add Job page, select the Now or When Approved option.
  9. Click Save and Submit.

After the Commit job is complete, the Dashboard no longer displays the discrepancy.

Back to top

Configuring general notification methods

The following example procedure configures general notification methods.

  1. Configure SNMP managers to receive trap notifications.

  2. Configure the system parameters to enable SMTP servers for email notification.

     

    Note

    • You might need to coordinate with the mail administrator to allow email messages to be forwarded from the Network Automation application server platform.
    • BMC recommends that you set the From Email Address and Reply To Email Address system parameters to postmaster@<application_server_name>, so users know that the emails are generated by the application server.
  3. Ensure the Site URL system parameter corresponds to the host name or IP address and that the port number for the application server is entered .

    For example: https://bca-networks:443
  4. Configure email distribution lists.

Back to top

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*