07-10-2023 03:11 PM
Hi people,
We are trying to implement a Configuration Compliance automated process in our network to keep the devices in a valid configuration state. We have a big number of X250 and and X450 running EXOS v12.4.1.7.
We are planning the following procedure:
1) Save the output of the "show configuration" (which is human-friendly) instead of the primary.cfg (in complex xml format) in an external server as a "Golden Config" for the device.
2) Periodically we check the current configuration of the device to see if something has changed.
3) If a change is detected, we want to run the previously stored "Golden Config" .xsf script to restore the switch to a compliance state.
The problem is that if we load the "golden config" .xsf script (load script file.xsf) it executes "additional" commands on top of the running configuration. It doesn't replace the whole configuration.
On the other side, if we consider the same process but with the primary.cfg file (XML format) we need to reboot the device to restore that configuration and we want to avoid this action.
So here are the questions:
a) Can I replace the entire configuration with an .xsf script?
b) Is there a tool to convert .cfg XML files into .xsf script files?
Thanks a lot for your help!
Solved! Go to Solution.
07-11-2023 05:46 AM
This may not help you, as you're running old firmware from 2010 on old/unsupported switches, but starting in 22.5 there's the command "show configuration difference <config.cfg>" which makes a diff between the running config and the XML config file that you're trying to compare it with.
This would enable someone to just push the golden config onto the switch periodically and then issuing the diff to see if there are any changes. If not, then no action needs to be done, but if there are any changes, one can then just "cp <goldenconfig.cfg> <primary.cfg>" and reboot (important to press "N" to the question to not save the changes that were made).
In your situation, I believe you already mentioned the option (unconfigure and use the default.xsf) if you don't want to use XML config files.
07-11-2023 05:46 AM
This may not help you, as you're running old firmware from 2010 on old/unsupported switches, but starting in 22.5 there's the command "show configuration difference <config.cfg>" which makes a diff between the running config and the XML config file that you're trying to compare it with.
This would enable someone to just push the golden config onto the switch periodically and then issuing the diff to see if there are any changes. If not, then no action needs to be done, but if there are any changes, one can then just "cp <goldenconfig.cfg> <primary.cfg>" and reboot (important to press "N" to the question to not save the changes that were made).
In your situation, I believe you already mentioned the option (unconfigure and use the default.xsf) if you don't want to use XML config files.
07-11-2023 06:08 AM
Thank you @Chris_H for your comments!
I'm afraid I will end up using the cfg XML files instead of the xsf script files. The "unconfigure and default.xsf" method is too risky.
Thanks again!
07-11-2023 05:43 AM
Version 12.4 is quite old and we improved the output of the show config quite a lot to be able to do what you want.
You could upgrade your switches to the latest supported version of your switches and see if the output has changed.
07-11-2023 03:48 AM
Answering myself to question a):
Copying my "golden config" .xsf script as default.xsf and then executing "unconfigure switch" will delete reboot the switch with factory defaults and execute the default.xsf (with my golden config commands) instead of the primary.cfg. Although it's pretty dangerous it performs what I'm looking for: replace the entire configuration with an .xsf human-friendly script file.
Any other alternative?
