On Thu, Oct 29, 2015 at 09:16:48AM +0100, marcel.durega...@yahoo.fr wrote: > Hi Nanogers, > > Any recommendation about a software which check the live config of > cisco/juniper devices against some templates ? > > The goal is to have a template about different function device, like: > - CORE device must have this bloc and this clock > - PE device must have at least that and that > - CPE must have this and that > - Distrib switch block 1 and block2 > - etc... > > And the software run once every day to check which device do not > comply with those rules and generate an alert.
For Juniper at least, you can use "commit scripts" to enforce these rules in real time each time a configuration commit is performed--if the candidiate configuration change doesn't follow the rules, the commit fails (or the configuration can be changed automatically to do something). For example "all interfaces must have a description on them", or "changes to MSTI configuration are not allowed".
