CLI templates and compliance checks

isthisthethirdroom · ‎11-04-2025

Are CLI templates meant to be used as part of compliance reporting? Any time that I have a template with variables, it tags the switch as non-compliant since it sees the correct line of code in the config that was provisioned via Catalyst Center, but it says it doesn't match the line of the template that has the variable name.

I'd like to use the templates to make sure all switches have the correct commands on them, and it seems like the CLI templates were also made to do this in addition to pushing out configs. However, in testing this out it seems like if you ever use variables then it will always be non-compliant and you can't see when an actual line of code is missing.

Preston Chilcote · ‎11-04-2025

What you are trying to accomplish is a great (and popular) use of Catalyst Center. It's probably not the variables causing the issue (they are supported). The more common scenario is that the template is using shorthand for commands like "int gig0" which will not be an exact match with what Cat Center will find in "show run" when it runs the compliance check. Take a careful read through the "Limitations in CLI template Compliance" of this user guide

https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/catalyst-center/2-3-7/user_guide/b_cisco_catalyst_center_user_guide_237/m-compliance-audit-for-network-devices.html