08-27-2023 02:08 AM
hi all,
i have many devices in DNA inventory status shown in compliance not manage, they are have different reasons like not match for running config or start up config too, or need to upgrade to newer version, or Critical Security Advisories
my question is it is important to all devices to be manage in compliance for Critical Security Advisories?
Solved! Go to Solution.
08-27-2023 03:35 AM
>...my question is it is important to all devices to be manage in compliance for Critical Security Advisories?
- There is probably no unique answer to that question , it for instance depends on business needs ; a bank manager may for instance answer yes to that question concerning the IT infrastructure being used. Another viewpoint could be to assess the specific advisory w.r.t apps being used on the network. Other security advices may not or no longer be 'critical' as first advertised ,
M.
08-27-2023 04:38 AM
my question is it is important to all devices to be manage in compliance for Critical Security Advisories?
Not necessary - You can manually review the Security advisory and make decision is this effecting your device and environment.
some CV not effected, then i will ignore that advisory if you are not using the features at all.
Always Cisco advised to Upgrade latest stable version - so you can understand the release notes and upgrade least effected device before you deploy mass deployment all over campus.
then you can set that image as advisory image.
08-27-2023 02:52 AM
there is no duplicate posts, i just add 2 different posts about 2 different topic, pls check first
08-27-2023 03:35 AM
>...my question is it is important to all devices to be manage in compliance for Critical Security Advisories?
- There is probably no unique answer to that question , it for instance depends on business needs ; a bank manager may for instance answer yes to that question concerning the IT infrastructure being used. Another viewpoint could be to assess the specific advisory w.r.t apps being used on the network. Other security advices may not or no longer be 'critical' as first advertised ,
M.
08-27-2023 04:38 AM
my question is it is important to all devices to be manage in compliance for Critical Security Advisories?
Not necessary - You can manually review the Security advisory and make decision is this effecting your device and environment.
some CV not effected, then i will ignore that advisory if you are not using the features at all.
Always Cisco advised to Upgrade latest stable version - so you can understand the release notes and upgrade least effected device before you deploy mass deployment all over campus.
then you can set that image as advisory image.
08-28-2023 01:52 AM
thanks marce and balaji for support,
i have another question, it is important for device to be manage all time ? whatever the reason ?
08-28-2023 02:01 AM
>... it is important for device to be manage all time ? whatever the reason ?
- The question is unclear for me, can you elaborate ?
M.
08-28-2023 02:28 AM
i found many reasons cased none compliant status for example:
miss march between running and startup configuration
i think this case not impact switch, am i right?
08-28-2023 01:39 PM
check and compare the config - see is that valid, some users forgot to issue command write, so the config difference always you see,
write the config and re-sync should be ok
08-29-2023 12:04 AM
really appreciated your reply and help, i will do this step.
but sorry, my point if i did not do this and still there is difference between running and start up config, is there any impact ?
08-29-2023 04:54 AM
followed up your guide, yes it compliant after i clicked
Synch Device config
but after that health check for this device is 1 instead of 7.
health check (fabric health score)
what do you think?
08-29-2023 08:45 AM
not sure - can you post the screenshot what you see ?
08-29-2023 09:41 AM
health score is up now to 7, i uploaded the current score, but it was 1?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide