Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
537
Views
0
Helpful
4
Replies

Model NCS540 doesn't include firmware version on running-config backup

tonialb
Level 1
Level 1

‎07-29-2022 11:30 AM

Hello Cisco Community,

Our DOAT Team, for security reasons, run periodically assurance tests, using their own script on our Cisco backup files. We run periodically backups, a copy of which passes through the scanner of the DOAT team.

Recently we added some Cisco models NCS540. But these models, are causing an issue passing the DOAT scanner. The running-config file doesn't include the firmware version! We don't have this problem in any of other Cisco devices in the network, only with model NCS540!

Is there any workaround to fix this? Or we can't change nothing?

Firmware version is essential on those assurance tests!

Thank you,

Labels:
0 Helpful
4 Replies 4

marce1000
VIP
VIP

‎07-29-2022 10:54 PM

 

 - Depends on how this DOAT scanner works, running-config never includes firmware version, presumably this is fetched by another command for some reason currently not working on the NCS.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Georg Pauwen
VIP
VIP

‎07-31-2022 01:11 AM

Hello,

--> using their own script on our Cisco backup files

Can you post that script ?

0 Helpful

tonialb
Level 1
Level 1

‎08-01-2022 08:05 AM

Hello,

Thanks for your time guys.

@Georg Pauwen
I'll try to ask them, but I'm afraid they won't give it, since it's a forbidden area, even for us.

I think the problem has to do with the content of the running-config file on NCS540. I tested all Cisco models we have. All of them, in the running-config content, include the firmware version. For instance on a Nexus device we have:

NEXUS3172-HT5# sh running-config

!Command: show running-config
!Time: Mon Aug  1 15:52:31 2022

version 7.0(3)I7(3)

On a ASR100x:

ASR1006-MT10#sh running-config
Building configuration...

Current configuration : 685757 bytes
!
! Last configuration change at 09:27:21 recurri Mon Aug 1 2022 by toni
! NVRAM config last updated at 09:27:28 recurri Mon Aug 1 2022 by toni
!
version 17.3

While on NCS540 doesn't show the "version" data at all:

RP/0/RP0/CPU0:NCS540-MC2#sh running-config
Mon Aug  1 14:45:44.387 UTC
Building configuration...
!! IOS XR Configuration
!! Last configuration change at Tue Jul 12 06:54:28 2022 by toni

Apparently, this is how Cisco designed this model. Nothing to change here!

0 Helpful

marce1000
VIP
VIP
In response to tonialb

‎08-01-2022 08:46 AM

 

                        >... this is how Cisco designed this model. Nothing to change here!

  - You need to look at that in a different way, it is not standard for Cisco devices to include the version info's when showing the running config only. This is achieved with the show version command, whatever network management tool is being used it must then be able to execute that command (too).

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful
Customers Also Viewed These Support Documents