Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
307
Views
2
Helpful
5
Replies

SDA devices - removed commands keep showing up

katerina.dardoufa
Level 4
Level 4

‎04-12-2024 01:01 AM

Dear all,

I have a reoccurring issue, where commands I manually remove from SDA devices keep showing up.

I want to disable "snmp-trap enable traps syslog" on the devices. The first time I tried to do this via applying a template through network profiles, but then the devices ended up in non-compliant state, due to Network profiles (the no snmp-trap enable traps syslog, is obviously not in the running configuration). I then thought of removing the command manually, but it seems that after some time the command would reappear. I cannot tell if this has anything to do with the device being reprovisioned or for some any other reason.

What I am asking is how to permanently remove a command that seems to be applied through provisioning or reprovisioning.

If a "no command" is run through a template and is kept in the network profiles, then it seems that the device is non-compliant, because the configuration does not actually have the "no command" as a text.

Thanks in advance,

Katerina

Labels:
0 Helpful
5 Replies 5

andy!doesnt!like!uucp
Spotlight
Spotlight

‎04-12-2024 02:04 AM

@jedolphi

0 Helpful

Torbjørn
Spotlight
Spotlight

‎04-12-2024 02:08 AM - edited ‎04-12-2024 02:09 AM

You can make compliance ignore the check for portions of your templates using this syntax:

! @start-ignore-compliance
no snmp-trap enable traps syslog
! @end-ignore-compliance

 You can read more about this here: https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/2-3-3/user_guide/b_cisco_dna_center_ug_2_3_3/m-compliance-audit-for-network-devices.html

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

katerina.dardoufa
Level 4
Level 4
In response to Torbjørn

‎04-12-2024 03:39 AM

Sounds great!!!! I will try this and get back with the results.

Thanks!

0 Helpful

jedolphi
Cisco Employee
Cisco Employee

‎04-15-2024 04:23 PM - edited ‎04-15-2024 04:24 PM

Skipping compliance checks might bypass the the compliance issue in the Catalyst Center UI, but it won't stop the command from being re-added by a future provisioning job. Catalyst Center has triggers to push various configuration models e.g. when you change the settings in design menu, when you configure a new segment (like and SD-Access object), when you reprovision a device, when you apply a "fix" (SD-Access banners), etc. Offhand I don't know what the trigger is to initiate the adding of the CLI "snmp-trap enable traps syslog", can you please raise a TAC case to explore options?

 

 

 

0 Helpful

katerina.dardoufa
Level 4
Level 4
In response to jedolphi

‎04-17-2024 03:53 AM

Hi Jerome,

Thank you for the reply. I will keep monitoring the environment before I open a TAC case, because I do not see the same behavior for all devices. In the immediate future we do have a need for reprovisioning, so according to the outcome, we will see how we proceed.

Kind regards,

Katerina

 

0 Helpful
Customers Also Viewed These Support Documents