Posted on April 1, 2020 11:59 am
 |  Asked by Armando Reyes
 |  114 views
RESOLVED
0
0
Print Friendly, PDF & Email

I was wondering if there any way to execute the reconcile process but backwards; from the switch.

I know how to do it from CVP but the plan is to execute remote changes over CLI and then execute the reconcile process to keep consistency between CVP and the switch configuration.

 

Thanks,

0
Posted by Lokesh Charora
Answered on April 22, 2020 4:07 pm

Armando,

reconcile, as you already know, is a feature for CVP to correct the understanding if any CLI changes were made on the switch and add it to CVP's memory with a reconcile configlet. This process is triggered from the CVP only. Ideally if you are using CVP, it should be used to manage switches for configuration purpose.
However if the changes need be done via CLI on the switch, The device would show out of compliance on the CVP in next compliance check and for the consistency, you would need to run a reconcile from thee CVP only.

There is a security plus point for not having this feature backwards. If any changes were made on the switch by an unauthorised user, CVP will show the device out of compliance as that user wont be able to correct CVP's understanding( run the reconcile from the switch).

Hope this helps.

Thanks
Lokesh

0
Posted by Adam Levin
Answered on April 22, 2020 4:16 pm

Hi Armando,

In your other answer Lokesh makes some excellent points, particularly about security, so it's a good idea to think carefully about whether you want to automatically reconcile with CVP when changes are made on the switch.

However, if you really want to do it, it is possible to use CVP's API from a script to do the reconcile.  You could create a script that connects to CVP and runs the reconcile on a schedule, or you could include running the script as part of your change process for the user who is issuing the CLI commands on the switch.  It would even be possible to use an event-handler that triggers on the startup-config being written, that could launch a script to tell CVP to perform the reconcile.

But there is no built-in EOS process to push a reconcile to CVP -- you would need to script that up yourself.  Hope this helps!

Post your Answer

You must be logged in to post an answer.