Idea Details

Ability to apply NCM Policy to multiple device families

Last activity 24 days ago
Michiel Helder's profile image
09-29-2014 09:14 AM

We use NCM policies to check if devices are configured according to the standards we have set out for our ISO27001 certification. For each item we have a separate global collection with a policy rule applied to it so we can mix and match the correct group of rules based on the exact type and firmware version of the device. The problem is that a policy can only be applied to one specific device family. So if we have devices with similar configurations, but in different device families (for example for ssh and telnet config downloads), we will have to duplicate all the rules. This quickly increases the number of rules and complicates maintaining them and keeping track of where you have to make changes when rules need to be adjusted.

I see two solutions for this:

- Have the ability to apply the same policy to multiple device families

- Apply policies just based on global collections and drop the restriction by device family

I think the second option would be easiest to implement and also be the most flexible.


Comments

04-24-2019 01:50 PM

I have been asking for this in our deployment for a while. My suggestion would be as follows for the most flexibility:

 

Apply policies to the intersection of the union of all DFs and the union of all GCs that it is applied to.  If there are either no GCs or no DFs associated with the policy, then it would be simplified to the union of all configured GCs or DFs.  If you require a policy to apply to all Cisco devices based on regional GC membership (for example), this would be allowed, while maintaining immediate backward compatibility to how policies are currently applied.

03-19-2015 05:32 PM

This a duplicate of the following idea. Not sure if/how you can collate the votes for both.

NCM Policies on Global Collections

03-19-2015 03:09 PM

This is a really good request.  I hope others pickup on it and vote it up so it can get implemented.

01-23-2015 04:41 PM

I'd give just about anything to know that NCM would work and that I could create my own device families EACH with their own default communications mode.  This is a place where Spectrum just doesn't meet our expectations. Hopefully this will be resolved in ver. 10

01-23-2015 03:40 PM

I have lost count of how many NCM policies I have had to create once for the Cisco IOS family and then duplicate exactly for Cisco IOS with SSH family.  Such a waste of time.