Submit a ticketCall us

Quickly Address Software Vulnerabilities
Patch Manager is an intuitive patch management software which extends the capabilities of WSUS and SCCM to not only patch Windows® servers and workstations, and Microsoft® applications, but also other 3rd-party applications which are commonly exploited by hackers. Learn more about our patch management solution.

 

Home > Success Center > Network Configuration Manager (NCM) > Creating a new NCM Device Template explained

Creating a new NCM Device Template explained

Created by Bill Corgey, last modified by Bill Corgey on Apr 04, 2017

Views: 598 Votes: 4 Revisions: 16

Overview

This article explains the NCM Device template and the correlation to Network Administrators' tasks and NCM logic. It also presents a logical approach to creating a new Device Template from beginning to end.

Environment

  • NCM, all Versions

Note: The basic structure applies to all versions of NCM in regards to basic structure. However, the "Disconnect" command is only relevant to NCM 7.4 or later

Detail

The NCM Device Template (not to be confused with the NCM Config Change Template) is an XML-based command structure to define commands or actions in normal NCM logic.

Looking at the name of the file or template

  • There are three parts to the file name and all three are relevant and necessary. Example: 
    Avaya 45XX-1.3.6.1.4.1.453.71.6.ConfigMgmt-command
  • The name consists of:
    [Vendor+Machine Type][dash][System OID][dot]ConfigMgmt-commands
  • Using Vendor+Machine type as the first part of the name is a  best practice, but technically it can be anything you want. It should be memorable, unique, and relative to the NCM Administrators.
  • The system OID needs to be unique. If duplicates exist, when a node is set to select a device template with Auto determine, an undesired template may be selected. It also needs to match as closely as possible the devices that will use the templates.

    Note: At times, there may be multiple Device types that can use the template, but the entire system OID may differ a bit. So, including the entire system OID might not be recommended. Backtrack down the system OID to a point where all the desired Devices will match, but not devices that you do not want to use this template. Sometimes this is not possible and for some devices it may be necessary to automatically select the template needed.

  • File type should always be .ConfigMgmt-commands

 

When Auto-determine is deselected, the Node in Orion must be set to Use SNMP. SNMP is how NCM will determine the System OID, and then use the System OID to match the Device Template.  

NCM will start checking with the entire System OID and then if no match is found, it will ignore the last number and search again, until it finds a match or no numbers are left. 

 

Determining the System OID for a device in NCM

  1. Open the web Console.
  2. Click on Configs Tab>Config Summary.
  3. Click on the node you are building a template for from the NCM Node List.
  4. In the Node Details resource you will see the SysObjectID -- (This is the System OID NCM is using).
  5. Verify the System OID on all the device you intend to use the Device Template for.

 

Gathering the commands needed for the device template

Download configurations from devices

(These would be the same command you would issue with Putty or any other VTY connection to the device.)

  • Command one would issue to download the running configuration via SSH or Telnet
  • Command one would issue to download the running configuration via TFTP
  • Command one would issue to download the running configuration via SCP
  • Command one would issue to download the startup configuration via SSH or Telnet
  • Command one would issue to download the startup configuration via TFTP
  • Command one would issue to download the running configuration via SCP

 

Upload a Configuration 

  • Command one would issue to upload a device configuration to the running via SSH or Telnet
  • Command one would issue to upload a device configuration to the startup via SSH or Telnet
  • Command one would issue to upload a device configuration to the running configuration via TFTP
  • Command one would issue to upload a device configuration to the NVRAM configuration via TFTP
  • Command one would issue to upload a device configuration to the running configuration via SCP
  • Command one would issue to upload a device configuration to the NVRAM configuration via SCP

 

Command to display version (like show version)

 

Command to Turn off paging so one would not need to press a space bar to display the full config without interuption (like terminal length 0)

 

Command to enter config mode (like config terminal)

 

Command to save the running config to to NVRAM (like copy run start or wr mem)

 

Command to disconnect from the device (like exit)

 

*** Not all these commands need to be in the template but can be.

Mandatory commands:

Turn off paging

Version

download the config via whatever protocol you want to transfer with

 

Now we have our primary components gathered:

(For illustration purposes I will use common Cisco IOS commands)

Turn off paging- terminal length 0

Version: show version

download the config via whatever protocol you want to transfer with.  I want to use ssh. and that is:

download running config: "show run"

Download Startup config: "show start"

to save the config to NVRAM -  "copy run start"

to disconnect from the device at the enable prompt: "exit"

 

Get familiar with the XML commands and how they correspond to the interface

Here is the inside of a template. Let's look at what each command does. If you want to open a template:

  • For NCM 7.3.2 and before:  Go to the NCM install folder and go to the Device Types folder and copy the Generic template and place place it outside the Device types folder. Open it with Notepad
  • For NCM 7.4 from the Orion Web Console, go to Settings>NCM settings>Device Templates, check the Generic Template (may want to use the search option as there are several pages) and then select Edit the using XML editor.

Note: In NCM 7.4 you cannot modify a Default Template.  You will be prompted to duplicate and Edit.

Once you have it open, the only lines one needs to work with are these:

Note: The system OID is not vendor specific.

The commands already listed are based on Cisco IOS command, so the first thing I do is wipe out any values that exist. So it would look like this:

<Configuration-Management Device="Generic CLI Devices" SystemOID=" 1.3.6.1.4.1">
    <Commands>
        <Command Name="RESET" Value=""/>
        <Command Name="Reboot" Value=""/>
        <Command Name="RebootAt" Value=""/>
        <Command Name="EnterConfigMode" Value=""/>
        <Command Name="ExitConfigMode" Value=""/>
        <Command Name="Startup" Value=""/>
        <Command Name="Running" Value=""/>
        <Command Name="DownloadConfig" Value=""/>
        <Command Name="UploadConfig" Value=""/>
        <Command Name="DownloadConfigIndirect" Value=""/>
        <Command Name="UploadConfigIndirect" Value=""/>
        <Command Name="EraseConfig" Value=""/>
        <Command Name="SaveConfig" Value=""/>
        <Command Name="Version" Value=""/>

         <Command Name="Disconnect" Value=""/>
    </Commands>

 

All of the commands to be entered need to reside between <Commands> and </Commands>.

Each command line has two basic parts:

  • Command Name=""
  • Value=""

Command name is the Macro NCM will use and NCM will translate to the information identified in the value

<Command Name="Version" Value="show version"/>

So here when NCM logs in during a validate login it will use a Macro of ${Version} and will pass to the device the Value "show version".

This is a good starting point and all we need to do is fill in the values with the correct data, correct the Device = in the template and the system OID.

But what are these?

Listed below is a brief of each and underlined the mandatory commands needed. Even if there is no command to enter, the command needs to be in the template and the value left blank.

  • Reset is the command NCM will issue to turn off paging.  It will attempt to run this command once logged into the device and NCM has determined it is at the enable prompt and ready for commands to be accepted.
  • Reboot-- One can fill this out if they want NCM to run reboot jobs.  I personally leave this blank as if I need a device to reboot, would set up a job to run a script with the commands I want to use.
  • RebootAt -- again a defined time for the device to reboot, I leave blank or remove the line altogether
  • EnterConfigMode-- This allows one to enter the command one would type to enter the configuration mode of the device (config terminal, for example) I normally do not use this primarily because if I am needing to push a config change to multiple devices, the devices are typically like devices or uses the same command to enter the config mode and will just type the command in as part of the script I am writing. However in NCM one can use a check box to check to run in config mode.  This would use the established command on this line to send to the device
  • ExitConfigMode- Command NCM will issue to the device if using the run in config mode option
  • Startup- This is a config type as defined by default in NCM
  • Running- This is a config type as defined by default in NCM
  • DownloadConfig- This is the command one would issue to download a config via an SSH or Telnet session like "show run"
  • UploadConfig- This is the command one would want to run to upload a config to a device
  • DownloadConfigIndirect- This is the command one would issue via SSH or Telnet to download a config to a tftp server
  • UploadConfigIndirect- This is the command one would issue via SSH or Telnet to upload a config from a  tftp server
  • DownloadConfigIndirectSCP-(Not displayed above)-This is the command one would issue via SSH or Telnet to download a config to a scp server
  • UploadConfigIndirectSCP-(Not displayed above)-This is the command one would issue via SSH or Telnet to upload a config from a  scp server
  • EraseConfig- Command to issue to a device that is delete a config from the device
  • SaveConfig- Command to issue to save the running config to memory
  • Version- Command to display the version information like show version
  • Disconnect- This is the command one would issue to cleanly disconnect from a device as not to leave abandoned sessions open

Here I will take the information I have gathered and want to use and update the template.  I will also explain a bit more when we get to the download config section as there can be different options to use and only one command.

Now we have our primary components gathered:

(For illustration purposes I will use common Cisco IOS commands)

  • Vendor: Cisco
  • Machine Type: 3750
  • System OID:  1.3.6.1.4.1.9.1.516 
  • Turn off paging- terminal length 0
  • Version: show version
  • download the config via whatever protocol you want to transfer with.  I want to use ssh. and that is:
  • download running config: "show run"
  • Download Startup config: "show start"
  • to save the config to NVRAM -  "copy run start"
  • to disconnect from the device at the enable prompt: "exit"

 

<Configuration-Management Device="Cisco 3750" SystemOID=" 1.3.6.1.4.1.9.1.516 ">
    <Commands>
        <Command Name="RESET" Value="terminal length 0"/>
        <Command Name="Startup" Value="start"/>
        <Command Name="Running" Value="run"/>
        <Command Name="DownloadConfig" Value="show ${ConfigType}"/>
        <Command Name="SaveConfig" Value="copy run start"/>
        <Command Name="Version" Value="show version"/>

         <Command Name="Disconnect" Value="exit"/>
    </Commands>

 

Above I have entered my data as the Values for the appropriate Commands and color-coded them as a reference.

Notice the "DownloadConfig" command has a "show" followed by a macro of ${ConfigType}.

The ${ConfigType} will reference the which config was chosen via the UI.

For example: in the Node details in the configs section I want to download the running config.

 

 

 

 

The Config Type is determined by the config type selected here to download.

The ${ConfigType} is Running and the Value is run.

If the device's NCM settings is SSH or Telnet to transfer the config files, and this device template is used, the command for "DownloadConfig" and issue the command show run to get the "running" config and show start, to get the startup config when selected.

Complete the task and save the work

Open the copy of the generic template we started with.

  • For the Template Name in NCM 7.4, put a check in the box for Create a new Template.
  • Enter the Template Name:  Cisco 3750
  • Enter the system OID: 1.3.6.1.4.1.9.1.516
  • For Auto Determine:
    • If you want this device template to apply to all devices where the OID will match, then we recommend using auto determine. 
    • If it is template for a unique device that may still match the common OID, append the real OID with a number not likely to exist like 1.3.6.1.4.1.9.1.516.9988.9988 and not use auto determine. This would require that you manually assign the device template to the device in NCM settings in communication sections.

What you would have, is something like this:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Click save at the bottom right and the new template is ready to be used.

If you are using Notepad to edit the Device template, to rename the copy of the generic template, you need to just rename the file:

Cisco 3750-1.3.6.1.4.1.9.1.516.ConfigMgmt-Commands and drop it back into the Device types folder.

Note: For 7.3.x and previous, after dropping the new template into the Device Type folder, the NCM Win 32 Application, if open, will need to be closed down and re-opened to reset the schema files, so it will be recognized as a device template.

 

Last modified
15:45, 4 Apr 2017

Tags

Classifications

Public