Search configurations for words, phrases or strings using Network Configuration Manager's search utility

Changes to device configurations are being made everyday to serve the growing business needs in enterprises. Since all these changes are made manually, the chance of network issues resulting from misconfigurations increase. And when the number of devices in your work environment becomes too many, it becomes difficult to find the part of the configuration that is causing network issues. These issues can sometimes be narrowed down to a single configuration string. However, manually searching for configuration strings and fixing them would be time-consuming. This is why it is important for the admin to be able to easily run searches through configurations down to the level of individual configuration strings. With Network Configuration Manager's search utility, the admin can run efficient network-wide configuration searches.

Default configuration search:

Default configuration search helps you search configurations with simple conditions. You can search for a particular word or phrase in the configuration strings. For example, if you want to find configuration strings that contain access lists, all you have to do is search for 'access-list'. The search results show the IP addresses of the devices, configuration type, version number and name of the user that modified the configuration.

Advanced Configuration Search:

The advanced search lets you set multiple conditions while you search. You can search by setting the search criteria to include or exclude a search phrase or use search for the string that starts or ends with the search phrase. You can also search in such a way that the strings either satisfy one criteria or all of them with the 'and/or' conditions.

How to search for devices with model number using advanced configuration search:

Say you're looking to find a set of devices whose model numbers are in series. Generally, device configurations contain the model number of the devices. Advanced search can be used to scan through device configurations to find the devices. You can enter the first few characters of the series and set the condition to 'line starts with' and run the search. But if you're looking for just one device in the series, you can enter a second criteria and choose the 'line ends with' condition. Since both these conditions have to be satisfied, you can select the 'and' condition before performing the search. Network Configuration Manager retrieves the information of all the devices as the matches are found. You can also stop the search if the device you were looking has been found and Network Configuration Manager continues looking for more matches.

How to detect SNMP vulnerabilities using advanced configuration search:

Some organizations have defined the usage of SNMPv1 and SNMPv2 as a violation of their policies. This is because these protocols may end up in making the network vulnerable to attacks. With NCMs advanced configuration search, you can identify the devices that have this protocol and disable them before they cause any trouble. To perform the search, you have to set the first condition to search for the string that contains "snmp-server community public RO" and the second to search strings that contain "snmp-server community private RW". Since either of these strings can cause a vulnerability, you have to identify devices that satisfy one of the search criteria or both. This can be achieved by using the 'or' condition. On running the search, NCM retrieves the information of all the devices with SNMPv1 or SNMPv2 enabled.

Once the search is complete, the user can select configuration versions from the results.The admin can choose to view the entire configuration file containing the matches or just the matches.