Auditing Configurations

Although having a single JUNOS code train makes it easy to apply common auditing techniques across all levels and functional areas of the network, in planning for configuration audits you must determine what degree of detail and complexity is necessary at each level. For instance, the SOHO staff may not understand the full configuration audit output of a J Series router and how changes to the configuration affect the network, but they must have the ability to determine whether configuration changes have been made. Looking at the various levels of configuration complexity and staffing in different portions of the network makes it possible to discover the best solutions for creating configuration baselines and auditing systems.

Baseline Configurations

For configuration audits to be truly successful, they must be conducted against an accurate baseline configuration. Although you can take the baseline from the production equipment, all network configurations should use templates to guarantee that every device shares a configuration that is consistent in scope and functionality.

Saving a baseline

For offices with few IT staff members and few changes to the configurations of their networking equipment, the simplest way to ensure that a baseline configuration is in place for audits is by simply saving the final deployment configuration to the user directory on the network equipment itself. The following code shows the CLI method for saving a configuration. The J-Web ...

Get JUNOS High Availability now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.