Integrity Check of Candidate Config

This chapter describes how to perform integrity check of Candidate Config.

This chapter includes the following sections:

About Candidate Config

Candidate config is a subset of the running-config which checks whether the Candidate config exists in the running-config without any additions or modifications or deletions.

To check the integrity of the candidate config, use the following commands:

  • show diff running-config
  • show diff startup-config

For more information on the CLIs, refer to Performing Integrity Check for Candidate Config.

Guidelines and Limitations for Candidate Config Integrity Check

Candidate config integrity check has the following guidelines and limitations:

  • Beginning with Cisco NX-OS Release 10.2(3)F, Candidate config integrity check option is introduced on all Cisco Nexus switches.

  • If you must perform an integrity check on a full running configuration as input instead of a partial config, then it is recommended not to use the partial keyword.

  • The line numbers that are displayed in the generated running config do not match with the candidate config as they are internally generated one.

  • If there is any difference between the configuration of running and candidate, then it is displayed inline as output.

  • If the whole block of configuration in the candidate file is a new addition, it will be appended at the end of the generated running config.

  • When the candidate config has an SNMP or an AAA user CLI with clear-text password, the SNMP user is seen as a diff even when the user is already configured.

Performing Integrity Check for Candidate Config

To perform the integrity check, use the following commands:

Before you begin


Note

Before performing the integrity check, ensure that the running config and the candidate config belong to the same image version.

Procedure

  Command or Action Purpose

Step 1

show diff running-config file_url [unified] [partial]

Example:

switch# show diff running-config bootflash:candidate.cfg partial unified

Displays the differences between the running and user given candidate config.

  • file_url: File path to compare with.

  • unified : Displays the difference between running and user configuration in unified format.

  • partial : Enter partial only if user configuration file is partial and not a full configuration.

Step 2

show diff startup-config file_url [ unified ]

Example:

switch# show diff startup-config bootflash:candidate.cfg unified

Displays the differences between the startup and user given candidate config.

  • file_url: File path to compare with.

  • unified : Displays the difference between startup and user configuration in unified format.

Examples of Integrity Check

No Difference Between Running and Candidate Config

switch# show diff running-config bootflash:base_running.cfg 
switch#

Difference Between Running and Candidate

switch# show diff running-config bootflash:modified-running.cfg unified 
--- running-config
+++ User-config
@@ -32,11 +32,11 @@

interface Ethernet1/1
   mtu 9100
   link debounce time 0
   beacon
-  ip address 2.2.2.2/24
+  ip address 1.1.1.1/24
   no shutdown

interface Ethernet1/2

interface Ethernet1/3
switch#

Difference Between Running and Partial Candidate

switch# show file bootflash:intf_vlan.cfg
interface Vlan101
  no shutdown
  no ip redirects
  ip address 1.1.2.1/24 secondary
  ip address 1.1.1.1/24
switch# 
switch# show diff running-config bootflash:intf_vlan.cfg partial unified 
--- running-config
+++ User-config
@@ -3897,10 +3883,14 @@
   mtu 9100
   ip access-group IPV4_EDGE in
   ip address 2.2.2.12/26 tag 54321

 interface Vlan101
+ no shutdown
+ no ip redirects
+ ip address 1.1.2.1/24 secondary
+ ip address 1.1.1.1/24

 interface Vlan102
   description Vlan102
   no shutdown
   mtu 9100
switch#