search
API DocsTrainingVideo Library

file-linesGolden Template Validation

Golden Template Validation is a configuration-compliance validation module in NCCM that allows users to verify whether network device configurations adhere to a defined Golden Template. It enables on-demand validation of device configurations against approved standards using regular–expression–based rules.

This module is typically used for:

  • Manual or ad-hoc compliance verification

  • Auditing configuration consistency across devices

  • Identifying missing or non-compliant configurations

  • Validating configuration changes against defined standards

Golden Template Validation operates on the latest downloaded device configurations and provides clear compliance results for each device.

hashtag
Access Prerequisites

Golden Template Validation is a privilege-based feature. Users can access, view, execute, and export validation results only if:

  • The GOLDEN_TEMPLATE license is enabled

  • The required view and execution permissions are assigned under roles and privileges

If the license is disabled or the required permissions are not assigned, the module will not be visible in Network Configuration.

hashtag
How Does It Work

When a validation is executed, NCCM performs the following steps:

  • Identifies target devices based on the selected filters (Vendor, OS, Asset Tag, Device Group, IP Address range).

  • Fetches the latest downloaded configuration for each matching device.

  • Applies Ignore Patterns first to remove unwanted or irrelevant configuration lines.

  • Applies Configuration Template patterns to the filtered configuration data.

  • Evaluates each device for:

    • Complied configurations

    • Violated configurations

  • Displays results per device, including:

    • Matched configuration lines

    • Missing configuration lines

    • Extra or illegal configuration lines

The validation is executed asynchronously, and progress is shown using total, in-progress, and completed device counts.

hashtag
Validation Parameters

Golden Template Validation | Configuration Fields

Label
Action
Description / Example

Vendor*

Select from the dropdown

Select the device vendor. The list is populated from the CMDB based on available devices. This selection determines the OS Name values shown next. Example: Cisco

OS Name*

Select from the dropdown

Displays operating systems supported by the selected vendor. The list dynamically updates when the vendor changes. Example: IOS, IOS-XE

Asset Tag*

Select one or more values

Filters devices based on asset tags defined in CMDB. Asset Tag selection can be used alone or combined with IP Address and Device Group. Example: Core-Switches

Device Group*

Select from the dropdown

Filters devices belonging to a specific NCCM device group. Device Group can be used independently or along with Asset Tag and IP Address. Example: Branch Routers

IP Address Range*

Enter IP values

Defines the IP addresses of devices to be validated. NCCM validates the format before submission. Supported formats:

  • Single IP → 192.168.1.1

  • Multiple IPs → 192.168.1.1;192.168.1.5

  • Wildcard → 192.168.1.*

  • Range → 192.168.2.1-100

  • Subnet → 192.168.1.0/24

Configuration Type*

Select from the dropdown

Determines which configuration snapshot is used for validation. The default value is Running. Options: Running, Startup

Select and Load Template*

Select Golden Template

Loads a preconfigured Golden Template created in the Configuration Template module. When selected, Configuration Template and Ignore Patterns are auto-filled. Changes made here apply only to the current validation instance.

Configuration Template*

Enter regex patterns

Defines mandatory configuration patterns that must exist in the device configuration. Each entry must be a valid regular expression. Patterns are evaluated after Ignore Patterns are applied.

Ignore Patterns

Enter regex patterns

Defines configuration lines or blocks to be ignored before validation. Ignore Patterns are applied first to remove unwanted or variable configuration lines.

Submit

Click to execute

Starts the validation process. NCCM processes devices asynchronously and displays progress and results.

Reset

Click to reset

Clears all entered fields except Configuration Type, which defaults to Running.

hashtag
Configuration Template Patterns

Golden Template Validation relies entirely on regular expressions (regex) to evaluate device configurations. These patterns define what must exist in the device configuration for it to be considered compliant.

circle-info

Pattern Rules:

  • Only regular expression patterns are supported.

  • Pattern matching is case-insensitive.

  • Each pattern must be entered on a new line.

  • Normal strings are not supported.

  • Invalid or malformed regex patterns result in validation errors.

  • If a regex symbol must be treated as a literal character, it must be escaped using a backslash ().

hashtag
Single-Line Pattern Matching

Single-line patterns are used when a configuration line can appear anywhere in the device configuration.

Common use cases include version checks, logging configuration, and global settings.

Examples:

  • Match an exact software version (version 15.4)

  • Match any version value (version.*)

  • Match password encryption setting (service password-encryption)

  • Match a specific logging server (logging 192.168.50.123)

circle-info

Characters such as ., *, or ? have special meanings in regex. Escape them using / if they must be matched literally.

hashtag
Block-Based Pattern Matching

Block-based patterns are used when validation must occur only within a specific configuration block, such as a console line or an interface block.

Example Use Case

Validate the following configuration only inside the line con 0 block:

  • exec-timeout 0 0

  • privilege level 25

Block Pattern Syntax

How It Works

  • BlockStartPattern: Identifies the beginning of the configuration block.

  • Middle lines: Define the patterns that must exist within the block.

  • BlockEndPattern: Identifies the end of the block.

  • EndPattern:Keep: Includes the last matching line as part of the block validation.

(Use Ignore if the last line should be excluded.)

hashtag
Ignore Patterns

Ignore Patterns are used to exclude unwanted lines or blocks from the configuration before validation. This helps eliminate noise such as comments, timestamps, or banners.

circle-info

Ignore Pattern Rules

  • Ignore Patterns are applied before Configuration Template validation.

  • Supports both single-line and block-based ignore patterns.

  • Uses the same regex rules as Configuration Template patterns.

  • Matching is case-insensitive.

hashtag
Single-Line Ignore Patterns

Used to ignore individual lines across the configuration.

Example:

This ignores comment lines and common boilerplate entries.

hashtag
Block-Based Ignore Patterns

Used to ignore entire configuration blocks.

Example: Ignore banner configuration

Explanation

  • banner exec ^C: Marks the start of the banner block.

  • ^C: Marks the end of the banner block.

  • EndPattern:Ignore: Ignores the entire block.

  • [$$$]: Separator used between block keywords.

hashtag
Multiple Ignore Patterns Within a Block (BlockIgnorePattern)

BlockIgnorePattern allows ignoring multiple specific patterns within a matched block.

Example:

  • Multiple ignore patterns are separated using [;;;].

  • Each listed pattern is ignored only within the matched block.

  • The rest of the block remains eligible for validation.

hashtag
Invalid Patterns

The following patterns are not allowed and will result in validation errors:

  • ** or ********

  • ?? or ????????

  • ++ or ++++

circle-info

Note:

  • Ignore Patterns are applied first to filter the configuration.

  • Configuration Template patterns are evaluated next.

  • Validation runs against the latest downloaded configuration.

  • Each device is marked as Complied or Violated.

  • Results clearly indicate:

    • Matched configurations

    • Missing configurations

    • Extra or illegal configurations

hashtag
Validation Result

After submitting the Golden Template Validation, NCCM processes the selected devices and displays the validation results on the Results screen. This screen provides a summary of the validation progress and detailed compliance status for each device evaluated against the Golden Template.

At the top of the screen, NCCM displays a summary that reflects the overall validation status across all selected devices.

Validation Result | Basic Details

Label
Action
Description / Example

Total Devices

View only

Displays the total number of devices selected for Golden Template validation.Example: 3 devices.

In Progress

View only

Indicates the number of devices for which validation is still in progress. This value updates in real time as the backend process runs.

Example: 0.

Total Completed

View only

Shows the number of devices for which validation has been completed, regardless of compliance result. Example: 3.

Violated Device Count

View only

Displays the count of devices whose configurations do not comply with the Golden Template. Example: 2.

Complied Device Count

View only

Displays the count of devices whose configurations fully comply with the Golden Template. Example: 0.

Compliance Filter

Compliance Status

Select from the dropdown

Allows filtering the result grid based on compliance outcome.Available Options:

  • Complied

  • Violated

Selecting an option updates the grid to show only matching devices.

Export

Click

Exports the validation results as an XLSX file. The export includes device details, compliance status, and validation outcome for all displayed devices (based on applied filters).

Validation Result Grid

Configuration

Click to view

Displays the date and time when the configuration used for validation was captured. Clicking this opens the detailed validation view for that execution. Example: Dec 12, 2025, 04:10 PM.

IP Address

View only

Shows the IP address of the validated device. Example: 10.0.4.5.

Hostname

View only

Displays the device's hostname or asset identifier, as available in the CMDB.Example: EVEREST-IMS-LAB-ROUTER-33.everestims.com.

Vendor

View only

Indicates the device vendor associated with the configuration.Example: Cisco.

OS Name

View only

Displays the device's operating system.Example: IOS.

Compliance Status

View only

Shows whether the device configuration is Complied or Violated based on the Golden Template evaluation.

Actions

View

Click View

Opens the Golden Template Validation result for the selected device. Displays execution details, including configuration timestamp, IP address, hostname, vendor, and OS name.

Shows validation findings, including non-compliant or additional configuration entries identified during validation.

Expand

Click Expand

Expands the validation result to full-screen mode. Provides improved visibility to review large configuration outputs, block-level matches, and detailed validation results.

Export (XLSX)

Click Export

Exports the Golden Template Validation result for the selected device into an XLSX file. The exported file includes configuration details and validation outcomes for offline review or compliance reporting.

PreviousGenerate MD5NextGolden Template Rule-Based Policy Execution

Last updated