# Golden Template Validation Golden Template Validation is a configuration-compliance validation module in NCCM that allows users to verify whether network device configurations adhere to a defined [**Golden Template**](https://docs.infraon.io/infraon-help/infinity-user-guide/infraon-configuration/it-operations/network-configuration/configuration-template). It enables on-demand validation of device configurations against approved standards using **regular–expression–based rules**. This module is typically used for: * Manual or ad-hoc compliance verification * Auditing configuration consistency across devices * Identifying missing or non-compliant configurations * Validating configuration changes against defined standards Golden Template Validation operates on the **latest downloaded device configurations** and provides clear compliance results for each device. ## **Access Prerequisites** Golden Template Validation is a **privilege-based feature**. Users can access, view, execute, and export validation results **only if:** * The **GOLDEN\_TEMPLATE** license is enabled * The required **view and execution permissions** are assigned under roles and privileges If the license is disabled or the required permissions are not assigned, the module will not be visible in Network Configuration. ## **How Does It Work** When a validation is executed, NCCM performs the following steps: * Identifies target devices based on the selected filters (Vendor, OS, Asset Tag, Device Group, IP Address range). * Fetches the **latest downloaded configuration** for each matching device. * Applies **Ignore Patterns** first to remove unwanted or irrelevant configuration lines. * Applies **Configuration Template patterns** to the filtered configuration data. * Evaluates each device for: * **Complied** configurations * **Violated** configurations * Displays results per device, including: * Matched configuration lines * Missing configuration lines * Extra or illegal configuration lines The validation is executed asynchronously, and progress is shown using **total, in-progress, and completed device counts**. ## **Validation Parameters** Golden Template Validation **| Configuration Fields** ![](https://content.gitbook.com/content/E4mkwSP8a1BSD9BFNFav/blobs/4Lc753IdGg0zH8ucSO5w/Unknown%20image)

Label	Action	Description / Example
Vendor*	Select from the dropdown	Select the device vendor. The list is populated from the CMDB based on available devices. This selection determines the OS Name values shown next. Example: Cisco
OS Name*	Select from the dropdown	Displays operating systems supported by the selected vendor. The list dynamically updates when the vendor changes. Example: IOS, IOS-XE
Asset Tag*	Select one or more values	Filters devices based on asset tags defined in CMDB. Asset Tag selection can be used alone or combined with IP Address and Device Group. Example: Core-Switches
Device Group*	Select from the dropdown	Filters devices belonging to a specific NCCM device group. Device Group can be used independently or along with Asset Tag and IP Address. Example: Branch Routers
IP Address Range*	Enter IP values	Defines the IP addresses of devices to be validated. NCCM validates the format before submission. Supported formats: Single IP → 192.168.1.1 Multiple IPs → 192.168.1.1;192.168.1.5 Wildcard → 192.168.1.* Range → 192.168.2.1-100 Subnet → 192.168.1.0/24
Configuration Type*	Select from the dropdown	Determines which configuration snapshot is used for validation. The default value is Running. Options: Running, Startup
Select and Load Template*	Select Golden Template	Loads a preconfigured Golden Template created in the Configuration Template module. When selected, Configuration Template and Ignore Patterns are auto-filled. Changes made here apply only to the current validation instance.
Configuration Template*	Enter regex patterns	Defines mandatory configuration patterns that must exist in the device configuration. Each entry must be a valid regular expression. Patterns are evaluated after Ignore Patterns are applied.
Ignore Patterns	Enter regex patterns	Defines configuration lines or blocks to be ignored before validation. Ignore Patterns are applied first to remove unwanted or variable configuration lines.
Submit	Click to execute	Starts the validation process. NCCM processes devices asynchronously and displays progress and results.
Reset	Click to reset	Clears all entered fields except Configuration Type, which defaults to Running.

### **Configuration Template Patterns** Golden Template Validation relies entirely on **regular expressions (regex)** to evaluate device configurations. These patterns define what must exist in the device configuration for it to be considered compliant. {% hint style="info" %} **Pattern Rules:** * Only **regular expression patterns** are supported. * Pattern matching is **case-insensitive**. * Each pattern must be entered on a **new line**. * **Normal strings are not supported**. * Invalid or malformed regex patterns result in **validation errors**. * If a regex symbol must be treated as a literal character, it must be **escaped using a backslash ()**. {% endhint %} #### **Single-Line Pattern Matching** Single-line patterns are used when a configuration line can appear **anywhere** in the device configuration. **Common use cases include version checks, logging configuration, and global settings.** **Examples:** * Match an exact software version **(version 15.4)** * Match any version value **(version.\*)** * Match password encryption setting **(service password-encryption)** * Match a specific logging server **(logging 192.168.50.123)** {% hint style="info" %} Characters such as **., \*, or ?** have special meanings in regex. Escape them using **/** if they must be matched literally. {% endhint %} #### **Block-Based Pattern Matching** Block-based patterns are used when validation must occur **only within a specific configuration block**, such as a console line or an interface block. **Example Use Case** Validate the following configuration **only inside the line con 0 block:** * **exec-timeout 0 0** * **privilege level 25** **Block Pattern Syntax** ``` BlockStartPattern:line con 0 exec-timeout 0 0 privilege level 25 BlockEndPattern:logging synchronous[$$$]EndPattern:Keep ``` **How It Works** * **BlockStartPattern:** Identifies the beginning of the configuration block. * **Middle lines:** Define the patterns that must exist within the block. * **BlockEndPattern:** Identifies the end of the block. * **EndPattern:Keep:** Includes the last matching line as part of the block validation. (Use Ignore if the last line should be excluded.) ### **Ignore Patterns** Ignore Patterns are used to **exclude unwanted lines or blocks** from the configuration **before** validation. This helps eliminate noise such as comments, timestamps, or banners. {% hint style="info" %} **Ignore Pattern Rules** * Ignore Patterns are applied **before** Configuration Template validation. * Supports both **single-line** and **block-based** ignore patterns. * Uses the **same regex rules** as Configuration Template patterns. * Matching is **case-insensitive**. {% endhint %} #### **Single-Line Ignore Patterns** Used to ignore individual lines across the configuration. **Example:** ``` ! start end// Some code ``` This ignores comment lines and common boilerplate entries. #### **Block-Based Ignore Patterns** Used to ignore entire configuration blocks. **Example: Ignore banner configuration** ``` BlockStartPattern: banner exec \^C [$$$]BlockEndPattern:\^C[$$$]EndPattern:Ignore ``` **Explanation** * **banner exec ^C:** Marks the start of the banner block. * **^C:** Marks the end of the banner block. * **EndPattern:Ignore:** Ignores the entire block. * **\[$$$]:** Separator used between block keywords. #### **Multiple Ignore Patterns Within a Block (BlockIgnorePattern)** BlockIgnorePattern allows ignoring **multiple specific patterns within a matched block**. **Example:** ``` BlockStartPattern:interface GigabitEthernet0/0/6 BlockIgnorePattern:negotiation auto[;;;]description BlockEndPattern:! ``` * Multiple ignore patterns are separated using \[;;;]. * Each listed pattern is ignored **only within the matched block**. * The rest of the block remains eligible for validation. ### **Invalid Patterns** The following patterns are **not allowed** and will result in validation errors: * \*\* or \*\*\*\*\*\*\*\* * ?? or ???????? * ++ or ++++ {% hint style="info" %} **Note:** * Ignore Patterns are applied **first** to filter the configuration. * Configuration Template patterns are evaluated **next**. * Validation runs against the **latest downloaded configuration**. * Each device is marked as **Complied** or **Violated**. * Results clearly indicate: * Matched configurations * Missing configurations * Extra or illegal configurations {% endhint %} ## **Validation Result** After submitting the **Golden Template Validation,** NCCM processes the selected devices and displays the validation results on the Results screen. This screen provides a summary of the validation progress and detailed compliance status for each device evaluated against the Golden Template. At the top of the screen, NCCM displays a summary that reflects the overall validation status across all selected devices. Validation Result **| Basic Details** ![](https://content.gitbook.com/content/E4mkwSP8a1BSD9BFNFav/blobs/ETZYj1gOqG44piRUpqJQ/Unknown%20image)

Label	Action	Description / Example
Total Devices	View only	Displays the total number of devices selected for Golden Template validation.Example: 3 devices.
In Progress	View only	Indicates the number of devices for which validation is still in progress. This value updates in real time as the backend process runs. Example: 0.
Total Completed	View only	Shows the number of devices for which validation has been completed, regardless of compliance result. Example: 3.
Violated Device Count	View only	Displays the count of devices whose configurations do not comply with the Golden Template. Example: 2.
Complied Device Count	View only	Displays the count of devices whose configurations fully comply with the Golden Template. Example: 0.
Compliance Filter
Compliance Status	Select from the dropdown	Allows filtering the result grid based on compliance outcome.Available Options: Complied Violated Selecting an option updates the grid to show only matching devices.
Export	Click	Exports the validation results as an XLSX file. The export includes device details, compliance status, and validation outcome for all displayed devices (based on applied filters).
Validation Result Grid
Configuration	Click to view	Displays the date and time when the configuration used for validation was captured. Clicking this opens the detailed validation view for that execution. Example: Dec 12, 2025, 04:10 PM.
IP Address	View only	Shows the IP address of the validated device. Example: 10.0.4.5.
Hostname	View only	Displays the device's hostname or asset identifier, as available in the CMDB.Example: EVEREST-IMS-LAB-ROUTER-33.everestims.com.
Vendor	View only	Indicates the device vendor associated with the configuration.Example: Cisco.
OS Name	View only	Displays the device's operating system.Example: IOS.
Compliance Status	View only	Shows whether the device configuration is Complied or Violated based on the Golden Template evaluation.
Actions
View	Click View	Opens the Golden Template Validation result for the selected device. Displays execution details, including configuration timestamp, IP address, hostname, vendor, and OS name. Shows validation findings, including non-compliant or additional configuration entries identified during validation.
Expand	Click Expand	Expands the validation result to full-screen mode. Provides improved visibility to review large configuration outputs, block-level matches, and detailed validation results.
Export (XLSX)	Click Export	Exports the Golden Template Validation result for the selected device into an XLSX file. The exported file includes configuration details and validation outcomes for offline review or compliance reporting.