# Golden Template Validation

Golden Template Validation is a configuration-compliance validation module in NCCM that allows users to verify whether network device configurations adhere to a defined [**Golden Template**](/infraon-help/infinity-user-guide/infraon-configuration/it-operations/network-configuration/configuration-template.md). It enables on-demand validation of device configurations against approved standards using **regular–expression–based rules**.

This module is typically used for:

* Manual or ad-hoc compliance verification
* Auditing configuration consistency across devices
* Identifying missing or non-compliant configurations
* Validating configuration changes against defined standards

Golden Template Validation operates on the **latest downloaded device configurations** and provides clear compliance results for each device.

## **Access Prerequisites**

Golden Template Validation is a **privilege-based feature**. Users can access, view, execute, and export validation results **only if:**

* The **GOLDEN\_TEMPLATE** license is enabled
* The required **view and execution permissions** are assigned under roles and privileges

If the license is disabled or the required permissions are not assigned, the module will not be visible in Network Configuration.

## **How Does It Work**

When a validation is executed, NCCM performs the following steps:

* Identifies target devices based on the selected filters (Vendor, OS, Asset Tag, Device Group, IP Address range).
* Fetches the **latest downloaded configuration** for each matching device.
* Applies **Ignore Patterns** first to remove unwanted or irrelevant configuration lines.
* Applies **Configuration Template patterns** to the filtered configuration data.
* Evaluates each device for:
  * **Complied** configurations
  * **Violated** configurations
* Displays results per device, including:
  * Matched configuration lines
  * Missing configuration lines
  * Extra or illegal configuration lines

The validation is executed asynchronously, and progress is shown using **total, in-progress, and completed device counts**.

## **Validation Parameters**

Golden Template Validation **| Configuration Fields**

![](/files/00a856586122efaf7290002c0396e3b901289fdb)

<table><thead><tr><th width="137">Label</th><th width="135.39996337890625">Action</th><th>Description / Example</th></tr></thead><tbody><tr><td><strong>Vendor*</strong></td><td>Select from the dropdown</td><td>Select the device vendor. The list is populated from the CMDB based on available devices. This selection determines the OS Name values shown next.<br><br><strong>Example:</strong> Cisco</td></tr><tr><td><strong>OS Name*</strong></td><td>Select from the dropdown</td><td>Displays operating systems supported by the selected vendor. The list dynamically updates when the vendor changes.<br><br><strong>Example:</strong> IOS, IOS-XE</td></tr><tr><td><strong>Asset Tag*</strong></td><td>Select one or more values</td><td>Filters devices based on asset tags defined in <a href="/pages/Ka10zq0BmnDLmkK1MS9H">CMDB</a>. Asset Tag selection can be used alone or combined with IP Address and Device Group.<br><br><strong>Example:</strong> Core-Switches</td></tr><tr><td><strong>Device Group*</strong></td><td>Select from the dropdown</td><td>Filters devices belonging to a specific NCCM device group. Device Group can be used independently or along with Asset Tag and IP Address.<br><br><strong>Example:</strong> Branch Routers</td></tr><tr><td><strong>IP Address Range*</strong></td><td>Enter IP values</td><td><p>Defines the IP addresses of devices to be validated. NCCM validates the format before submission.<br><strong>Supported formats:</strong><br></p><ul><li>Single IP → 192.168.1.1</li><li>Multiple IPs → 192.168.1.1;192.168.1.5</li><li>Wildcard → 192.168.1.*</li><li>Range → 192.168.2.1-100</li><li>Subnet → 192.168.1.0/24</li></ul></td></tr><tr><td><strong>Configuration Type*</strong></td><td>Select from the dropdown</td><td>Determines which configuration snapshot is used for validation. The default value is <strong>Running.</strong><br><br><strong>Options:</strong> Running, Startup</td></tr><tr><td><strong>Select and Load Template*</strong></td><td>Select Golden Template</td><td>Loads a preconfigured Golden Template created in the Configuration Template module. When selected, Configuration Template and Ignore Patterns are auto-filled. Changes made here apply only to the current validation instance.</td></tr><tr><td><strong>Configuration Template*</strong></td><td>Enter regex patterns</td><td>Defines mandatory configuration patterns that must exist in the device configuration. Each entry must be a valid <strong>regular expression.</strong> Patterns are evaluated after Ignore Patterns are applied.</td></tr><tr><td><strong>Ignore Patterns</strong></td><td>Enter regex patterns</td><td>Defines configuration lines or blocks to be ignored before validation. Ignore Patterns are applied first to remove unwanted or variable configuration lines.</td></tr><tr><td><strong>Submit</strong></td><td>Click to execute</td><td>Starts the validation process. NCCM processes devices asynchronously and displays progress and results.</td></tr><tr><td><strong>Reset</strong></td><td>Click to reset</td><td>Clears all entered fields except Configuration Type, which defaults to Running.</td></tr></tbody></table>

### **Configuration Template Patterns**

Golden Template Validation relies entirely on **regular expressions (regex)** to evaluate device configurations. These patterns define what must exist in the device configuration for it to be considered compliant.

{% hint style="info" %}
**Pattern Rules:**

* Only **regular expression patterns** are supported.
* Pattern matching is **case-insensitive**.
* Each pattern must be entered on a **new line**.
* **Normal strings are not supported**.
* Invalid or malformed regex patterns result in **validation errors**.
* If a regex symbol must be treated as a literal character, it must be **escaped using a backslash ()**.
  {% endhint %}

#### **Single-Line Pattern Matching**

Single-line patterns are used when a configuration line can appear **anywhere** in the device configuration.

**Common use cases include version checks, logging configuration, and global settings.**

**Examples:**

* Match an exact software version **(version 15.4)**
* Match any version value **(version.\*)**
* Match password encryption setting **(service password-encryption)**
* Match a specific logging server **(logging 192.168.50.123)**

{% hint style="info" %}
Characters such as **., \*, or ?** have special meanings in regex. Escape them using **/** if they must be matched literally.
{% endhint %}

#### **Block-Based Pattern Matching**

Block-based patterns are used when validation must occur **only within a specific configuration block**, such as a console line or an interface block.

**Example Use Case**

Validate the following configuration **only inside the line con 0 block:**

* **exec-timeout 0 0**
* **privilege level 25**

**Block Pattern Syntax**

```
BlockStartPattern:line con 0
exec-timeout 0 0
privilege level 25
BlockEndPattern:logging synchronous[$$$]EndPattern:Keep
```

**How It Works**

* **BlockStartPattern:** Identifies the beginning of the configuration block.
* **Middle lines:** Define the patterns that must exist within the block.
* **BlockEndPattern:** Identifies the end of the block.
* **EndPattern:Keep:** Includes the last matching line as part of the block validation.

(Use Ignore if the last line should be excluded.)

### **Ignore Patterns**

Ignore Patterns are used to **exclude unwanted lines or blocks** from the configuration **before** validation. This helps eliminate noise such as comments, timestamps, or banners.

{% hint style="info" %}
**Ignore Pattern Rules**

* Ignore Patterns are applied **before** Configuration Template validation.
* Supports both **single-line** and **block-based** ignore patterns.
* Uses the **same regex rules** as Configuration Template patterns.
* Matching is **case-insensitive**.
  {% endhint %}

#### **Single-Line Ignore Patterns**

Used to ignore individual lines across the configuration.

**Example:**

```
!
start
end// Some code
```

This ignores comment lines and common boilerplate entries.

#### **Block-Based Ignore Patterns**

Used to ignore entire configuration blocks.

**Example: Ignore banner configuration**

```
BlockStartPattern: banner exec \^C
[$$$]BlockEndPattern:\^C[$$$]EndPattern:Ignore
```

**Explanation**

* **banner exec ^C:** Marks the start of the banner block.
* **^C:** Marks the end of the banner block.
* **EndPattern:Ignore:** Ignores the entire block.
* **\[$$$]:** Separator used between block keywords.

#### **Multiple Ignore Patterns Within a Block (BlockIgnorePattern)**

BlockIgnorePattern allows ignoring **multiple specific patterns within a matched block**.

**Example:**

```
BlockStartPattern:interface GigabitEthernet0/0/6
BlockIgnorePattern:negotiation auto[;;;]description
BlockEndPattern:!
```

* Multiple ignore patterns are separated using \[;;;].
* Each listed pattern is ignored **only within the matched block**.
* The rest of the block remains eligible for validation.

### **Invalid Patterns**

The following patterns are **not allowed** and will result in validation errors:

* \*\* or \*\*\*\*\*\*\*\*
* ?? or ????????
* ++ or ++++

{% hint style="info" %}
**Note:**

* Ignore Patterns are applied **first** to filter the configuration.
* Configuration Template patterns are evaluated **next**.
* Validation runs against the **latest downloaded configuration**.
* Each device is marked as **Complied** or **Violated**.
* Results clearly indicate:
  * Matched configurations
  * Missing configurations
  * Extra or illegal configurations
    {% endhint %}

## **Validation Result**

After submitting the **Golden Template Validation,** NCCM processes the selected devices and displays the validation results on the Results screen. This screen provides a summary of the validation progress and detailed compliance status for each device evaluated against the Golden Template.

At the top of the screen, NCCM displays a summary that reflects the overall validation status across all selected devices.

Validation Result **| Basic Details**

![](/files/fc0916db3e9d67cae4fc58c5c84fe880cec90031)

<table><thead><tr><th width="179.39996337890625">Label</th><th width="151.39996337890625">Action</th><th>Description / Example</th></tr></thead><tbody><tr><td><strong>Total Devices</strong></td><td>View only</td><td>Displays the total number of devices selected for Golden Template validation.<strong>Example:</strong> 3 devices.</td></tr><tr><td><strong>In Progress</strong></td><td>View only</td><td><p>Indicates the number of devices for which validation is still in progress. This value updates in real time as the backend process runs.</p><p></p><p><strong>Example:</strong> 0.</p></td></tr><tr><td><strong>Total Completed</strong></td><td>View only</td><td>Shows the number of devices for which validation has been completed, regardless of compliance result.<br><br><strong>Example:</strong> 3.</td></tr><tr><td><strong>Violated Device Count</strong></td><td>View only</td><td>Displays the count of devices whose configurations do not comply with the Golden Template.<br><br><strong>Example:</strong> 2.</td></tr><tr><td><strong>Complied Device Count</strong></td><td>View only</td><td>Displays the count of devices whose configurations fully comply with the Golden Template.<br><br><strong>Example:</strong> 0.</td></tr><tr><td><strong>Compliance Filter</strong></td><td></td><td></td></tr><tr><td><strong>Compliance Status</strong></td><td>Select from the dropdown</td><td><p>Allows filtering the result grid based on compliance outcome.<strong>Available Options:</strong></p><ul><li>Complied</li><li>Violated</li></ul><p>Selecting an option updates the grid to show only matching devices.</p></td></tr><tr><td><strong>Export</strong></td><td>Click</td><td>Exports the validation results as an XLSX file. The export includes device details, compliance status, and validation outcome for all displayed devices (based on applied filters).</td></tr><tr><td><strong>Validation Result Grid</strong></td><td></td><td></td></tr><tr><td><strong>Configuration</strong></td><td>Click to view</td><td>Displays the date and time when the configuration used for validation was captured. Clicking this opens the detailed validation view for that execution.<br><br><strong>Example:</strong> Dec 12, 2025, 04:10 PM.</td></tr><tr><td><strong>IP Address</strong></td><td>View only</td><td>Shows the IP address of the validated device.<br><br><strong>Example:</strong> 10.0.4.5.</td></tr><tr><td><strong>Hostname</strong></td><td>View only</td><td>Displays the device's hostname or asset identifier, as available in the CMDB.<strong>Example:</strong> EVEREST-IMS-LAB-ROUTER-33.everestims.com.</td></tr><tr><td><strong>Vendor</strong></td><td>View only</td><td>Indicates the device vendor associated with the configuration.<strong>Example:</strong> Cisco.</td></tr><tr><td><strong>OS Name</strong></td><td>View only</td><td>Displays the device's operating system.<strong>Example:</strong> IOS.</td></tr><tr><td><strong>Compliance Status</strong></td><td>View only</td><td>Shows whether the device configuration is Complied or Violated based on the Golden Template evaluation.</td></tr><tr><td><strong>Actions</strong></td><td></td><td></td></tr><tr><td><strong>View</strong></td><td>Click View</td><td><p>Opens the Golden Template Validation result for the selected device. Displays execution details, including configuration timestamp, IP address, hostname, vendor, and OS name. </p><p></p><p>Shows validation findings, including non-compliant or additional configuration entries identified during validation.</p></td></tr><tr><td><strong>Expand</strong></td><td>Click Expand</td><td>Expands the validation result to full-screen mode. Provides improved visibility to review large configuration outputs, block-level matches, and detailed validation results.</td></tr><tr><td><strong>Export (XLSX)</strong></td><td>Click Export</td><td>Exports the Golden Template Validation result for the selected device into an XLSX file. The exported file includes configuration details and validation outcomes for offline review or compliance reporting.</td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.infraon.io/infraon-help/infinity-user-guide/infraon-configuration/it-operations/network-configuration/golden-template-validation.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.