Config Analyzer

Paste a Cisco IOS or IOS-XE running-config. Get an instant inventory, IP plan, security audit with score, and consistency checks. 100% in-browser — nothing is uploaded.

Input

Detected Running-config CDP neighbors LLDP neighbors

Output

No configuration analyzed yet.

Paste your running-config above and click Analyze.

How to audit a Cisco running-config

Paste a show running-config output and this cisco config audit tool returns four tabs of structured results in seconds. The analysis runs entirely in your browser: the raw text never leaves your machine, which matters when the config contains SNMP community strings, local usernames, or pre-shared keys. That is not a marketing claim — there is no backend server, no upload endpoint, and no analytics payload attached to your input.

The parser pipeline has four stages. A preprocessor strips terminal artefacts (prompts, --More-- paging markers, timestamp headers) and detects formats that are not supported — IOS-XR, NX-OS, and ASA configs are rejected cleanly with an explanation rather than silently misread. A tree builder reconstructs the hierarchical block structure using indentation, exactly as IOS represents it internally. Seven extraction modules (interfaces, VLANs, routing, ACLs, security, services, STP) parse the tree into typed JSON. A correlator then cross-references the results: which VLAN is active on which port, which ACL is applied and in which direction, which SVI has no matching VLAN declaration, which subnets overlap.

The security audit scores the config from 0 to 100 using severity-weighted rules. CRITICAL findings carry the largest penalty: enable password (type 0 or 7) instead of enable secret, Telnet transport on VTY lines, and SNMP community strings left at "public" or "private". HIGH findings include SSH version 1, missing exec-timeout on console and VTY, ip http server still active, and no access-class protecting VTY. MEDIUM checks cover missing banner motd, no DHCP snooping, and unconfigured spanning-tree portfast bpduguard default. Each failing rule is accompanied by the exact CLI remediation, ready to copy and paste.

To test the ACLs extracted from your config against live traffic scenarios, send them to the ACL Simulator. To compare this config against a previous snapshot or a lab version, open both in the Config Diff tool.

Common use cases

  • Pre-delivery review — verify that a new switch or router config matches the design intent before rollout.
  • Security assessment — generate a scored report to share with a client or submit for internal compliance review.
  • Config hand-over — understand the topology and security posture of a device you just inherited.
  • Change validation — confirm that a maintenance window produced the expected inventory and no regressions.
  • Exam practice — explore the cross-dependencies of a complex lab configuration before attempting the real device.

Supports Cisco IOS 12.x/15.x and IOS-XE 16.x/17.x. IOS-XR, NX-OS and ASA are not supported and will be rejected cleanly. 100% in-browser. No config uploaded. Zero tracking.