Config Diff

Comparing two Cisco configurations semantically

A standard line-by-line diff is a poor fit for Cisco IOS configs. The order of commands within a block often changes without any functional impact — interfaces may appear in a different sequence after a reload, VLAN entries shift position when the database is rebuilt, and show running-config injects a timestamp header that always differs. Run a plain diff on two equivalent configs and you can end up with dozens of false positives that obscure the one real change that matters.

This cisco config diff tool takes a different approach. Both configurations are fed through the same parser used by the Config Analyzer: the preprocessor strips terminal artefacts, the tree builder reconstructs the hierarchical structure, and the extraction modules produce typed JSON objects for interfaces, VLANs, routes, ACLs and security settings. The diff engine then compares those objects, classifying each finding as only in A (removed), only in B (added), or changed (present in both but with different attributes). Line order is irrelevant — functional equivalence is what the engine tests.

For auditing configuration drift over time, load the backup from last month as config A and today's show run as config B. Every undocumented change surfaces immediately. For change validation, load the pre-maintenance snapshot as A and the post-maintenance capture as B to confirm that only the intended modifications were applied. Once you have the diff, export it as Markdown and paste it directly into your change ticket or incident report. For a deeper security analysis of either config, open it in the Config Analyzer.

Common use cases

• Validate a planned change: compare the pre- and post-maintenance running-configs to confirm only intended modifications landed.
• Audit configuration drift: compare the current running-config against a known-good baseline.
• Compare production against lab to identify what is missing before promoting a design to live.
• Document a change for a ticket or handover report with the Markdown export.
• Spot accidental rollbacks where a reload restored an older startup-config.

100% in-browser. No config uploaded. Zero tracking.