BRKRST - 2612 Cisco IOS – Managing, Optimising and Tweaking
Aug 23, 2014
BRKRST - 2612
Cisco IOS – Managing, Optimising and Tweaking
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 2
Objective
Introduce some of the lesser known features of IOS
Encourage you to use these features
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 3
Agenda Smart Call Home Service
Monitoring System Resources
• RMON & Threshold Notifications
• Embedded Resource Manager
IP Service Level Agent (IPSLA)
Enhanced Object Tracking (EOT)
Embedded Event Manager (EEM)
Device Configuration Management
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 4
Smart Call Home
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 5
Solution Architecture
Customer
Secure Authenticated
Access to Hosted Portal
Device Diagnostic
Library
Remediation
Recommendation
Engine
Diagnostics &
Parsing Engine
Smart Call Home Portal TAC
Automatic
SR Opened
Remediation
Recommendation
Customer & TAC access the same data
Intelligent Monitoring
& Collection Engine
Call Home feature
Cisco
InternetSecure Transport
HTTPS Encryption & Certificate-based authentication
13
2
EMAIL 4
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 6
SMART Call home
An embedded support feature available on a broad
range of Cisco products -
http://www.cisco.com/en/US/services/ps2827/ps2978/p
s7334/smartcall_supported_products_popup.html
Enabled devices continuously perform proactive
diagnostics
Provided at no additional cost when you have an active
SMARTnet Service, SP Base, Unified Computing
Support Service, or Mission Critical Support Service
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 7
SMART Call home Visibility into your network through diagnostic reports
Real-time trouble shooting, alerts, and remediation advice
Automatic generation of Cisco Service Request
Secure, reliable data transport
Personalised Web-based portal to review Call Home messages, detailed diagnostics, recommendations, and inventory
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 8
SMART Call home Configuration - HTTPS to Cisco (1/3)
1. Enable Call Home ServiceISR#configure terminal
ISR(config)#service call-home
ISR(config)#call-home
2. Configure the mandatory contact email address
ISR(cfg-call-home)#contact-email-addr username@domain-name
3. Activate default CiscoTAC-1 profile and set transport option to http
ISR(cfg-call-home)#profile CiscoTAC-1
ISR(cfg-call-home-profile)#active
ISR(cfg-call-home-profile)#destination transport-method http
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 9
SMART Call home Configuration - HTTPS to Cisco (2/3)
4. Install a security certificate -Download the Cisco server certificate from
http://www.cisco.com/warp/public/437/services/smartcall/docs/Cisco_Server_Security_Certificate.txt
ISR(config)#crypto pki trustpoint cisco
ISR(ca-trustpoint)#enroll terminal
ISR(ca-trustpoint)#revocation-check crl none
ISR(ca-trustpoint)#exit
ISR(config)#crypto pki authenticate cisco
Enter the base 64 encoded CA certificate.
End with a blank line or the word "quit" on a line by
itself
[paste the certificate here and accept it]
% Do you accept this certificate? [yes/no]: yes
Trustpoint CA certificate accepted.
% Certificate successfully imported
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 10
SMART Call home Configuration - HTTPS to Cisco (3/3)
5. Exit and save the configurationISR(config)#end
ISR#copy run start
6. Send a Call Home Inventory message to start registration process
ISR#call-home send alert-group inventory profile CiscoTAC-1
Sending inventory info call-home message . . .
Please wait. This may take some time . . .
7. Receive an Email from Cisco and follow the link to complete
registration for Smart Call Home
Further information - http://www.cisco.com/go/smartcall
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 11
Monitoring System Resources IRMON & Threshold Notifications
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 12
Monitoring System Resources – CPU (1/3)
Complication : What If your device has multiple CPU‗s ?
Problem: Monitor CPU Utilisation and generate an snmp trap and/or syslog message when a threshold is crossed
Solution 1: Configure RMON Events and Alarms
Router(config)# rmon event 1 log trap eventtrap description “CPU Utilization > 80%" owner
<ownername>
Router(config)# rmon event 2 log trap eventtrap description “CPU Utilization < 50%" owner
<ownername>
Router(config)# rmon alarm 10 cpmCPUTotal1minRev.<cpmCPUTotalIndex> 60 absolute rising-
threshold 80 1 falling-threshold 50 2 owner <ownername>
Generate syslog message
Generate snmp trap with community eventtrap
60 second sample interval
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 13
Monitoring System Resources – CPU (2/3) Solution 1 : Configure RMON Events and Alarms (cont‘d)
% snmpwalk -c public 10.66.76.16 .1.3.6.1.4.1.9.9.109.1.1.1.1.2
SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.2.1 = INTEGER: 4017
SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.2.2 = INTEGER: 4001
RMON Configuration Guide -http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_cfg_rmon_sup_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1056328
Perform an snmpwalk of cpmCPUTotalPhysicalIndex
Perform an snmpwalk of entPhysicalDescr
% snmpwalk -c public 10.66.76.16 .1.3.6.1.2.1.47.1.1.1.1.2 | grep 4017
SNMPv2-SMI::mib-2.47.1.1.1.1.2.4017 = STRING: "CPU of Routing Processor 6"
% snmpwalk -c public 10.66.76.16 .1.3.6.1.2.1.47.1.1.1.1.2 | grep 4001
SNMPv2-SMI::mib-2.47.1.1.1.1.2.4001 = STRING: "CPU of Switching Processor 6“
cpmCPUTotalIndex
cpmCPUTotalPhysicalIndex = entPhysicalIndex
To monitor the CPU Utilization of the RP in Slot 6 cpmCPUTotalIndex = 1
rmon alarm 10 cpmCPUTotal1minRev.1 60 absolute rising-threshold 80 1 falling-threshold 50 2
owner <ownername>
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 14
Monitoring System Resources – CPU (3/3) Solution 2 : CPU Threshold Notification
Router(config)# snmp-server enable traps cpu threshold
Router(config)# snmp-server host host-address [traps | informs] [version {1 | 2c | 3 [auth |
noauth | priv]}] community-string
Router(config)# process cpu threshold type total rising 80 interval 5 falling 50 interval 5
Router(config)# process cpu statistics limit entry-percentage 40 size 300
{total | process | interrupt}
Sets the process entry limit and the size of the history table for CPU utilisation statistics.
Refer CISCO-PROCESS-MIB :
•CPU Thresholds & CPU History can be found in cpmCPUThresholdTable & cpmCPUHistory respectively.
•Traps generated are cpmCPURisingThreshold & cpmCPUFallingThreshold.
CPU Threshold Notification Configuration Guide -http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_cpu_thresh_notif_ps6350_TSD_Products_Configuration_Guide_Chapter.html
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 15
Monitoring System Resources – Memory
Devices have multiple Memory Pools, what value of <ciscoMemoryPoolType> to use ?
Problem: Monitor Memory Utilisation and generate an snmp trap and/or syslog message when a threshold is crossed
Solution 1: Configure RMON Events and Alarms
Router(config)# rmon event 1 log trap eventtrap description “Memory Utilization > 80%" owner
<ownername>
Router(config)# rmon event 2 log trap eventtrap description “Memory Utilization < 50%" owner
<ownername>
Router(config)# rmon alarm 10 ciscoMemoryPoolUtilization1Min.<ciscoMemoryPoolType> 60
absolute rising-threshold 80 1 falling-threshold 50 2 owner <ownername>
Generate syslog message
Generate snmp trap with community eventtrap
60 second sample interval
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 16
Monitoring System Resources – Memory Solution 1: Configure RMON Events and Alarms (cont‘d)
% snmpwalk -c public 10.66.91.113 .1.3.6.1.4.1.9.9.48.1.1.1.2
SNMPv2-SMI::enterprises.9.9.48.1.1.1.2.1 = STRING: "Processor"
SNMPv2-SMI::enterprises.9.9.48.1.1.1.2.2 = STRING: "I/O"
SNMPv2-SMI::enterprises.9.9.48.1.1.1.2.16 = STRING: "Driver text“
<ciscoMemoryPoolType>
Perform an snmpwalk of ciscoMemoryPoolName
To monitor the Processor Memory Pool
rmon alarm 10 ciscoMemoryPoolUtilization1Min.1 60 absolute rising-threshold 80
1 falling-threshold 50 2 owner <ownername>
Refer CISCO-MEMORY-POOL-MIB
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 17
Monitoring System Resources – Memory Solution 2 : Memory Threshold Notification
Router(config)# memory free low-watermark processor 20000
Router(config)# memory free low-watermark io 2000 KB
Generates syslog messages but no snmp traps
Memory Threshold Notification Configuration Guide -http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_mem_thresh_note_ps6350_TSD_Products_Configuration_Guide_Chapter.html
000029: *Aug 12 22:31:19.559: %SYS-4-FREEMEMLOW: Free Memory has dropped below 20000k
Pool: Processor Free: 66814056 freemem_lwm: 204800000
000032: *Aug 12 22:33:29.411: %SYS-5-FREEMEMRECOVER: Free Memory has recovered 20000k
Pool: Processor Free: 66813960 freemem_lwm: 0
If free memory falls below the threshold
When free memory recovers to 5% above the threshold
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 18
Monitoring System Resources IIEmbedded Resource Manager (ERM)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 19
Monitoring System Resources – ERM
Monitoring system resource usage.
Setting the resource threshold at a granular level.
Generating alerts when resource utilisation reaches the specified level.
Generating internal events using the Cisco IOS Embedded Event Manager feature.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 20
Monitoring System Resources – ERMERM provides for three types of thresholds to be defined:
The System Global Threshold is the point when the entire resource reaches a specified value. A notification is sent to all RUs once the threshold is exceeded.
The User Local Threshold is the point when a specified RUs utilisation exceeds the configured limit.
The User Global Threshold is the point when the entire resource reaches a configured value. A notification is sent to the specified RU once the threshold is exceeded.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 21
Monitoring System Resources – ERM ERM Sample configuration - Global policy
snmp-server enable trap resource-policy
resource policy
policy cpu-global global
system
cpu total
critical rising 90 interval 10 falling 80 interval 10
major rising 80 interval 10 falling 70 interval 10
minor rising 70 interval 10 falling 60 interval 5
!
!
module 6/0
cpu total
critical rising 90 interval 10 falling 80 interval 10
!
!
!
user global cpu-global Needed to activate the policy
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 22
Monitoring System Resources – ERM ERM Sample configuration - User Local Policypolicy user-local-cpu type iosprocess
system
cpu process
minor rising 10 interval 2 falling 5 interval 2
!
user "SNMP ENGINE" iosprocess user-local-cpu
policy user-global-cpu type iosprocess
system
cpu total
minor rising 10 interval 2 falling 5 interval 2 global
!
user "BGP Router" iosprocess user-global-cpu
ERM Sample configuration – User Global Policy
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 23
Monitoring System Resources – ERMOther ERM Features :
Automatic CPUHOG Profiling
Extended CPU load monitoring
Packet Memory Reclamation functionality for "unwedging" interface input queues
Automatic Buffer Tuning
MIB - CISCO-ERM-MIB
Traps generated ciscoErmGlobalPolicyViolation & ciscoErmLocalPolicyViolation
Embedded Resource Manager Configuration Guide -http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_erm_resource_ps6350_TSD_Products_Configuration_Guide_Chapter.html
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 24
IP Service Level Agent (IP SLA)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 25
QoS Markings
MPLS VPN
Aware
Connect
IP SLA Operations
Frame Relay
GK Delay
Call Setup
(PDD)
HTTPDLSw
Jitter Path
Echo
TCP
Echo
DNS/
DHCP
FTP
Increasing Service Value
Path
Jitter
L2
VoIP
Echo
SNA
UDP
Cisco IOS-Based
IP Service Level Agent
ICMP
VoIP UDP
Jitter
RTP
ATM
Metro E
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 26
Platforms Supporting IP SLA
Cisco 10K,
12K, CRS-1
Cisco 7200/7300
Cisco 800/1700/1800
Cisco 3700/Cisco 3800Catalyst 2960
Cisco 2600/2800
Catalyst
3550/3560
Catalyst 3750
Catalyst 4500
Catalyst
6500/7600
Cisco IOS Software Releases 12.3T, 12.4 and 12.4T(Responder Only)
Cisco IOS Software Releases 12.2S
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 27
IP Host
How does Cisco IP SLA Work?
Management
Application
Configure
SNMP TrapCollect Data
Reconfigure
IP SLA Measure
Measure Performance
IP SLA Responder
TargetSource
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 28
IP SLA Operation with Non-Responder
IP SLA Sender IP Host
Reply to test Packet
Sending Test Packet
Probing
Phase
IP SLA-Test
Operation types :
dhcp, dns , echo , ftp, http, pathEcho, tcpConnect
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 29
IP SLA Operation with Responder
IP SLA Sender IP SLA ResponderControl Message Ask Receiver to
Open Port 2020 on UDP
Responder Says OK
Sending Test Packet(s)…
Start Listening on
UDP Port 2020
UDP, 2020
Done: Stop Listening
Control
Phase
Probing
Phase
IP SLA-Control
IP SLA-Test
UDP, 1967
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 30
Configuration example – Change to backup link (1/2)
Define an Echo probe
ip sla 1
icmp-echo <target> source-ip 24.249.14.209
timeout 2000
threshold 1000
frequency 1
ip sla schedule 1 life forever start-time now
Track the probe reachability
track 10 rtr 1 reachability
delay down 5 up 10
Define default routes
ip route 0.0.0.0 0.0.0.0 <Main ISP> track 10
ip route 0.0.0.0 0.0.0.0 <Backup ISP> 200
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 31
Configuration example – Change to backup link (2/2)
Force probe packets to always go out the Main ISP Interface
ip local policy route-map MY-LOCAL-POLICY
!
access-list 101 permit icmp any host <target> echo
!
route-map MY-LOCAL-POLICY permit 10
match ip address 101
set interface <Main ISP Interface>
set default interface <Main ISP Interface>
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 32
Enhanced Object Tracking (EOT)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 33
Enhanced Object TrackingFeatures
Separation between the objects to be tracked and the action to be taken.
Each Tracked object has a unique number
Boolean ―and‖ and ―or‖ functions to combine tracked objects
Advantages
Increases the availability and speed of recovery of a network.
Decreases network outages and their duration.
Restriction
Enhanced Object Tracking is not statefull switchover (SSO) aware
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 34
Enhanced Object Tracking
What can be tracked :
Line-Protocol State of an Interface
IP-Routing State of an Interface
IP-Route Reachability
Threshold of IP-Route Metrics
State of an IP SLA Operation
Reachability of an IP SLA IP Host
Mobile IP Applications
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 35
Enhanced Object TrackingConfiguration Example - Line-Protocol State of an Interface
10.1.0.0/24
A B
S1/0 S1/0
Fa0/0Fa0/0
track 100 interface serial1/0 line-protocol
!
interface FastEthernet0/0
ip address 10.1.0.21 255.255.0.0
standby 1 preempt
standby 1 ip 10.1.0.1
standby 1 priority 110
standby 1 track 100 decrement 10
Router A Configuration
track 100 interface serial1/0 line-protocol
!
interface FastEthernet0/0
ip address 10.1.0.22 255.255.0.0
standby 1 preempt
standby 1 ip 10.1.0.1
standby 1 priority 110
standby 1 track 100 decrement 10
Router B Configuration
Further information on Enhanced Object Tracking -http://www.cisco.com/en/US/docs/ios/ipapp/configuration/guide/ipapp_eot.html
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 36
Embedded Event Manager
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 37
Embedded Event
Manager
Syslogemail
notification
SNMP set
Counter
CLI
Applets
SNMP
get
SNMP
notification
Application
specific
TCL
Policies
Reload or
switch-over
EEM Applets
multi-event-correlation
IOS.sh
Policies
Actions
Event Detectors
Syslog
Event
Process
Scheduler
Database
Interface
Descriptor
Blocks
Syslog
ED
Watchdog
ED
Interface
Counter
ED
CLI
ED
OIR
ED
ERM
ED
EOT
ED
RF
ED
none
ED
GOLD
ED
XML
RPC
ED
SNMP
EDs
Remote:
• Notification
Local:
• Notification
• Get/Set
NetFlow
ED
IPSLA
ED
Route
ED
Timer
EDs
• Cron
• Count
down
HW
EDs
• Fan
• Temp
• Env
• ...
CDP
LLDP
ED
802.1x
ED
MAC
ED
EEM Architecture
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 38
Embedded Event Manager
Components that make up EEM Policy
Event Detectors -http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_overview.html#wp1070290
Actions - http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_overview.html#wp1070842
Applet (cli)
Script (tcl)
Environment Variables• User defined
• Cisco defined http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_overview.html#wp1071155
• Cisco built-in
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 39
CLI
Applets
Programmatic Applet
Extensions
IOS.sh
Policies
Separate ASCII File my-
policy.sh
Based on Cisco IOS CLI
and Shell Commands
Effective shell-like simple
scripting
Registered via the Cisco
IOS Config
TCL
Policies
Separate ASCII File my-
policy.tcl
Based on Cisco IOS CLI
and Safe TCL
Commands
Flexible and powerful
scripting capabilities
Registered via the Cisco
IOS Config
Part of the Cisco IOS
Configuration
Based on CLI
Commands
Simple Actions
EEM Applets and Policies
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 40
Embedded Event Manager – cli Applet
Sample Applet – Force switch over to redundant processor
snmp-server enable traps eventmanager
!
event manager applet track-gig0
event syslog pattern ".*UPDOWN.*GigabitEthernet0.* changed state to down“
action 1.0 force-switchover
action 2.0 syslog msg “Gig0 down. EEM Forced-switch over”
Command syntax for the syslog event detector
event syslog [occurs num-occurrences] [period period-value] [priority priority-
level] pattern regular-expression
Event detector
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 41
Embedded Event Manager – cli Applet
Sample Applet – Send a custom snmp trap on LINK_LOST/OK
snmp-server enable traps eventmanager
!
event manager applet track_sfp_down
event syslog pattern "SPAWBCMTS-4-SFP_LINK_LOST.*link changed state to down“
action 1.0 snmp-trap strdata "$_syslog_msg"
!
event manager applet track_sfp_up
event syslog pattern "SPAWBCMTS-4-SFP_LINK_OK.*link changed state to up“
action 1.0 snmp-trap strdata "$_syslog_msg"
Cisco defined environment variable
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 42
• Which process is causing CPU spikes?
event manager applet High_CPU_Monitor
event snmp oid 1.3.6.1.4.1.9.9.109.1.1.1.1.7.1 get-type exact entry-op gt entry-val 75 exit-op lt exit-val 50 poll-interval 60
action 1.1 syslog msg "------ HIGH CPU DETECTED ------ CPU Currently: $_snmp_oid_val %“
action 2.1 cli command "enable"
action 2.2 cli command "terminal exec prompt timestamp"
action 2.3 cli command "show process cpu sort | exclude 0.0 | append flash:high_cpu_monitor.txt"
action 2.4 cli command "show process cpu history | append flash:high_cpu_monitor.txt“
action 2.5 cli command "show logging | append flash:high_cpu_monitor.txt“
action 2.6 cli command "show interface stat | append flash:high_cpu_monitor.txt"
end
1111 1
1112111111112111111111211111411221433 1 11113000011111230254 2 1
9756660293151131828147016175365762661890911641000056506500050919988258
100 **** *
90 **** *
80 **** *
70 **** *
60 **** * *
50 * **** * *
40 * ** **** * **
30 * * ** *** ***** *** **
20 ****** * ** * * ** * ******* *** * ******** ******* *
10 ######***************#**#***##**************######**#*****************
0....5....1....1....2....2....3....3....4....4....5....5....6....6....7.
0 5 0 5 0 5 0 5 0 5 0 5 0
CPU% per hour (last 72 hours) * = maximum CPU% # = average CPU%
Caution : Make sure you don’t fill up flash
Embedded Event Manager – cli Applet
cpmCPUTotal1minRev
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 43
event snmp oid oid-value get-type {exact | next} entry-op operator entry-val
entry-value [exit-comb {or | and}] [exit-op operator] [exit-val exit-value]
[exit-time exit-time-value] poll-interval poll-int-value
Command syntax for the snmp oid event detector
Embedded Event Manager – cli Applet
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 44
Embedded Event Manager – tcl Scripts
Prepare tcl script or use / modify existing one
Download to device
Add other required device configuration
Define any User-Defined environment variables
Register the Policy
Test / Check the script
EEM Scripting Community - http://forums.cisco.com/eforum/servlet/EEM?page=main
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 45
Embedded Event Manager – tcl ScriptsExample – CliValueToSnmpExpressionMIB.tcl
EEM Scripting Community - http://forums.cisco.com/eforum/servlet/EEM?page=main
Problem: Monitor a counter for which there is no snmp MIB Object
Solution 1: Use the ‗Cli Value 2 Snmp Expr MIB‘ tcl script from the EEM Scripting Community (Network Management)
::cisco::eem::event_register_timer watchdog name watchdog time $snmp_mib_update_interval maxrun 240
namespace import ::cisco::eem::*
namespace import ::cisco::lib::*
<snip>
# ====================================== CUSTOMIZE THIS SECTION FOR YOUR NEEDS =================================================#
# ==============================================================================================================================#
# Initialize ISG show commands to be executed...
# proc Show Command ShowCmdId
# ---- ------------ ---------
initShowCommand "show mls qos protocol module 6" 1
# Initialize match patterns, reference to the Id of the relevant show command above and specify the last OID index to be used...
# proc ObjectName MatchPattern with (interesting value) in brackets ShowCmdId MIBIndex
# ---- ---------- ------------------------------------------------- --------- --------
initMatchPattern "AgForwardBy6" ".*AgForward-By: +(\[0-9\]+) " 1 1
initMatchPattern "AgPolicedBy6" ".*AgPoliced-By: +(\[0-9\]+)" 1 2
User defined environment variable
Event Detector
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 46
Download to device
Embedded Event Manager – tcl ScriptsExample – CliValueToSnmpExpressionMIB.tcl
Router# mkdir harddisk:eem
Router#copy ftp:/opt/ftp/eem/CliValueToSnmpExpressionMib.tcl harddisk:/eem
Address or name of remote host []? 10.10.10.2
Destination filename [/eem/CliValueToSnmpExpressionMib.tcl]?
Accessing ftp://10.10.10.2//opt/ftp/eem/CliValueToSnmpExpressionMib.tcl...
Add other required device configuration
1) Enable SNMP server manager
Router(config)# snmp-server manager
2) Add SNMP configuration allowing local SNMP queries and updates for the script
to update expression MIB entries...
Router(config)# no access-list 9
Router(config)# access-list 9 remark "SNMP Read-Write for EEM"
Router(config)# access-list 9 remark "======================="
Router(config)# access-list 9 permit 10.10.10.1 0.0.0.0
Router(config)# access-list 9 deny any log
Router(config)# snmp-server community EemUpdateRw RW 9
Change this to the management address of your device
User defined RW Community string to be used by EEM tcl script
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 47
Embedded Event Manager – tcl ScriptsExample – CliValueToSnmpExpressionMIB.tcl
Define User-Defined environment variables
Router(conf)# event manager environment snmp_mib_update_interval 60
# RW Community&IP address parameters are required by EEM to update MIBs locally on the
device...
Router(conf)# event manager environment snmp_rw_community EemUpdateRw
Router(conf)# event manager environment snmp_ip_address 10.10.10.1
# Configure the default value to be filled into OIDs should the show command
# or regular expression match fail...
Router(conf)# event manager environment snmp_default_value -1
Remember this from the script
Same as snmp config entered via cli
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 48
Embedded Event Manager – tcl ScriptsExample – CliValueToSnmpExpressionMIB.tcl
Check the tcl policy has been registered successfully
Router#show event manager policy registered user
No. Class Type Event Type Trap Time Registered Name
1 script user timer watchdog Off Thu Nov 4 01:17:16 2010 CliValueToSnmpExpressionMib.tcl
name {watchdog}
time 60.000
nice 0 queue-priority normal maxrun 240.000
Register the tcl Policy
Router(conf)# event manager directory user policy harddisk:/eem
Router(conf)# event manager policy CliValueToSnmpExpressionMib.tcl
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 49
Embedded Event Manager – tcl ScriptsExample – CliValueToSnmpExpressionMIB.tcl
Check / test the script is working
Router#show management expression
Expression: AgForwardBy6 is active
Expression to be evaluated is 527930134 where:
Expression: AgPolicedBy6 is active
Expression to be evaluated is 347908 where:
Router#show mls qos protocol module 6
----- Module [6] -----
Protocol ARP is using AgId 1 AgForward-By: 527930134 AgPoliced-By: 347908
ARP : Policing and mode Cir = 1024000bps Burst = 10000bytes
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 50
Embedded Event Manager – tcl ScriptsExample – CliValueToSnmpExpressionMIB.tcl
Check / test the script is working (cont‗d)
From an NMS system perform an snmpwalk of the EXPRESSION-MIB
% snmpwalk -c public1 10.10.10.1 1.3.6.1.4.1.9.10.22
<snip>
expExpressionOwner.1 : = STRING: "AgForwardBy6“
expExpressionOwner.2 : = STRING: "AgPolicedBy6“
<snip>
expValueCounter32Val.1.0.0.0 : = Counter32: 527930134
expValueCounter32Val.2.0.0.0 : = Counter32: 347908
Objectname as defined in
the tcl script
MIBIndex as defined in
the tcl script
These are the MIB Objects
to poll
NB At present the script only supports 32 bit counters, which limits it to values < 4Gig .
There is however a 64 bit counter expValueCounter64Val which could be used if the script was modified (and tested).
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 51
Embedded Event Manager – tcl Scripts
What if it doesn‗t work as expected ?
Router#debug event manager ?
action Debug Event Manager Action
all Debug Event Manager with all debug messages enabled
api Debug Event Manager client API
common Debug Event Manager Common
detector Debug Event Manager Event Detector
policydir Debug Event Manager policy director
server Debug Event Manager server
tcl Debug Event Manager tclsh interpreter
xml Debug Event Manager xml
As with all debugging approach with caution. It may generate a lot of output
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 52
Embedded Event Manager – tcl Scripts
Unregister the tcl policy
Delete the tcl script from flash
Copy the new /edited tcl script to the flash device.
Register the new / edited tcl policy
Problem: What if I need to modify the tcl script ?
Solution 1: Manual step by step
Router(conf)# no event manager policy my.tcl
Router# del harddisk:/eem/my.tcl
Router#copy ftp:/opt/ftp/eem/my.tcl harddisk:/eem
Router(conf)# event manager policy my.tcl
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 53
Embedded Event Manager – tcl Scripts
Configure the default repository
Single exec command to download, un-register and re-register:
Solution 2: Use ‗event manager update‘ commands
Router(config)# event manager directory user repository tftp://172.16.64.1
router# event manager update user policy name my
%EEM: Update will use the repository path: tftp://172.16.64.1
%EEM: Attempting to copy tftp://172.16.64.1/my.tcl to flash:/eemtcl/my.tcl
Loading my.tcl from 172.16.64.1 (via FastEthernet0): !
[OK - 647 bytes]
%EEM: Copied 647 bytes from tftp://172.16.64.1/my.tcl to
flash:/eemtcl/my.tcl
%EEM: Policy my.tcl has been successfully copied and re-registered
*Dec 10 20:12:43.198: %HA_EM-6-FMPD_UPDATE_POLICY_COPY: Policy update has copied 647 bytes from
tftp://172.16.64.1/my.tcl to flash:/eemtcl/my.tcl
*Dec 10 20:12:43.230: %HA_EM-6-FMPD_UPDATE_POLICY_REGISTER: Policy update has successfully re-registered
policy my.tcl
Available from: IOS 12.4(20)T
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 54
Embedded Event Manager – tcl Scripts
Can also synch entire groups, based on regular expression match:
Verify using show command
Solution 2: Use ‗event manager update‘ commands (cont‘d)
Router# event manager update user policy group m.*
router# show event manager policy registered
No. Class Type Event Type Trap Time Registered Name
1 script user syslog Off Wed Dec 10 20:12:43 2008 my.tcl
occurs 1 pattern {.*%NTP-5-PEERSYNC.*}
nice 1 queue-priority low maxrun 90.000 scheduler rp_primary
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 55
Embedded Event Manager – tcl Scripts
Single exec command to specify repository, download, un-register and re-register:
Can also synch entire groups, based on regular expression match:
Verify using show command
Solution 3: Use New ‗event manager update‘ commands
router# event manager update user policy name my.tcl repository tftp://10.1.1.1/
Router# event manager update user policy group m.* repository tftp://10.1.1.1/
Router# show event manager policy registered
No. Class Type Event Type Trap Time Registered Name
1 script user syslog Off Wed Dec 10 20:12:43 2008 my.tcl
occurs 1 pattern {.*%NTP-5-PEERSYNC.*}
nice 1 queue-priority low maxrun 90.000 scheduler rp_primary
Available from: IOS 15.0(1)M
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 56
Embedded Automation Systems (EASy)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 57
Problem: Embedded Automations based on Tcl Scripting or Embedded Event Manager may include multiple scripts, policies, configurations, variables and pre-requisites. How can we install (and un-install) all of these in a consistent manner?
Example: Install Embedded Automations
Solution: Create a package and use the EASy Installer
See: http://www.cisco.com/go/easy
Router# easy-installer tftp://10.1.1.1/my-package.tar flash:/easy
-----------------------------------------------------------------------
Configure and Install EASy Package ‘my-package'
-----------------------------------------------------------------------
1. Display Package Description
2. Configure Package Parameters
3. Deploy Package Policies
4. Verify Installed Package
5. Exit
Enter option:
Further information on EASy Installer -http://www.cisco.com/en/US/products/ps10777/products_ios_protocol_group_home.html
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 58
Editing Files on the CLI
Ed.tcl
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 59
Editing Files Problem: Often ASCII files are being used when using Device Manageability
Instrumentation in IOS:
Tcl scripts and EEM Tcl Policies
EMM Menu Definition Files
Config Templates and other text files
During Development and Test it would be useful to be able to edit these files directly from IOS.
But: IOS does not include an ASCII Editor ...
Solution: Use a Tcl implementation of an Editor in IOS
The GNU <ed> editor is a very simple, line-based editor available as Tcl implementation
see: http://en.wikipedia.org/wiki/Ed_(Unix)
see: http://www.gnu.org/software/ed/ed.html
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 60
Editing Files – Using ed.tcl
router# show flash
:
8 27091 Nov 19 2008 10:51:26 ed.tcl
9 68 Nov 19 2008 11:00:12 testfile.txt
a
and here are
yet another two lines
.
,n
1 line one of the test file
2 line two of the test file
3 another line
4 and here are
5 yet another two lines
w
99
q
router#
1. Copy ed.tcl and a simple test file to the flash:
router(config)# alias exec ed tclsh flash:/ed.tcl
2. Define an Alias for simplicity:
router# ed flash:/testfile.txt
65
1,$p
line one of the test file
line two of the test file
another line
,p
line one of the test file
line two of the test file
another line
,n
1 line one of the test file
2 line two of the test file
3 another line
3. Edit the file using ed:
1,$p – print lines 1 to last
a – add lines
w – write file
q – quit
. – end adding
,p – print all lines
,n – numbered print all lines
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 61
IOS Shell ScriptingIOS.sh
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 62
IOS Shell Problem: Sometimes we need more than what Interface ranges,
Macros, Auto SmartPorts and other CLI features already offer.
But we may not want all the power and complexity of Tcl Scripting orEmbedded Event Manager
Solution: Use IOS Shell (IOS.sh)
Phase I Available from: IOS 12.2(52)SE
IOS.sh # _
IOS Shell offers
Environment Variables MY_VAR=value, %n
Pipe and Redirection |
Condition Testing if […]; then else fi
Loops
Built-in Functions show shell functions
shell exec <function>
Custom Function Definitions function <name>(…){…}
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 63
IOS Shell - Example The pre-built shell functions for Auto SmartPorts are a good starting point:
switch# show shell functions CISCO_AP_AUTO_SMARTPORT
function CISCO_AP_AUTO_SMARTPORT () {
if [[ $LINKUP -eq YES ]]; then
conf t
interface $INTERFACE
macro description $TRIGGER
switchport trunk encapsulation dot1q
switchport trunk native vlan $NATIVE_VLAN
switchport trunk allowed vlan ALL
switchport mode trunk
switchport nonegotiate
auto qos voip trust
mls qos trust cos
exit
end
fi
if [[ $LINKUP -eq NO ]]; then
:
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 64
Tcl ShellTcl Scripting
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 65
Tool Command Language (TCL) Language resources found at: http://www.tcl.tk/
TCL 7.x has been in Cisco IOS since 1994
TCL 8.3.4 first released in Cisco IOS in 12.3(2)Tand merged into 12.2(25)S
Use 12.3(14)T or later for best results
Signed TCL Scripts introduced in 12.4(15)T
Router(config)# scripting tcl low-memory <water_mark>
Router#tclsh slot0:myscript.tcl
Router#tclsh
Router(tcl)#source tftp://10.1.1.1/myscript.tcl
TCL process runs at medium priority, so be careful with loops
Use low-memory to prevent malloc failures
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 66
Tool Command Language (TCL)
http://www.cisco.com/go/ciscobeyond
http://www.cisco.com/go/eem
http://www.cisco.com/go/ioscommercial
―Guide To Writing EEM Policies‖ documentation
Router#tclsh
Router(tcl)#puts "Hello There"
Hello There
Router(tcl)#ios_config "interface fa0/0"
"description Main Uplink"
Router(tcl)#exit
Router#
• TCL Cisco IOSExtended Commands
• TCL Built In Command
• Cisco IOS Command
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 67
Signed TCL Scripts
TCL has the capability to verify a digital signature in order to indicate trust:
A script can run in two modes:
If TCL script contains the right signature:
• It will be authenticated and run with trusted access to TCL interpreter
If TCL script doesn´t contain the right signature:
• It will run in a limited mode for untrusted scripts or not run at all
TRUSTED MODE
UNTRUSTED MODE
See: http://www.cisco.com/en/US/docs/ios/12_4t/netmgmt/configuration/guide/sign_tcl.htmlAvailable from: IOS 12.4(15)T, 12.4(11)XWPlatforms: 8xx, 18xx ISRs, 26xx, 36xx, 37xx, IAD, 72xx, 7301, UC520, …
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 68
Kron Scheduler
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 69
Kron Scheduler Run EXEC commands periodically or
at a specified time
First introduced in 12.3(1)
Runs commands in a fully-automated mode
Interactive commands (e.g. reload)are NOT supported
Note:
NTP must be configured or the router clock must be authoritative
Kron and Tcl can run together since 12.4(4)T
Alternative Option: use Embedded Event Manager (EEM) Timer ED
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 70
Configuration Management
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 71
IOS Configuration ‚Safety‘ Features
Contextual configuration diff utility (from 12.3(4)T, 12.2(25)S)
Easily show differences between running and startup configuration
Compare any two ASCII files
Config change logging and notification (from 12.3(4)T, 12.2(25)S)
Tracks config commands entered per user, per session
Notification sent indicating config change has taken place—changes can be retrieved via SNMP
Configuration replace and rollback (from 12.3(7)T, 12.2(25)S)
Replace running config with any saved configuration (only the diffs are applied) to return to previous state
Configuration revert (from 12.4(23)T)
Automatically Rollback un-confirmed configurations
Configuration locking (from 12.3(14)T, 12.2(25)S)
Ensures exclusive configuration change access
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 72
router# show archive
There are currently 4 archive configurations saved.
The next archive file will be named disk0:/config-archive-4
Archive # Name
0
1 disk0:/config-archive-1
2 disk0:/config-archive-2
3 disk0:/config-archive-3 <- Most Recent
router# config replace disk0:/config-archive-3 time 120
:
... your Config Change work here ...
:
router# no config replace disk0:/config-archive-3
Example: Using Config RollbackProblem: Critical config change to a remote router may result in loss of connectivity, requiring a
reload
Solution 1: Replace the running configuration with the latest good archive after two minutes –unless the change made is confirmed Available from: IOS 12.3(7)T, 12.2(25)S
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 73
router# config terminal revert time 2
Rollback Confirmed Change: Backing up current running config to flash:bk-2
Enter configuration commands, one per line. End with CNTL/Z.
:
... your Config Change work here ...
:
router# hostname oops
oops(config)# end
oops# Rollback Confirmed Change: Rollback will begin in one minute. Enter "configure
confirm" if you wish to keep what you've configured
Example: Using Config RevertProblem: Critical config change to a remote router may result in loss of connectivity,
requiring a reload
Solution 2: Revert the running configuration after two minutes – unless the change made is confirmed
Available from: IOS 12.4(23)T, 12.2(33)S
oops# Rollback Confirmed Change: rolling
to:flash:bk-2
Total number of passes: 1
Rollback Done
router#
oops# config confirm
oops# or
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 74
How to trigger a Config ChangeEmbedded Event Manager (EEM)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 75
Example: Trigger a Config Change – 1/3 Problem: a PKI related config change on a remote device should only happen once NTP has
successfully synched the time
Router(config)# ntp logging
Router(config)# ntp update-calendar
Router(config)# ntp server 172.16.154.40 prefer
CLI Applet
event manager applet config_upon_ntp
event syslog pattern ".*%NTP-5-PEERSYNC.*"
action 1.0 syslog msg "Starting ..."
:
... Your Config Changes Here ...
:
action 3.0 syslog msg "... done"Dec 10 13:03:57.746: %NTP-5-PEERSYNC: NTP synced to peer 172.16.254.40
Dec 10 13:03:57.750: %HA_EM-6-LOG: config_upon_ntp: Starting ...
Dec 10 13:03:57.750: %HA_EM-6-LOG: config_upon_ntp: ... done
Solution I: use EEM Syslog Event Detector and a CLI Applet to trigger the change
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 76
Example: Trigger a Config Change – 2/3
Solution II: use EEM Syslog Event Detector and an IOS.sh Policy to trigger the change
Solution III: use EEM Syslog Event Detector and a TCL Policy to trigger the change …
IOS.sh Policy##::cisco::eem::event_register_syslog pattern .*%NTP-5-PEERSYNC.*
send log "Starting ..."
enable
conf t
hostname $new_hostname
:
... Your Config Changes Here ...
:
end
send log "... done"
# End of IOS.sh Policy demo script
router#
*Dec 22 18:27:09.659: %HA_EM-6-LOG: sl_cfg_ntp.sh: Starting ...
*Dec 22 18:27:09.801: %SYS-5-CONFIG_I: Configured from console by on vty0 (EEM:sl_cfg_ntp.sh)
*Dec 22 18:27:09.927: %HA_EM-6-LOG: sl_cfg_ntp.sh: Set hostname from router to it-worked
*Dec 22 18:27:09.927: %HA_EM-6-LOG: sl_cfg_ntp.sh: ... done
it-worked#
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 77
TCL Policy
::cisco::eem::event_register_syslog occurs 1 pattern .*%NTP-5-PEERSYNC.* queue_priority low nice 1 maxrun 90
namespace import ::cisco::eem::*
namespace import ::cisco::lib::*
action_syslog msg "Starting ..."
set oldname [info hostname]
set newname "it-worked"
if [catch {cli_open} result] {
error $result $errorInfo
} else {
array set cli $result
}
if [catch {cli_exec $cli(fd) “enable\n conf term\n hostname $newname\n end"} result] {action_syslog msg "Failed to set hostname: $result : $errorInfo"
error $result $errorInfo
} else {
action_syslog msg "Set hostname from $oldname to $newname"
}
cli_close $cli(fd) $cli(tty_id)
action_syslog msg "... done"
router#
*Dec 10 10:43:29.061: %HA_EM-6-LOG: config_upon_ntp.tcl: Starting ...
*Dec 10 10:43:29.197: %SYS-5-CONFIG_I: Configured from console by on vty0 (EEM:config_upon_ntp.tcl)
*Dec 10 10:43:29.329: %HA_EM-6-LOG: config_upon_ntp.tcl: Set hostname from router to it-worked
*Dec 10 10:43:29.329: %HA_EM-6-LOG: config_upon_ntp.tcl: ... done
it-worked#
Policy runtimeDefault = 20 secondsIncrease this value if you see a “Process Forced Exit” messagefrom the router.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 78
How to trigger upon a Config Change
Embedded Event Manager (EEM)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 79
Using EEM to trigger upon config changeTwo Options:
Syslog Event Detector upon any potential config change
CLI Event Detector upon specific CLI command
– Asynchronous:
• Trigger Policy and then execute CLI command
• Trigger Policy and skip CLI command
– Synchronous:
• Trigger Policy and execute/skip based on exit status
–_exit_status == 0 skip CLI command (default)
–_exit_status == 1 execute CLI command
event [tag event-tag] cli pattern regular-expression
{[default] [enter] [questionmark] [tab]}
[sync {yes | no skip {yes | no}]
[mode variable]
[occurs num-occurrences] [period period-value]
[maxrun maxruntime-number]
Available from: EEM 2.1, integrated with XML PI from EEM 3.0
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 80
Example: Using EEM CLI Event Detector Problem: VLAN 380 should not be accidentally removed from a trunk
Solution: use EEM CLI Event Detector:
event manager applet cli-async
event cli pattern "switchport trunk allowed vlan remove.*380.*" sync no skip no
action 1.0 syslog msg "Removing VLAN 380"
Option a: Don’t prevent anything, just issue a syslog notification:
event manager applet cli-sync
event cli pattern "switchport trunk allowed vlan remove.*380.*" sync yes
action 1.0 puts "Confirm removing VLAN 380 [yes|no]:"
action 2.0 gets response
action 3.0 if $response eq yes goto 5.0
action 4.0 puts "NOK - VLAN 380 will NOT be removed"
action 4.1 exit 0
action 5.0 puts "OK - VLAN 380 will be removed"
action 5.1 exit 1
Option c: Ask for confirmation, then allow or prevent the entire command:
event manager applet cli-async-skip
event cli pattern "switchport trunk allowed vlan remove.*380.*" sync no skip yes
action 1.0 syslog msg "Will NOT remove VLAN 380"
Option b: Prevent the entire command and issue a syslog notification:
Caveats: command may be (much) bigger than what you match! Ranges!
Other Examples:• no mpls ip• no router isis• debug all
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 81
Managing Versions and Revisions
Archive, EEM Update
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 82
Problem: Device configurations must be archived periodically, collecting them from the outside should not be the only answer.
Solution 1: Manually create meaningful copies of the running config:
nexus-7000# copy run bootflash:/$(TIMESTAMP)-$(SWITCHNAME).conf
nexus-7000# dir bootflash:
29796 Apr 27 17:38:16 2009 2009-04-27-17.38.16-nexus-7000.conf
nexus-7000# show cli variable
VSH Variable List
-----------------
SWITCHNAME=“nexus-7000" TIMESTAMP="2009-04-27-17.47.48"
Example: Archiving Configuration – 1/4
Note: from IOS 12.3T onwards, refer to $h and $t variables within archive config path option
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 83
archive
path disk0:/config-archive
maximum 7
time-period 1440
Solution 2: Archive the running configuration once every day locally:
Router#show archive
There are currently 3 archive configurations saved.
The next archive file will be named disk0:config-archive-3
Archive # Name
0
1 disk0:config-archive-1
2 disk0:config-archive-2 <- Most Recent
3
4
5
6
View the content of the archive:
Example: Archiving Configuration – 2/4
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 84
Solution 4: Use Kron to schedule periodic archiving (plus other activity)
archive
path tftp://10.1.1.1
write-memory
Solution 3: Archive the running configuration to tftp upon write:
archive
path tftp://10.1.1.1
!
kron policy-list backupconfig
cli archive config
!
kron occurrence backup-occur at 23:23 recurring
policy-list backupconfig
Router#archive config
Note: Config can also be archived on-demand:
multiple policy-lists possible
Example: Archiving Configuration – 3/4
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 85
Solution 5: Use Embedded Event Manager (EEM) with a Syslog EventDetector and a TCL Applet to only archive configs if therewas a change
Example: Archiving Configuration – 4/4
Router(config)# event manager environment filename <myfile.txt>
Router(config)# event manager directory user policy "flash:/TCL"
Router(config)# event manager policy archive.tcl type user
Router(config)# archive
Router(config-archive)# path flash:disk0
Router(config-archive)# maximum 14
Define EEM Environment Variable
Register EEM TCL Script
Configure Archive Location and Size
The script ‘Archive Config if Changes’ is available from www.cisco.com/go/ciscobeyondunder ‗Network Management‘ ( See http://forums.cisco.com/eforum/servlet/EEM?page=eem&fn=script&scriptId=1103 )
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 86
Providing Interactive Menus on the CLI
Embedded Manager Menu (EMM)
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 87
Interactive Menus on the CLIProblem: How to make some CLI commands available in a guided way (for example to 1st Line Support, Local IT, Field Force, etc)
Solution I: Configure a Menu using the old <menu> commandsSolution II: Define a custom Menu in Embedded Menu Manager (EMM)
IOS menu Command
easy to learn, simple to use
limited functionality and flexibility
menu only, cli only
selections only
part of the IOS config
widely available
Embedded Menu Manager (EMM)
easy to learn, simple to use
very flexible
menus and wizards, cli and tcl
selections, inputs, actions, help texts
separate MDF file(s)
recent development – 12.4(20)T
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 88
Menu Config Command – 1/2
– Remember to provide an <exit> option
– Simple menus and actions only
– No user input other than menu items
– Part of the running- and startup-config
menu OldMenu title ^C
A simple example of the OLD menu command^C
menu OldMenu prompt ^C
Please select a menu item:^C
menu OldMenu text 1 Run a ping test
menu OldMenu command 1 ping 10.1.1.1
menu OldMenu options 1 pause
menu OldMenu text 9 Exit
menu OldMenu command 9 exit
menu OldMenu status-line
Available from: IOS 10.0, 12.2(33)S
Simple Menu Defined in the Config
Custom ASCII Menus
Part of IOS Config
Simple CLI Actions
Menu Title
Menu name
Menu Item Label
Menu Item Action
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 89
Menu Config Command – 2/2 router# menu OldMenu
Server “router" Line 0 Terminal-type (unknown)
A simple example of the OLD menu command
1 Run a ping test
9 Exit
Please select a menu item: 1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
--More—
Server “router" Line 0 Terminal-type (unknown)
A simple example of the OLD menu command
1 Run a ping test
9 Exit
Please select a menu item:
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 90
Embedded Menu Manager (EMM)
================================================================================
Branch Router Operations Menu on branch-99
Enter ? for help or ?# for item help
--------------------------------------------------------------------------------
1. Install Diagnostic Scripts
2. Change Hostname
3. Run CPU Diagnostic Script
4. Check for most recent EEM Policy Files
5. Run WAN Diagnostic Script
6. Instant World Peace
7. Exit
Enter selection [6]:
Programmable Menu Framework
Custom ASCII Menus
XML based Menu Definition Files (MDF)
Range / Type Checking
TCL Scripting Actions
Nested and Sequential Menus (Wizards)
Available from: IOS 12.4(20)TSee: http://tinyurl.com/emm-in-124t
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 91
EMM Menu Definition File Example – 1/2<?xml version="1.0"?>
<Menu MenuName="NMS" schemaVersion="1.1">
<MenuTitle>
<EmbTCLValue>
<TCLCommand>
return " Branch Router Operations Menu on [hostname]"
</TCLCommand>
</EmbTCLValue>
</MenuTitle>
<HelpString>
<Constant String="View and modify some common Network Management configuration parameters"/>
</HelpString>
<GlobalTCL>
<TCLCommand>
proc get_config { regex } {
set config [exec "show run | inc $regex"]
return $config
}
</TCLCommand>
</GlobalTCL>
:
:
Menu name and required schema version
Title can be constant or generatedwith Tcl
The menu and each item can haveits own help text
Optional global Tcl section to store procsused throughout menu
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 92
EMM Menu Definition File Example – 2/2
::
<Item ContinuePrompt="true" ItemJustification="LEFT">
<ItemTitle>
<Constant String=“Change Hostname" /></ItemTitle>
<HelpString>
<Constant String="This selection lets you type a new hostname" />
</HelpString>
<Wizard>
<QueryPrompt>
<Constant String="What hostname do you suggest?" />
</QueryPrompt>
<FreeForm />
</Wizard><IOSConfigCommand>
"hostname $r(1)"
</IOSConfigCommand>
::
From simple menu choices to complete customised wizards
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 93
In Summary Smart Call Home Service
Monitoring System Resources
• RMON & Threshold Notifications
• Embedded Resource Manager
IP Service Level Agent (IPSLA)
Enhanced Object Tracking (EOT)
Embedded Event Manager (EEM)
• Embedded Automation System (EASy)
• Ed.tcl
• IOS Shell
• Tcl Shell
• Kron Scheduler
Device Configuration Management
• Config rollback and revert via cli
• Trigger config change via EEM
• Use EEM to prevent a config change
• Config Archive Managment
Embedded Menu Manager
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 94
References – Instrumentation Device Manageability Instrumentation (DMI) www.cisco.com/go/instrumentation
Embedded Event Manager (EEM): www.cisco.com/go/eem
Cisco Beyond – EEM Community: www.cisco.com/go/ciscobeyond
Embedded Menu Manager (EMM): http://tinyurl.com/emm-in-124t
Embedded Packet Capture (EPC): www.cisco.com/go/epc
Flexible NetFlow: www.cisco.com/go/netflow and www.cisco.com/go/fnf
GOLD: http://www.cisco.com/en/US/products/ps7081/products_ios_protocol_group_home.html
IPSLA (formerly SAA, formerly RTR): www.cisco.com/go/ipsla
Network Analysis Module: http://www.cisco.com/go/nam
Network Based Application Recognition (NBAR): www.cisco.com/go/nbar
Security Device Manager (SDM): http://www.cisco.com/go/sdm
Smart Call Home: www.cisco.com/go/smartcall
Web Services Management Agents (WSMA): http://tinyurl.com/wsma-in-150M
Feature Navigator: www.cisco.com/go/fn
MIB Locator: www.cisco.com/go/mibs
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 95
References – Embedded Automations
Embedded Automation Systems (EASy)
1. Browse and Download EASy Packageswww.cisco.com/go/easy
2. Make Sure to also download EASy Installer
3. Browse Other Embedded Automationswww.cisco.com/go/ciscobeyond
4. Learn About The Technology Under The Hoodwww.cisco.com/go/instrumentationwww.cisco.com/go/eemwww.cisco.com/go/pec
5. Discuss, Ask Questions, Suggest Answers supportforums.cisco.com
6. Upload your own Examples to CiscoBeyondwww.cisco.com/go/ciscobeyond
7. Engage via [email protected]
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 96
Q & A
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 97
Complete Your Online Session Evaluation
Complete your session evaluation:
Directly from your mobile device by visiting www.ciscoliveaustralia.com/mobile and login by entering your badge ID (located on the front of your badge)
Visit one of the Cisco Live internet stations located throughout the venue
Open a browser on your own computer to access the Cisco Live onsite portal
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 99
Appendix I:Feature Availability
Note: May include futures, subject to change; no commitments implied.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 100
Embedded Management – SNMP RoadmapCisco IOS Software
PlatformsCisco 10000
SeriesCisco 7600
Series
Cisco 7500
Series
Cisco 7304 Router
Cisco 7301 and 7200 Routers
Cisco Catalyst
6500 Series
Cisco Catalyst 4500
Series
Cisco 3750 & 2900
Series
ASR-1000
Cisco 800, 1800
& 2800 Series
12.2SB 12.2SR/ SX 12.2SB 12.2SB 12.2SB/SR 12.2SX/ SR 12.2SG 12.2SE 12.2 XNA M & T
Periodic MIB Data Collection and Transfer Mechanism
12.2(33)SB 12.2(33)SRA 12.2(22)S 12.2(33)SB 12.2(33)SRA 12.2(33)SXH 12.2(44)SG12.2(35)
SE112.2(33)XN
A12.3(2)T
VPN aware SNMP Infrastructure 12.2(33)SB 12.2(33)SRA 12.2(22)S 12.2(33)SB 12.2(33)SRA 12.2(33)SXH 12.2(44)SG 12.2(7th)SE12.2(33)XN
A12.3(2)T
SNMP over IPv6 12.2(33)SB 12.2(33)SRB12.3(14)T
12.2(33)SB 12.2(33)SRB 12.2(33)SXI 12.2(44)SG 12.2(44)SE12.2(33)XNA
12.3(14)T
AES (RFC 3826) and 3DES Encryption for SNMP v3
12.2(33)SB 12.2(33)SRB 12.2(33)SB 12.2(33)SRB 12.2(33)SXI 12.2(44)SG 12.2(7th)SE12.2(33)XNA
12.4(2)T
ISSU - SNMP 12.2(33)SB 12.2(33)SRB1 12.2(33)SB 12.2(33)SRB1 12.2(33)SXI 12.2(44)SG12.2(33)XN
A
Interface MIB Enhancements 12.2(31)SB 12.2(33)SRA 12.2(31)SB 12.2(31)SB 12.2(33)SRA 12.2(33)SXH 12.2(44)SG12.2(33)XNA
CEF-MIB 12.2(33)SB 12.2(33)SRC 12.2(31)SB 12.2(33)SB 12.2(33)SRC 12.2(44)SG12.2(TBD)S
E12.2(33)XNA
12.4(20)T
URPF-MIB 12.2(31)SB 12.2(33)SRC 12.2(31)SB 12.2(31)SB 12.2(33)SRC 12.2(44)SG12.2(TBD)S
E12.2(33)XNA
12.4(20)T
SNMP Infrastructure for MTR 12.2(33)SB 12.2(33)SRB 12.2(33)SB 12.2(33)SRB
IP-TUNNEL-MIB 12.2(33)SB 12.2(33)SRB 12.2(33)SB 12.2(33)SRB 12.2(44)SG12.2(33)XNA
12.4(20)T
Interfaces MIB: SNMP context based access
12.2(33)SB 12.2(33)SRB 12.2(33)SB 12.2(33)SRB 12.2(44)SG 12.2(7th)SE12.2(33)XNA
CISCO-DATA-COLLECTION-MIB 12.2(33)SB 12.2(33)SRC 12.2(33)SB 12.2(33)SRC 12.2(44)SG12.2(TBD)S
E12.2(33)XNA
12.4(20)T
CISL - SNMP Support (Licensing MIB)
12.2(37)SE 12.4(20)T
SNMP secure Views 12.2(33)SB 12.2(33)SRA 12.2(22)S 12.2(33)SB 12.2(33)SRA 12.2(33)SXH 12.2(44)SG 12.2(7th)SE12.2(33)XN
A12.3(2)T
ShippingCode Committed
EC’d
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 101
Embedded Management – SNMP RoadmapCisco IOS Software
PlatformsCisco 10000
SeriesCisco 7600
Series
Cisco 7500
Series
Cisco 7304 Router
Cisco 7301 and 7200 Routers
Cisco Catalyst
6500 Series
Cisco Catalyst 4500
Series
Cisco 3750 & 2900
Series
ASR-1000
Cisco 800,
1800 & 2800
Series
12.2SB 12.2SR/ SX 12.2SB 12.2SB 12.2SB/SR 12.2SX/ SR 12.2SG 12.2SE 12.2 XNA M & T
Alarm filtering support in Cisco-Entity-Alarm-MIB
12.2(33)SRB 12.2(33)SRB 12.2(33)SXI 12.2(44)SG12.(33)XN
A12.4(4)T
SNMP Trap Simulation 12.2(33)SRE 12.2(33)SRE 12.2(33)SXI
RMON-MIB enhancement for 64 bit counter support
12.2(33)SRE 12.2(33)SRE 12.2(33)SXI
Support for HC-Alarm-MIB 12.2(33)SRE 12.2(33)SRE 12.2(33)SXI
RFC2576: SNMP v1/v2c PDU conversions for proxy forwarder
12.3(2)T
SCP, FTP & RCP Support in CISCO-CONFIG-COPY-MIB
12/3(2)T
FileType support in CISCO-FLASH-MIB
12.3(2)T
Event MIB and Expression MIB Enhancements
12.2(33)SRE 12.2(33)SRE 12.2(1st)SY 12.2(44)SG 12.4(20)T
Show Port Status Command 12.2(33)SRE 12.2(33)SRE 12.2(33)SXI
SNMP Diagnostic Enhancements 12.2(33)SRE 12.2(33)SRE 12.2(33)SY 12.4(20)T
SNMP Support for Cisco Power Extension
12.2(52) SG 12.2(50)SE
SNMP trap support for EEM 12.4(22)T
SNMP support for Named Access List
12.3(2)T
Licensing MIB Enhancement for STG
12.4(11)T
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 102
Embedded Management - ConfigurationCisco IOS Software
PlatformsCisco 10000
SeriesCisco 7600
Series
Cisco 7500
Series
Cisco 7304 Router
Cisco 7301 and 7200 Router
Cisco Catalyst
6500 Series
Cisco Catalyst
4500 Series
Cisco 3750 & 2900 Series
ASR-1000
Cisco 800, 1800 & 2800
Series
12.2SB 12.2SR/ SX 12.2SB 12.2SB 12.2SB/SR 12.2SX/ SR 12.2SG 12.2SE 12.2 XNA M & T
UDI Support and Configuration Enhancements
12.2(28)SB 12.2(18)SXE5 12.2(18)SXE5 12.2(33)SRC 12.2(18)SXE5 12.2(25)SEC12.2(33)XN
A12.3(4)T
CNS Agents (Configuration Agent Event Agent, Image Agent)
12.2(33)SB 12.2(33)SRB 12.2(31)SB 12.2(33)SB 12.2(31)SB 12.2(33)SXI 12.2(44)SG 12.2(25)SEE12.2(33)XN
A12.3(1)
Config Retrieve Retry 12.2(33)SB 12.2(33)SRC 12.2(33)SB 12.2(33)SRC 12.2(1st)SY 12.2(44)SG 12.2(44)SE12.2(33)XN
A12.4(15)T
CNS Agents over IPv6 12.2(33)SB 12.2(33)SRC 12.2(33)SRC 12.2(1st)SY 12.2(44)SG12.2(33)XN
A12.4(20)T
Netconf over SSHv2, BEEP 12.2(33)SB 12.2(33)SRA 12.2(33)SB 12.2(33)SRA 12.2(33)SXH 12.2(44)SG12.2(33)XN
A12.4(9)T
Config Change Notification (Netconf) 12.2(33)SB 12.2(33)SRA 12.2(33)SB 12.2(33)SRA 12.2(33)SXH 12.2(44)SG12.2(33)XN
A12.4(9)T
Netconf over IPv6 12.2(33)SB 12.2(33)SRC 12.2(33)SB 12.2(33)SRC 12.2(1st)SY 12.2(44)SG12.2(33)XN
A12.4(20)T
Cisco Software Licensing 12.2(37)SE 12.4(20)T
CNS-Interactive CLI 12.2(33)SRC 12.2(33)SRC 12.2(33)SXI 12.2(44)SG12.2(33)XN
A
Command scheduler Policy for system startup
12.2(33)SB 12.2(33)SRC 12.2(33)SB 12.2(33)SRC 12.2(1st)SY 12.2(44)SG12.2(33)XN
A12.4(15)T
TR-69 agent, Ethernet LAN, Time, ATM, loopback, traceroute profiles, HTTP client API to close persistent conn.
12.4(20)T
Web Services Management Agent Planning Planning 12.2(1st)SY Planning Planning Planning 12.4(24)T
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 103
Embedded Management – Infra - TransportsCisco IOS Software
Platforms
Cisco 10000 Series
Cisco 7600 Series
Cisco 7500
Series
Cisco 7304 Router
Cisco 7301 and 7200 Routers
Cisco Catalyst
6500 Series
Cisco Catalyst
4500 Series
Cisco 3750 & 2900
Series
ASR-1000
Cisco 800, 1800 & 2800
Series
12.2SB 12.2SR/ SX 12.2SB 12.2SB 12.2SB/SR 12.2SX/ SR 12.2SG 12.2SE 12.2 XNA M & T
HTTPS - HTTP with SSL 3.0 12.2(33)SB 12.2(33)SRA NA 12.2(33)SB 12.2(33)SRA 12.2(33)SXH 12.2(44)SG 12.2(25)SE12.2(33)X
NA12.3(2)T
HTTP(S) USB Support For Content Delivery from USB Media; PAI enhancement; TACAC+ Accounting support
12.2(33)SB 12.2(33)SRC NA 12.2(33)SB 12.2(33)SRC 12.2(33)SXI 12.2(44)SG 12.4(15)T
HTTP IPv6 Support 12.2(33)SB 12.2(33)SRC NA 12.2(33)SB 12.2(33)SRC 12.2(1st)SY 12.2(44)SG 12.2(44)SE12.2(33)X
NA12.4(20)T
BEEP Infrastructure; IPV6 Support 12.2(33)SB 12.2(33)SRA NA 12.2(33)SB 12.2(33)SRA 12.2(33)SXH 12.2(44)SG 12.2(7th)SE12.2(33)X
NA12.4(4)T
SOAP IPv6 Support 12.2(33)SB 12.2(33)SRC NA 12.2(33)SB 12.2(33)SRC 12.2(1st)SY 12.2(44)SG 12.2(7th)SE12.2(33)X
NA12.4(20)T
Cisco IOS Scripting with TCL 12.2(33)SB 12.2(33)SRC NA 12.2(33)SB 12.2(33)SRC 12.2(33)SXH 12.2(44)SG12.2(TBD)S
E12.2(33)X
NA12.3(2)T
TCL SNMP MIB access 12.2(33)SB 12.2(33)SRC NA 12.2(33)SB 12.2(33)SRC 12.2(33)SXH 12.2(44)SG 12.2(7th)SE12.2(33)X
NA12.3(7)T
Signed TCL scripts NA 12.4(15)T
TCL over IPv6 12.2(33)SB 12.2(33)SRC NA 12.2(33)SB 12.2(33)SRC 12.2(1st)SY 12.2(44)SG 12.2(7th)SE12.2(33)X
NA12.4(20)T
HTTP Cookie support (RFC2965) 12.2(1st)SRE 12.4(20)T
HTTP Digest Authentication Support
12.4(20)T
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 104
Embedded Management – Config/ParserCisco IOS Software
Platforms
Cisco 10000 Series
Cisco 7600 Series
Cisco 7500
Series
Cisco 7304 Router
Cisco 7301 and 7200 Routers
Cisco Catalyst 6500
Series
Cisco Catalyst 4500
Series
Cisco 3750 & 2900
Series
ASR-1000
Cisco 800,
1800 & 2800
Series
12.2SB 12.2SR/ SX 12.2SB 12.2SB 12.2SB/SR 12.2SX/ SR 12.2SG 12.2SE 12.2 XNA M & T
Configuration Replace and Configuration Rollback, including config versioning (archive) and timed rollback
12.2(33)SB 12.2(33)SRA 12.2(25)S 12.2(33)SB 12.2(31)SB2 12.2(33)SXH 12.2(44)SG 12.2(40)SE 12.2(33)XNA 12.3(7)T
Configuration Change Notification and Logging
12.2(33)SB 12.2(33)SRA 12.2(25)S 12.2(33)SB 12.2(25)S 12.2(33)SXH 12.2(44)SG 12.2(25)SEC 12.2(33)XNA 12.3(4)T
Contextual Configuration Diff Utility 12.2(33)SB 12.2(33)SRA 12.2(25)S 12.2(33)SB 12.2(33)SXH 12.2(44)SG 12.2(40)SE 12.2(33)XNA 12.3(4)T
Configuration Generation Performance Enhancement
12.2(33)SB 12.2(33)SRC 12.2(25)S 12.2(33)SB 12.2(33)SRC 12.2(33)SXI 12.2(44)SG 12.2(33)XNA 12.3(7)T
Role-Based Access Control CLI commands
12.2(33)SB 12.2(33)SRB 12.2(33)SB 12.2(33)SXI 12.2(44)SG 12.2(33)XNA12.3(11)
T
Configuration Partitioning 12.2(33)SB 12.2(33)SRB 12.2(33)SB 12.2(33)SRB 12.2(33)SXI 12.2(44)SG 12.2(7th)SE 12.2(33)XNA
Configuration Rollback Confirmed Change
12.2(33)SB 12.2(33)SRC 12.2(33)SB 12.2(33)SRC 12.2(33)SXI 12.2(44)SG 12.2(33)XNA12.4(20)
T
IPv6 for Config Logger 12.2(33)SB 12.2(33)SRC 12.2(33)SB 12.2(33)SRC 12.2(1st)SY 12.2(44)SG 12.2(7th)SE 12.2(33)XNA12.4(20)
T
Config Logger Persistency 12.2(33)SB 12.2(33)SRA 12.2(33)SB 12.2(33)SXH 12.2(44)SG 12.2(33)XNA12.4(11)
T
Exclusive Configuration Change Access and Access Session Locking
12.2(33)SB 12.2(33)SRA 12.2(33)SB 12.2(33)SXH 12.2(44)SG 12.2(33)XNA12.4(11)
T
Config Change Tracking Identifier 12.2(33)SB 12.2(33)SRC 12.2(33)SB 12.2(33)SRC 12.2(33)SXI 12.2(44)SG 12.2(33)XNA12.4(20)
T
XML Programmatic Interface w/TLS and Initiator
12.2(1st)SRE 12.2(1st)SRE 12.2(1st)SY 12.2(47)SG 12.2(7th)SE12.4(20)
T
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 105
EEM Version/Product Support MatrixCISCO ACCESS ROUTERS - Current models
EEM Version Cisco 800 SeriesCisco 1800
SeriesCisco 2800
SeriesCisco 3800
SeriesCisco 1900
SeriesCisco 2900
SeriesCisco 3900
Series
1.0 12.3(11)T 12.3(11)T 12.3(11)T
2.0
2.1 12.3(14)T1 12.3(14)T1 12.3(14)T1
2.1.5
2.2 12.4(2)T 12.4(2)T 12.4(2)T 12.4(2)T
2.3 12.4(11)T 12.4(11)T 12.4(11)T 12.4(11)T
2.4 12.4(20)T 12.4(20)T 12.4(20)T 12.4(20)T
3.0 12.4(22)T 12.4(22)T 12.4(22)T 12.4(22)T
3.1 15.0(1)M 15.0(1)M 15.0(1)M 15.0(1)M 15.0(1)M 15.0(1)M 15.0(1)M
3.2 15.1(3)T 15.1(3)T 15.1(3)T 15.1(3)T 15.1(3)T 15.1(3)T 15.1(3)T
3.4 Planning Planning Planning Planning Planning Planning Planning
CISCO ACCESS ROUTERS - Old models
EEM Version Cisco 1700 SeriesCisco 2600
SeriesCisco 2600XM
SeriesCisco 2691
SeriesCisco 3600
SeriesCisco 3700
Series
1.0 12.3(4)T 12.3(4)T 12.3(4)T 12.3(4)T
2.0
2.1 12.3(14)T1 12.3(14)T1 12.3(14)T1 12.3(14)T1 12.3(14)T1 12.3(14)T1
2.1.5
2.2 12.4(2)T 12.4(2)T 12.4(2)T 12.4(2)T 12.4(2)T 12.4(2)T
2.3 12.4(11)T 12.4(11)T 12.4(11)T 12.4(11)T 12.4(11)T 12.4(11)T
2.4
3.0
3.1
3.2
Shipping
EC
Planning
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 106
EEM Version/Product Support Matrix, cont.CISCO SERVICE AGGREGATION/CORE ROUTERS
EEM Version
Cisco ASR1000
Series
Cisco 7200 Series
Cisco 7301 Cisco 7304Cisco 7600
SeriesCisco UBR
10000Cisco UBR
7200
Cisco 12000 Series
Cisco XR 12000
CiscoCRS-1
Cisco ASR 9000
1.0 12.0(26)S
2.0 12.2(27)SBC FM FM FM
2.1 12.3(14)T1 12.3(14)T1 12.2(28)SB 12.2(18)SXF5 12.2(28)SB 12.2(28)SB FM FM FM
2.1.5 FM FM FM
2.2 12.4(2)T 12.4(2)T1 FM FM FM
2.3 2.1XE 12.4(11)T 12.2(33)SB 12.2(33)SB 12.2(33)SRB 12.2(33)SB 12.2(33)SB FM FM FM
2.4 12.2(33)XN RLS7 12.4(20)T 12.2(33)SRE 12.2(33)SRE 12.2(33)SRE 12.2(33)SRE 12.2(33)SRE FM FM FM
3.0 12.2(33)XN RLS7 12.4(22)T 12.2(33)SRE 12.2(33)SRE 12.2(33)SRE 12.2(33)SRE 12.2(33)SRE FM FM FM
3.1 Planning 15.0(1)M Planning Planning Planning Planning Planning Planning Planning Planning Planning
3.2 Planning 15.1(3)T Planning Planning Planning Planning Planning Planning Planning Planning Planning
3.4 Planning Planning Planning Planning Planning Planning Planning Planning Planning Planning Planning
CISCO CATALYST SWITCHES
EEM VersionCatalyst 3000
SwitchesCisco 3400ME
SwitchesCatalyst 4500
SwitchesCatalyst 4900
SwitchesCatalyst 6500
Switches
1.0
2.0
2.1IOS w/o Modularity
12.2(18)SXF5
2.1.5w/ Modularity12.2(18)SXF4
2.2
2.3 12.2(40)SE 12.2(40)SE 12.2(44)SG 12.2(44)SG 12.2(33)SXH
2.4 12.2 (50) SE 12.2 (50) SE 12.2(52)SG 12.2(52)SG 12.2(33)SXI
3.0 12.2 (52) SE 12.2 (52) SE Summer'10 (Zanzibar) 12.2 (1st)SY 12.2 (1st)SY
3.1 12.2 (52) SE 12.2 (52) SE Summer'10 (Zanzibar) Planning Planning
3.2 12.2 (52) SE 12.2 (52) SE Summer'10 (Zanzibar) Planning Planning
3.4 Planning Planning Planning Planning Planning
Shipping
EC
Planning