Brkrst2612 Cisco Ios Managing sing and Tweaking

BRKRST - 2612

Cisco IOS – Managing, Optimising and Tweaking

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2612 2

Objective

Introduce some of the lesser known features of IOS

Encourage you to use these features


Agenda Smart Call Home Service

Monitoring System Resources

• RMON & Threshold Notifications

• Embedded Resource Manager

IP Service Level Agent (IPSLA)

Enhanced Object Tracking (EOT)

Embedded Event Manager (EEM)

Device Configuration Management


Smart Call Home


Solution Architecture

Customer

Secure Authenticated

Access to Hosted Portal

Device Diagnostic

Library

Remediation

Recommendation

Engine

Diagnostics &

Parsing Engine

Smart Call Home Portal TAC

Automatic

SR Opened

Remediation

Recommendation

Customer & TAC access the same data

Intelligent Monitoring

& Collection Engine

Call Home feature

Cisco

InternetSecure Transport

HTTPS Encryption & Certificate-based authentication

13

2

EMAIL 4


SMART Call home

An embedded support feature available on a broad

range of Cisco products -

http://www.cisco.com/en/US/services/ps2827/ps2978/p

s7334/smartcall_supported_products_popup.html

Enabled devices continuously perform proactive

diagnostics

Provided at no additional cost when you have an active

SMARTnet Service, SP Base, Unified Computing

Support Service, or Mission Critical Support Service

http://www.cisco.com/en/US/services/ps2827/ps2978/ps7334/smartcall_supported_products_popup.html

http://www.cisco.com/en/US/services/ps2827/ps2978/ps7334/smartcall_supported_products_popup.html

http://www.cisco.com/en/US/products/svcs/ps3034/ps2827/ps2978/serv_group_home.html

http://www.cisco.com/en/US/products/svcs/ps3034/ps2827/ps2960/serv_group_home.html

http://www.cisco.com/en/US/products/ps10321/serv_home.html

http://www.cisco.com/en/US/products/ps10321/serv_home.html


SMART Call home Visibility into your network through diagnostic reports

Real-time trouble shooting, alerts, and remediation advice

Automatic generation of Cisco Service Request

Secure, reliable data transport

Personalised Web-based portal to review Call Home messages, detailed diagnostics, recommendations, and inventory


SMART Call home Configuration - HTTPS to Cisco (1/3)

1. Enable Call Home ServiceISR#configure terminal

ISR(config)#service call-home

ISR(config)#call-home

2. Configure the mandatory contact email address

ISR(cfg-call-home)#contact-email-addr username@domain-name

3. Activate default CiscoTAC-1 profile and set transport option to http

ISR(cfg-call-home)#profile CiscoTAC-1

ISR(cfg-call-home-profile)#active

ISR(cfg-call-home-profile)#destination transport-method http



4. Install a security certificate -Download the Cisco server certificate from

http://www.cisco.com/warp/public/437/services/smartcall/docs/Cisco_Server_Security_Certificate.txt

ISR(config)#crypto pki trustpoint cisco

ISR(ca-trustpoint)#enroll terminal

ISR(ca-trustpoint)#revocation-check crl none

ISR(ca-trustpoint)#exit

ISR(config)#crypto pki authenticate cisco

Enter the base 64 encoded CA certificate.

End with a blank line or the word "quit" on a line by

itself

[paste the certificate here and accept it]

% Do you accept this certificate? [yes/no]: yes

Trustpoint CA certificate accepted.

% Certificate successfully imported



5. Exit and save the configurationISR(config)#end

ISR#copy run start

6. Send a Call Home Inventory message to start registration process

ISR#call-home send alert-group inventory profile CiscoTAC-1

Sending inventory info call-home message . . .

Please wait. This may take some time . . .

7. Receive an Email from Cisco and follow the link to complete

registration for Smart Call Home

Further information - http://www.cisco.com/go/smartcall

http://www.cisco.com/go/smartcall


Monitoring System Resources IRMON & Threshold Notifications


Monitoring System Resources – CPU (1/3)

Complication : What If your device has multiple CPU‗s ?

Problem: Monitor CPU Utilisation and generate an snmp trap and/or syslog message when a threshold is crossed

Solution 1: Configure RMON Events and Alarms

Router(config)# rmon event 1 log trap eventtrap description “CPU Utilization > 80%" owner

<ownername>

Router(config)# rmon event 2 log trap eventtrap description “CPU Utilization < 50%" owner

<ownername>

Router(config)# rmon alarm 10 cpmCPUTotal1minRev.<cpmCPUTotalIndex> 60 absolute rising-

threshold 80 1 falling-threshold 50 2 owner <ownername>

Generate syslog message

Generate snmp trap with community eventtrap

60 second sample interval


Monitoring System Resources – CPU (2/3) Solution 1 : Configure RMON Events and Alarms (cont‘d)

% snmpwalk -c public 10.66.76.16 .1.3.6.1.4.1.9.9.109.1.1.1.1.2

SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.2.1 = INTEGER: 4017

SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.2.2 = INTEGER: 4001

RMON Configuration Guide -http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_cfg_rmon_sup_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1056328

Perform an snmpwalk of cpmCPUTotalPhysicalIndex

Perform an snmpwalk of entPhysicalDescr

% snmpwalk -c public 10.66.76.16 .1.3.6.1.2.1.47.1.1.1.1.2 | grep 4017

SNMPv2-SMI::mib-2.47.1.1.1.1.2.4017 = STRING: "CPU of Routing Processor 6"

% snmpwalk -c public 10.66.76.16 .1.3.6.1.2.1.47.1.1.1.1.2 | grep 4001

SNMPv2-SMI::mib-2.47.1.1.1.1.2.4001 = STRING: "CPU of Switching Processor 6“

cpmCPUTotalIndex

cpmCPUTotalPhysicalIndex = entPhysicalIndex

To monitor the CPU Utilization of the RP in Slot 6 cpmCPUTotalIndex = 1

rmon alarm 10 cpmCPUTotal1minRev.1 60 absolute rising-threshold 80 1 falling-threshold 50 2

owner <ownername>

http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_cfg_rmon_sup_ps6350_TSD_Products_Configuration_Guide_Chapter.html

http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_cfg_rmon_sup_ps6350_TSD_Products_Configuration_Guide_Chapter.html


Monitoring System Resources – CPU (3/3) Solution 2 : CPU Threshold Notification

Router(config)# snmp-server enable traps cpu threshold

Router(config)# snmp-server host host-address [traps | informs] [version {1 | 2c | 3 [auth |

noauth | priv]}] community-string

Router(config)# process cpu threshold type total rising 80 interval 5 falling 50 interval 5

Router(config)# process cpu statistics limit entry-percentage 40 size 300

{total | process | interrupt}

Sets the process entry limit and the size of the history table for CPU utilisation statistics.

Refer CISCO-PROCESS-MIB :

•CPU Thresholds & CPU History can be found in cpmCPUThresholdTable & cpmCPUHistory respectively.

•Traps generated are cpmCPURisingThreshold & cpmCPUFallingThreshold.

CPU Threshold Notification Configuration Guide -http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_cpu_thresh_notif_ps6350_TSD_Products_Configuration_Guide_Chapter.html

http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_cpu_thresh_notif_ps6350_TSD_Products_Configuration_Guide_Chapter.html

http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_cpu_thresh_notif_ps6350_TSD_Products_Configuration_Guide_Chapter.html


Monitoring System Resources – Memory

Devices have multiple Memory Pools, what value of <ciscoMemoryPoolType> to use ?

Problem: Monitor Memory Utilisation and generate an snmp trap and/or syslog message when a threshold is crossed

Solution 1: Configure RMON Events and Alarms

Router(config)# rmon event 1 log trap eventtrap description “Memory Utilization > 80%" owner

<ownername>

Router(config)# rmon event 2 log trap eventtrap description “Memory Utilization < 50%" owner

<ownername>

Router(config)# rmon alarm 10 ciscoMemoryPoolUtilization1Min.<ciscoMemoryPoolType> 60

absolute rising-threshold 80 1 falling-threshold 50 2 owner <ownername>

Generate syslog message

Generate snmp trap with community eventtrap

60 second sample interval


Monitoring System Resources – Memory Solution 1: Configure RMON Events and Alarms (cont‘d)

% snmpwalk -c public 10.66.91.113 .1.3.6.1.4.1.9.9.48.1.1.1.2

SNMPv2-SMI::enterprises.9.9.48.1.1.1.2.1 = STRING: "Processor"

SNMPv2-SMI::enterprises.9.9.48.1.1.1.2.2 = STRING: "I/O"

SNMPv2-SMI::enterprises.9.9.48.1.1.1.2.16 = STRING: "Driver text“

<ciscoMemoryPoolType>

Perform an snmpwalk of ciscoMemoryPoolName

To monitor the Processor Memory Pool

rmon alarm 10 ciscoMemoryPoolUtilization1Min.1 60 absolute rising-threshold 80

1 falling-threshold 50 2 owner <ownername>

Refer CISCO-MEMORY-POOL-MIB


Monitoring System Resources – Memory Solution 2 : Memory Threshold Notification

Router(config)# memory free low-watermark processor 20000

Router(config)# memory free low-watermark io 2000 KB

Generates syslog messages but no snmp traps

Memory Threshold Notification Configuration Guide -http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_mem_thresh_note_ps6350_TSD_Products_Configuration_Guide_Chapter.html

000029: *Aug 12 22:31:19.559: %SYS-4-FREEMEMLOW: Free Memory has dropped below 20000k

Pool: Processor Free: 66814056 freemem_lwm: 204800000

000032: *Aug 12 22:33:29.411: %SYS-5-FREEMEMRECOVER: Free Memory has recovered 20000k

Pool: Processor Free: 66813960 freemem_lwm: 0

If free memory falls below the threshold

When free memory recovers to 5% above the threshold

http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_mem_thresh_note_ps6350_TSD_Products_Configuration_Guide_Chapter.html

http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_mem_thresh_note_ps6350_TSD_Products_Configuration_Guide_Chapter.html


Monitoring System Resources IIEmbedded Resource Manager (ERM)


Monitoring System Resources – ERM

Monitoring system resource usage.

Setting the resource threshold at a granular level.

Generating alerts when resource utilisation reaches the specified level.

Generating internal events using the Cisco IOS Embedded Event Manager feature.


Monitoring System Resources – ERMERM provides for three types of thresholds to be defined:

The System Global Threshold is the point when the entire resource reaches a specified value. A notification is sent to all RUs once the threshold is exceeded.

The User Local Threshold is the point when a specified RUs utilisation exceeds the configured limit.

The User Global Threshold is the point when the entire resource reaches a configured value. A notification is sent to the specified RU once the threshold is exceeded.


Monitoring System Resources – ERM ERM Sample configuration - Global policy

snmp-server enable trap resource-policy

resource policy

policy cpu-global global

system

cpu total

critical rising 90 interval 10 falling 80 interval 10

major rising 80 interval 10 falling 70 interval 10

minor rising 70 interval 10 falling 60 interval 5

!

!

module 6/0

cpu total

critical rising 90 interval 10 falling 80 interval 10

!

!

!

user global cpu-global Needed to activate the policy


Monitoring System Resources – ERM ERM Sample configuration - User Local Policypolicy user-local-cpu type iosprocess

system

cpu process

minor rising 10 interval 2 falling 5 interval 2

!

user "SNMP ENGINE" iosprocess user-local-cpu

policy user-global-cpu type iosprocess

system

cpu total

minor rising 10 interval 2 falling 5 interval 2 global

!

user "BGP Router" iosprocess user-global-cpu

ERM Sample configuration – User Global Policy


Monitoring System Resources – ERMOther ERM Features :

Automatic CPUHOG Profiling

Extended CPU load monitoring

Packet Memory Reclamation functionality for "unwedging" interface input queues

Automatic Buffer Tuning

MIB - CISCO-ERM-MIB

Traps generated ciscoErmGlobalPolicyViolation & ciscoErmLocalPolicyViolation

Embedded Resource Manager Configuration Guide -http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_erm_resource_ps6350_TSD_Products_Configuration_Guide_Chapter.html

http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_erm_resource_ps6350_TSD_Products_Configuration_Guide_Chapter.html

http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_erm_resource_ps6350_TSD_Products_Configuration_Guide_Chapter.html


IP Service Level Agent (IP SLA)


QoS Markings

MPLS VPN

Aware

Connect

IP SLA Operations

Frame Relay

GK Delay

Call Setup

(PDD)

HTTPDLSw

Jitter Path

Echo

TCP

Echo

DNS/

DHCP

FTP

Increasing Service Value

Path

Jitter

L2

VoIP

Echo

SNA

UDP

Cisco IOS-Based

IP Service Level Agent

ICMP

VoIP UDP

Jitter

RTP

ATM

Metro E


Platforms Supporting IP SLA

Cisco 10K,

12K, CRS-1

Cisco 7200/7300

Cisco 800/1700/1800

Cisco 3700/Cisco 3800Catalyst 2960

Cisco 2600/2800

Catalyst

3550/3560

Catalyst 3750

Catalyst 4500

Catalyst

6500/7600

Cisco IOS Software Releases 12.3T, 12.4 and 12.4T(Responder Only)

Cisco IOS Software Releases 12.2S

http://www.linksys.com/default.asp


IP Host

How does Cisco IP SLA Work?

Management

Application

Configure

SNMP TrapCollect Data

Reconfigure

IP SLA Measure

Measure Performance

IP SLA Responder

TargetSource


IP SLA Operation with Non-Responder

IP SLA Sender IP Host

Reply to test Packet

Sending Test Packet

Probing

Phase

IP SLA-Test

Operation types :

dhcp, dns , echo , ftp, http, pathEcho, tcpConnect


IP SLA Operation with Responder

IP SLA Sender IP SLA ResponderControl Message Ask Receiver to

Open Port 2020 on UDP

Responder Says OK

Sending Test Packet(s)…

Start Listening on

UDP Port 2020

UDP, 2020

Done: Stop Listening

Control

Phase

Probing

Phase

IP SLA-Control

IP SLA-Test

UDP, 1967


Configuration example – Change to backup link (1/2)

Define an Echo probe

ip sla 1

icmp-echo <target> source-ip 24.249.14.209

timeout 2000

threshold 1000

frequency 1

ip sla schedule 1 life forever start-time now

Track the probe reachability

track 10 rtr 1 reachability

delay down 5 up 10

Define default routes

ip route 0.0.0.0 0.0.0.0 <Main ISP> track 10

ip route 0.0.0.0 0.0.0.0 <Backup ISP> 200


Configuration example – Change to backup link (2/2)

Force probe packets to always go out the Main ISP Interface

ip local policy route-map MY-LOCAL-POLICY

!

access-list 101 permit icmp any host <target> echo

!

route-map MY-LOCAL-POLICY permit 10

match ip address 101

set interface <Main ISP Interface>

set default interface <Main ISP Interface>




Enhanced Object TrackingFeatures

Separation between the objects to be tracked and the action to be taken.

Each Tracked object has a unique number

Boolean ―and‖ and ―or‖ functions to combine tracked objects

Advantages

Increases the availability and speed of recovery of a network.

Decreases network outages and their duration.

Restriction

Enhanced Object Tracking is not statefull switchover (SSO) aware


Enhanced Object Tracking

What can be tracked :

Line-Protocol State of an Interface

IP-Routing State of an Interface

IP-Route Reachability

Threshold of IP-Route Metrics

State of an IP SLA Operation

Reachability of an IP SLA IP Host

Mobile IP Applications


Enhanced Object TrackingConfiguration Example - Line-Protocol State of an Interface

10.1.0.0/24

A B

S1/0 S1/0

Fa0/0Fa0/0

track 100 interface serial1/0 line-protocol

!

interface FastEthernet0/0

ip address 10.1.0.21 255.255.0.0

standby 1 preempt

standby 1 ip 10.1.0.1

standby 1 priority 110

standby 1 track 100 decrement 10

Router A Configuration

track 100 interface serial1/0 line-protocol

!

interface FastEthernet0/0

ip address 10.1.0.22 255.255.0.0

standby 1 preempt

standby 1 ip 10.1.0.1

standby 1 priority 110

standby 1 track 100 decrement 10

Router B Configuration

Further information on Enhanced Object Tracking -http://www.cisco.com/en/US/docs/ios/ipapp/configuration/guide/ipapp_eot.html

http://www.cisco.com/en/US/partner/docs/ios/ipapp/configuration/guide/ipapp_eot.html


Embedded Event Manager


Embedded Event

Manager

Syslogemail

notification

SNMP set

Counter

CLI

Applets

SNMP

get

SNMP

notification

Application

specific

TCL

Policies

Reload or

switch-over

EEM Applets

multi-event-correlation

IOS.sh

Policies

Actions

Event Detectors

Syslog

Event

Process

Scheduler

Database

Interface

Descriptor

Blocks

Syslog

ED

Watchdog

ED

Interface

Counter

ED

CLI

ED

OIR

ED

ERM

ED

EOT

ED

RF

ED

none

ED

GOLD

ED

XML

RPC

ED

SNMP

EDs

Remote:

• Notification

Local:

• Notification

• Get/Set

NetFlow

ED

IPSLA

ED

Route

ED

Timer

EDs

• Cron

• Count

down

HW

EDs

• Fan

• Temp

• Env

• ...

CDP

LLDP

ED

802.1x

ED

MAC

ED

EEM Architecture


Embedded Event Manager

Components that make up EEM Policy

Event Detectors -http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_overview.html#wp1070290

Actions - http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_overview.html#wp1070842

Applet (cli)

Script (tcl)

Environment Variables• User defined

• Cisco defined http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_overview.html#wp1071155

• Cisco built-in

http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_overview.html

http://www.cisco.com/en/US/partner/docs/ios/netmgmt/configuration/guide/nm_eem_overview.html

http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_overview.html


CLI

Applets

Programmatic Applet

Extensions

IOS.sh

Policies

Separate ASCII File my-

policy.sh

Based on Cisco IOS CLI

and Shell Commands

Effective shell-like simple

scripting

Registered via the Cisco

IOS Config

TCL

Policies

Separate ASCII File my-

policy.tcl

Based on Cisco IOS CLI

and Safe TCL

Commands

Flexible and powerful

scripting capabilities

Registered via the Cisco

IOS Config

Part of the Cisco IOS

Configuration

Based on CLI

Commands

Simple Actions

EEM Applets and Policies


Embedded Event Manager – cli Applet

Sample Applet – Force switch over to redundant processor

snmp-server enable traps eventmanager

!

event manager applet track-gig0

event syslog pattern ".*UPDOWN.*GigabitEthernet0.* changed state to down“

action 1.0 force-switchover

action 2.0 syslog msg “Gig0 down. EEM Forced-switch over”

Command syntax for the syslog event detector

event syslog [occurs num-occurrences] [period period-value] [priority priority-

level] pattern regular-expression

Event detector



Sample Applet – Send a custom snmp trap on LINK_LOST/OK

snmp-server enable traps eventmanager

!

event manager applet track_sfp_down

event syslog pattern "SPAWBCMTS-4-SFP_LINK_LOST.*link changed state to down“

action 1.0 snmp-trap strdata "$_syslog_msg"

!

event manager applet track_sfp_up

event syslog pattern "SPAWBCMTS-4-SFP_LINK_OK.*link changed state to up“

action 1.0 snmp-trap strdata "$_syslog_msg"

Cisco defined environment variable


• Which process is causing CPU spikes?

event manager applet High_CPU_Monitor

event snmp oid 1.3.6.1.4.1.9.9.109.1.1.1.1.7.1 get-type exact entry-op gt entry-val 75 exit-op lt exit-val 50 poll-interval 60

action 1.1 syslog msg "------ HIGH CPU DETECTED ------ CPU Currently: $_snmp_oid_val %“

action 2.1 cli command "enable"

action 2.2 cli command "terminal exec prompt timestamp"

action 2.3 cli command "show process cpu sort | exclude 0.0 | append flash:high_cpu_monitor.txt"

action 2.4 cli command "show process cpu history | append flash:high_cpu_monitor.txt“

action 2.5 cli command "show logging | append flash:high_cpu_monitor.txt“

action 2.6 cli command "show interface stat | append flash:high_cpu_monitor.txt"

end

1111 1

1112111111112111111111211111411221433 1 11113000011111230254 2 1

9756660293151131828147016175365762661890911641000056506500050919988258

100 **** *

90 **** *

80 **** *

70 **** *

60 **** * *

50 * **** * *

40 * ** **** * **

30 * * ** *** ***** *** **

20 ****** * ** * * ** * ******* *** * ******** ******* *

10 ######***************#**#***##**************######**#*****************

0....5....1....1....2....2....3....3....4....4....5....5....6....6....7.

0 5 0 5 0 5 0 5 0 5 0 5 0

CPU% per hour (last 72 hours) * = maximum CPU% # = average CPU%

Caution : Make sure you don’t fill up flash


cpmCPUTotal1minRev


event snmp oid oid-value get-type {exact | next} entry-op operator entry-val

entry-value [exit-comb {or | and}] [exit-op operator] [exit-val exit-value]

[exit-time exit-time-value] poll-interval poll-int-value

Command syntax for the snmp oid event detector



Embedded Event Manager – tcl Scripts

Prepare tcl script or use / modify existing one

Download to device

Add other required device configuration

Define any User-Defined environment variables

Register the Policy

Test / Check the script

EEM Scripting Community - http://forums.cisco.com/eforum/servlet/EEM?page=main

http://forums.cisco.com/eforum/servlet/EEM?page=main


Embedded Event Manager – tcl ScriptsExample – CliValueToSnmpExpressionMIB.tcl

EEM Scripting Community - http://forums.cisco.com/eforum/servlet/EEM?page=main

Problem: Monitor a counter for which there is no snmp MIB Object

Solution 1: Use the ‗Cli Value 2 Snmp Expr MIB‘ tcl script from the EEM Scripting Community (Network Management)

::cisco::eem::event_register_timer watchdog name watchdog time $snmp_mib_update_interval maxrun 240

namespace import ::cisco::eem::*

namespace import ::cisco::lib::*

<snip>

# ====================================== CUSTOMIZE THIS SECTION FOR YOUR NEEDS =================================================#

# ==============================================================================================================================#

# Initialize ISG show commands to be executed...

# proc Show Command ShowCmdId

# ---- ------------ ---------

initShowCommand "show mls qos protocol module 6" 1

# Initialize match patterns, reference to the Id of the relevant show command above and specify the last OID index to be used...

# proc ObjectName MatchPattern with (interesting value) in brackets ShowCmdId MIBIndex

# ---- ---------- ------------------------------------------------- --------- --------

initMatchPattern "AgForwardBy6" ".*AgForward-By: +(\[0-9\]+) " 1 1

initMatchPattern "AgPolicedBy6" ".*AgPoliced-By: +(\[0-9\]+)" 1 2

User defined environment variable

Event Detector

http://forums.cisco.com/eforum/servlet/EEM?page=main


Download to device


Router# mkdir harddisk:eem

Router#copy ftp:/opt/ftp/eem/CliValueToSnmpExpressionMib.tcl harddisk:/eem

Address or name of remote host []? 10.10.10.2

Destination filename [/eem/CliValueToSnmpExpressionMib.tcl]?

Accessing ftp://10.10.10.2//opt/ftp/eem/CliValueToSnmpExpressionMib.tcl...

Add other required device configuration

1) Enable SNMP server manager

Router(config)# snmp-server manager

2) Add SNMP configuration allowing local SNMP queries and updates for the script

to update expression MIB entries...

Router(config)# no access-list 9

Router(config)# access-list 9 remark "SNMP Read-Write for EEM"

Router(config)# access-list 9 remark "======================="

Router(config)# access-list 9 permit 10.10.10.1 0.0.0.0

Router(config)# access-list 9 deny any log

Router(config)# snmp-server community EemUpdateRw RW 9

Change this to the management address of your device

User defined RW Community string to be used by EEM tcl script



Define User-Defined environment variables

Router(conf)# event manager environment snmp_mib_update_interval 60

# RW Community&IP address parameters are required by EEM to update MIBs locally on the

device...

Router(conf)# event manager environment snmp_rw_community EemUpdateRw

Router(conf)# event manager environment snmp_ip_address 10.10.10.1

# Configure the default value to be filled into OIDs should the show command

# or regular expression match fail...

Router(conf)# event manager environment snmp_default_value -1

Remember this from the script

Same as snmp config entered via cli



Check the tcl policy has been registered successfully

Router#show event manager policy registered user

No. Class Type Event Type Trap Time Registered Name

1 script user timer watchdog Off Thu Nov 4 01:17:16 2010 CliValueToSnmpExpressionMib.tcl

name {watchdog}

time 60.000

nice 0 queue-priority normal maxrun 240.000

Register the tcl Policy

Router(conf)# event manager directory user policy harddisk:/eem

Router(conf)# event manager policy CliValueToSnmpExpressionMib.tcl



Check / test the script is working

Router#show management expression

Expression: AgForwardBy6 is active

Expression to be evaluated is 527930134 where:

Expression: AgPolicedBy6 is active

Expression to be evaluated is 347908 where:

Router#show mls qos protocol module 6

----- Module [6] -----

Protocol ARP is using AgId 1 AgForward-By: 527930134 AgPoliced-By: 347908

ARP : Policing and mode Cir = 1024000bps Burst = 10000bytes



Check / test the script is working (cont‗d)

From an NMS system perform an snmpwalk of the EXPRESSION-MIB

% snmpwalk -c public1 10.10.10.1 1.3.6.1.4.1.9.10.22

<snip>

expExpressionOwner.1 : = STRING: "AgForwardBy6“

expExpressionOwner.2 : = STRING: "AgPolicedBy6“

<snip>

expValueCounter32Val.1.0.0.0 : = Counter32: 527930134

expValueCounter32Val.2.0.0.0 : = Counter32: 347908

Objectname as defined in

the tcl script

MIBIndex as defined in

the tcl script

These are the MIB Objects

to poll

NB At present the script only supports 32 bit counters, which limits it to values < 4Gig .

There is however a 64 bit counter expValueCounter64Val which could be used if the script was modified (and tested).



What if it doesn‗t work as expected ?

Router#debug event manager ?

action Debug Event Manager Action

all Debug Event Manager with all debug messages enabled

api Debug Event Manager client API

common Debug Event Manager Common

detector Debug Event Manager Event Detector

policydir Debug Event Manager policy director

server Debug Event Manager server

tcl Debug Event Manager tclsh interpreter

xml Debug Event Manager xml

As with all debugging approach with caution. It may generate a lot of output



Unregister the tcl policy

Delete the tcl script from flash

Copy the new /edited tcl script to the flash device.

Register the new / edited tcl policy

Problem: What if I need to modify the tcl script ?

Solution 1: Manual step by step

Router(conf)# no event manager policy my.tcl

Router# del harddisk:/eem/my.tcl

Router#copy ftp:/opt/ftp/eem/my.tcl harddisk:/eem

Router(conf)# event manager policy my.tcl



Configure the default repository

Single exec command to download, un-register and re-register:

Solution 2: Use ‗event manager update‘ commands

Router(config)# event manager directory user repository tftp://172.16.64.1

router# event manager update user policy name my

%EEM: Update will use the repository path: tftp://172.16.64.1

%EEM: Attempting to copy tftp://172.16.64.1/my.tcl to flash:/eemtcl/my.tcl

Loading my.tcl from 172.16.64.1 (via FastEthernet0): !

[OK - 647 bytes]

%EEM: Copied 647 bytes from tftp://172.16.64.1/my.tcl to

flash:/eemtcl/my.tcl

%EEM: Policy my.tcl has been successfully copied and re-registered

*Dec 10 20:12:43.198: %HA_EM-6-FMPD_UPDATE_POLICY_COPY: Policy update has copied 647 bytes from

tftp://172.16.64.1/my.tcl to flash:/eemtcl/my.tcl

*Dec 10 20:12:43.230: %HA_EM-6-FMPD_UPDATE_POLICY_REGISTER: Policy update has successfully re-registered

policy my.tcl

Available from: IOS 12.4(20)T



Can also synch entire groups, based on regular expression match:

Verify using show command

Solution 2: Use ‗event manager update‘ commands (cont‘d)

Router# event manager update user policy group m.*

router# show event manager policy registered


1 script user syslog Off Wed Dec 10 20:12:43 2008 my.tcl

occurs 1 pattern {.*%NTP-5-PEERSYNC.*}

nice 1 queue-priority low maxrun 90.000 scheduler rp_primary



Single exec command to specify repository, download, un-register and re-register:

Can also synch entire groups, based on regular expression match:

Verify using show command

Solution 3: Use New ‗event manager update‘ commands

router# event manager update user policy name my.tcl repository tftp://10.1.1.1/

Router# event manager update user policy group m.* repository tftp://10.1.1.1/

Router# show event manager policy registered


1 script user syslog Off Wed Dec 10 20:12:43 2008 my.tcl

occurs 1 pattern {.*%NTP-5-PEERSYNC.*}

nice 1 queue-priority low maxrun 90.000 scheduler rp_primary

Available from: IOS 15.0(1)M


Embedded Automation Systems (EASy)


Problem: Embedded Automations based on Tcl Scripting or Embedded Event Manager may include multiple scripts, policies, configurations, variables and pre-requisites. How can we install (and un-install) all of these in a consistent manner?

Example: Install Embedded Automations

Solution: Create a package and use the EASy Installer

See: http://www.cisco.com/go/easy

Router# easy-installer tftp://10.1.1.1/my-package.tar flash:/easy

-----------------------------------------------------------------------

Configure and Install EASy Package ‘my-package'

-----------------------------------------------------------------------

1. Display Package Description

2. Configure Package Parameters

3. Deploy Package Policies

4. Verify Installed Package

5. Exit

Enter option:

Further information on EASy Installer -http://www.cisco.com/en/US/products/ps10777/products_ios_protocol_group_home.html

http://www.cisco.com/go/easy

http://www.cisco.com/en/US/products/ps10777/products_ios_protocol_group_home.html


Editing Files on the CLI

Ed.tcl


Editing Files Problem: Often ASCII files are being used when using Device Manageability

Instrumentation in IOS:

Tcl scripts and EEM Tcl Policies

EMM Menu Definition Files

Config Templates and other text files

During Development and Test it would be useful to be able to edit these files directly from IOS.

But: IOS does not include an ASCII Editor ...

Solution: Use a Tcl implementation of an Editor in IOS

The GNU <ed> editor is a very simple, line-based editor available as Tcl implementation

see: http://en.wikipedia.org/wiki/Ed_(Unix)

see: http://www.gnu.org/software/ed/ed.html

http://en.wikipedia.org/wiki/Ed_(Unix)

http://www.gnu.org/software/ed/ed.html


Editing Files – Using ed.tcl

router# show flash

:

8 27091 Nov 19 2008 10:51:26 ed.tcl

9 68 Nov 19 2008 11:00:12 testfile.txt

a

and here are

yet another two lines

.

,n

1 line one of the test file

2 line two of the test file

3 another line

4 and here are

5 yet another two lines

w

99

q

router#

1. Copy ed.tcl and a simple test file to the flash:

router(config)# alias exec ed tclsh flash:/ed.tcl

2. Define an Alias for simplicity:

router# ed flash:/testfile.txt

65

1,$p

line one of the test file

line two of the test file

another line

,p

line one of the test file

line two of the test file

another line

,n

1 line one of the test file

2 line two of the test file

3 another line

3. Edit the file using ed:

1,$p – print lines 1 to last

a – add lines

w – write file

q – quit

. – end adding

,p – print all lines

,n – numbered print all lines


IOS Shell ScriptingIOS.sh


IOS Shell Problem: Sometimes we need more than what Interface ranges,

Macros, Auto SmartPorts and other CLI features already offer.

But we may not want all the power and complexity of Tcl Scripting orEmbedded Event Manager

Solution: Use IOS Shell (IOS.sh)

Phase I Available from: IOS 12.2(52)SE

IOS.sh # _

IOS Shell offers

Environment Variables MY_VAR=value, %n

Pipe and Redirection |

Condition Testing if […]; then else fi

Loops

Built-in Functions show shell functions

shell exec <function>

Custom Function Definitions function <name>(…){…}


IOS Shell - Example The pre-built shell functions for Auto SmartPorts are a good starting point:

switch# show shell functions CISCO_AP_AUTO_SMARTPORT

function CISCO_AP_AUTO_SMARTPORT () {

if [[ $LINKUP -eq YES ]]; then

conf t

interface $INTERFACE

macro description $TRIGGER

switchport trunk encapsulation dot1q

switchport trunk native vlan $NATIVE_VLAN

switchport trunk allowed vlan ALL

switchport mode trunk

switchport nonegotiate

auto qos voip trust

mls qos trust cos

exit

end

fi

if [[ $LINKUP -eq NO ]]; then

:


Tcl ShellTcl Scripting


Tool Command Language (TCL) Language resources found at: http://www.tcl.tk/

TCL 7.x has been in Cisco IOS since 1994

TCL 8.3.4 first released in Cisco IOS in 12.3(2)Tand merged into 12.2(25)S

Use 12.3(14)T or later for best results

Signed TCL Scripts introduced in 12.4(15)T

Router(config)# scripting tcl low-memory <water_mark>

Router#tclsh slot0:myscript.tcl

Router#tclsh

Router(tcl)#source tftp://10.1.1.1/myscript.tcl

TCL process runs at medium priority, so be careful with loops

Use low-memory to prevent malloc failures

http://www.tcl.tk/


Tool Command Language (TCL)

http://www.cisco.com/go/ciscobeyond

http://www.cisco.com/go/eem

http://www.cisco.com/go/ioscommercial

―Guide To Writing EEM Policies‖ documentation

Router#tclsh

Router(tcl)#puts "Hello There"

Hello There

Router(tcl)#ios_config "interface fa0/0"

"description Main Uplink"

Router(tcl)#exit

Router#

• TCL Cisco IOSExtended Commands

• TCL Built In Command

• Cisco IOS Command



http://www.cisco.com/go/ioscommercial


Signed TCL Scripts

TCL has the capability to verify a digital signature in order to indicate trust:

A script can run in two modes:

If TCL script contains the right signature:

• It will be authenticated and run with trusted access to TCL interpreter

If TCL script doesn´t contain the right signature:

• It will run in a limited mode for untrusted scripts or not run at all

TRUSTED MODE

UNTRUSTED MODE

See: http://www.cisco.com/en/US/docs/ios/12_4t/netmgmt/configuration/guide/sign_tcl.htmlAvailable from: IOS 12.4(15)T, 12.4(11)XWPlatforms: 8xx, 18xx ISRs, 26xx, 36xx, 37xx, IAD, 72xx, 7301, UC520, …

http://www.cisco.com/en/US/docs/ios/12_4t/netmgmt/configuration/guide/sign_tcl.html


Kron Scheduler


Kron Scheduler Run EXEC commands periodically or

at a specified time

First introduced in 12.3(1)

Runs commands in a fully-automated mode

Interactive commands (e.g. reload)are NOT supported

Note:

NTP must be configured or the router clock must be authoritative

Kron and Tcl can run together since 12.4(4)T

Alternative Option: use Embedded Event Manager (EEM) Timer ED


Configuration Management


IOS Configuration ‚Safety‘ Features

Contextual configuration diff utility (from 12.3(4)T, 12.2(25)S)

Easily show differences between running and startup configuration

Compare any two ASCII files

Config change logging and notification (from 12.3(4)T, 12.2(25)S)

Tracks config commands entered per user, per session

Notification sent indicating config change has taken place—changes can be retrieved via SNMP

Configuration replace and rollback (from 12.3(7)T, 12.2(25)S)

Replace running config with any saved configuration (only the diffs are applied) to return to previous state

Configuration revert (from 12.4(23)T)

Automatically Rollback un-confirmed configurations

Configuration locking (from 12.3(14)T, 12.2(25)S)

Ensures exclusive configuration change access


router# show archive

There are currently 4 archive configurations saved.

The next archive file will be named disk0:/config-archive-4

Archive # Name

0

1 disk0:/config-archive-1

2 disk0:/config-archive-2

3 disk0:/config-archive-3 <- Most Recent

router# config replace disk0:/config-archive-3 time 120

:

... your Config Change work here ...

:

router# no config replace disk0:/config-archive-3

Example: Using Config RollbackProblem: Critical config change to a remote router may result in loss of connectivity, requiring a

reload

Solution 1: Replace the running configuration with the latest good archive after two minutes –unless the change made is confirmed Available from: IOS 12.3(7)T, 12.2(25)S


router# config terminal revert time 2

Rollback Confirmed Change: Backing up current running config to flash:bk-2

Enter configuration commands, one per line. End with CNTL/Z.

:

... your Config Change work here ...

:

router# hostname oops

oops(config)# end

oops# Rollback Confirmed Change: Rollback will begin in one minute. Enter "configure

confirm" if you wish to keep what you've configured

Example: Using Config RevertProblem: Critical config change to a remote router may result in loss of connectivity,

requiring a reload

Solution 2: Revert the running configuration after two minutes – unless the change made is confirmed

Available from: IOS 12.4(23)T, 12.2(33)S

oops# Rollback Confirmed Change: rolling

to:flash:bk-2

Total number of passes: 1

Rollback Done

router#

oops# config confirm

oops# or


How to trigger a Config ChangeEmbedded Event Manager (EEM)


Example: Trigger a Config Change – 1/3 Problem: a PKI related config change on a remote device should only happen once NTP has

successfully synched the time

Router(config)# ntp logging

Router(config)# ntp update-calendar

Router(config)# ntp server 172.16.154.40 prefer

CLI Applet

event manager applet config_upon_ntp

event syslog pattern ".*%NTP-5-PEERSYNC.*"

action 1.0 syslog msg "Starting ..."

:

... Your Config Changes Here ...

:

action 3.0 syslog msg "... done"Dec 10 13:03:57.746: %NTP-5-PEERSYNC: NTP synced to peer 172.16.254.40

Dec 10 13:03:57.750: %HA_EM-6-LOG: config_upon_ntp: Starting ...

Dec 10 13:03:57.750: %HA_EM-6-LOG: config_upon_ntp: ... done

Solution I: use EEM Syslog Event Detector and a CLI Applet to trigger the change


Example: Trigger a Config Change – 2/3

Solution II: use EEM Syslog Event Detector and an IOS.sh Policy to trigger the change

Solution III: use EEM Syslog Event Detector and a TCL Policy to trigger the change …

IOS.sh Policy##::cisco::eem::event_register_syslog pattern .*%NTP-5-PEERSYNC.*

send log "Starting ..."

enable

conf t

hostname $new_hostname

:

... Your Config Changes Here ...

:

end

send log "... done"

# End of IOS.sh Policy demo script

router#

*Dec 22 18:27:09.659: %HA_EM-6-LOG: sl_cfg_ntp.sh: Starting ...

*Dec 22 18:27:09.801: %SYS-5-CONFIG_I: Configured from console by on vty0 (EEM:sl_cfg_ntp.sh)

*Dec 22 18:27:09.927: %HA_EM-6-LOG: sl_cfg_ntp.sh: Set hostname from router to it-worked

*Dec 22 18:27:09.927: %HA_EM-6-LOG: sl_cfg_ntp.sh: ... done

it-worked#


TCL Policy

::cisco::eem::event_register_syslog occurs 1 pattern .*%NTP-5-PEERSYNC.* queue_priority low nice 1 maxrun 90

namespace import ::cisco::eem::*

namespace import ::cisco::lib::*

action_syslog msg "Starting ..."

set oldname [info hostname]

set newname "it-worked"

if [catch {cli_open} result] {

error $result $errorInfo

} else {

array set cli $result

}

if [catch {cli_exec $cli(fd) “enable\n conf term\n hostname $newname\n end"} result] {action_syslog msg "Failed to set hostname: $result : $errorInfo"

error $result $errorInfo

} else {

action_syslog msg "Set hostname from $oldname to $newname"

}

cli_close $cli(fd) $cli(tty_id)

action_syslog msg "... done"

router#

*Dec 10 10:43:29.061: %HA_EM-6-LOG: config_upon_ntp.tcl: Starting ...

*Dec 10 10:43:29.197: %SYS-5-CONFIG_I: Configured from console by on vty0 (EEM:config_upon_ntp.tcl)

*Dec 10 10:43:29.329: %HA_EM-6-LOG: config_upon_ntp.tcl: Set hostname from router to it-worked

*Dec 10 10:43:29.329: %HA_EM-6-LOG: config_upon_ntp.tcl: ... done

it-worked#

Policy runtimeDefault = 20 secondsIncrease this value if you see a “Process Forced Exit” messagefrom the router.


How to trigger upon a Config Change



Using EEM to trigger upon config changeTwo Options:

Syslog Event Detector upon any potential config change

CLI Event Detector upon specific CLI command

– Asynchronous:

• Trigger Policy and then execute CLI command

• Trigger Policy and skip CLI command

– Synchronous:

• Trigger Policy and execute/skip based on exit status

–_exit_status == 0 skip CLI command (default)

–_exit_status == 1 execute CLI command

event [tag event-tag] cli pattern regular-expression

{[default] [enter] [questionmark] [tab]}

[sync {yes | no skip {yes | no}]

[mode variable]

[occurs num-occurrences] [period period-value]

[maxrun maxruntime-number]

Available from: EEM 2.1, integrated with XML PI from EEM 3.0


Example: Using EEM CLI Event Detector Problem: VLAN 380 should not be accidentally removed from a trunk

Solution: use EEM CLI Event Detector:

event manager applet cli-async

event cli pattern "switchport trunk allowed vlan remove.*380.*" sync no skip no

action 1.0 syslog msg "Removing VLAN 380"

Option a: Don’t prevent anything, just issue a syslog notification:

event manager applet cli-sync

event cli pattern "switchport trunk allowed vlan remove.*380.*" sync yes

action 1.0 puts "Confirm removing VLAN 380 [yes|no]:"

action 2.0 gets response

action 3.0 if $response eq yes goto 5.0

action 4.0 puts "NOK - VLAN 380 will NOT be removed"

action 4.1 exit 0

action 5.0 puts "OK - VLAN 380 will be removed"

action 5.1 exit 1

Option c: Ask for confirmation, then allow or prevent the entire command:

event manager applet cli-async-skip

event cli pattern "switchport trunk allowed vlan remove.*380.*" sync no skip yes

action 1.0 syslog msg "Will NOT remove VLAN 380"

Option b: Prevent the entire command and issue a syslog notification:

Caveats: command may be (much) bigger than what you match! Ranges!

Other Examples:• no mpls ip• no router isis• debug all


Managing Versions and Revisions

Archive, EEM Update


Problem: Device configurations must be archived periodically, collecting them from the outside should not be the only answer.

Solution 1: Manually create meaningful copies of the running config:

nexus-7000# copy run bootflash:/$(TIMESTAMP)-$(SWITCHNAME).conf

nexus-7000# dir bootflash:

29796 Apr 27 17:38:16 2009 2009-04-27-17.38.16-nexus-7000.conf

nexus-7000# show cli variable

VSH Variable List

-----------------

SWITCHNAME=“nexus-7000" TIMESTAMP="2009-04-27-17.47.48"

Example: Archiving Configuration – 1/4

Note: from IOS 12.3T onwards, refer to $h and $t variables within archive config path option


archive

path disk0:/config-archive

maximum 7

time-period 1440

Solution 2: Archive the running configuration once every day locally:

Router#show archive

There are currently 3 archive configurations saved.

The next archive file will be named disk0:config-archive-3

Archive # Name

0

1 disk0:config-archive-1

2 disk0:config-archive-2 <- Most Recent

3

4

5

6

View the content of the archive:



Solution 4: Use Kron to schedule periodic archiving (plus other activity)

archive

path tftp://10.1.1.1

write-memory

Solution 3: Archive the running configuration to tftp upon write:

archive

path tftp://10.1.1.1

!

kron policy-list backupconfig

cli archive config

!

kron occurrence backup-occur at 23:23 recurring

policy-list backupconfig

Router#archive config

Note: Config can also be archived on-demand:

multiple policy-lists possible



Solution 5: Use Embedded Event Manager (EEM) with a Syslog EventDetector and a TCL Applet to only archive configs if therewas a change


Router(config)# event manager environment filename <myfile.txt>

Router(config)# event manager directory user policy "flash:/TCL"

Router(config)# event manager policy archive.tcl type user

Router(config)# archive

Router(config-archive)# path flash:disk0

Router(config-archive)# maximum 14

Define EEM Environment Variable

Register EEM TCL Script

Configure Archive Location and Size

The script ‘Archive Config if Changes’ is available from www.cisco.com/go/ciscobeyondunder ‗Network Management‘ ( See http://forums.cisco.com/eforum/servlet/EEM?page=eem&fn=script&scriptId=1103 )


http://forums.cisco.com/eforum/servlet/EEM?page=eem&fn=script&scriptId=1103


Providing Interactive Menus on the CLI

Embedded Manager Menu (EMM)


Interactive Menus on the CLIProblem: How to make some CLI commands available in a guided way (for example to 1st Line Support, Local IT, Field Force, etc)

Solution I: Configure a Menu using the old <menu> commandsSolution II: Define a custom Menu in Embedded Menu Manager (EMM)

IOS menu Command

easy to learn, simple to use

limited functionality and flexibility

menu only, cli only

selections only

part of the IOS config

widely available

Embedded Menu Manager (EMM)

easy to learn, simple to use

very flexible

menus and wizards, cli and tcl

selections, inputs, actions, help texts

separate MDF file(s)

recent development – 12.4(20)T


Menu Config Command – 1/2

– Remember to provide an <exit> option

– Simple menus and actions only

– No user input other than menu items

– Part of the running- and startup-config

menu OldMenu title ^C

A simple example of the OLD menu command^C

menu OldMenu prompt ^C

Please select a menu item:^C

menu OldMenu text 1 Run a ping test

menu OldMenu command 1 ping 10.1.1.1

menu OldMenu options 1 pause

menu OldMenu text 9 Exit

menu OldMenu command 9 exit

menu OldMenu status-line

Available from: IOS 10.0, 12.2(33)S

Simple Menu Defined in the Config

Custom ASCII Menus

Part of IOS Config

Simple CLI Actions

Menu Title

Menu name

Menu Item Label

Menu Item Action


Menu Config Command – 2/2 router# menu OldMenu

Server “router" Line 0 Terminal-type (unknown)

A simple example of the OLD menu command

1 Run a ping test

9 Exit

Please select a menu item: 1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

--More—

Server “router" Line 0 Terminal-type (unknown)

A simple example of the OLD menu command

1 Run a ping test

9 Exit

Please select a menu item:


Embedded Menu Manager (EMM)

================================================================================

Branch Router Operations Menu on branch-99

Enter ? for help or ?# for item help

--------------------------------------------------------------------------------

1. Install Diagnostic Scripts

2. Change Hostname

3. Run CPU Diagnostic Script

4. Check for most recent EEM Policy Files

5. Run WAN Diagnostic Script

6. Instant World Peace

7. Exit

Enter selection [6]:

Programmable Menu Framework

Custom ASCII Menus

XML based Menu Definition Files (MDF)

Range / Type Checking

TCL Scripting Actions

Nested and Sequential Menus (Wizards)

Available from: IOS 12.4(20)TSee: http://tinyurl.com/emm-in-124t

http://tinyurl.com/emm-in-124t






EMM Menu Definition File Example – 1/2<?xml version="1.0"?>

<Menu MenuName="NMS" schemaVersion="1.1">

<MenuTitle>

<EmbTCLValue>

<TCLCommand>

return " Branch Router Operations Menu on [hostname]"

</TCLCommand>

</EmbTCLValue>

</MenuTitle>

<HelpString>

<Constant String="View and modify some common Network Management configuration parameters"/>

</HelpString>

<GlobalTCL>

<TCLCommand>

proc get_config { regex } {

set config [exec "show run | inc $regex"]

return $config

}

</TCLCommand>

</GlobalTCL>

:

:

Menu name and required schema version

Title can be constant or generatedwith Tcl

The menu and each item can haveits own help text

Optional global Tcl section to store procsused throughout menu


EMM Menu Definition File Example – 2/2

::

<Item ContinuePrompt="true" ItemJustification="LEFT">

<ItemTitle>

<Constant String=“Change Hostname" /></ItemTitle>

<HelpString>

<Constant String="This selection lets you type a new hostname" />

</HelpString>

<Wizard>

<QueryPrompt>

<Constant String="What hostname do you suggest?" />

</QueryPrompt>

<FreeForm />

</Wizard><IOSConfigCommand>

"hostname $r(1)"

</IOSConfigCommand>

::

From simple menu choices to complete customised wizards


In Summary Smart Call Home Service

Monitoring System Resources

• RMON & Threshold Notifications

• Embedded Resource Manager

IP Service Level Agent (IPSLA)



• Embedded Automation System (EASy)

• Ed.tcl

• IOS Shell

• Tcl Shell

• Kron Scheduler

Device Configuration Management

• Config rollback and revert via cli

• Trigger config change via EEM

• Use EEM to prevent a config change

• Config Archive Managment

Embedded Menu Manager


References – Instrumentation Device Manageability Instrumentation (DMI) www.cisco.com/go/instrumentation

Embedded Event Manager (EEM): www.cisco.com/go/eem

Cisco Beyond – EEM Community: www.cisco.com/go/ciscobeyond

Embedded Menu Manager (EMM): http://tinyurl.com/emm-in-124t

Embedded Packet Capture (EPC): www.cisco.com/go/epc

Flexible NetFlow: www.cisco.com/go/netflow and www.cisco.com/go/fnf

GOLD: http://www.cisco.com/en/US/products/ps7081/products_ios_protocol_group_home.html

IPSLA (formerly SAA, formerly RTR): www.cisco.com/go/ipsla

Network Analysis Module: http://www.cisco.com/go/nam

Network Based Application Recognition (NBAR): www.cisco.com/go/nbar

Security Device Manager (SDM): http://www.cisco.com/go/sdm

Smart Call Home: www.cisco.com/go/smartcall

Web Services Management Agents (WSMA): http://tinyurl.com/wsma-in-150M

Feature Navigator: www.cisco.com/go/fn

MIB Locator: www.cisco.com/go/mibs

http://www.cisco.com/go/instrumentation








http://www.cisco.com/go/epc

http://www.cisco.com/go/netflow

http://www.cisco.com/go/fnf

http://www.cisco.com/en/US/products/ps7081/products_ios_protocol_group_home.html

http://www.cisco.com/go/ipsla

http://www.cisco.com/go/nam

http://www.cisco.com/go/nbar

http://www.cisco.com/go/sdm

http://www.cisco.com/go/smartcall

http://tinyurl.com/wsma-in-150M





http://www.cisco.com/go/fn

http://www.cisco.com/go/mibs


References – Embedded Automations

Embedded Automation Systems (EASy)

1. Browse and Download EASy Packageswww.cisco.com/go/easy

2. Make Sure to also download EASy Installer

3. Browse Other Embedded Automationswww.cisco.com/go/ciscobeyond

4. Learn About The Technology Under The Hoodwww.cisco.com/go/instrumentationwww.cisco.com/go/eemwww.cisco.com/go/pec

5. Discuss, Ask Questions, Suggest Answers supportforums.cisco.com

6. Upload your own Examples to CiscoBeyondwww.cisco.com/go/ciscobeyond

7. Engage via [email protected]

http://www.cisco.com/go/easy


http://www.cisco.com/go/instrumentation


http://www.cisco.com/go/pec

https://supportforums.cisco.com/


mailto:[email protected]




Q & A


Complete Your Online Session Evaluation

Complete your session evaluation:

Directly from your mobile device by visiting www.ciscoliveaustralia.com/mobile and login by entering your badge ID (located on the front of your badge)

Visit one of the Cisco Live internet stations located throughout the venue

Open a browser on your own computer to access the Cisco Live onsite portal

http://www.ciscoliveaustralia.com/mobile


Appendix I:Feature Availability

Note: May include futures, subject to change; no commitments implied.


Embedded Management – SNMP RoadmapCisco IOS Software

PlatformsCisco 10000

SeriesCisco 7600

Series

Cisco 7500

Series

Cisco 7304 Router

Cisco 7301 and 7200 Routers

Cisco Catalyst

6500 Series

Cisco Catalyst 4500

Series

Cisco 3750 & 2900

Series

ASR-1000

Cisco 800, 1800

& 2800 Series

12.2SB 12.2SR/ SX 12.2SB 12.2SB 12.2SB/SR 12.2SX/ SR 12.2SG 12.2SE 12.2 XNA M & T

Periodic MIB Data Collection and Transfer Mechanism

12.2(33)SB 12.2(33)SRA 12.2(22)S 12.2(33)SB 12.2(33)SRA 12.2(33)SXH 12.2(44)SG12.2(35)

SE112.2(33)XN

A12.3(2)T

VPN aware SNMP Infrastructure 12.2(33)SB 12.2(33)SRA 12.2(22)S 12.2(33)SB 12.2(33)SRA 12.2(33)SXH 12.2(44)SG 12.2(7th)SE12.2(33)XN

A12.3(2)T

SNMP over IPv6 12.2(33)SB 12.2(33)SRB12.3(14)T

12.2(33)SB 12.2(33)SRB 12.2(33)SXI 12.2(44)SG 12.2(44)SE12.2(33)XNA

12.3(14)T

AES (RFC 3826) and 3DES Encryption for SNMP v3

12.2(33)SB 12.2(33)SRB 12.2(33)SB 12.2(33)SRB 12.2(33)SXI 12.2(44)SG 12.2(7th)SE12.2(33)XNA

12.4(2)T

ISSU - SNMP 12.2(33)SB 12.2(33)SRB1 12.2(33)SB 12.2(33)SRB1 12.2(33)SXI 12.2(44)SG12.2(33)XN

A

Interface MIB Enhancements 12.2(31)SB 12.2(33)SRA 12.2(31)SB 12.2(31)SB 12.2(33)SRA 12.2(33)SXH 12.2(44)SG12.2(33)XNA

CEF-MIB 12.2(33)SB 12.2(33)SRC 12.2(31)SB 12.2(33)SB 12.2(33)SRC 12.2(44)SG12.2(TBD)S

E12.2(33)XNA

12.4(20)T

URPF-MIB 12.2(31)SB 12.2(33)SRC 12.2(31)SB 12.2(31)SB 12.2(33)SRC 12.2(44)SG12.2(TBD)S

E12.2(33)XNA

12.4(20)T

SNMP Infrastructure for MTR 12.2(33)SB 12.2(33)SRB 12.2(33)SB 12.2(33)SRB

IP-TUNNEL-MIB 12.2(33)SB 12.2(33)SRB 12.2(33)SB 12.2(33)SRB 12.2(44)SG12.2(33)XNA

12.4(20)T

Interfaces MIB: SNMP context based access

12.2(33)SB 12.2(33)SRB 12.2(33)SB 12.2(33)SRB 12.2(44)SG 12.2(7th)SE12.2(33)XNA

CISCO-DATA-COLLECTION-MIB 12.2(33)SB 12.2(33)SRC 12.2(33)SB 12.2(33)SRC 12.2(44)SG12.2(TBD)S

E12.2(33)XNA

12.4(20)T

CISL - SNMP Support (Licensing MIB)

12.2(37)SE 12.4(20)T

SNMP secure Views 12.2(33)SB 12.2(33)SRA 12.2(22)S 12.2(33)SB 12.2(33)SRA 12.2(33)SXH 12.2(44)SG 12.2(7th)SE12.2(33)XN

A12.3(2)T

ShippingCode Committed

EC’d


Embedded Management – SNMP RoadmapCisco IOS Software


SeriesCisco 7600

Series

Cisco 7500

Series

Cisco 7304 Router


Cisco Catalyst

6500 Series

Cisco Catalyst 4500

Series

Cisco 3750 & 2900

Series

ASR-1000

Cisco 800,

1800 & 2800

Series


Alarm filtering support in Cisco-Entity-Alarm-MIB

12.2(33)SRB 12.2(33)SRB 12.2(33)SXI 12.2(44)SG12.(33)XN

A12.4(4)T

SNMP Trap Simulation 12.2(33)SRE 12.2(33)SRE 12.2(33)SXI

RMON-MIB enhancement for 64 bit counter support

12.2(33)SRE 12.2(33)SRE 12.2(33)SXI

Support for HC-Alarm-MIB 12.2(33)SRE 12.2(33)SRE 12.2(33)SXI

RFC2576: SNMP v1/v2c PDU conversions for proxy forwarder

12.3(2)T

SCP, FTP & RCP Support in CISCO-CONFIG-COPY-MIB

12/3(2)T

FileType support in CISCO-FLASH-MIB

12.3(2)T

Event MIB and Expression MIB Enhancements

12.2(33)SRE 12.2(33)SRE 12.2(1st)SY 12.2(44)SG 12.4(20)T

Show Port Status Command 12.2(33)SRE 12.2(33)SRE 12.2(33)SXI

SNMP Diagnostic Enhancements 12.2(33)SRE 12.2(33)SRE 12.2(33)SY 12.4(20)T

SNMP Support for Cisco Power Extension

12.2(52) SG 12.2(50)SE

SNMP trap support for EEM 12.4(22)T

SNMP support for Named Access List

12.3(2)T

Licensing MIB Enhancement for STG

12.4(11)T


Embedded Management - ConfigurationCisco IOS Software


SeriesCisco 7600

Series

Cisco 7500

Series

Cisco 7304 Router

Cisco 7301 and 7200 Router

Cisco Catalyst

6500 Series

Cisco Catalyst

4500 Series

Cisco 3750 & 2900 Series

ASR-1000

Cisco 800, 1800 & 2800

Series


UDI Support and Configuration Enhancements

12.2(28)SB 12.2(18)SXE5 12.2(18)SXE5 12.2(33)SRC 12.2(18)SXE5 12.2(25)SEC12.2(33)XN

A12.3(4)T

CNS Agents (Configuration Agent Event Agent, Image Agent)

12.2(33)SB 12.2(33)SRB 12.2(31)SB 12.2(33)SB 12.2(31)SB 12.2(33)SXI 12.2(44)SG 12.2(25)SEE12.2(33)XN

A12.3(1)

Config Retrieve Retry 12.2(33)SB 12.2(33)SRC 12.2(33)SB 12.2(33)SRC 12.2(1st)SY 12.2(44)SG 12.2(44)SE12.2(33)XN

A12.4(15)T

CNS Agents over IPv6 12.2(33)SB 12.2(33)SRC 12.2(33)SRC 12.2(1st)SY 12.2(44)SG12.2(33)XN

A12.4(20)T

Netconf over SSHv2, BEEP 12.2(33)SB 12.2(33)SRA 12.2(33)SB 12.2(33)SRA 12.2(33)SXH 12.2(44)SG12.2(33)XN

A12.4(9)T

Config Change Notification (Netconf) 12.2(33)SB 12.2(33)SRA 12.2(33)SB 12.2(33)SRA 12.2(33)SXH 12.2(44)SG12.2(33)XN

A12.4(9)T

Netconf over IPv6 12.2(33)SB 12.2(33)SRC 12.2(33)SB 12.2(33)SRC 12.2(1st)SY 12.2(44)SG12.2(33)XN

A12.4(20)T

Cisco Software Licensing 12.2(37)SE 12.4(20)T

CNS-Interactive CLI 12.2(33)SRC 12.2(33)SRC 12.2(33)SXI 12.2(44)SG12.2(33)XN

A

Command scheduler Policy for system startup

12.2(33)SB 12.2(33)SRC 12.2(33)SB 12.2(33)SRC 12.2(1st)SY 12.2(44)SG12.2(33)XN

A12.4(15)T

TR-69 agent, Ethernet LAN, Time, ATM, loopback, traceroute profiles, HTTP client API to close persistent conn.

12.4(20)T

Web Services Management Agent Planning Planning 12.2(1st)SY Planning Planning Planning 12.4(24)T


Embedded Management – Infra - TransportsCisco IOS Software

Platforms

Cisco 10000 Series

Cisco 7600 Series

Cisco 7500

Series

Cisco 7304 Router


Cisco Catalyst

6500 Series

Cisco Catalyst

4500 Series

Cisco 3750 & 2900

Series

ASR-1000

Cisco 800, 1800 & 2800

Series


HTTPS - HTTP with SSL 3.0 12.2(33)SB 12.2(33)SRA NA 12.2(33)SB 12.2(33)SRA 12.2(33)SXH 12.2(44)SG 12.2(25)SE12.2(33)X

NA12.3(2)T

HTTP(S) USB Support For Content Delivery from USB Media; PAI enhancement; TACAC+ Accounting support

12.2(33)SB 12.2(33)SRC NA 12.2(33)SB 12.2(33)SRC 12.2(33)SXI 12.2(44)SG 12.4(15)T

HTTP IPv6 Support 12.2(33)SB 12.2(33)SRC NA 12.2(33)SB 12.2(33)SRC 12.2(1st)SY 12.2(44)SG 12.2(44)SE12.2(33)X

NA12.4(20)T

BEEP Infrastructure; IPV6 Support 12.2(33)SB 12.2(33)SRA NA 12.2(33)SB 12.2(33)SRA 12.2(33)SXH 12.2(44)SG 12.2(7th)SE12.2(33)X

NA12.4(4)T

SOAP IPv6 Support 12.2(33)SB 12.2(33)SRC NA 12.2(33)SB 12.2(33)SRC 12.2(1st)SY 12.2(44)SG 12.2(7th)SE12.2(33)X

NA12.4(20)T

Cisco IOS Scripting with TCL 12.2(33)SB 12.2(33)SRC NA 12.2(33)SB 12.2(33)SRC 12.2(33)SXH 12.2(44)SG12.2(TBD)S

E12.2(33)X

NA12.3(2)T

TCL SNMP MIB access 12.2(33)SB 12.2(33)SRC NA 12.2(33)SB 12.2(33)SRC 12.2(33)SXH 12.2(44)SG 12.2(7th)SE12.2(33)X

NA12.3(7)T

Signed TCL scripts NA 12.4(15)T

TCL over IPv6 12.2(33)SB 12.2(33)SRC NA 12.2(33)SB 12.2(33)SRC 12.2(1st)SY 12.2(44)SG 12.2(7th)SE12.2(33)X

NA12.4(20)T

HTTP Cookie support (RFC2965) 12.2(1st)SRE 12.4(20)T

HTTP Digest Authentication Support

12.4(20)T


Embedded Management – Config/ParserCisco IOS Software

Platforms

Cisco 10000 Series

Cisco 7600 Series

Cisco 7500

Series

Cisco 7304 Router


Cisco Catalyst 6500

Series

Cisco Catalyst 4500

Series

Cisco 3750 & 2900

Series

ASR-1000

Cisco 800,

1800 & 2800

Series


Configuration Replace and Configuration Rollback, including config versioning (archive) and timed rollback

12.2(33)SB 12.2(33)SRA 12.2(25)S 12.2(33)SB 12.2(31)SB2 12.2(33)SXH 12.2(44)SG 12.2(40)SE 12.2(33)XNA 12.3(7)T

Configuration Change Notification and Logging

12.2(33)SB 12.2(33)SRA 12.2(25)S 12.2(33)SB 12.2(25)S 12.2(33)SXH 12.2(44)SG 12.2(25)SEC 12.2(33)XNA 12.3(4)T

Contextual Configuration Diff Utility 12.2(33)SB 12.2(33)SRA 12.2(25)S 12.2(33)SB 12.2(33)SXH 12.2(44)SG 12.2(40)SE 12.2(33)XNA 12.3(4)T

Configuration Generation Performance Enhancement

12.2(33)SB 12.2(33)SRC 12.2(25)S 12.2(33)SB 12.2(33)SRC 12.2(33)SXI 12.2(44)SG 12.2(33)XNA 12.3(7)T

Role-Based Access Control CLI commands

12.2(33)SB 12.2(33)SRB 12.2(33)SB 12.2(33)SXI 12.2(44)SG 12.2(33)XNA12.3(11)

T

Configuration Partitioning 12.2(33)SB 12.2(33)SRB 12.2(33)SB 12.2(33)SRB 12.2(33)SXI 12.2(44)SG 12.2(7th)SE 12.2(33)XNA

Configuration Rollback Confirmed Change

12.2(33)SB 12.2(33)SRC 12.2(33)SB 12.2(33)SRC 12.2(33)SXI 12.2(44)SG 12.2(33)XNA12.4(20)

T

IPv6 for Config Logger 12.2(33)SB 12.2(33)SRC 12.2(33)SB 12.2(33)SRC 12.2(1st)SY 12.2(44)SG 12.2(7th)SE 12.2(33)XNA12.4(20)

T

Config Logger Persistency 12.2(33)SB 12.2(33)SRA 12.2(33)SB 12.2(33)SXH 12.2(44)SG 12.2(33)XNA12.4(11)

T

Exclusive Configuration Change Access and Access Session Locking

12.2(33)SB 12.2(33)SRA 12.2(33)SB 12.2(33)SXH 12.2(44)SG 12.2(33)XNA12.4(11)

T

Config Change Tracking Identifier 12.2(33)SB 12.2(33)SRC 12.2(33)SB 12.2(33)SRC 12.2(33)SXI 12.2(44)SG 12.2(33)XNA12.4(20)

T

XML Programmatic Interface w/TLS and Initiator

12.2(1st)SRE 12.2(1st)SRE 12.2(1st)SY 12.2(47)SG 12.2(7th)SE12.4(20)

T


EEM Version/Product Support MatrixCISCO ACCESS ROUTERS - Current models

EEM Version Cisco 800 SeriesCisco 1800

SeriesCisco 2800

SeriesCisco 3800

SeriesCisco 1900

SeriesCisco 2900

SeriesCisco 3900

Series

1.0 12.3(11)T 12.3(11)T 12.3(11)T

2.0

2.1 12.3(14)T1 12.3(14)T1 12.3(14)T1

2.1.5

2.2 12.4(2)T 12.4(2)T 12.4(2)T 12.4(2)T

2.3 12.4(11)T 12.4(11)T 12.4(11)T 12.4(11)T

2.4 12.4(20)T 12.4(20)T 12.4(20)T 12.4(20)T

3.0 12.4(22)T 12.4(22)T 12.4(22)T 12.4(22)T

3.1 15.0(1)M 15.0(1)M 15.0(1)M 15.0(1)M 15.0(1)M 15.0(1)M 15.0(1)M

3.2 15.1(3)T 15.1(3)T 15.1(3)T 15.1(3)T 15.1(3)T 15.1(3)T 15.1(3)T

3.4 Planning Planning Planning Planning Planning Planning Planning

CISCO ACCESS ROUTERS - Old models

EEM Version Cisco 1700 SeriesCisco 2600

SeriesCisco 2600XM

SeriesCisco 2691

SeriesCisco 3600

SeriesCisco 3700

Series

1.0 12.3(4)T 12.3(4)T 12.3(4)T 12.3(4)T

2.0

2.1 12.3(14)T1 12.3(14)T1 12.3(14)T1 12.3(14)T1 12.3(14)T1 12.3(14)T1

2.1.5

2.2 12.4(2)T 12.4(2)T 12.4(2)T 12.4(2)T 12.4(2)T 12.4(2)T

2.3 12.4(11)T 12.4(11)T 12.4(11)T 12.4(11)T 12.4(11)T 12.4(11)T

2.4

3.0

3.1

3.2

Shipping

EC

Planning


EEM Version/Product Support Matrix, cont.CISCO SERVICE AGGREGATION/CORE ROUTERS

EEM Version

Cisco ASR1000

Series

Cisco 7200 Series

Cisco 7301 Cisco 7304Cisco 7600

SeriesCisco UBR

10000Cisco UBR

7200

Cisco 12000 Series

Cisco XR 12000

CiscoCRS-1

Cisco ASR 9000

1.0 12.0(26)S

2.0 12.2(27)SBC FM FM FM

2.1 12.3(14)T1 12.3(14)T1 12.2(28)SB 12.2(18)SXF5 12.2(28)SB 12.2(28)SB FM FM FM

2.1.5 FM FM FM

2.2 12.4(2)T 12.4(2)T1 FM FM FM

2.3 2.1XE 12.4(11)T 12.2(33)SB 12.2(33)SB 12.2(33)SRB 12.2(33)SB 12.2(33)SB FM FM FM

2.4 12.2(33)XN RLS7 12.4(20)T 12.2(33)SRE 12.2(33)SRE 12.2(33)SRE 12.2(33)SRE 12.2(33)SRE FM FM FM

3.0 12.2(33)XN RLS7 12.4(22)T 12.2(33)SRE 12.2(33)SRE 12.2(33)SRE 12.2(33)SRE 12.2(33)SRE FM FM FM

3.1 Planning 15.0(1)M Planning Planning Planning Planning Planning Planning Planning Planning Planning

3.2 Planning 15.1(3)T Planning Planning Planning Planning Planning Planning Planning Planning Planning

3.4 Planning Planning Planning Planning Planning Planning Planning Planning Planning Planning Planning

CISCO CATALYST SWITCHES

EEM VersionCatalyst 3000

SwitchesCisco 3400ME

SwitchesCatalyst 4500



Switches

1.0

2.0

2.1IOS w/o Modularity

12.2(18)SXF5

2.1.5w/ Modularity12.2(18)SXF4

2.2

2.3 12.2(40)SE 12.2(40)SE 12.2(44)SG 12.2(44)SG 12.2(33)SXH

2.4 12.2 (50) SE 12.2 (50) SE 12.2(52)SG 12.2(52)SG 12.2(33)SXI

3.0 12.2 (52) SE 12.2 (52) SE Summer'10 (Zanzibar) 12.2 (1st)SY 12.2 (1st)SY

3.1 12.2 (52) SE 12.2 (52) SE Summer'10 (Zanzibar) Planning Planning

3.2 12.2 (52) SE 12.2 (52) SE Summer'10 (Zanzibar) Planning Planning

3.4 Planning Planning Planning Planning Planning

Shipping

EC

Planning

Brkrst2612 Cisco Ios Managing sing and Tweaking

Documents

synch entire

enhanced object

entire resource

embedded event

tool command

configure

alarmsgenerate

sending test