Automation of CLI commands

Unanswered Question
Oct 28th, 2007

I was wondering if anyone has written a tcl script or EEM applet that would run numerous CLI commands on a 6500 or 4500 so that in the event of a DR situation the config can be changed by running this script/applet

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Sun, 10/28/2007 - 21:02

I've posted a few EEM and TCL examples for running CLI commands. However, nothing specific to OSPF. It could be done, however. You just need to pick an applicable event, then decide whether an EEM applet or TCL policy is right for what you want to do. It sounds like if all you want to do is make a few config changes on the reception of, say, an OSPF syslog message, an EEM applet would be sufficient.

Joe Clarke Mon, 10/29/2007 - 13:52

Just search the NetPro Forums for "EEM jclarke" and you will find a lot of hits. Some threads contain applet examples, where as others contain TCL scripts.

There is also a repository of EEM examples at http://www.cisco.com/go/ciscobeyond/ which may be of help to you.

nealw Mon, 10/29/2007 - 13:59

HI Joe,

this is what I have come up with so far.

event manager applet DRFailOver

event cli pattern "write memory" sync no skip no

action 1.0 cli command "telnet to 15.250.250.71"

action 1.1 cli command "enable"

action 1.2 cli command "conf t"

action 1.3 cli command "interface vlan 410"

action 1.4 cli command "shut"

action 1.5 cli command "exit"

action 1.6 cli command "interface vlan 420"

action 1.7 cli command "shut"

action 1.8 cli command "exit"

action 1.9 cli command "exit"

action 1.10 cli command "wr"

action 1.11 cli command "clear ip route 10.6.0.0 255.255.255.0"

action 1.12 cli command "clear ip route 10.6.8.0 255.255.255.0"

action 1.13 cli command "end"

is this on the right lines?

Joe Clarke Mon, 10/29/2007 - 14:39

No, this won't work. What you're doing here is capturing any instance of the "write memory" command, then attempting to telnet to another device, and perform commands on that device. You cannot do this since the telnet will be interactive. EEM is really geared to making changes on the local device, and not on a remote device.

You might be able to make this work with a TCL policy, but it would be very difficult, and I would recommend against it.

Is there no way to run this policy on 15.250.250.71? Do you really need to shutdown these VLAN interfaces every time you do a write mem on the original device?

nealw Mon, 10/29/2007 - 14:54

Hi Joe,

We can get on to the remote site before running the EEM App

event manager applet DRFailOver

event cli pattern "write memory" sync no skip no

action 1.0 cli command "enable"

action 1.1 cli command "conf t"

action 1.2 cli command "interface vlan 410"

action 1.3 cli command "shut"

action 1.4 cli command "exit"

action 1.5 cli command "interface vlan 420"

action 1.6 cli command "shut"

action 1.7 cli command "exit"

action 1.8 cli command "exit"

action 1.9 cli command "wr"

action 1.10 cli command "clear ip route 10.6.0.0 255.255.255.0"

action 1.11 cli command "clear ip route 10.6.8.0 255.255.255.0"

action 1.12 cli command "end"

I need to write mem so that they vlans don't come up on this switch until I am ready to revert back even if someone reloads it without me knowing.

Cheers William

Joe Clarke Mon, 10/29/2007 - 14:59

This applet will work since you're not performing the telnet operation. In this case, when "write memory" is performed, you will shutdown VLANs 410 and 420, and clear the IP routes. Note: the final "end" is not needed. And you can replace the two consecutive calls to "exit" with one call to "end".

Joe Clarke Mon, 10/29/2007 - 15:02

I misread your previous post. You asked can you get to the remote device before running the next steps. It will be difficult to do, and will require a TCL policy. I have not done this kind of remote configuration before, but it will require the use of a lot of screen-scraping.

nealw Mon, 10/29/2007 - 15:05

Hi Joe,

the eem app will be on the remote switch, I am just telneting to it, I will be in Wellington and the swtich is in Auckland.

Cheers William

nealw Mon, 10/29/2007 - 15:03

Hi Joe

So here we go.

event manager applet DRFailOver

event cli pattern "write memory" sync no skip no

action 1.0 cli command "enable"

action 1.1 cli command "conf t"

action 1.2 cli command "interface vlan 410"

action 1.3 cli command "shut"

action 1.4 cli command "exit"

action 1.5 cli command "interface vlan 420"

action 1.6 cli command "shut"

action 1.7 cli command "end"

action 1.9 cli command "wr"

action 1.10 cli command "clear ip route 10.6.0.0 255.255.255.0"

action 1.11 cli command "clear ip route 10.6.8.0 255.255.255.0"

Are you happy with this, I need to run this on a 6500 and 4500, are there any things I need to know, if not I will go and test this.

Cheers William

Joe Clarke Mon, 10/29/2007 - 15:31

Version of code will be important. The 6500 needs to be running 12.2(18)SXF5 or higher. The Cat4500 will need 12.2(37)SG or higher, and even then EEM support may be spotty on the 4500.

nealw Mon, 10/29/2007 - 14:55

Can you explain what the first line does in laymans terms

Joe Clarke Mon, 10/29/2007 - 15:02

The first line?

event manager applet DRFailOver

This registers an EEM applet with the name DRFailOver.

Joe Clarke Mon, 10/29/2007 - 15:32

The second line says that each time the command "write memory" is executed, the applet should run. The original "write mem" command will still run (i.e. it will not be skipped) and the applet will run asynchronously to that command.

nealw Mon, 10/29/2007 - 15:35

Hi Joe,

thats cool I have a better understanding.

Cheers William

Actions

This Discussion