cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1136
Views
0
Helpful
6
Replies

EEM and CLI scripting

valnar
Level 1
Level 1

I'm looking at this EEM feature for the first time and I think it can solve a problem that I have. I would prefer to find a way to fix my problem with a CLI script over a TCL, but will take what I can get.

.

I have an MPLS network and want to backup one of my sites with a GRE/IPSEC tunnel on a different ISR router. Because of the way OSPF works and other factors, I cannot leave the tunnel0 interface up when my MPLS network is up too. Some routes will be preferred over the tunnel, and some over the MPLS router. No amount of changing metrics can fix that. So for now, I leave the tunnel interface shutdown and only bring it up manually if there is an outage.

.

I'd like to automate that procedure of bringing up the tunnel interface with EEM if it's possible. Is there a sample config somewhere which looks for a particular event, like a routing table change, and brings up the tunnel? Or a way to ping an external IP through an interface on the MPLS network, and if it goes down, issue that 'no shutdown' on the tunnel interface?

.

Of course, I'd need the reverse to put the tunnel back down too. Is this what EEM is used for?

Thanks.

6 Replies 6

Joe Clarke
Cisco Employee
Cisco Employee

Yes, this problem can easily be solved with EEM. It sounds like you could do everything using applet policies without needing TCL. What version of IOS are you running?

Thanks. I'm running 12.4(9)T. I am using a DMVPN at the moment.

With 12.4T you can take advantage of Enhanced Object Tracking in conjunction with EEM to get what you want. In this case, you will configure an IP SLA collector to ping a host across your MPLS network. When that collector goes down, then the EOT object will also go down, and this will trigger the EEM applet. For example:

ip sla 1

icmp-echo 10.1.1.1

ip sla schedule 1 start now life forever

track 1 rtr 1

event manager applet mpls_down

event track 1 state down

action 1.0 syslog msg "MPLS network is no longer passing traffic"

action 2.0 cli command "enable"

action 3.0 cli command "config t"

action 4.0 cli command "int tun0"

action 5.0 cli command "no shut"

action 6.0 cli command "end"

action 7.0 syslog msg "Failed over to tunnel interface"

event manager applet mpls_up

event track 1 state up

action 1.0 syslog msg "MPLS network is once again passing traffic"

action 2.0 cli command "enable"

action 3.0 cli command "config t"

action 4.0 cli command "int tun0"

action 5.0 cli command "shut"

action 6.0 cli command "end"

action 7.0 syslog msg "Returned traffic to MPLS network"

Some additional notes, you may need to specify a source address when configuring your IP SLA collector above. You should also test this in the lab to make sure it is working before deploying it in production.

Thanks. I'll play with that tomorrow. Since the pinged node would be reachable with both scenarios, it would be important that I can specify the source interface and direction of the ping. Can that be done?

Do you have any alternative scripts that perhaps look for events in the log or other such common parameters when a routing table changes? I would think this is a common request for EEM.

Robert

As I said, you can specify a source IP address for the ping. For example:

icmp-echo 10.1.1.1 source-ip 20.1.1.1

You can also look at a syslog message instead. I don't know what messages you get specifically, but the event detector is syslog:

event syslog pattern "..."

You can even use EOT to watch for routing changes. for example:

track 1 ip route 10.1.1.0/24 reachability

Then you could use the same EEM applets.

Perfect. Thank you.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco