06-12-2008 05:51 AM - edited 03-03-2019 10:20 PM
I have a simple applet that I am using to monitor the status of the a serial link...if the link goes down the applet brings up another interface that allows for a vpn connection...I am trying to setup some timer that will only bring up the interface if the serial interface is down for over 10 seconds or so...so I don't have any issues with a flapping interface. There are three applets that I am using...one that brings up the other interface..one that shuts that interface...and one that clears the ipsec sa...
event manager applet VPN_Backup
event syslog pattern "Interface Serial0/0/0, changed state to down"
action 1.0 cli command "enable"
action 2.0 cli command "configure term"
action 3.0 cli command "interface f0/1"
action 4.0 cli command "no shut"
action 5.0 cli command "event manager applet Clear_Crypto"
action 6.0 cli command "exit"
event manager applet VPN_Backup_Shutdown
event syslog pattern "Interface Serial0/0/0, changed state to up"
action 1.0 cli command "enable"
action 1.1 cli command "configure term"
action 1.2 cli command "interface f0/1"
action 1.3 cli command "shut"
event manager applet Clear_Crypto
event none
action 1.1 cli command "enable"
action 1.2 cli command "clear crypto sa"
action 1.3 cli command "clear crypto isakmp"
action 1.4 cli command "exit"
Please advise on how to accomplish this...
Thanks,
Joe
06-12-2008 09:45 PM
What version of IOS? If 12.4(2)T or higher, you can use Enhanced Object Tracking instead of syslog to trigger the first applet. With EOT, you can have a delay before the tracked object is considered to be down. For example:
track 1 interface Serial0/0/0 line-protocol
delay down 10
event manager applet VPN_Backup
event track 1 state down
...
If you're not on 12.4(2)T or higher, you could do the down policy in Tcl which sleeps for 10 seconds after seeing the down syslog message, then checks the interface status, and continues execution if it's still down.
You could still do this with applets. You would need to add another timer applet which counts down from 10 once the syslog message is seen. If the UP message has not come in before the timer is done counting down, then the timer policy would actually bring up the ethernet interface. The VPN_Backup_Shutdown policy would have to unconfigure the timer policy when it runs.
Also, I'm not sure what you're doing with your Clear_Crypto applet. Action 5.0 in the VPN_Backup applet does not execute this policy. If you want to execute this policy, add:
action 5.0 cli command "end"
action 6.0 policy Clear_Crypto
Or:
action 5.0 cli command "end"
action 6.0 cli command "event manager run Clear_Crypto"
In the future, you might get quicker help asking your EEM questions on the Network Management forum.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide