Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3033
Views
5
Helpful
1
Replies

EEM to track interface

joeharb
Level 5
Level 5

‎06-12-2008 05:51 AM - edited ‎03-03-2019 10:20 PM

I have a simple applet that I am using to monitor the status of the a serial link...if the link goes down the applet brings up another interface that allows for a vpn connection...I am trying to setup some timer that will only bring up the interface if the serial interface is down for over 10 seconds or so...so I don't have any issues with a flapping interface. There are three applets that I am using...one that brings up the other interface..one that shuts that interface...and one that clears the ipsec sa...

event manager applet VPN_Backup

event syslog pattern "Interface Serial0/0/0, changed state to down"

action 1.0 cli command "enable"

action 2.0 cli command "configure term"

action 3.0 cli command "interface f0/1"

action 4.0 cli command "no shut"

action 5.0 cli command "event manager applet Clear_Crypto"

action 6.0 cli command "exit"

event manager applet VPN_Backup_Shutdown

event syslog pattern "Interface Serial0/0/0, changed state to up"

action 1.0 cli command "enable"

action 1.1 cli command "configure term"

action 1.2 cli command "interface f0/1"

action 1.3 cli command "shut"

event manager applet Clear_Crypto

event none

action 1.1 cli command "enable"

action 1.2 cli command "clear crypto sa"

action 1.3 cli command "clear crypto isakmp"

action 1.4 cli command "exit"

Please advise on how to accomplish this...

Thanks,

Joe

Labels:
0 Helpful
1 Reply 1

Joe Clarke
Cisco Employee
Cisco Employee

‎06-12-2008 09:45 PM

What version of IOS? If 12.4(2)T or higher, you can use Enhanced Object Tracking instead of syslog to trigger the first applet. With EOT, you can have a delay before the tracked object is considered to be down. For example:

track 1 interface Serial0/0/0 line-protocol

delay down 10

event manager applet VPN_Backup

event track 1 state down

...

If you're not on 12.4(2)T or higher, you could do the down policy in Tcl which sleeps for 10 seconds after seeing the down syslog message, then checks the interface status, and continues execution if it's still down.

You could still do this with applets. You would need to add another timer applet which counts down from 10 once the syslog message is seen. If the UP message has not come in before the timer is done counting down, then the timer policy would actually bring up the ethernet interface. The VPN_Backup_Shutdown policy would have to unconfigure the timer policy when it runs.

Also, I'm not sure what you're doing with your Clear_Crypto applet. Action 5.0 in the VPN_Backup applet does not execute this policy. If you want to execute this policy, add:

action 5.0 cli command "end"

action 6.0 policy Clear_Crypto

Or:

action 5.0 cli command "end"

action 6.0 cli command "event manager run Clear_Crypto"

In the future, you might get quicker help asking your EEM questions on the Network Management forum.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card