I need an EEM script to place an ACL on the WAN when the link is flapping to block the router from reaching the CM server for a period of about 20 minutes.
My requirement is to setup a flag which will have a counter incrementing for each Link flap detection(â%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel128, changed state to downâ). this will ensure that this is not a single flap event, but more like a link flapping 2-3 times in 2 minutes, which will indicate a WAN link flapping.
if this happens, I want to use EEM script to apply a predefined acl on the wan interface. this acl basically blocks the gateway and phones from reaching the call manager servers in the central site.
I needs a timer then enabled to leave the acl on for 20 minutes.
after 20 minutes, through EEM remove the acl, and reset the flag to 0.
This policy does not work. The syslog pattern is wrong, and the policy does nothing except add an applet policy, acl_apply which only has an event detector registration line. What you really want is:
event manager applet test
event syslog occurs 3 period 180 pattern "LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel128, changed state to down"
action 0.1 syslog msg "Policy triggered; configuring ACL $wan_flap_acl on $wan_flap_interface"
action 0.5 cli command "enable"
action 0.6 cli command "config t"
action 1.0 cli command "interface $wan_flap_interface"
action 1.1 cli command "ip access-group $wan_flap_acl $wan_flap_acl_direction"
action 1.2 cli command "exit"
action 2.0 cli command "event manager applet wan-flap-acl-remove"
action 2.1 cli command "event timer countdown time $wan_flap_hold_time"
action 2.2 cli command "action 0.5 cli command \"enable\""
action 2.3 cli command "action 1.0 cli command \"config t\""
action 2.4 cli command "action 2.0 cli command \"interface $wan_flap_interface\""
action 2.5 cli command "action 3.0 cli command \"no ip access-group $wan_flap_acl $wan_flap_acl_direction\""
action 2.6 cli command "action 4.0 cli command \"exit\""
action 2.7 cli command "action 5.0 cli command \"event manager policy sl_wan_flap_watch.tcl\""
action 2.8 cli command "action 6.0 cli command \"no event manager applet wan-flap-acl-remove\""
action 2.9 cli command "action 7.0 cli command \"end\""
action 3.0 cli command "action 8.0 syslog msg \"Removed ACL $wan_flap_acl from interface $wan_flap_interface\""
action 3.1 cli command "exit"
action 3.2 cli command "no event manager policy sl_wan_flap_watch.tcl"
action 3.3 cli command "end"
This is the general policy to which I referred. It is designed to be part of an embedded management program called EASy, and is part of an IP SLA monitoring package I am testing.
The other main downside of the applet approach is that you cannot dynamically configure the event detector. With Tcl, you can use environment variables in the event detector registration.