Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1316
Views
0
Helpful
4
Replies

Use the variable for the IP address of IOS router

zheka_pefti
Level 2
Level 2

‎05-26-2009 01:50 PM

Hi gurus!

I would appreciate if anyone can give me an advice for configuring the variable for the IP address of a particular router interface. All this is about

the router being a DHCP client which receives a new IP address every

now and then and using something like "$ETH0/0_IPADDR" instead of "ANY" in the access-list. As you know there's a way to use a variable with banner or hostname. Is there any way to do with the IP address?

Eugene

Labels:
0 Helpful
4 Replies 4

yjdabear
VIP Alumni
VIP Alumni

‎05-26-2009 04:44 PM

Assuming you don't want to settle for a limited "variable" through an ACL wildcard mask based on knowing the IP addr range assigned by DHCP, I think the EEM applet or script discussed in the following thread can conceivably be adapted to dynamically reconfigure the ACL accordingly:

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=Network%20Management&topicID=.ee71a02&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cd2a971

I'm not sure what can serve as the trigger for EEM though, unless there's SNMP or syslog message generated when the int ip addr changes.

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee

‎05-26-2009 07:16 PM

I actually did an EEM policy for this exact problem. What version of IOS are you using?

0 Helpful

zheka_pefti
Level 2
Level 2
In response to Joe Clarke

‎05-26-2009 10:11 PM

about 80 routers run IOS 12.4(22T) and EEM is something new for me. Thanks a lot for refering to it. I will have to spend some time to get to know it.

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to zheka_pefti

‎05-26-2009 10:39 PM

Given that you have EEM 3.0, you could use the following programmatic applet:

event manager applet update-acl

event tag none

event tag syslog pattern "LINEPROTO-5-UPDOWN:.*Interface FastEthernet0/0.*changed state to up"

event tag timer timer watchdog time 86400

trigger occurs 1 delay 3

correlate event syslog or event none or event timer

action 010 cli command "enable"

action 020 cli command "show ip int brief | include FastEthernet0/0"

action 030 regexp "^FastEthernet0/0\s+([0-9\.]+)" "$_cli_result" ignore ipaddr

action 040 cli command "config t"

action 050 cli command "no access-list 113"

action 060 cli command "access-list 113 permit ip any host $ipaddr"

action 070 cli command "end"

action 080 syslog msg "New IP address is $ipaddr"

Here, you'll want to replace FastEthernet0/0 with your interface name. This policy will run every 24 hours, every time the device reloads, or every time you run the command "event manager run update-acl". You can, of course, adjust any of the tags and trigger correlation.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents