05-12-2010 05:43 AM
We need to be able to change the allowable line rate going into a switch from a Linux Mgt Server using snmp. Was trying to use EEM applets which would be triggered via snmp traps from the server. We need to change it up to ten different rates. I can't seem to get the applets to trigger. Any help would be appreciated - thanks.
class-map match-all CLASS_SLAP
match access-group name ACL_SLAP
!!
policy-map OCA-RATE-LIMIT
class CLASS_SLAP
police 1900000 100000 exceed-action drop
interface GigabitEthernet1/0/20
switchport access vlan 10
switchport mode access
speed 100
duplex full
service-policy input OCA-RATE-LIMIT
snmp-server community <removed> RO 98
snmp-server community <removed> RW 99
snmp-server host <IP> version 2c <removed> snmp
snmp-server host <IP>version 2c <removed>
snmp-server host <IP>version 2c <removed>
snmp-server host <IP>version 2c <removed>
snmp-server host <IP>version 2c <removed>
snmp-server manager
event manager applet OCA-limit-3M
event snmp-object oid 1.9.9.9.3 type gauge sync yes istable no
action 1.0 cli command "enable"
action 2.0 cli command "config terminal"
action 3.0 cli command "policy-map OCA-RATE-LIMIT"
action 4.0 cli command "class CLASS_SLAP"
action 5.0 cli command " police 3000000 100000 exceed-action drop"
action 6.0 snmp-object-value event-id _event_id gauge 0 next-oid 1.9.9.9.3.0
action 7.0 exit 1
event manager applet OCA-limit-6M
event snmp-object oid 1.9.9.9.6 type gauge sync yes istable no
action 1.0 cli command "enable"
action 2.0 cli command "config terminal"
action 3.0 cli command "policy-map OCA-RATE-LIMIT"
action 4.0 cli command "class CLASS_SLAP"
action 5.0 cli command " police 6000000 100000 exceed-action drop"
action 6.0 snmp-object-value event-id _event_id gauge 0 next-oid 1.9.9.9.26.0
action 7.0 exit 1
event manager applet OCA-limit-7M
event snmp-object oid 1.9.9.9.7 type gauge sync yes istable no
action 1.0 cli command "enable"
action 2.0 cli command "config terminal"
action 3.0 cli command "policy-map OCA-RATE-LIMIT"
action 4.0 cli command "class CLASS_SLAP"
action 5.0 cli command " police 7000000 100000 exceed-action drop"
action 6.0 snmp-object-value event-id _event_id gauge 0 next-oid 1.9.9.9.7.0
action 7.0 exit 1
event manager applet OCA-limit-8M
action 1.0 cli command "enable"
action 2.0 cli command "config terminal"
action 3.0 cli command "policy-map OCA-RATE-LIMIT"
action 4.0 cli command "class CLASS_SLAP"
action 5.0 cli command " police 8000000 100000 exceed-action drop"
action 6.0 snmp-object-value event-id _event_id gauge 0 next-oid 1.9.9.9.8.0
action 7.0 exit 1
event manager applet TESTTEST
event none
action 1.0 cli command "enable"
action 2.0 cli command "config terminal"
action 3.0 cli command "policy-map OCA-RATE-LIMIT"
action 4.0 cli command "class CLASS_SLAP"
action 5.0 cli command " police 1900000 100000 exceed-action drop"
action 7.0 exit 1
!
end
Solved! Go to Solution.
05-13-2010 04:07 PM
Chokes how? This should (and does) work. The value of the _cli_result variable will always hold the output of the last CLI command executed.
05-12-2010 12:45 PM
What you want to do is very possible (and I even wrote some internal documentation on this), but you have it configured incorrectly. You have configured your policies to trigger off of SNMP polling operations (i.e. SNMP GET and SET requests), and not to trigger off of SNMP traps received by the device. I will convert one for you, and that should give you the insight into what to do on the others.
event manager applet OCA-limit-3M
event snmp-notification oid 1.9.9.9. oid-val 3 op eq src-ip-address ADDR
action 1.0 cli command "enable"
action 2.0 cli command "config terminal"
action 3.0 cli command "policy-map OCA-RATE-LIMIT"
action 4.0 cli command "class CLASS_SLAP"
action 5.0 cli command " police 3000000 100000 exceed-action drop"
action 6.0 cli command "end"
But, this is actually sub-optimal. You could consolidate all of these applet policies into one. Say you generate a trap with a varbind 1.9.9.9.1=1. You then have two other varbinds, 1.9.9.9.2 and 1.9.9.9.3. The .2 varbind contains the bits per second whereas the .3 varbind contains the burst rate. Your new, unified policy would be:
event manager applet adjust-qos
event snmp-notification oid 1.9.9.9.1 oid-val 1 op eq src-ip-address ADDR
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "policy-map OCA-RATE-LIMIT"
action 4.0 cli command "class CLASS_SLAP"
action 5.0 cli command "police $_1_9_9_9_2 $_1_9_9_9_3 exceed-action drop"
action 6.0 cli command "end"
In both cases, ADDR is the IP address of the Linux box which will send the trap.
05-12-2010 05:22 PM
Joe - Thank you so much for the reponse. I've been trying to get this working but no joy so far - but very close though. I can the applet's to trigger via SNMP GETS. The problem I am having is what oid to use to do the gets. I tried to set it up using 1.9.9.9.3 to 1.9.9.9.25 for the differnet applets. some of them worked, some of them caused my switch to crash. Not sure what's going on there.
Is sending Traps preferred over sending GETS to trigger the applets? If you have any documentation that would be very helpful.
Sincerley
Jeffrey Watson
Lockheed
05-12-2010 06:33 PM
I would STRONGLY encourage you to use traps over GET requests for now. There is a bug when EEM and the snmp-object ED which I filed that will be fixed in an upcoming 15.x release. Until then, GETs can be problematic.
If you follow my example in this thread, it should be easy to get traps to work. Use the Net-SNMP snmptrap command to generate the traps with the customer OID varbinds.
05-13-2010 03:52 AM
Joe - Thanks - Will look at setting up for TRAPS instead GETS. That's good to know.
If we use TRAPS then do we have to use an oid that is a standard MIB or can we use 1.9.9.9.
I'm not sure I can send a trap that isn't a standar MIB.
05-13-2010 05:12 AM
I'm sending the trap - its hitting siwtch. In the log I keep getting this message
fh_fd_snmp_proxy_incoming_trap_msgs: trap received NO match src ip addr
Its not triggering the event - any ideas?
05-13-2010 08:13 AM
Make sure you have the SNMP Manager enabled on your device. Configure:
snmp-server manager
If it's still not working, post your new running config.
05-13-2010 08:12 AM
You can with Net-SNMP's snmptrap command. For example:
snmptrap -v 1 -c public 172.18.123.33 enterprises.cisco 10.32.100.91 1 0 '' .1.9.9.9.1 i 1 .1.9.9.9.2 i 3000000 .1.9.9.9.3 i 100000
05-13-2010 11:01 AM
Joe - we did finally did get it working. Thanks very much for your help. It seems to work very well with just traps and I think its going to be a very useful tool to make some simple configuarion changes via our CEM manager. The only thing left is to provide some status back to the CEM manager that we have changed the running config and what the new police rate is. Do you think that's possible to put a line in EEM event that will send a snmp-trap back to a specific host (not our regular syslog server) whith information on the current rate from the output of "show policy-map".
event manager applet OCA-limit-3M
event snmp-notification oid 1.9.9.9. oid-val "3M" op eq
action 1.0 cli command "enable"
action 2.0 cli command "config terminal"
action 3.0 cli command "policy-map OCA-RATE-LIMIT"
action 4.0 cli command "class CLASS_SLAP"
action 5.0 cli command " police 3000000 100000 exceed-action drop"
action 7.0 exit 1
show policy-map | i police
I need to send this information to our management server as an snmptrap after the EEM event changes the running config
police 3000000 100000 exceed-action drop
Thanks
Jeffrey Watson
Lockheed Martin
05-13-2010 11:10 AM
Add:
action 8.0 snmp-trap strdata "police 3000000 100000 exceed-action drop"
05-13-2010 11:15 AM
action 8.0 snmp-trap strdata "police 3000000 100000 exceed-action drop"
ok thanks - I think I have to actually send them status off the switch and it has to go to a specific server.
Becuase if the event runs and somehow fails to change the running config - the eem script will send send
out a trap which indicates a change.
I saw this in another script
action 100 cli command "show ip int brief | include Loopback0"
Is it possible to send the output of this action to a specific server?
action 100 clie command "show policy-map | i police"
05-13-2010 11:24 AM
Okay, I understand what you're asking. Yes, you can send the output of this CLI command, but it may not look at attractive on your NMS. Given your version of EEM, additional pos-processing of the policy-map output could be performed in applets if required.
Try the following, and if it looks good, then you can stay with it. If not, we can look at additional options.
action 8.0 cli command "show policy-map | inc police"
action 9.0 snmp-trap strdata "$_cli_result"
05-13-2010 12:33 PM
Joe thanks
Is there any way to send the applet traps only to one host and not to the our other snmp-servers which we normally log snmp to?
have you been able to get the $_cli_result to work ok. I tried this before
action 8.0 cli command "show policy-map | inc police"
action 9.0 puts "$_cli_result"
and it always chokes on that line when I run it.
Jeff W
05-13-2010 12:37 PM
snmp-server host 10.10.10.1 readme event-manager
will this send only my event manager traps to this host and not send any of my traps to it?
05-13-2010 04:08 PM
Yes, that host will only receive EEM traps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide