Background: Our remoted location has two VPN tunnels ( public IP=.z1, z2) and if internal routes cannot route to either the 891 will kick on the V.92 modem, dial into a ISP and get a unknow public IP address. Using a standard sla to monitor z1 and z2 with frequency of 10 sec works to ensure the internal routes fails back correctly when it restores, however brief ISP outages < 10 secs will not trigger the sla, yet the route can failover depending on what the remote clients are doing at the time. So we want to monitor two items before we make a decision to clear cry session and force routes back to their primary endpoint..
Two ways to skin the cat:
a) Use sla 1 on the private network and sla 2&3 on the public endpoints in nested if statements to make decsion on action needed
b) Use sla 1 and compare routes to known IP's (.z1&.z2) and set Varible Route = ?, next inspect varible value to use in third if statement to determine action.
I gave up on option a) and the below code is for option b)
My only issue left is comparing my Varible named "Route" is not working..
event manager applet CheckPrivateRoute_z1
event track 1 state any
action 1.2 set Route "none"
action 2.1 syslog msg "PrivateRoute took hit, Checking Route"
action 2.2 cli command "sh ip route | inc 10.xx"
action 2.3 regexp "(.*) (ww\.xx\.yy\.z1) (.*)" "$_cli_result" _match _sub1 _sub2
action 2.4 if $_regexp_result eq 0
action 2.42 set Route "unknow"
action 2.43 else
action 2.44 set Route "Ok"
action 2.45 syslog msg "PrivateRoute took hit, still on z1"
action 2.46 end
action 2.5 regexp "(.*) (ww\.xx\.yy\.z2) (.*)" "$_cli_result"
action 2.62 if $_regexp_result eq 0
action 2.63 set Route "unknow"
action 2.64 syslog msg "PrivateRoute Route Unknown"
action 2.65 else
action 2.66 set Route "Ok"
action 2.67 syslog msg "PrivateRoute Failed to z2"
action 2.68 end
action 3 if Route eq "unknow"
action 3.2 cli command "ping 10.xx.yy.z source gi0/0.2"
action 3.3 regexp "(*) (Success) (*)" "$_cli_result"
action 3.4 if $_regexp_result eq 1
action 3.42 syslog msg "PrivateRoute Must have failed to DialBackup"
action 3.43 else
action 3.44 syslog msg "PrivateRoute Down, Refreshing Routes"
action 3.45 cli command "clear crypto sess remote ww.xx.yy.z1"
action 3.46 cli command "clear crypto sess remote ww.xx.yy.z2"
action 3.47 syslog msg "Routes Rebuilding"
action 3.48 end
action 3.5 end
The most fundamental problems I see are that action 3 needs to be:
action 3 if $Route eq "unknow"
And you need to add:
action 1.1 cli command "enable"
I'm using tacacs and have the command
event manager session cli username "xyz"
which throw in in en mode already.
Changed action 3, got...
019359: Jul 17 13:23:29: %TRACKING-5-STATE: 3 ip sla 2 reachability Up->Down
019360: Jul 17 13:23:29.474 summer: %HA_EM-6-LOG: CheckGV1Pvt: GV1pvt took hit, Checking Route
019361: Jul 17 13:23:29.490 summer: %HA_EM-6-LOG: CheckGV1Pvt: Gv1Pvt Route Unknown
019362: Jul 17 13:23:29: %HA_EM-6-FMPD_REGCOMP: Error compiling regular expression: *** unknown regexp error code ***
019363: Jul 17 13:23:29: %HA_EM-3-FMPD_ERROR: Error executing applet CheckGV1Pvt statement 3.3
I was missing the .'s in line action 3.3 and changed to
action 3.3 regexp "(.*Success.*) " "$_cli_result"
seems to be working better now....
Although this technically works, the results cause conflicts with the other event manager applets, so I need a example of an applet as senerio a) with nested if statements checking multiple ip sla states, before determing which action to take.
I'm not clear on exactly what you're looking for. If you're looking to get track states for other objects, you can use the "track read" action to pull in those states. But you clearly have some notion of the code flow in your head that I don't see.
how do I read from multiple tracks and set them to different variable?
action 1.0 set VaribleA track read 1
action 2.0 set VaribleB track read 2
is not working..
I found you can also use "cli command "sh ip sla statistics 10 | inc code" which gives you the same value. Unfortunately however when I get to line 3.3 to reuse the regexp after a different cli command, I'm getting a blank line just showing the command prompt.....
Is there a way to clear "regexp" and "$_cli_result" value(s) so they can be used again within the same applet ?
The value of _cli_result will always reflect the last CLI command executed. If you need to cache this, use set to store the value in an intermediate vairable:
set clires $_cli_result
The same works for _regexp_result.
If that is case than 3.2 is not being executed, which does working directly at cli..... Is there syntax for using the return char with a cli command ?
action 3.1 cli command " return? "
needing a return is not the issue, debug shows the following when trying line 3.2
cli_history_entry_add: free_hist_list size=0, hist_list size=7
eem_no_scan flag set, skipping scan of command_string=check_eem_cli_policy_handler
There's nothing wrong with this. But if "debug event manager action cli" is enabled, then you should see the actual command being written to the VTY.
So I played with the command and "sh ip route" shows correctly in debug, however "sh ip route | inc xyz" does not.
Which is really odd because "sh ip sla statistics 10 | inc code" works just fine.
So it's just related to "| inc" and sh ip route command.
I even reserved my xyz to be my static public IP vs the private and still don't work.
So I have event that only fires when my private network sla comes up and I can't verify which route it's taking...