Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Trigger an EEM script from a Remote Server and pass data into the script

Hello all,

I have a script that will modify an otherwise static configuration. I need to send a trigger to the router from a remote Linux server (SNMPv3 preferred) with a parameter that tells the script the value to set this configuration to.

Does anyone have an idea how to do this? I'd like to use SNMPv3 to pass the data along with the auth/priv functions of SNMPv3, but the TAC is saying there is no way to do this and that I should look on the Cisco Support Forums.

Thanks,

Jeff

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

You could use SNMP traps from

You could use SNMP traps from Linux to the router.  I've only ever used v1 traps for this, though.  There was a bug where v2 traps did not work, but that may be resolved now.  You could try this with v3.

But if you need reliability and security, I recommend the XML RPC event detector.  This allows you to send XML over SSH to trigger EEM policies.  I wrote a small Perl API for this at https://supportforums.cisco.com/sites/default/files/legacy/2/3/6/14632-Cisco-EEM-RPC-1.0.1.zip .

9 REPLIES
New Member

This sounds very similar to

This sounds very similar to an issue I'm trying to resolve.

-Matt

Cisco Employee

You could use SNMP traps from

You could use SNMP traps from Linux to the router.  I've only ever used v1 traps for this, though.  There was a bug where v2 traps did not work, but that may be resolved now.  You could try this with v3.

But if you need reliability and security, I recommend the XML RPC event detector.  This allows you to send XML over SSH to trigger EEM policies.  I wrote a small Perl API for this at https://supportforums.cisco.com/sites/default/files/legacy/2/3/6/14632-Cisco-EEM-RPC-1.0.1.zip .

New Member

Joe,

Joe,

The TAC is saying that the router can only do SNMPv3 in an auth/nopriv mode. I cannot use this, I need to have both auth and priv to meet my security needs.

As for using the RPC event detector, I can see the "event rpc" in the EEM handbook, but I cannot see how to parse out the XML from the RPC and then use values passed via the XML.

I assume the scripts you attached to tis are for the Linux server, right?

Jeff

Cisco Employee

The router definitely

The router definitely supports SNMPv3 authPriv, but I would not use the EEM SNMP Object ED.  It is not very reliable.  The Perl API I provided includes a sample Perl script and sample EEM Tcl policies in the "eg" directory.  Yes, this API will work on Linux.

New Member

Though the router supports

Though the router supports SNMPv3 authPriv, my understanding from what I've found online was that the the EEM SNMP event detector did not.  So you are saying that if the server mentioned above sends an SNMPv3 authPriv trap to the router (attempting to trigger an event) the event detector on the router would be able to authenticate and decrypt the trap?  Is that correct? 

Cisco Employee

I know there used to be a bug

I know there used to be a bug with v2 notifications (the kind used by SNMPv3), but I believe it is fixed.  There could also be a problem with the SNMP manager handling v3 traps.  Again, I have not personally tested SNMPv3 traps with the EEM SNMP notification ED.  You could give it a try if you have your heart set on SNMP.  But the XML RPC thing will work, is secure, and has the advantage of using a reliable transport.

New Member

Joe,

Joe,

Whereas I like to think that I am somewhat knowledgeable with EEM, I am not knowledgeable in TCL. Concerning the zip file, what goes on the router and what goes on the server? For the items that go on the router, how do I convert TCL into EEM?

Thanks,

Jeff

Cisco Employee

First, read the README.txt in

First, read the README.txt in the API bundle as that will give you some clues as how to get started.  Second, the EEM Tcl script examples are EEM.  They are just Tcl policies as opposed to applets.  There is no converting Tcl to applets.

For registering Tcl policies with the EEM server, see http://www.cisco.com/c/en/us/td/docs/ios/netmgmt/configuration/guide/12_2sx/nm_12_2sx_book/nm_eem_policy_tcl.html and search for "registering".  You might be able to do what you want with applets using the $_rpc_arg0, $_rpc_arg1, ... variables to get your arguments.  However, I find using Tcl for things a bit easier if the arguments will vary.

New Member

Hi Joe,

Hi Joe,

Unfortunately, my company has decided that this feature will not make it into our current baseline, but I hope to add this into a baseline in the coming year.

In the meantime, I shall mark your original answer as correct so you can get credit for the right answer.

If I have questions about this in the future, may I email you directly?

Thank you for your assistance,

Jeff

88
Views
5
Helpful
9
Replies
CreatePlease login to create content