Solved: Problem with EEM, cannot configure OID monitoring

Andreas Wittemann · ‎10-04-2010

Hi everybody,

i´m not able to configure this line

event snmp oid 1.3.6.1.4.1.9.9.109.1.1.1.1.4.1 get-type exact entry-op ge entry-val 85 exit-op le exit-val 65 poll-interval 60

as trigger event for shutting down various features regarding CPU spikes.

I was trying to configure this on my C3845, c3845-advsecurityk9-mz.124-24.T2.

This does make sense, because:

vpn-event3845(config-applet)#event ?

application Application specific event

cli CLI event

config Configuration policy event

counter Counter event

env Environmental event

interface Interface event

ioswdsysmon IOS WDSysMon event

ipsla IPSLA Event

nf NF Event

none Manually run policy event

oir OIR event

resource Resource event

rf Redundancy Facility event

routing Routing event

rpc Remote Procedure Call event

syslog Syslog event

tag event tag identifier

timer Timer event

track Tracking object event

As i could obviously see, this isn´t possible. On this platform? On this IOS? Changing both of them is not an option.

How can i monitor an SNMP OID in the given environment?

SNMP itself is enabled and works like a charm, since i can graph my router using MRTG, even the different protocols getting them with NBAR...i can get this OID with SNMPget too, i do this within my MRTG installation once a minute.

Thanks in advance,

Andreas

Joe Clarke · ‎10-04-2010

This is known bug CSCtj01916. The problem only affects the advsecurityk9 images for ISRs. If you move to a different feature set, you will have EEM with SNMP.

View solution in original post

Joe Clarke · ‎10-04-2010

This is known bug CSCtj01916. The problem only affects the advsecurityk9 images for ISRs. If you move to a different feature set, you will have EEM with SNMP.

Jason Masker · ‎10-04-2010

Nice find! That makes much more sense as I could find nothing in EEM documentation that mentioned SNMP Manager functionality as a requirement. It just didn't make a lot of sense that the command wasn't there.

Joe Clarke · ‎10-04-2010

The SNMP proxy sub-system, which is responsible for SNMP Manager and the EEM SNMP polling code, is missing in these advsecurityk9 images.

Andreas Wittemann · ‎10-05-2010

Hi Joe,

thank you for your fast response. OK, so i think i´ll give another IOS a try, since i desperately need this feature in this special environment.

Best regards,

Andreas

Andreas Wittemann · ‎10-05-2010

OK, i tried SPSERVICES...worked fine, related to my first problem...but:

I´m not able to use VPNs with this featureset.

I´ll have to use this configuration snippet for VPN:

crypto isakmp policy 10

hash md5

authentication pre-share

group 2

lifetime 7200

crypto isakmp key MYKEYISCOMPLICATED address 1.2.3.4

crypto isakmp keepalive 120

!

crypto ipsec transform-set MYPOLICY esp-aes

mode transport require

!

crypto map cryptomap1 1 ipsec-isakmp

description VPN 1

set peer 1.2.3.4

set security-association lifetime seconds 1800

set transform-set MYPOLICY

match address 180

crypto map cryptomap1 2 ipsec-isakmp

description VPN 2

set peer 3.4.5.6

set security-association lifetime seconds 1800

set transform-set MYPOLICY

match address 190

And i need a little piece of OSPF, not very complicated.

My router has 256R/64F.

Any suggestions for a working featureset with the already described SNMP/EEM-functionality _and_ VPN/OSPF?

I´m stuck right now. Seems to me i can´t have all the needed features at the same time with the given hardware.

Jason Masker · ‎10-05-2010

IP Advanced Services should have all of the above, but I don't know if it is the least common denominator. That is, IP Advanced Services has everything, so it could be overkill.

Andreas Wittemann · ‎10-05-2010

OK, thanks for the suggestion,

I tried, and it seems to work at a first glance. I can check the VPN-connectivity tomorrow, also the functionality of my EEM script.

But i WAS able to configure it. I´ll report it here after my checks.

Thanks!

BTW:

I had to use c3845-advipservicesk9-mz.124-25d.bin, since the T-version was too big for my flash(only 64 megs). But it´s an MD, so if all is working it will be fine for me too.

Joe Clarke · ‎10-05-2010

There is a substantial difference in EEM between 12.4 mainline and 12.4(24)T. The former has EEM 2.1 while the latter has 3.0. If you need sophisticated programmatic applets (e.g. applets with loops, conditionals, show command parsing, etc.), those will not be possible in EEM 2.1. You will have to resort to Tcl to acommplish that level of automation.

Andreas Wittemann · ‎10-06-2010

I tested if all is working, and yes, the EEM script does its job. It´s a real basic script, nothing exiting:

event manager applet CALMDOWN

event snmp oid 1.3.6.1.4.1.9.9.109.1.1.1.1.4.1 get-type exact entry-op ge entry-val 85 exit-op le exit-val 65 poll-interval 60

action 100 syslog priority notifications msg "Disabling CPU-intensive features due to CPU-load/1min around 85%"

action 200 cli command "enable"

action 300 cli command "config t"

action 400 cli command "interface GigabitEthernet0/0"

action 405 cli command "no ip nbar protocol-discovery"

action 410 cli command "no service-policy input polINTERNET-IN"

action 415 cli command "no service-policy output polINTERNET-OUT"

action 500 cli command "interface GigabitEthernet0/1"

action 505 cli command "no ip nbar protocol-discovery"

action 510 cli command "no ip accounting output-packets"

action 515 cli command "no service-policy input polLAN-IN"

action 600 cli command "end"

action 700 syslog priority notifications msg "Disabling done..."

event manager applet GETBUSY

event snmp oid 1.3.6.1.4.1.9.9.109.1.1.1.1.4.1 get-type exact entry-op le entry-val 65 exit-op ge exit-val 85 poll-interval 60

action 100 syslog priority notifications msg "Re-enabling CPU-intensive features due to relief in CPU-load/1min below 65%"

action 200 cli command "enable"

action 300 cli command "config t"

action 400 cli command "interface GigabitEthernet0/0"

action 405 cli command "ip nbar protocol-discovery"

action 410 cli command "service-policy input polINTERNET-IN"

action 415 cli command "service-policy output polINTERNET-OUT"

action 500 cli command "interface GigabitEthernet0/1"

action 505 cli command "ip nbar protocol-discovery"

action 510 cli command "ip accounting output-packets"

action 515 cli command "service-policy input polLAN-IN"

action 600 cli command "end"

action 700 syslog priority notifications msg "Re-enabling done..."

And it works, as i have seen this morning. I had several iperf-sessions to raise the load, and stopped them after a while. So all behaves as expected.

Thanks to everybody who has contributed in this case, you were a great help!

Jason Masker · ‎10-04-2010

I believe the problem is with the Advanced Security feature set you are running. I just checked my router running the 12.4T train and IP Advanced Services and the command appears.

Looking at the difference in features between Advanced Security and IP Advanced Services in regard to EEM features, but there are some differences in SNMP support. Specifically, the SNMP Manager function adds the ability to monitor OIDs, etc. It could be that EEM is using this feature to accomplish the SNMP poll.