Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Use the variable for the IP address of IOS router

Hi gurus!

I would appreciate if anyone can give me an advice for configuring the variable for the IP address of a particular router interface. All this is about

the router being a DHCP client which receives a new IP address every

now and then and using something like "$ETH0/0_IPADDR" instead of "ANY" in the access-list. As you know there's a way to use a variable with banner or hostname. Is there any way to do with the IP address?

Eugene

4 REPLIES
Blue

Re: Use the variable for the IP address of IOS router

Assuming you don't want to settle for a limited "variable" through an ACL wildcard mask based on knowing the IP addr range assigned by DHCP, I think the EEM applet or script discussed in the following thread can conceivably be adapted to dynamically reconfigure the ACL accordingly:

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=Network%20Management&topicID=.ee71a02&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cd2a971

I'm not sure what can serve as the trigger for EEM though, unless there's SNMP or syslog message generated when the int ip addr changes.

Cisco Employee

Re: Use the variable for the IP address of IOS router

I actually did an EEM policy for this exact problem. What version of IOS are you using?

New Member

Re: Use the variable for the IP address of IOS router

about 80 routers run IOS 12.4(22T) and EEM is something new for me. Thanks a lot for refering to it. I will have to spend some time to get to know it.

Cisco Employee

Re: Use the variable for the IP address of IOS router

Given that you have EEM 3.0, you could use the following programmatic applet:

event manager applet update-acl

event tag none

event tag syslog pattern "LINEPROTO-5-UPDOWN:.*Interface FastEthernet0/0.*changed state to up"

event tag timer timer watchdog time 86400

trigger occurs 1 delay 3

correlate event syslog or event none or event timer

action 010 cli command "enable"

action 020 cli command "show ip int brief | include FastEthernet0/0"

action 030 regexp "^FastEthernet0/0\s+([0-9\.]+)" "$_cli_result" ignore ipaddr

action 040 cli command "config t"

action 050 cli command "no access-list 113"

action 060 cli command "access-list 113 permit ip any host $ipaddr"

action 070 cli command "end"

action 080 syslog msg "New IP address is $ipaddr"

Here, you'll want to replace FastEthernet0/0 with your interface name. This policy will run every 24 hours, every time the device reloads, or every time you run the command "event manager run update-acl". You can, of course, adjust any of the tags and trigger correlation.

315
Views
0
Helpful
4
Replies
CreatePlease to create content