Cisco OnRamp.tcl script - maximum fax size(s)

Hi all!
For the last several years I've been deploying Cisco's CME solution, and occasionally I've included the OnRamp .tcl script for receiving faxes, converting to .tif files, and forwarding to an email address.
Lately I've had a customer query regarding max size of faxes that can be supported. To wit, they are trying to send a 48 page fax, and in their email inbox they only get the first page. They've tested fax to fax and all works well.
Does anyone know of any sizing limitations, or tweaks I can make to either dial-peers, or hardware, or perhaps the script itself to support any size fax?
Thanks in advance for any help or information.
Kevin

I tried to configure T37 onramp/offramp fax in my network but after several attempts I failed to apply it completely and just portion of that worked well. despite describing the scenario in many forums (like here), I got nothing!
anyway, I'm going to test it in a simple form. I mean, I want to connect my edge router to PSTN line via an FXO port and via ethernet to internal network. my internal network has many physical fax machines that have gotten their internal tel numbers (like 866, 867, ...) from PBX . so can I use this scenario to configure the router to support these fax machine, or I should connect fax machines directly to router through FXS ports? tnx.

Similar Messages

TcL Scripting for Cisco IOS,

anyone has idea how useful this book
TcL Scripting for Cisco IOS,
http://www.ciscopress.com/bookstore/product.asp?isbn=1587059541
thank you

Hi Joe
it is interesting that you are the technical reviewer of this book
i was think to get mid level in Tcl scripting with EEM to give me the ability to implement some automated things
i am good with EEM but Tcl not
will this book take the reader from scratch to tcl scripting ?
thank you and happy new year
Marwan

Cisco's Network Registrar and LDAP (tcl script)

Hi all,
I use CNR version 7.1. I use ldap for authentication user. I have a problem if ldap server not available. I want with tcl script to know what ldap not available and send to user default configuration (ip,dns)
How I can transfer in tcl a script that the server ldap isn't accessible? where i can found error code for this ?
Thanks
Roman

Hi Habeel,
I've answered this question before. If you search the forum for "ldap healtcheck script" - and yes the typo is real then you'll see what I did.
The text is here:
The easiest way is to capture a packet with the authentication credentials and then replace the hex bind string in the example.
The alternative is to handcode the BER coded ASN.1 data string - which while more fun is time consuming. The remainder of the script can stay the same.
I've done this on an ACE module. You have to be aware that 300c02010160 in the example script string is a sort of "header" that holds the request id (1). This will be different in your packet capture.
If you look at the decomposition of the example you'll be able to see how it is put together and what you need to change.
0x30 The start of a universal constructed sequence
0x0c The length of the sequence minus the tag and length bytes = 12 bytes
0x02 Next field is an integer
0x01 The length of the next field (1 byte)
0x01 Value (this is the message ID)
0x60 Application, number 0, use RFC2251 to decode. This is a Bind Request
0x07 Length of data to follow.
0x02 Integer
0x01 Length 1
0x03 3 - this is the LDAP version.
0x04 String
0x00 Length 0
0x80 Simple Authentication
0x00 Length 0
Just keep the id the same in the unbind.
The string I use is:
302d02010160280201030418636e3d41636550726f78792c6f3d556e69766572736974798009ffffffffffffffffff
where I've replaced the 9 character password with 9*x'ff'.
The username for binding is AceProxy. If you want to use the same script then create that username and set the password in the string above (in hex). If for example you set the password to Example12 then you need to set the 9*x'ff' to '4578616d706c653132' - which is the hex representation of the ASCII.
Note that if you use fewer or more than 9 characters then you'll need to change other values in the string because they refer to lengths.
HTH
Cathy

TCL scripting

st1\:*{behavior:url(#ieooui) }
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
Network Scenario:
We have a Client-Server enterprise network, and nature of servers is to broadcast some stats/info to all the clients.
We are using two 6509-E at core with HSRP to provide the redundancy for servers. I have attached the network layout (not the real one) with some description with this thread. On both switches we have configured “ip helper-addresses” to forward the broadcast to multiple destinations(different VLANs). Every thing is working fine with respect to HSRP.
Problem:
Under normal circumstances, both ACTIVE and STANDBY hsrp switches generates broadcast which causing duplication of every broadcast packet and Client end receiving every packet twice. Cisco already claimed that standby switch will forward the broadcast. As an alternate TAC has advised to use the TCL script as a work around which we attempted to however no success at the end.
Please let me know if some one can help me in modifying TCL script.
::cisco::eem::event_register_syslog occurs 1 pattern .*STANDBY.*STATECHANGE.* maxrun 90
# EEM policy used to detect an HSRP state change. Once change is detected, analize the
# type of change and modify the configuration about helper address.
# The script looks for the DHCP server ip address in dhcp_server environment variable
# and adds or removes the command 'ip helper-address dhcp_server' to the interface on
# which HSRP status has changed.
# April 2006, Cisco Europe & Emerging TME Team
# Copyright (c) 2006 by cisco Systems, Inc.
# All rights reserved.
### The script uses the following environment variables:
#   $dhcp_server - ip address of the DCHP server in four octect dotted notation
# 1. check if all the env variables we need exist and if not abort
namespace import ::cisco::eem::*
namespace import ::cisco::lib::*
if {![info exists dhcp_server]} {
    set result "EEM Policy Error: variable dhcp_server has not been set"
    error $result $errorInfo
# 2. Local procedure for CLI show commands
# Pass a list of cli commands and it returns a list of outputs
proc CLICmdProc {cmds} {
    if [catch {cli_open} result] {
        error $result $errorInfo
    } else {
        array set cli1 $result
    if [catch {cli_exec $cli1(fd) "enable"} result] {
        error $result $errorInfo
    foreach a_cmd $cmds {
        if [catch {cli_exec $cli1(fd) $a_cmd} result] {
            error $result $errorInfo
        } else {
            lappend cmd_output $result
    if [catch {cli_close $cli1(fd) $cli1(tty_id)} result] {
        error $result $errorInfo
    return $cmd_output
# 3. Local procedure for CLI configuration commands
# Pass a list of cli commands
proc CLICfgProc {cmds} {
    if [catch {cli_open} result] {
        error $result $errorInfo
    } else {
        array set cli1 $result
    if [catch {cli_exec $cli1(fd) "enable"} result] {
        error $result $errorInfo
    if [catch {cli_exec $cli1(fd) "config terminal"} result] {
        error $result $errorInfo
    foreach a_cmd $cmds {
        if [catch {cli_exec $cli1(fd) $a_cmd} result] {
            error $result $errorInfo
        } else {
            set cmd_output $result
    if [catch {cli_exec $cli1(fd) "end"} result] {
        error $result $errorInfo
    if [catch {cli_exec $cli1(fd) "write mem"} result] {
        error $result $errorInfo
    if [catch {cli_close $cli1(fd) $cli1(tty_id)} result] {
        error $result $errorInfo
# 4. query the information of latest triggered eem event
array set arr_einfo [event_reqinfo]
if {$_cerrno != 0} {
    set result [format "component=%s; subsys err=%s; posix err=%s;\n%s" \
        $_cerr_sub_num $_cerr_sub_err $_cerr_posix_err $_cerr_str]
    error $result
set msg $arr_einfo(msg)
# 5. we save the interface which triggered the event in interface
regexp {(Vlan[0-9]{1,4}).*-> ([A-Z,a-z]*$)} $msg result interface action
if {$action == "Active"} {
              lappend clicmd "interface $interface"
              lappend clicmd "ip helper-address $dhcp_server"
if {$action != "Active"} {
              lappend clicmd "interface $interface"
              lappend clicmd "no ip helper-address $dhcp_server"
set cliout [CLICfgProc $clicmd]
action_syslog msg "Updating the configuration of interface $interface"

Try this version. You will need to first set an environment variable, dhcp_servers to be a comma separated list of IP addresses (i.e. the helper addresses) to configure/unconfigure. For example:
event manager environment dhcp_servers 192.168.10.255,192.168.12.255,192.168.14.255

Reading the Facility Callername from a tcl script

I am looking for a way to read the Callingname in the facility message so that I can pass into
set callInfo(displayInfo)
Basically I'm trying to pass Callername to an ip phone through a TCL script on the gateway during callsetup. This normally gets dropped.
Is there a way to parse these fields in the Facility message?
Thanks ahead of time for any help.
Oct 14 21:59:58.274: ISDN Se0/0/0:23 Q931: RX <- FACILITY pd = 8 callref = 0x03BB
Facility i = 0x9F8B0100A117020101020100800F5452494F4E20574F524C44204E4554
Protocol Profile = Networking Extensions
0xA117020101020100800F5452494F4E20574F524C44204E4554
Component = Invoke component
Invoke Id = 1
Operation = CallingName
Name Presentation Allowed Extended
Name = MY CALLINGNAME

Well.. I'm having to alter an existing script that parsers the calls for fax service before they are being sent to callmanager.
So far I think im in the right direction but I don't know how to use the "object get gtd" properly, if that's even the right approach. Im trying to parse
GEN,y,y,0,JOE BLOW
from the gtd debug below...
Oct 15 16:32:26.543: CNG tone sent
Oct 15 2009 11:32:26 CDT: %ISDN-6-CONNECT: Interface Serial0/0/0:0 is now connected to XXXXXXXXXX N/A
Oct 15 16:32:27.231: ISDN Se0/0/0:23: Built a GTD of size 110 octets for ISDN message type 0x62
Oct 15 16:32:27.231: tsp_ccrawmsg_encap: calling cdapi_find_tsm
Oct 15 16:32:27.231: cdapi_find_tsm: Found Tunnelled Signaling Msg with GTD: PROT_PTYPE_GTD
Oct 15 16:32:27.231: cdapi_find_tsm: Found a gtd msg of length 110:
Oct 15 16:32:27.231: gtd msg = "FAC,
PRN,isdn*,,NI***,
GEN,y,y,0,JOE BLOW ï----------------Caller NAME
UFC,GEN,5,fachd,9f8b0100
UFC,GEN,5,inpdu,020101020100"
This is what I have so far...
set DestNum [infotag get evt_dcdigits]
set callInfo(destinationNum) $DestNum
infotag set evt_facility_report gtd
infotag get evt_gtd CallerID
set CallerName [object get gtd CallerID FAC,4,GEN]
set DestNum [infotag get evt_dcdigits]
put "$CallerName"
put "$DestNum"
set callInfo(displayInfo) $CallerName
set callInfo(destinationNum) $DestNum
leg setup $DestNum callInfo leg_incoming

Problem : tcl script for filter IPSec cosmetic log

Hi all, I would like some advice from anyone who ever see this case. I applied tcl script for filter ipsec error log that log is cosmetic. But my site want to don't see this log from router log. I already create tcl script for filter it out. Ok script can work fine but it more work. It filter other message not just ipsec log out. I check cisco device that support script. How can I fix this problem.
See my detail of script and ios version of router :
script :
# VPN_Error.tcl This script deletes all log messages about VPN error messages
# The script will filter by combination between facility-serverity and mnemonic
# Created on 05-Oct-2012.
set msgs [list {CRYPTO-4-RECVD_PKT_MAC_ERR} {VPN_HW-1-PACKET_ERROR} {CRYPTO-4-RECVD_PKT_NOT_IPSEC} {CRYPTO-4-PKT_REPLAY_ERR}]
set fac_sev_mnem "${::facility}-${::severity}-${::mnemonic}"
foreach msg $msgs {
    if { $msg == $fac_sev_mnem } {
    return ""
return $::orig_msg
ios router version :
: c2800nm-adventerprisek9-mz.124-25f.bin
: c2800nm-adventerprisek9-mz.124-7b.bin
log information and configuration
When I applied command:
logging filter flash:VPN_Filter2.tcl
logging buffered filtered 4096 debugging
show log file:
router#sh logg
Syslog logging: enabled (11 messages dropped, 1 messages rate-limited,
                0 flushes, 0 overruns, xml disabled, filtering enabled)
    Console logging: level debugging, 18145 messages logged, xml disabled,
                     filtering disabled
    Monitor logging: level debugging, 428 messages logged, xml disabled,
                     filtering disabled
        Logging to: vty322(2)
    Buffer logging: level debugging, 0 messages logged, xml disabled,
                    filtering enabled (0 messages logged)
    Logging Exception size (4096 bytes)
    Count and timestamp logging messages: disabled
Filter modules:
    flash:VPN_Filter2.tcl
    Trap logging: level informational, 47011 message lines logged
        Logging to 10.145.0.25 (udp port 514, audit disabled, link up), 47011 message lines logged, xml disabled,
               filtering disabled
        Logging to 10.247.17.41 (udp port 514, audit disabled, link up), 47011 message lines logged, xml disabled,
               filtering disabled
        Logging to 10.247.17.45 (udp port 514, audit disabled, link up), 47011 message lines logged, xml disabled,
               filtering disabled
--More--
Log Buffer (4096 bytes):
router#
If you have some more information. Please tell me.
Thank you for your advice

It looks like your script has an error. You have an extra '}'. It should be:
# VPN_Error.tcl This script deletes all log messages about VPN error messages# The script will filter by combination between facility-serverity and mnemonic       # Created on 05-Oct-2012.#set msgs [list {CRYPTO-4-RECVD_PKT_MAC_ERR} {VPN_HW-1-PACKET_ERROR} {CRYPTO-4-RECVD_PKT_NOT_IPSEC} {CRYPTO-4-PKT_REPLAY_ERR}]set fac_sev_mnem "${::facility}-${::severity}-${::mnemonic}"foreach msg $msgs {    if { $msg == $fac_sev_mnem } {        return ""    } } return $::orig_msg

Export-csv output maximum row size

Hi all. May I know the maximum row size that can output to .csv using 'export-csv'??

There's no limit on writing to a CSV file.
You can try:
# max rows to export to CSV:
$i=0
While ($true) { #Forever
$i++
$i
"Some text" | Export-Csv -Path .\test12.csv -Append -NoTypeInformation
until you run out of disk space, which may take a while. A million lines using the above script makes a 5 BM file..
Now reading it back is an entirely different story. Try
Delimit..
Sam Boutros, Senior Consultant, Software Logic, KOP, PA http://superwidgets.wordpress.com (Please take a moment to Vote as Helpful and/or Mark as Answer, where applicable)

CallManager Express TCL Script issue

Hi, I'm having issues trying to get an AA script working on a CME 4.0 system. What I want to do is quite simple, i just want to play a message to callers and that's it.
When I dial the pilot, the call just drops and I get the following error when debugging "voip application script"
Jul 25 17:16:22.470: //381//TCL :/tcl_PutsObjCmd: TCL AA: +++ B-ACD-SERVICE not registered, Starting B-ACD-SERVICE +++
Jul 25 17:16:22.470: //381//AFW_:/AFW_FSM_Drive: Tcl_Eval to drive FSM inside Tcl modulespace. code=1 code=ERROR
Jul 25 17:16:22.470: TCL script failure
Result:
Handoff Failed
Jul 25 17:16:22.470: TCL script failure errorInfo:
Handoff Failed
while executing
"handoff appl leg_incoming $serviceName -s $hString"
(procedure "act_Setup" line 30)
invoked from within
"act_Setup"
(procedure "act_Handoff_Activity" line 7)
invoked from within
"act_Handoff_Activity"
Below is my config
application
service aa flash:app-b-acd-aa-2.1.0.0.tcl
paramspace english index 1
param number-of-hunt-grps 1
param handoff-string aa
paramspace english language en
param max-time-vm-retry 3
param aa-pilot 1050
paramspace english location flash:
param second-greeting-time 60
param welcome-prompt _bacd_welcome.au
param queue-manager-debugs 1
param call-retry-timer 15
param max-time-call-retry 200
param voice-mail 8000
param service-name aa
dial-peer voice 1050 voip
service aa
destination-pattern 1050
session target ipv4:172.27.27.10
incoming called-number .
dtmf-relay h245-alphanumeric
codec g711ulaw
no vad
telephony-service
load 7914 S00104000100
load ATA ATA030100SCCP040211A
load 7920 cmterm_7920.4.0-02-00
load 7971 TERM70.6-0-3SR1S
load 7970 TERM70.6-0-3SR1S
load 7912 CP7912080001SCCP051117A
max-ephones 240
max-dn 480
ip source-address 172.27.27.10 port 2000
timeouts interdigit 5
system message Galaxia - VSAT Activated
sdspfarm units 1
sdspfarm transcode sessions 2
sdspfarm tag 1 mtp0018185bf860
cnf-file perphone
network-locale IT
time-zone 23
time-format 24
date-format dd-mm-yy
max-conferences 8 gain -6
call-park system redirect
call-forward pattern .T
moh music-on-hold.au
multicast moh 239.x.1.30 port 2123
web admin system name admin password btin3t
dn-webedit
time-webedit
transfer-system full-consult
secondary-dialtone 9
create cnf-files version-stamp 7960 Jul 25 2006 14:09:58
We do not have CUE.
Any help would be appreciated.
Thanks
Glyn

In reference to this part of your config:
If you are using a hunt group, you need the following param:
param aa-hunt1
I would also try using a loopback addres in your voip dial peer, rather than the H.323 physical IP addres of your router.
here is the link with an example config:
http://www.cisco.com/en/US/partner/products/sw/voicesw/ps4625/products_configuration_guide_chapter09186a00805f2305.html#wp1012136

TCL script help needed on Nexus7000 !

Does anyone know how to create a TCL script on Nexus7000 switch for following scenario ? Need urgent help here.. :-
Here is what I am trying to do :-
1. Whenever following log on "show log log" prints out :-
testnexus7000 %PIXM-2-PIXM_SYSLOG_MESSAGE_TYPE_CRIT:
2. Print out the output of show system internal pixm errors
And look for following line :-
[102] pixm_send_msg_mcast(1208): MTS Send to LC X failed >> where X is 0 based
and this error can occur multiple times for different LCs too.
4. Reload line card (s) X and syslog " task done"
Regards
Vijaya

Hi,
Vijaya I found same post on support cisco forums So people helped someone in same question !!!!!!
Please read it ....
https://supportforums.cisco.com/thread/2128886
Yes plus if u can help me in ......Cisco ASA same security problem than that will be good for me .....I will contact u and will be great help for me if u help
Hope that link help u .....
Bye,

Database is approaching its maximum allowable size ?

I have just for this alert within the CSA MC V5.1.0.79
The 'Management Center for Cisco Security Agents V5.1' database is approaching its maximum allowable size. Please purge old data.
I have look at the 'Database Mainteance' and I can see the following
Database size: 1273 MB
Event and configuration data size: 1142 MB
Application Deployment data size: 0 MB
Unallocated space: 114 MB
Free disk space: 29586 MB
Recommendations: none.
Database csaanalysis51 (behavior analysis data) [connection parameters]
Database size: 1 MB
Unallocated space: 0 MB
Free disk space: 29586 MB
Recommendations: none.
How can I resolve this issue ?

I ran the SQL 2000 installation and chose "Upgrade existing SQL Server installation" and it worked fine on a test MC.
There is more information on upgrading SQL Server Desktop Engine here:
http://support.microsoft.com/kb/325023
I don't know if this is supported by Cisco so make sure you have a good backup and run a backup of the MC before attempting it.
Tom

CSM TCL script or http checksum

Hello,
I need to do some HTTP keepalive based on the http page itself (no error code returned by the server).
With the CSS we were able to do it because the css was doing a checksum of the http page. So when there was changes the service was considered to be down.
I have not seen a similar option with the CSM so it is why I am looking for a tcl script that get the page and look for a regexp in it.
I am having some trouble seeing the service up :( so I don't know if my script is good. I see that it is doing the http get on the server but it does not seem to succeed doing the regexp match...
Here is my script :
# !name = HTTP_TEST
# get the IP address of the real server from a predefined global array csm_env
set ip $csm_env(realIP)
set port 80
set url "GET /supervision/test.jsp"
# Open a socket to the server. This creates a TCP connection to the real server
set sock [socket $ip $port]
fconfigure $sock -buffering none -eofchar {}
# Send the get request as defined
puts -nonewline $sock $url;
# Wait for the response from the server and read that in variable line
set line [ read $sock ]
# Parse the response
if { [ regexp "BD \+ SA OK.*\<BR\>Gateway OK.*\<BR\>Gateway2 OK" $line ] } {
exit 5000
} else {
exit 5001
And the regexp should be looking for :
BD + SA OK
<BR>Gateway OK
<BR>Gateway2 OK
any help is welcome !
Thanks

This URL should help you:
http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801a75a7.html

Problem with TCl script

                   Hello I need help, my Cisco Router (2921) work not correct with tcl script.
Tcl script work fine on this device long time, but in one time script was not start get error(no any script changes):
005495: Aug 26 08:46:27: %HA_EM-6-LOG: event.tcl: Unknown error 2620
005496: Aug 26 08:46:27: %HA_EM-6-LOG: event.tcl:     while executing
005497: Aug 26 08:46:27: %HA_EM-6-LOG: event.tcl: "close $myfileid"
005498: Aug 26 08:46:27: %HA_EM-6-LOG: event.tcl:     invoked from within
005499: Aug 26 08:46:27: %HA_EM-6-LOG: event.tcl: "$slave eval $Contents"
005500: Aug 26 08:46:27: %HA_EM-6-LOG: event.tcl:     (procedure "eval_script" line 7)
005501: Aug 26 08:46:27: %HA_EM-6-LOG: event.tcl:     invoked from within
005502: Aug 26 08:46:27: %HA_EM-6-LOG: event.tcl: "eval_script slave $scriptname"
005503: Aug 26 08:46:27: %HA_EM-6-LOG: event.tcl:     invoked from within
005504: Aug 26 08:46:27: %HA_EM-6-LOG: event.tcl: "if {$security_level == 1} {       #untrusted script
005505: Aug 26 08:46:27: %HA_EM-6-LOG: event.tcl:      interp create -safe slave
005506: Aug 26 08:46:27: %HA_EM-6-LOG: event.tcl:      interp share {} stdin slave
005507: Aug 26 08:46:27: %HA_EM-6-LOG: event.tcl:      interp share {} stdout slave
005508: Aug 26 08:46:27: %HA_EM-6-LOG: event.tcl: ..."
005509: Aug 26 08:46:27: %HA_EM-6-LOG: event.tcl:     (file "tmpsys:/lib/tcl/base.tcl" line 50)
005510: Aug 26 08:46:27: %HA_EM-6-LOG: event.tcl: Tcl policy execute failed:
005511: Aug 26 08:46:27: %HA_EM-6-LOG: event.tcl: Unknown error 2620
If I try do command it not help:
no event manager policy event.tcl
event manager policy event.tcl
I try reload script in router, and every time then script was start, some part of script file was deleted (it very intrusting, because i think script in flash only read (not write))
Only reload help, auto reload script work fine.
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.1(4)M6, RELEASE SOFTWARE (fc2)

hello Joseph, this TCL script work long time with out any problem and with out any changes.
On this device I change configuration (add two EEM aplet with event tag syslog pattern) auto this modification i have problem. May be I try do all my configuration on TCL script.
I add EMM (it work with out any problem):
event manager applet RESET-3G-S
event tag 1.0 syslog pattern "%TRACKING-5-STATE: 2 ip sla 2 reachability Up->Down"
event manager applet 3G-EEM-STOP
event tag 1.0 syslog pattern "%TRACKING-5-STATE: 2 ip sla 2 reachability Down->Up"
My scipt have syslog patern:
::cisco::eem::event_register_syslog tag 1 pattern ".*SEC_LOGIN-4-LOGIN_FAILED: Login failed.*" occurs 1 maxrun 50
::cisco::eem::event_register_syslog tag 2 pattern ".*%SEC_LOGIN-5-LOGIN_SUCCESS: Login Success*" occurs 1
::cisco::eem::event_register_syslog tag 3 pattern ".*%SYS-5-RESTART.*" occurs 1
::cisco::eem::trigger {
::cisco::eem::correlate event 1 or event 2 or event 3
::cisco::eem::attribute tag 1 occurs 1
::cisco::eem::attribute tag 2 occurs 1
::cisco::eem::attribute tag 3 occurs 1
Tahnk you

Looking for ACE Probe TCL script specific for LDAPS

Hello Everyone,
I have searched the forum, and i am having difficulty finding an example of how to modify the LDAP TCL probe from port 389 to secure LDAP port 636.
Could someone kindly point me or provide me the modified TCL script if you happen to have it.
During my search I also found a config that someone had provided, which contained the following probe:
probe tcp LDAPS_Probe
port 636
probe tcp LDAP_Probe
port 389
I was trying to figure out if this a modified TCL script for LDAP or modifed TCP TCL script specific for port 636.
This is how I applied the script for LDAP port 389.
script file 1 LDAP_PROBE
probe scripted LDAP_PROBE_389
interval 5
passdetect interval 30
receive 5
script LDAP_PROBE
serverfarm host SF-LDAP-389
description SF LDAP Port 389
predictor leastconns
probe LDAP_PROBE_389
rserver LDAP-RS1-389
inservice
I will be more than glad to provide you any additional information that you need.
As always thanks for your input.
Raman Azizian
SAIC/NISN Network services

normally you would engage a TCL developer or ciso advanced services to develop a custom script for anything other than what Cisco provides in canned scripts. If you are comfortable with tcl you can do it yourself. Here is an example of the LDAP script modified to include initiation via ssl. default port is 389 when you implement you would specify 636.
#!name = LDAP_PROBE
# Description:
#    LDAP_PROBE opens a TCP connection to an LDAP server, sends a bind request. and
#    determines whether the bind request succeeds. LDAP_PROBE then closes the
#    connection with a TCP RST.
#    If a port is specified in the "probe scripted" configuration, the script probes
#     each suspect on that port. If no port is specified, the default LDAP port 389
#     is used.
# Success:
#   The script succeeds if the server returns a bind response indicating success
#    (status code 0x0a0100) to the bind request.
#   The script closes the TCP connection with a RST following a successful attempt.
# Failure:
#   The script fails due to timeout if the response is not returned. This
#    includes a failure to receive ARP resolution, a failure to create a TCP connection
#    to the port, or a failure to return a response to the LDAP bind request.
#   The script also fails if the server bind response does not indicate success.
#    This specific error returns the 30002 error code.
#   The script closes any attempted TCP connection, successful or not, with a RST.
# PLEASE NOTE: This script expects the server LDAP bind response to specify length
#   in ASN.1 short definite form. Responses using other length forms (e.g., long
#   definite length form) will require script modification to achieve success.
# SCRIPT version: 1.0       April 1, 2008
# Parameters:
#   [DEBUG]
#      username - user login name
#      password - password
#      DEBUG        - optional key word 'DEBUG'. default is off
#         Do not enable this flag while multiple probe suspects are configured for this
#         script.
# Example config :
#   probe scripted USE_LDAP_PROBE
#         script LDAP_PROBE
#   Values configured in the "probe scripted" configuration populate the
#   scriptprobe_env array. These may be accessed or manipulated if desired.
# Documentation:
#    A detailed discussion of the use of scripts on the ACE is included in
#       "Using Toolkit Command Language (TCL) Scripts with the ACE"
#    in the "Load-Balancing Configuration Guide" section of the ACE documentation set.
# Copyright (c) 2005-2008 by Cisco Systems, Inc.
# debug procedure
# set the EXIT_MSG environment variable to help debug
# also print the debug message when debug flag is on
proc ace_debug { msg } {
    global debug ip port EXIT_MSG
    set EXIT_MSG $msg
    if { [ info exists ip ] && [ info exists port ] } {
     set EXIT_MSG "[ info script ]:$ip:$port: $EXIT_MSG "
    if { [ info exists debug ] && $debug } {
     puts $EXIT_MSG
# main
# parse cmd line args and initialize variables
## set debug value
set debug 0
if { [ regsub -nocase "DEBUG" $argv "" argv] } {
    set debug 1
ace_debug "initializing variable"
set EXIT_MSG "Error config: script LDAP_PROBE \[DEBUG\]"
set ip $scriptprobe_env(realIP)
set port $scriptprobe_env(realPort)
# if port is zero the use well known ldap port 389
if { $port == 0 } {
    set port 389
# PROBE START
# open connection
ace_debug "opening socket"
set sock [ socket -sslversion all -sslcipher RSA_WITH_RC4_128_MD5 $ip $port ]
fconfigure $sock -buffering line -translation binary
# send a standard anonymous bind request
ace_debug "sending ldap bind request"
puts -nonewline $sock [ binary format "H*" 300c020101600702010304008000 ]
flush $sock
# read string back from server
ace_debug "receiving ldap bind result"
set line [read $sock 14]
binary scan $line H* res
binary scan $line @7H6 code
ace_debug "received $res with code $code"
# close connection
ace_debug "closing socket"
close $sock
# make probe fail by exit with 30002 if ldap reply code != success code 0x0a0100
if { $code != "0a0100" } {
    ace_debug " probe failed : expect response code \'0a0100\' but received \'$code\'"
    exit 30002
## make probe success by exit with 30001
ace_debug "probe success"
exit 30001

ACE probe TCL script database

Hello everyone, okay?
I was thinking of a possibility to use my ACE to monitor a database, in this case a MySQL database Today I use a TCP probe, monitoring the port, but I would go one step further and try to make a connection in the DATABASE.
I would like to see the possibility of a guideline in creating a TCL script to make a simple connection to a database.
The idea is to try to make a connection in a database, run a query / select on any table just to validate its functionality and not just checking if the port is responding.
I do not know how complex it is or what would be my pre -requisites required, but any help would be welcome.
I thought about using an HTTP probe to make this validation and use a web page making the connection to the database, but it ended up creating another layer and if there is any problem in web service, the database would be affected indirectly.
Thank you. All suggestions are welcome.

Hi Plinio,
I cannot see any support for testing authentication, SQL queries or connections to a database that is supported directly in TCL at this time.
Here is the TCL guide that expalains the supported commands ( there is a HTTP example probe at the bottom )
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA4_2_0/configuration/slb/guide/script.html
Beyond a TCL TCP probe to the port to test the listener is running, I believe your suggestion of a HTTP TCL script is probably the most accurate way to check the integrity of the database. You could write code to set a certain response to all types of failure scenarios and on the ACE you could then use a HTTP TCL script to parse the response from the web server to identify exactly what has failed in your database and act accordingly.
cheers,
Chris

Simple tcl script in cucme

Hi,
I need a simple TCL script, that picks up the phone, plays a greeting message and then does DID further in without caller intervention. Currently I have 2811 with a BRI, the local telco sends only the last two digits that are a direct match to the extensions of the IP phones and I do DID.
I analyzed b-acd-aa script, that is shipped with the CME, but in fact I do not need such a complex state machine with digit collection, hunt groups, etc.
(http://www.cisco.com/en/US/docs/voice_ip_comm/cucme/bacd/configuration/guide/cme40tcl.html)
I believe I need something like:
application
service foo flash:foo.tcl
param welcome-prompt foo.au
dial-peer voice 10 pots
service foo
port 0/2/0
incoming called [0-1].
direct-inward-dial
Please advise wether to build a new TCL script, or to try to provide all the necessary parameters to the existing scripts and try to make them work for what I need (e.g. drop-through, etc.)
Any comments are welcome!
Zzzz.

You can use b-acd/aa in drop-through mode.
if you are interested in acquirinf a num2name script that does it and much more, you can contact me at the address present in my profile.

Cisco OnRamp.tcl script - maximum fax size(s)

Similar Messages

Maybe you are looking for