Cisco's Network Registrar and LDAP (tcl script)

Similar Messages

• Ask the Expert:Cisco Prime Network Registrar

  With Pete Newcomb & Jim Brown 
  Welcome to the Cisco Support Community Ask the Expert conversation. Learn from experts Peter Newcomb and Jim Brown about  Cisco Prime Network Registrar, Cisco's industry leading solution for integrated DNS, DHCP and  IP address management (IPAM) services  for both IPv4 and IPv6. 
  Pete Newcomb is a technical marketing engineer in Cisco's Network Management and Technology Group and has over 30 years of experience in the voice and data communications industry, including sales support and product engineering support with several companies. His design and development background includes wireless services, switching, routing, TCP/IP, Frame Relay, X.25, telephony services, risk management, and network security. 
  Jim Brown is a customer support  engineer in Cisco's Network Management and Technology Group. He has over 35 years of experience in development engineering and customer service, real-time and fault tolerant operating systems, and network management for the telecommunications and software industries. For the last 14 years he has been with the Network Registrar Development Team, interfacing with Customer Service and directly with customers in problem solving.
  Remember to use the rating system to let Pete and Jim know if you have received an adequate response.  
  Pete and Jim might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Network Infrastructure sub-community   forum shortly after the event. This event lasts through January 18, 2013. Visit this forum often to view responses to your questions and the questions of other community members.

  Hi Jorge,
     Absolutely, Prime CNR supports IPv6 since CNR 6.x versions...
     For IPv6 configuration instructions on latest versions of CPNR you should start here;
        http://www.cisco.com/en/US/partner/docs/net_mgmt/prime/network_registrar/8.1/user/guide/UG25_IP6.html
                                                      Best Regards
                                                      Jim Brown

• ACE - LDAP TCL Script

  Hi,
  we are using the TCL LDAP_Script as a probe scripted for LDAP server farm. The default script the Cisco provided is sending only an anonymous binding to the LDAP servers, we are trying to modify this script to sned a credential binding with username and password. Anyone done something like that before!
  Your contribution is appreciated.
  Hadi

  Hi Habeel,
  I've answered this question before. If you search the forum for "ldap healtcheck script" - and yes the typo is real then you'll see what I did.
  The text is here:
  The easiest way is to capture a packet with the authentication credentials and then replace the hex bind string in the example.
  The alternative is to handcode the BER coded ASN.1 data string - which while more fun is time consuming. The remainder of the script can stay the same.
  I've done this on an ACE module. You have to be aware that 300c02010160 in the example script string is a sort of "header" that holds the request id (1). This will be different in your packet capture.
  If you look at the decomposition of the example you'll be able to see how it is put together and what you need to change.
  0x30 The start of a universal constructed sequence
  0x0c The length of the sequence minus the tag and length bytes = 12 bytes
  0x02 Next field is an integer
  0x01 The length of the next field (1 byte)
  0x01 Value (this is the message ID)
  0x60 Application, number 0, use RFC2251 to decode. This is a Bind Request
  0x07 Length of data to follow.
  0x02 Integer
  0x01 Length 1
  0x03 3 - this is the LDAP version.
  0x04 String
  0x00 Length 0
  0x80 Simple Authentication
  0x00 Length 0
  Just keep the id the same in the unbind.
  The string I use is:
  302d02010160280201030418636e3d41636550726f78792c6f3d556e69766572736974798009ffffffffffffffffff
  where I've replaced the 9 character password with 9*x'ff'.
  The username for binding is AceProxy. If you want to use the same script then create that username and set the password in the string above (in hex). If for example you set the password to Example12 then you need to set the 9*x'ff' to '4578616d706c653132' - which is the hex representation of the ASCII.
  Note that if you use fewer or more than 9 characters then you'll need to change other values in the string because they refer to lengths.
  HTH
  Cathy

• Cisco Finesse - End user and LDAP sync.

  Hello,
  Does anybody know if it is possible to allow users to access finesse client using LDAP credentials? I haven't been able to find information about it.
  We have recently implemented one and it has a local database so users have different credentials for this service than what they use on LDAP.
  Regards,
  Sent from Cisco Technical Support iPhone App

  I dont think its possible to integrate Cisco Finesse with LDAP.
  To log a user into the Finesse client, the Finesse server must be able to access the Administration & Data Server database (AWDB) to authenticate the user.

• My Radio Applet and converted TCL script do work -- but they still get a few errors . .

  OK, the end result is good and all the attached radios are shown in the Sho-Run and the interface bandwidths are being changed to reflect the true line rates of the radios:
  event manager environment 2400_TX_Rate 243 Mb
  event manager environment 2400_RX_Rate 151 Mb
  event manager environment 2400_Signal -40 dB
  event manager environment 2400_Noise -89 dB
  event manager environment 2400_Distance 0 Miles
  event manager environment 3500_TX_Rate 151 Mb
  event manager environment 3500_RX_Rate 146 Mb
  event manager environment 3500_Signal -46 dB
  event manager environment 3500_Noise -92 dB
  event manager environment 3500_Distance 150 Miles
  event manager environment 5800_TX_Rate 261 Mb
  event manager environment 5800_RX_Rate 251 Mb
  event manager environment 5800_Signal -46 dB
  event manager environment 5800_Noise -90 dB
  event manager environment 5800_Distance 0 Miles
  event manager environment 900_TX_Rate 117 Mb
  event manager environment 900_RX_Rate 99 Mb
  event manager environment 900_Signal -56 dB
  event manager environment 900_Noise -93 dB
  event manager environment 900_Distance 0 Miles
  interface Vlan2
  description 2.4 Ghz Radio
  bandwidth 185000
  ip address 192.168.2.1 255.255.255.0
  delay 1
  interface Vlan3
  description 3.65Ghz Radio
  bandwidth 156000
  ip address 192.168.3.1 255.255.255.0
  delay 1000000   <------------------------- Because the range reported is too far for this frequency
  interface Vlan5
  description 5Ghz Radio
  bandwidth 246000
  ip address 192.168.5.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly in
  delay 1
  interface Vlan9
  description 900Mhz Radio
  bandwidth 108000
  ip address 192.168.9.1 255.255.255.0
  delay 1
  Do I just need to tell it to exit instead of merely letting it complete?
  It says that it abnormally ends:
  10   98     Actv abort    Tue Dec 3 14:35:37 2013  timer watchdog    applet: Radio-Rate-ReaderTWO
  It only takes about 16 seconds to run:
  *Dec  3 14:03:37 UTC: fh_set_epc_pid: EEM callback policy Radio-Rate-ReaderTWO has been scheduled to run.
  *Dec  3 14:03:37 UTC: %HA_EM-6-LOG: Radio-Rate-ReaderTWO : DEBUG(cli_lib) : : CTL : cli_open called.
  *Dec  3 14:03:37 UTC: %HA_EM-6-LOG: Radio-Rate-ReaderTWO : DEBUG(cli_lib) : : IN  : 2901_Rig_1#ssh -l ubnt 192.168.2.11
  *Dec  3 14:03:37 UTC: EEM policy Radio-Rate-ReaderTWO has exceeded it's elapsed time limit of 60.0 seconds ???
  *Dec  3 14:03:40 UTC: %HA_EM-6-LOG: Radio-Rate-ReaderTWO : DEBUG(cli_lib) : : IN  : ssh -l ubnt 192.168.3.11
  *Dec  3 14:03:43 UTC: %HA_EM-6-LOG: Radio-Rate-ReaderTWO : DEBUG(cli_lib) : : IN  : ssh -l ubnt 192.168.5.11
  *Dec  3 14:03:53 UTC: %HA_EM-6-LOG: Radio-Rate-ReaderTWO : DEBUG(cli_lib) : : IN  : ssh -l ubnt 192.168.9.11
  Here is the Applet.  When I convert to TCL I get the same "Actv abort".
  event manager applet Radio-Rate-ReaderTWO
  event timer watchdog time 60 maxrun 60
  action 200 comment ##################################################
  action 201 comment             Start  &   2.4 GHZ RADIO
  action 202 comment ##################################################
  action 220 comment ~~~SSH to Radio and execute mca-status command
  action 231 cli command "enable"
  action 232 cli command "ssh -l ubnt 192.168.2.11" pattern "assword:"
  action 233 cli command "fly2the*" pattern "#"
  action 234 cli command "mca-status" pattern "#"
  action 235 comment ~~~Extract the TX & RX rates and the Distance
  action 236 regexp "wlanTxRate=([0-9]+)" $_cli_result match txrate
  action 237 regexp "wlanRxRate=([0-9]+)" $_cli_result match rxrate
  action 238 regexp "distance=([0-9]+)" $_cli_result match distance
  action 239 regexp "signal=(-[0-9]+)" $_cli_result match signal
  action 240 regexp "noise=(-[0-9]+)" $_cli_result match noise
  action 245 comment ~~~Exit the Radio SSH
  action 246 cli command "exit" pattern "#"
  action 247 add $txrate $rxrate
  action 248 set var1 "$_result"
  action 249 divide $var1 2
  action 250 set line_rate "$_result"
  action 251 comment ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  action 252 comment   2.4Ghz Distance/Range Decision
  action 253 comment ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  action 254 if $distance gt 3
  action 255 set delaynum 1000000
  action 256 else
  action 257 set delaynum 1
  action 258 end
  action 261 comment ~~~ Go to Config T and enter commands
  action 262 cli command "config t" pattern "#"
  action 273 cli command "event manager environment 2400_TX_Rate $txrate Mb" pattern "#"
  action 274 cli command "event manager environment 2400_RX_Rate $rxrate Mb" pattern "#"
  action 275 cli command "event manager environment 2400_Signal $signal dB" pattern "#"
  action 276 cli command "event manager environment 2400_Noise $noise dB" pattern "#"
  action 277 cli command "event manager environment 2400_Distance $distance Miles" pattern "#"
  action 280 multiply $line_rate 1000
  action 281 set line_rate $_result
  action 282 cli command "int vlan 2" pattern "#"
  action 283 cli command "bandwidth $line_rate" pattern "#"
  action 284 cli command "delay $delaynum" pattern "#"
  action 285 cli command "exit" pattern "#"
  action 286 cli command "exit" pattern "#"
  action 295 comment ##################################################
  action 296 comment                       3.5 GHZ RADIO
  action 298 comment ##################################################
  action 301 comment ~~~SSH to Radio and execute mca-status command
  action 303 cli command "ssh -l ubnt 192.168.3.11" pattern "assword:"
  action 304 cli command "fly2the*" pattern "#"
  action 305 cli command "mca-status" pattern "#"
  action 306 comment ~~~Extract the TX & RX rates and the Distance
  action 307 regexp "wlanTxRate=([0-9]+)" $_cli_result match txrate
  action 308 regexp "wlanRxRate=([0-9]+)" $_cli_result match rxrate
  action 309 regexp "distance=([0-9]+)" $_cli_result match distance
  action 320 regexp "signal=(-[0-9]+)" $_cli_result match signal
  action 321 regexp "noise=(-[0-9]+)" $_cli_result match noise
  action 326 comment ~~~Exit the Radio SSH
  action 327 cli command "exit" pattern "#"
  action 328 add $txrate $rxrate
  action 329 set var1 "$_result"
  action 330 divide $var1 2
  action 331 set line_rate "$_result"
  action 340 comment ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  action 341 comment   3.5Ghz Distance/Range Decision
  action 342 comment ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  action 343 if $distance gt 2
  action 344 set delaynum 1000000
  action 345 else
  action 346 set delaynum 1
  action 347 end
  action 352 comment ~~~ Go to Config T and enter commands
  action 353 cli command "config t" pattern "#"
  action 354 cli command "event manager environment 3500_TX_Rate $txrate Mb" pattern "#"
  action 355 cli command "event manager environment 3500_RX_Rate $rxrate Mb" pattern "#"
  action 356 cli command "event manager environment 3500_Signal $signal dB" pattern "#"
  action 357 cli command "event manager environment 3500_Noise $noise dB" pattern "#"
  action 358 cli command "event manager environment 3500_Distance $distance Miles" pattern "#"
  action 360 multiply $line_rate 1000
  action 361 set line_rate $_result
  action 369 cli command "int vlan 3" pattern "#"
  action 380 cli command "bandwidth $line_rate" pattern "#"
  action 381 cli command "delay $delaynum" pattern "#"
  action 382 cli command "exit" pattern "#"
  action 383 cli command "exit" pattern "#"
  action 510 comment ##################################################
  action 511 comment                       5.8 GHZ RADIO
  action 512 comment ##################################################
  action 521 comment ~~~SSH to Radio and execute mca-status command
  action 533 cli command "ssh -l ubnt 192.168.5.11" pattern "assword:"
  action 534 cli command "fly2the*" pattern "#"
  action 535 cli command "mca-status" pattern "#"
  action 536 comment ~~~Extract the TX & RX rates and the Distance
  action 537 regexp "wlanTxRate=([0-9]+)" $_cli_result match txrate
  action 538 regexp "wlanRxRate=([0-9]+)" $_cli_result match rxrate
  action 539 regexp "distance=([0-9]+)" $_cli_result match distance
  action 550 regexp "signal=(-[0-9]+)" $_cli_result match signal
  action 551 regexp "noise=(-[0-9]+)" $_cli_result match noise
  action 566 comment ~~~Exit the Radio SSH
  action 557 cli command "exit" pattern "#"
  action 558 add $txrate $rxrate
  action 559 set var1 "$_result"
  action 560 divide $var1 2
  action 561 set line_rate "$_result"
  action 563 comment ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  action 564 comment   5.8 Ghz Distance/Range Decision
  action 565 comment ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  action 566 if $distance gt 1
  action 567 set delaynum 1000000
  action 568 else
  action 569 set delaynum 1
  action 570 end
  action 572 comment ~~~ Go to Config T and enter commands
  action 573 cli command "config t" pattern "#"
  action 574 cli command "event manager environment 5800_TX_Rate $txrate Mb" pattern "#"
  action 575 cli command "event manager environment 5800_RX_Rate $rxrate Mb" pattern "#"
  action 576 cli command "event manager environment 5800_Signal $signal dB" pattern "#"
  action 577 cli command "event manager environment 5800_Noise $noise dB" pattern "#"
  action 578 cli command "event manager environment 5800_Distance $distance Miles" pattern "#"
  action 580 multiply $line_rate 1000
  action 581 set line_rate $_result
  action 589 cli command "int vlan 5" pattern "#"
  action 590 cli command "bandwidth $line_rate" pattern "#"
  action 591 cli command "delay $delaynum" pattern "#"
  action 592 cli command "exit" pattern "#"
  action 593 cli command "exit" pattern "#"
  action 930 comment ##################################################
  action 931 comment                       900 MHZ RADIO
  action 932 comment ##################################################
  action 941 comment ~~~SSH to Radio and execute mca-status command
  action 943 cli command "ssh -l ubnt 192.168.9.11" pattern "assword:"
  action 944 cli command "fly2the*" pattern "#"
  action 945 cli command "mca-status" pattern "#"
  action 946 comment ~~~Extract the TX & RX rates and the Distance
  action 947 regexp "wlanTxRate=([0-9]+)" $_cli_result match txrate
  action 948 regexp "wlanRxRate=([0-9]+)" $_cli_result match rxrate
  action 949 regexp "distance=([0-9]+)" $_cli_result match distance
  action 950 regexp "signal=(-[0-9]+)" $_cli_result match signal
  action 951 regexp "noise=(-[0-9]+)" $_cli_result match noise
  action 955 comment ~~~Exit the Radio SSH
  action 956 cli command "exit" pattern "#"
  action 957 add $txrate $rxrate
  action 958 set var1 "$_result"
  action 959 divide $var1 2
  action 960 set line_rate "$_result"
  action 971 comment ~~~ Go to Config T and enter commands
  action 972 cli command "config t" pattern "#"
  action 973 cli command "event manager environment 900_TX_Rate $txrate Mb" pattern "#"
  action 974 cli command "event manager environment 900_RX_Rate $rxrate Mb" pattern "#"
  action 975 cli command "event manager environment 900_Signal $signal dB" pattern "#"
  action 976 cli command "event manager environment 900_Noise $noise dB" pattern "#"
  action 977 cli command "event manager environment 900_Distance $distance Miles" pattern "#"
  action 980 multiply $line_rate 1000
  action 981 set line_rate $_result
  action 982 cli command "int vlan 9" pattern "#"
  action 983 cli command "bandwidth $line_rate" pattern "#"
  action 984 cli command "exit" pattern "#"
  action 985 comment ######  END  #####  END  ######   END    ########
  action 990 cli command "exit" pattern "#"
  action 991 cli command "exit" pattern "#"
  action 992 cli command "exit"
  Do I just need to do a "proper" exit?
  Thanks,
  Tim

  Given the order of the syslogs, I'm guessing that we're looking at multiple instances of the policy running.   Since you're allowing them to run for 60 seconds and scheduling them 60 seconds apart, that's probably the case.  My guess is that some of the SSH sessions are not providing a match to the "assword:" pattern, and thus these policies are hanging awaiting the prompt until they are terminated.  I would check to make sure you don't see some other pattern on various runs of the SSH command.

• Ask The Expert: Understanding, Implementing, and Troubleshooting Cisco Prime Network

  Ask questions and learn about Cisco Prime Network with Cisco experts Vignesh Rajendran Praveen and Jaminder Singh Bali.
  Cisco Prime Network is and  Cisco Prime Network provides cost-effective device operation, administration and network fault management for today’s complex and evolved programmable networks (EPNs). It is a single solution to support both the traditional physical network components, as well as compute infrastructure, and the virtual elements found in data centers. Automated configuration and change management combined with advanced troubleshooting and diagnostics greatly help service providers enable proactive service assurance. Additionally, the flexible and extensible architecture is designed to support the multivendor environment, helping to lower operational costs.
  This event runs January 5 through January 16, 2015.
  Vignesh Rajendran Praveen is a High Touch Engineer with the Focused Technical Services team supporting Cisco's major Service Provider customers in Routing, Switching, Multiprotocol Label Switching (MPLS) technologies and Cisco Prime Network related issues. Previously at Cisco he has worked as a Network Consulting Engineer for Enterprise Customers and as a Customer Support Engineer for Service Provider customers. He has been in the networking industry for ten years and holds CCIE certification (#34503) in the Routing and Switching as well as Service Provider tracks.
  Jaminder Singh Bali is a Customer Support Engineer working in SP-NMS TAC team, supporting Cisco's major service provider customers in Cisco Prime Network, Performance and Prime Central related issues. His areas of expertise include Oracle, Linux and NMS applications. He has been in the industry for past six years.
  Remember to use the rating system to let the experts know if you have received an adequate response. 
  The Experts might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation in Network Infrastructure community, sub-community, LAN, Switching and Routing discussion forum shortly after the event. This event lasts through January 16, 2015. Visit this forum often to view responses to your questions and the questions of other community members.

  Hello Jerome,
  A variety of Cisco devices are supported by the the Cisco Prime Network. I would encourage you to go through the below links on the user guide depending the version of Cisco Prime Network being used.
  "Cisco Prime Network Supported Cisco Virtual Network Elements (VNEs)"
  "Cisco Prime Network Supported Cisco VNEs - Addendum"
  Below is the link for the user guide.
  http://www.cisco.com/c/en/us/support/cloud-systems-management/prime-network/products-user-guide-list.html
  Hope this would help in providing you more clarity.
  ***********Plz do rate this post if you found it helpful*************************
  Thanks & Regards,
  Vignesh R P

• Ask the Expert: Overview of Cisco Prime Service Catalog and Process Orchestrator Solutions

  Welcome to this Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about the Cisco Prime Service Catalog and Process Orchestrator solutions.
  Cisco expert Jason Davis will discuss Cisco’s network management products offered under the Cisco Prime framework. If you have questions about Cisco Prime infrastructure or data center automation with our Cisco Prime Service Catalog and Process Orchestrator solutions, join us on the Cisco Support Community.
  Jason Davis is a distinguished services engineer in the Intelligent Infrastructure Practice team of Cisco Advanced Services. His role is to provide strategic and tactical consulting for hundreds of Advanced Services customers, lead service innovation, and assess new services and technologies. Jason's primary expertise areas are in network management systems, intelligent automation, virtualization, data center operations, software-defined networking, and network programmability.
  Based out of the Research Triangle Park (RTP) campus, Jason is also responsible for administering the Research Triangle Park Network Management Lab, Cisco's largest network management lab.
  Since joining Cisco in 1998, Jason has been a frequent speaker at Cisco's Networkers and CiscoLive conferences in the United States and Europe. In the past five years he has also been involved in the conference network setup and monitoring. He is a much sought-after resource by the field sales teams to assist with presales solutions and executive briefings. He has provided strategic and tactical network management consulting for several hundred customers.
  Jason is a subject matter expert with the following products and features:
  Cisco Prime LAN management solution
  Cisco Prime infrastructure
  CiscoSecure ACS
  Cisco Prime Network Registrar
  Cisco Process Orchestrator
  Cisco Prime Service Catalog
  Cisco IP SLA
  Embedded Event Manager
  SNMPv3
  onePK and OpenFlow
  Cisco UCS
  Device instrumentation
  VMware ESX, ESXi, and vCenter
  ITIL
  Jason received his bachelor of science degree in electrical engineering from the University of Miami (FL). He has been married for 20 years and has 4 children. His interests include providing audiovisual technical support for churches and conference venues, camping and biking with his family, remote-control helicopter piloting, paintball, and recreational shooting.
  Remember to use the rating system to let Jason know if you have received an adequate response.
  Because of the volume expected during this event, Jason might not be able to answer every question. Remember that you can continue the conversation in Data Center > Intelligent Automation under the subcommunity Cisco Prime Service Catalog shortly after the event. This event lasts through September 12, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hello Jason,
  Thank you very much for welcoming me to your expert discussion :) I feel to be in the right place, at the right time. Thank you also for answering question beyond your scope here, much appreciated. The information received will help me to go further as such I have submitted a 5 start rating for your first reply.
  That sounds promising about the LMS part so yes, I stay tuned and wait patiently.
  Ok, now let’s revert to the actual topic discussed here. Cisco Prime Service Catalog and Process Orchestrator solutions I have briefly read up on this on CCO (where elseJ) and picked out the following quote
  ---- Quote from the Cisco Prime Service Catalog Data Sheet
   Today’s end users want self-service and easy access to IT tools and services.
  Simultaneously, organizations are seeking ways to extend their cloud management
  platforms beyond self-service delivery of virtual machines and infrastructure resources
  while increasing their use of cloud-based solutions to enhance business agility and effectiveness.
  Cisco Prime™ Service Catalog offers tremendous benefits to organizations that want to unify the ways in
  which all types of IT services are ordered and fulfilled, not just infrastructure requests
  ---- un quote ---
  I try to understand what (at high level of course) happens in the back ground when an order is raised and which vendor solution your product can interact with.
  As mentioned in the quoted text, this service catalogue goes beyond the standard infrastructure.
  Let’s say, a user wants to deploy a new email services, or in your example,  extends or create a new web-portal (i.e. for HR to view and manage holiday, staff absence and benefits).
  Your solution will need to interact somehow with the 3rd party vendor application that is capable building such portal I believe.
  Without disclosing to many information, I assume the portal is linked to backend VM,s that spin up requested resources (and more magic of course). Perhaps I am mixing this up with another cisco product where a user can go on the portal and spin up virtual Firewalls, virtual Routers can be provisioned in now time.
  Out if interest; Is this product also known as Mozart? (project code within Cisco?)
  I hope query is ok.
  Best wishes
  Markus

• The states of tcl script is loaded

  I develop a tcl script and upload to a router 2811.after loading this script,this script's states is loaded.i think that this script's states is registered is correct.
  please help me fix this issue.thanks

  Developing and testing tcl scripts is not easy.
  If you want professional help doing that, contact me at the address present in my profile.

• Looking for ACE Probe TCL script specific for LDAPS

  Hello Everyone,
  I have searched the forum, and i am having difficulty finding an example of how to modify the LDAP TCL probe from port 389 to secure LDAP port 636.
  Could someone kindly point me or provide me the modified TCL script if you happen to have it.
  During my search I also found a config that someone had provided, which contained the following probe:
  probe tcp LDAPS_Probe
    port 636
  probe tcp LDAP_Probe
    port 389
  I was trying to figure out if this a modified TCL script for LDAP or modifed TCP TCL script specific for port 636.
  This is how I applied the script for LDAP port 389.
  script file 1 LDAP_PROBE
  probe scripted LDAP_PROBE_389
  interval 5
  passdetect interval 30
  receive 5
  script LDAP_PROBE
  serverfarm host SF-LDAP-389
  description SF LDAP Port 389
  predictor leastconns
  probe LDAP_PROBE_389
  rserver LDAP-RS1-389
  inservice
  I will be more than glad to provide you any additional information that you need.
  As always thanks for your input.
  Raman Azizian
  SAIC/NISN Network services

  normally you would engage a TCL developer or ciso advanced services to develop a custom script for anything other than what Cisco provides in canned scripts. If you are comfortable with tcl you can do it yourself. Here is an example of the LDAP script modified to include initiation via ssl.  default port is 389 when you implement you would specify 636.
  #!name = LDAP_PROBE
  # Description:
  #    LDAP_PROBE opens a TCP connection to an LDAP server, sends a bind request. and
  #    determines whether the bind request succeeds.  LDAP_PROBE then closes the
  #    connection with a TCP RST.
  #    If a port is specified in the "probe scripted" configuration, the script probes
  #     each suspect on that port. If no port is specified, the default LDAP port 389
  #     is used.
  # Success:
  #   The script succeeds if the server returns a bind response indicating success
  #    (status code 0x0a0100) to the bind request.
  #   The script closes the TCP connection with a RST following a successful attempt.
  # Failure:
  #   The script fails due to timeout if the response is not returned.  This
  #    includes a failure to receive ARP resolution, a failure to create a TCP connection
  #    to the port, or a failure to return a response to the LDAP bind request.
  #   The script also fails if the server bind response does not indicate success.
  #    This specific error returns the 30002 error code.
  #   The script closes any attempted TCP connection, successful or not, with a RST.
  #  PLEASE NOTE:  This script expects the server LDAP bind response to specify length
  #   in ASN.1 short definite form.  Responses using other length forms (e.g., long
  #   definite length form) will require script modification to achieve success.
  # SCRIPT version: 1.0       April 1, 2008
  # Parameters:
  #   [DEBUG]
  #      username - user login name
  #      password - password
  #      DEBUG        - optional key word 'DEBUG'. default is off
  #         Do not enable this flag while multiple probe suspects are configured for this
  #         script.
  # Example config :
  #   probe scripted USE_LDAP_PROBE
  #         script LDAP_PROBE
  #   Values configured in the "probe scripted" configuration populate the
  #   scriptprobe_env array.  These may be accessed or manipulated if desired.
  # Documentation:
  #    A detailed discussion of the use of scripts on the ACE is included in
  #       "Using Toolkit Command Language (TCL) Scripts with the ACE"
  #    in the "Load-Balancing Configuration Guide" section of the ACE documentation set.
  # Copyright (c) 2005-2008 by Cisco Systems, Inc.
  # debug procedure
  # set the EXIT_MSG environment variable to help debug
  # also print the debug message when debug flag is on
  proc ace_debug { msg } {
      global debug ip port EXIT_MSG
      set EXIT_MSG $msg
      if { [ info exists ip ] && [ info exists port ] } {
       set EXIT_MSG "[ info script ]:$ip:$port: $EXIT_MSG "
      if { [ info exists debug ] && $debug } {
       puts $EXIT_MSG
  # main
  # parse cmd line args and initialize variables
  ## set debug value
  set debug 0
  if { [ regsub -nocase "DEBUG" $argv "" argv] } {
      set debug 1
  ace_debug "initializing variable"
  set EXIT_MSG "Error config:  script LDAP_PROBE \[DEBUG\]"
  set ip $scriptprobe_env(realIP)
  set port $scriptprobe_env(realPort)
  # if port is zero the use well known ldap port 389
  if { $port == 0 } {
      set port 389
  # PROBE START
  # open connection
  ace_debug "opening socket"
  set sock [  socket -sslversion all -sslcipher RSA_WITH_RC4_128_MD5 $ip $port ]
  fconfigure $sock -buffering line -translation binary
  # send a standard anonymous bind request
  ace_debug "sending ldap bind request"
  puts -nonewline $sock [ binary format "H*" 300c020101600702010304008000 ]
  flush $sock
  #  read string back from server
  ace_debug "receiving ldap bind result"
  set line [read $sock 14]
  binary scan $line H* res
  binary scan $line @7H6 code
  ace_debug "received $res with code $code"
  #  close connection
  ace_debug "closing socket"
  close $sock
  #  make probe fail by exit with 30002 if ldap reply code != success code  0x0a0100
  if {  $code != "0a0100" } {
      ace_debug " probe failed : expect response code \'0a0100\' but received \'$code\'"
      exit 30002
  ## make probe success by exit with 30001
  ace_debug "probe success"
  exit 30001

• Cisco OnRamp.tcl script - maximum fax size(s)

  Hi all!
  For the last several years I've been deploying Cisco's CME solution, and occasionally I've included the OnRamp .tcl script for receiving faxes, converting to .tif files, and forwarding to an email address.
  Lately I've had a customer query regarding max size of faxes that can be supported.  To wit, they are trying to send a 48 page fax, and in their email inbox they only get the first page.  They've tested fax to fax and all works well.
  Does anyone know of any sizing limitations, or tweaks I can make to either dial-peers, or hardware, or perhaps the script itself to support any size fax?
  Thanks in advance for any help or information.
  Kevin

  I tried to configure T37 onramp/offramp fax in my network but after several attempts I failed to apply it completely and just portion of that worked well. despite describing the scenario in many forums (like here), I got nothing!
  anyway, I'm going to test it in a simple form. I mean, I want to connect my edge router to PSTN line via an FXO port and via ethernet to internal network. my internal network has many physical fax machines that have gotten their internal tel numbers (like 866, 867, ...) from PBX . so can I use this scenario to configure the router to support these fax machine, or I should connect fax machines directly to router through FXS ports? tnx. 

• How to clear the dhcp leases in Cisco Network Registrar

  Hello,
  I have a setup with Cisco Network Registrar. We have a few scoops with the lease time set to forever. Now I want to reconfigure the scoops to have a 24h hour leasetime. But before this I would like to clear all the current leases. I have problems doing this. I have tried to delete the scoop and then create a new but the old leases is still there. Does anyone have any ides?

  I did not get it to work. I had to delete each lease in the subnet manually. I suggest you use the batch command to do it.
  Just go to the local/bin folder where the cnr is installed and issue the following:
  nrcmd -N username -P password -b <"PATH TO FILE"
  Just make a textfile with the commands you want to run as a batch like:
  lease 10.28.4.1 force-available
  You need to do one row for each ip.

• EEM and TcL Script to Disable Inactive Ports

  I've browsed around to the other  support strings to make sure I didn't miss anything, but I can't seem to  get this to work.  I have the latest sl_suspend_ports.tcl and  tm_suspend_ports.tcl created by Joseph Clarke from strings that verified they worked as planned.   Here are the commands I issued to register the scripts -
  Directory of flash:/policies/
      9  -rwx        3101   May 3 2013 07:58:03 +00:00  sl_suspend_ports.tcl
     10  -rwx        4669   May 3 2013 07:58:44 +00:00  tm_suspend_ports.tcl
  conf t
  event manager directory user policy flash:/policies
  event manager policy sl_suspend_ports.tcl
  event manager environment suspend_ports_days 1
  event manager environment suspend_ports_config flash:/susp_ports.dat
  event manager policy tm_suspend_ports.tcl
  #show run | inc event manager environment
  event manager environment suspend_ports_days 1
  event manager environment suspend_ports_config flash:/susp_ports.dat
  It doesn't appear to work though.  Essentially, we have a  need to make sure all computers are always on and all ports not active  for >24 hours to be shutdown and moved to a designated vlan (I added  the 'lappend' statement to the script to specify the additional command of assigning the vlan)
  I'm running 12.2(55)SE7 on Catalyst 3560s and 3750s
  Is there a way to manually run the script?  Did I miss anything in the configuration?
  Thanks for your help!
  Chris

  SUCCESS!  AWESOME!
  I added one more line to the lappend statements to add a description with the time stamp, here's what happened -
  Port      Name               Status       Vlan       Duplex  Speed Type
  Fa0/2     Disable by Inactiv disabled     666          auto   auto 10/100BaseTX
  Fa0/3     Disable by Inactiv disabled     666          auto   auto 10/100BaseTX
  Fa0/4     Disable by Inactiv disabled     666          auto   auto 10/100BaseTX
  Fa0/5     Disable by Inactiv disabled     666          auto   auto 10/100BaseTX
  Fa0/6     Disable by Inactiv disabled     666          auto   auto 10/100BaseTX
  Fa0/7     Disable by Inactiv disabled     666          auto   auto 10/100BaseTX
  Fa0/8     Disable by Inactiv disabled     666          auto   auto 10/100BaseTX
  Fa0/9     Disable by Inactiv disabled     666          auto   auto 10/100BaseTX
  Fa0/10    Disable by Inactiv disabled     666          auto   auto 10/100BaseTX
  #sh run int fa0/2
  Building configuration...
  Current configuration : 408 bytes
  interface FastEthernet0/2
  description Disable by Inactivity Script last used on Tue May 14 04:32:10 ZULU 2013
  switchport access vlan 666
  shutdown
  end
  So to recap for any future folks that stumble upon this thread and want to use this method. 
  1. Create a TACACS service account or use a TACACS/RADIUS account that has a high enough privilege to edit the config.
  2. Create a "policies" directory on flash and copy the attached scripts to it.
  3. Register the scripts using the following commands -
  #conf t
  (config)#event manager directory user policy flash:/policies
  (config)#event manager policy sl_suspend_ports.tcl
  (config)#event manager environment suspend_ports_days 1    "<--Or the number of days inactive you choose"
  (config)#event manager environment suspend_ports_config flash:/susp_ports.dat
  (config)#event manager policy tm_suspend_ports.tcl
  (config)#event manager session cli username "svc.eemscript"  "<---The account you created to run in step 1"
  The output of "show event manager policy registered" should then show the following -
  #show event manager policy registered
  No.  Class     Type    Event Type          Trap  Time Registered           Secu  Name
  1    script    user    syslog              Off   Fri May 3 10:20:26 2013   2048  sl_suspend_ports.tcl
  pattern {LINEPROTO-5-UPDOWN}
  nice 0 queue-priority normal maxrun 600.000 scheduler rp_primary
  2    script    user    timer cron          Off   Tue May 14 05:25:42 2013  2048  tm_suspend_ports.tcl
  cron entry {0 0 * * *}
  nice 0 queue-priority normal maxrun 600.000 scheduler rp_primary
  NOTE: On lines 140-145 of the tm_suspend_ports.tcl file, you can edit the commands you want the script to execute to your liking.  I have it adding a description as seen in the above output and moving to an isolated non-routable VLAN of my network.
  Thanks Joe Clarke for the awesome script and assistance in getting it running!

• Using EEM and TCL scripts for voice

  HI all,
  I'd like to use eem to check Sip dial-peer status+interface BRI status, when sip dial-peer has no answer to invite and bri interface is down the LAN interface must be shutted down. Is it possible to avhieve it using eem? I didn't find anything for eem monitoring sip dial-peers...
  thanks
  Massimiliano

  EEM doesn't have any ability to control the data plane currently.  Therefore, there is no direct voice tie-in.  There is a way to do Tcl scripting of some voice operations (e.g. IVR scripts), but those do not relate to EEM.
  That said, if there are some show commands which provide you the data you need, you can create an EEM timer policy (i.e. one that runs periodically), parsers the show command output, and takes further action if the output contains certain patterns.  Depending on the version of IOS, this may require an EEM Tcl script, or you may be able to do it within an EEM applet.
  If you need further assistance, you will need to provide your IOS version, and the exact commands (and output) which would tell you if the SIP peer isn't getting an answer and the BRI interface is truly down (I'm imagining something like "show isdn status" for this one).
  Please support CSC Helps Haiti
  https://supportforums.cisco.com/docs/DOC-8895
  https://supportforums.cisco.com

• TCL scripts and IPIPGW?

  Hi,
  Has anyone tested TCL 2.0 scripts with IPIPGW IOS feature set? I found some conflicting information from Cisco's website, one page saying that interactive voice prompts are not supported and another saying that full TCL 2.0 support is included with IPIPGW. I have tested some scripts (no audio promts, just digit collection stuff) with my 3725 (IOS ver 12.3.11T3) with no luck. The incoming VoIP call leg is H.323 and the outgoing is SIP. H.323 - SIP calls are working fine, TCL script is not.
  Any tips/comments would be greatly appreciated.

  12.3 software is capable to do SIP-H323 TCL scripts.
  http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/vvfax_c/callc_c/h323_c/ipipgw/ipgw.pdf
  http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_configuration_guide_chapter09186a008022a7ea.html

• TcL Scripting for Cisco IOS,

  anyone has idea how useful this book
  TcL Scripting for Cisco IOS,
  http://www.ciscopress.com/bookstore/product.asp?isbn=1587059541
  thank you

  Hi Joe
  it is interesting that you are the technical reviewer of this book
  i was think to get mid level in Tcl scripting with EEM to give me the ability to  implement some automated things
  i am good with EEM but Tcl not
  will this book take the reader from scratch to tcl scripting ?
  thank you and happy new year
  Marwan