Embeded Event Manager on cisco 3560 switch

Can someone help me please? I have EEM configured on cisco 3560 switch. The configuration is below. I want that switch inform me through email when device with particilular IP address become unavailable. For some reason this configuration is not good and I can't tell why. I already try to debug this with debug event manager action mail but didn't see any output .
ip sla 11
icmp-echo ip address
frequency 20
ip sla schedule 11 life forever start-time now
event manager applet device-TEST
event snmp oid 1.3.6.1.4.1.9.9.42.1.2.9.1.6.11 get-type exact entry-op lt entry-val "2" poll-interval 20
trigger occurs 5 period 120
action 02.0 mail server "ip address" to "[email protected]" from "[email protected]" subject "device is down"

The mail part looks good, I'm not sure you are hitting the trigger right.
Why not do a track on the ip sla instead of the snmp stuff?
Here's a good example of that.
https://learningnetwork.cisco.com/blogs/network-sheriff/2009/06/19/writing-your-first-eem-applet

Similar Messages

  • Embedded event manager

    Hi team
    I had open a post in lan switching for this particular problem and the expert from that forum has given the solution of embedded event manager so i need a help from this forum.
    The probelm defination is==
    Cisco 6509 (Core switch) connected to firewall on uplink side and on downlink its connected to 2 diffrent Cisco 6509 switches (Distribution) layer.All these links have been configured as Routed link and not as SVI.Now issue is when both the downlinks (coming from both distribution) switches go down i want to make the uplink from core to firewall to go down so that other core switch will take over and transfer teh traffic.
    Attached diagram has details.tried configuring HSRP between 2 core switches but as teh links are routed link HSRP not working and both switches remain master but as on oppsite side Juniper firewall NSRP is implemented 2nd firewall not responding and core-2 ==fw2 link not transfer traffic.now when both the links of core go down link from core1-fw1 should go down so Fw2 will get active and will send traffic on link betwene core2-firewall2..please let me know what kind of configursation is required in EEM..

    Do the following (assuming you have a disk0:):
    mkdir disk0:/policies
    copy tftp://x.x.x.x/sl_intf_watch.tcl disk0:/policies
    config t
    event manager directory user policy disk0:/policies
    event manager environment intf_watch_interfaces TenGigabitEthernet9/1,TenGigabitEthernet9/3
    event manager environment intf_watch_uplink GigabitEthernet1/2
    event manager policy sl_intf_watch.tcl
    Where x.x.x.x is the IP address of your TFTP server.
    After that, the policy is registered, and waiting for the interfaces to go down.

  • Embedded Event Manager - SNMP - run TCL script

    I would like to run a tcl script on a router using snmp. I understand Embedded Event Manager can do this but haven't found what I need to run that.  Can someone point me in the right direction?

    Yeah, you could do this, but it depends on your version of IOS.  You will need EEM 3.1 or higher (15.0) to be able to intercept SNMP GET requests.  Then, you could do something like:
    event manager applet snmp-trigger event snmp-object oid 1.9.9.9.9 type gauge sync yes istable no action 1.0 policy my_tcl_policy.tcl action 2.0 snmp-object-value event-id _event_id gauge 0 next-oid 1.9.9.9.9.0 action 3.0 exit 1!snmp-server manager
    Then, when you query 1.9.9.9.9.0 on the device, the Tcl policy "my_tcl_policy.tcl" should execute, and the snmp-trigger applet policy will return a value of 0.
    Please support CSC Helps Haiti
    https://supportforums.cisco.com/docs/DOC-8895
    https://supportforums.cisco.com

  • Monitoring PRI using Embedded Event Manager

    Hi,
    I am trying to use Embedded Event Manager to flag  when calls on a pri get above
    28 but its not working.  I found an OID which shows number of calls currently on
    the B Channels of a pri.  I dropped the threshold to two just to check it was
    functioning correctly.  Config below:
    event manager applet bchan-mon
    event snmp oid 1.3.6.1.4.1.9.10.19.1.1.11 get-type exact entry-op gt entry-val
    2 poll-interval 60
    action exceeded syslog priority critical msg "All Chanels in Use"
    I have done a debug and it says the OID is not found even though if i do a show
    snmp mib i see the OID.  Output below:
    Feb  9 08:35:58.097: fh_process_async: re=445EF694, timer_type=POLL
    Feb  9 08:35:58.097: snmp_entry_value_check: OID unavailable, value check
    skipped
    Feb  9 08:35:58.097: snmp_entry_value_check:Returning FALSE
    Feb  9 08:35:58.097: fh_process_async: update_t=0cron_tick: num_matches 0
    Has anyone successfullly used EEM to do this?
    Any help appreciated.
    Thanks
    Kev

    Hi Joe,
    I get this from an snmp walk:
    rh019654@c_nnm_u > snmpwalk lr2196 1.3.6.1.4.1.9.10.19.1.1.11
    cisco.ciscoExperiment.19.1.1.11.0 : Unsigned32: 0
    The device is a cisco 2851 and the IOS is C2800NM-SPSERVICESK9-M 12.4(18e).
    If i run a debug now after adding the 0 i dont get a OID error not found anymore but its still not flagging the message in the log when the amount of calls go above 2.  See below:
    Feb 10 09:43:17.774: fh_process_async: re=463448F0, timer_type=POLL
    Feb 10 09:43:17.774: snmp_value_uint_compare:op1=0 op2=2 ret=FALSE
    Feb 10 09:43:17.774: snmp_entry_value_check:Returning FALSE
    Feb 10 09:43:17.774: fh_process_async: update_t=0
    Thanks
    Kev

  • Ipv6 HSRP gloabl unicast address on cisco 3560 switch

    Dear Team,
    We are using cisco 3560 switch. Now we are going to implement ipv6 in our network. But we are not disturbing to existing ipv4. my question is 1) Can we confiure the global unicast ipv6 address in ipv6 HSRP and 2) can cisco 3560 switch will support ipv4 and ipv6 standby group on same SVI ?                 

    YES

  • MTU Size Issue on Cisco 3560 Switch

    Could anybody tell me how to change MTU Size on a Cisco 3560 Switch.i mean to say whether it is to be changed on FastEthernet Interfaces or on VLAN 1 or on Global Configuration Mode and with which Command to change it.

    I am using MPLS on my Routers and the MTU size i have set on my Router Interfaces is 1524.
    When i do a normal ping from Customer's one site to another (where my Traffic has to pass through this Switch VLAN)i get a reply , but when a Ping with a Byte Size of 1500 or more the Packets get completely dropped.
    I think due to MTU Mistach bet. Switch and Router the Packets r getting droped,that is why i was trying to change it.
    could the Packets get dropped because of this reason.Please suggest.

  • DHCP and voice vlan on Cisco 3560 switch

    Greetings,
    I'm setting up a Cisco 3560 switch for voice and data comms. I'm looking for documentation with best practice guidelines for the following requirements.
    1. Using the Cisco 3560 as a DHCP server - Config examples.  Do I need to use different subnets for the voice and data vlans?
    2. Layer 2 CoS QoS  - I'm connecting Aastra phones as well as notebooks - I've been told that Aastra also makes use of the voice vlan config through LLDP and that Aastra phones supports CDP.
    Your assistance will be appreciated.

    Hi ,
    Cisco recommends that you have a separate vlan for  voice and data with different ip subnets for voice and data. You will need to configure the dhcp pool accordingly.
    Here is the config guide for setting up IOS DHCP server:
    http://www.cisco.com/en/US/docs/ios/12_0t/12_0t1/feature/guide/Easyip2.html
    Here is the LAN qos recommendations:
    http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/7x/netstruc.html#wp1044009

  • Cisco Embedded Event Manager Issue

    Hello Experts,
    I have taken the following sample EEM from
    https://learningnetwork.cisco.com/blogs/network-sheriff/2009/06/19/writing-your-first-eem-applet
    The intention is to send a notification to an email address about a network problem. I have modified it bit for illustrative purposes. You will see that there are various show commands.
    Can someone please show me how to email the show commands instead just appending them to the directory called "server_unreachable"?
    TechWiseTV4506(config)#eve
    nt manager environment _email_server 172.16.1.44 (<-my Post Cast server)
    TechWiseTV4506(config)#event manager environment _email_to [email protected]
    TechWiseTV4506(config)#event manager environment _email_from [email protected]
    event manager applet email_server_unreachable
    event track 10 state down
    action 1.0 syslog msg "Houston we have a problem. Ping failed, server unreachable!"
    action 1.1 cli command "enable"
    action 1.2 cli command "del /force flash:server_unreachable"
    action 1.3 cli command "show clock | append server_unreachable"
    action 1.4 cli command "show ip arp 172.16.1.55 | append server_unreachable"
    action 1.5 cli command "show ip route 172.16.1.55 | append server_unreachable"
    action 1.6 cli command "show interface FastEthernet0/1/1 | append server_unreachable"
    action 1.7 cli command "more flash:server_unreachable"
    action 1.8 mail server "$_email_server" to "$_email_to" from "$_email_from" subject "Server Unreachable: ICMP-Echos Failed" body "$_cli_result
    action 1.9 syslog msg "Server unreachable alert has been sent to email server!"
    Cheers
    Carlton

    This applet will actually email the results.  However, in order to get all of the output together, it uses the server_unreachable file as an accumulator buffer.  That file could be deleted as action 2.0:
    action 2.0 cli command "delete /force flash:server_unreachable"
    But that is already there in action 1.2, so it's not really needed.
    What will happen is the applet will more the file to collect all of the output.  That aggregated output will be stored in the $_cli_result variable.  The result is that the body of your email will contain the consolidated command output.

  • Problem with Embedded Event Manager and Object Tracking

    Hi,
    I have a 2801 running c2801-advipservicesk9-mz.124-24.T2.bin. It has the following configuration:
    track 300 list boolean or
    object 10
    object 11
    object 12
    object 13
    event manager applet clear_ipsec_tunnel
    event track 300 state down
    action 1.0 cli command "enable"
    action 2.0 cli command "clear crypto session"
    action 3.0 syslog msg "IPSec tunnel has been cleared by clear_ipsec_tunnel applet"
    My problem is that after the tracked object number 300 transitions from an up state to a down state, nothing happens. It seems like the applet doesn't work with object tracking. Here's what I see in logs:
    Dec  7 21:52:32.236 MCK: %TRACKING-5-STATE: 12 ip sla 12 reachability Up->Down
    Dec  7 21:52:37.236 MCK: %TRACKING-5-STATE: 13 ip sla 13 reachability Up->Down
    Dec  7 21:52:57.236 MCK: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
    Dec  7 21:53:07.236 MCK: %TRACKING-5-STATE: 11 ip sla 11 reachability Up->Down
    Dec  7 21:53:07.996 MCK: %TRACKING-5-STATE: 300 list boolean or Up->Down
    That's it. For some reason, the applet won't execute the CLI commands when the EEM applet is triggered. Am I doing something wrong or I have encountered some bug? Thanks.

    jclarke,
    Today I added the router into the tacacs server database and the applet started working just fine by using my login name. So the working configuration looks like this:
    event manager session cli username "my login name"
    event manager applet clear_ipsec_tunnel
    event track 300 state down maxrun 30
    action 1.0 cli command "enable"
    action 2.0 cli command "clear crypto session"
    action 3.0 syslog msg "IPSec tunnel has been cleared by clear_ipsec_tunnel applet"
    Then I tried to use a login name from the local database that has "privelege 15" access and of course the debug output showed me this:
    Dec  8 18:12:58.203 MCK: %TRACKING-5-STATE: 300 list boolean or Up->Down
    Dec  8 18:12:58.203 MCK: fh_track_object_changed: Track notification 300 state down
    Dec  8 18:12:58.203 MCK: fh_fd_track_event_match: track ED pubinfo enqueue rc = 0
    Dec  8 18:12:58.215 MCK: fh_send_track_fd_msg: msg_type=64
    Dec  8 18:12:58.215 MCK: fh_send_track_fd_msg: sval=0
    Dec  8 18:12:58.219 MCK: %HA_EM-6-LOG: clear_ipsec_tunnel : DEBUG(cli_lib) : : CTL : cli_open called.
    Dec  8 18:12:58.227 MCK: %HA_EM-6-LOG: clear_ipsec_tunnel : DEBUG(cli_lib) : : OUT : Router>
    Dec  8 18:12:58.227 MCK: %HA_EM-6-LOG: clear_ipsec_tunnel : DEBUG(cli_lib) : : IN  : Router>enable
    Dec  8 18:12:58.747 MCK: %HA_EM-6-LOG: clear_ipsec_tunnel : DEBUG(cli_lib) : : OUT : Command authorization failed.
    Dec  8 18:12:58.747 MCK: %HA_EM-6-LOG: clear_ipsec_tunnel : DEBUG(cli_lib) : : OUT :
    Dec  8 18:12:58.747 MCK: %HA_EM-6-LOG: clear_ipsec_tunnel : DEBUG(cli_lib) : : OUT : Router>
    Dec  8 18:12:58.747 MCK: %HA_EM-6-LOG: clear_ipsec_tunnel : DEBUG(cli_lib) : : IN  : Router>clear crypto session
    Dec  8 18:12:58.771 MCK: %HA_EM-6-LOG: clear_ipsec_tunnel : DEBUG(cli_lib) : : OUT :                                  ^
    Dec  8 18:12:58.771 MCK: %HA_EM-6-LOG: clear_ipsec_tunnel : DEBUG(cli_lib) : : OUT : % Invalid input detected at '^' marker.
    Dec  8 18:12:58.771 MCK: %HA_EM-6-LOG: clear_ipsec_tunnel : DEBUG(cli_lib) : : OUT :
    Dec  8 18:12:58.771 MCK: %HA_EM-6-LOG: clear_ipsec_tunnel : DEBUG(cli_lib) : : OUT : Router>
    Dec  8 18:12:58.775 MCK: %HA_EM-6-LOG: clear_ipsec_tunnel: IPSec tunnel has been cleared by clear_ipsec_tunnel  applet
    Dec  8 18:12:58.775 MCK: %HA_EM-6-LOG: clear_ipsec_tunnel : DEBUG(cli_lib) : : CTL : cli_close called.
    So I guess this problem arises when you have command authorization enabled and the tacacs server is not reachable or something like that. I have tried to find a way to use the local database instead of using the aaa server but didn't succeed. Although I have found an interesting workaround. Here it is:
    Link: http://blog.ioshints.info/2007/05/command-authorization-fails-with-eem.html
    Workaround found after reading the "Executing IOS commands from Tcl shell" from the "Tclsh on Cisco IOS tutorial".
    On the above article it is mentionned that the ios_config command is executed inside the context of another VTY line (also found with the AAA debug). The workaround is to define the FIRST VTY line with "transport input none" to prevent ssh or telnet to grab it and to configure the aaa authorization without any command authorization for this line.
    Kind regards
    Christian Chautems
    Looks great, but I am not quite sure how to "configure the aaa authorization without any command authorization for this line".
    Anyway, jclarke thank you so much for taking your time to look into my problem and for your help.

  • Physical position of backup Cisco 3560 switch in relation to other produciton switches

    We currently have three 3560 switches connected to each other using SPF interconnect cables. I have a backup switch ready in the event one of the three switches fails. I'd like to keep the backup switch configured and in the rack connected to the three switches. If a switch fails, do the interconnect cables have to be routed in the same way they're currently setup or can they be connected in any order. In other words, if I have the replacement switch in the rack at the bottom with the other three switches and the top switch fails, after loading the config of the top switch onto the replacement switch, can I keep the cables from the second switch connected to the third switch and run the interconnect cables from the failed switch, now switch 1, to the third switch, which is situated in the rack just above the replacement switch? 
    Thanks in advance. 

    Disclaimer
    The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
    Liability Disclaimer
    In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
    Posting
    For 3560s, what SPF ports you use doesn't really matter.
    If the backup will be a cold spare, you may need to worry about port configurations, before you connect it.
    If the backup will be warm spare, again, you can interconnect the SPF ports however you like.  If, though, you create any L2 loops, you need something to break the loop, e.g. STP, FlexLink.
    If you want intentional redundancy, the simplest configuration would be a ring, and assuming the backup is just a warm spare, a root switch defined with the other two non-backup switches connected to it (on the ring).  (The backup would connect to the two non-root switches.)
    Besides a ring topology for redundancy, you might setup a dual star topology, or as you only have four switches, even a full mesh.

  • Multilayer Cisco 3560 Switched network

    Hi,
    I have a multilayer Cisco 3560 network. All sites are connected to each other using RIP V2. The area marked in red is what we are having an issue with.
    1. We have remote sites connected by microwave links using Cisco 3560.
    2. In the attached image "Site-1" inherits all the configuration from the Headoffice. They also get their internet connection from the Headoffice over the " 256Kbps DSL-DATALINK".
    3. The area marked in red are the 2 sites, they were connected to each other using a data link.
    4. The 100 Mbps microwave links were commissioned lately so we want to use these links for our Internet + Data connections.
    5. HEAD OFFICE switch is running the VTP Domain.
    Question
    1. I have rip version 2 running how do I get "SITE-1" to share the internet connection from Headoffice over the Wireless Links
    2. Site-1 should get the IP address from the HeadOffice DHCP server over the wireless links.
    3. The "DSL-DATALINK" should work as a backup/redundant link. If my 100 Mbps link is down it should automatically switch to the DSL link.
    Kindly give me your expert comments/suggestions in how do I go about achieving the above.
    Regards
    Sarfaraz

    RIP works on hop-count and it will prefer the DSL connection over the Wireless link (1 hop vs 4 hops).
    You can alter this behavior by creating an offset list on routes incoming the data link.
    router rip
    version 2
    offset-list 0 in 5 [data link interface]
    http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hirp_r/rte_rih.htm#wp999452
    You need to this on both routers (site1 and HQ).

  • Cisco 3560 switch| mls qos trust dscp question

    Hi everybody
    Hi everybody .
    Please consider the following example:
    3560 sw f1/1--------trunk---SW2
    3560 sw
    f1/1
    mls qos trust dscp
    3560 is using default cos-dscp map, assume a 3560 receives a frame carrying IP packet on f1/1 with COS 4, what will 3560 switch do?
    1) will it use its default cos --dscp map  ( cos 4--.dscp 32) and rewrite 32 in dscp field  of the packet in the frame and provide PHB for dscp 32 ?
    Much appreciated!!
    Have  a great weekend.

    Hi
    No it will not trust the cos value, because You have configured to trust dcsp. So, the switch will trust the dcsp value in the incoming frame.
    /Mikael

  • Configuring rcp on ciscoworks LMS 2.5 and cisco 3560 switch

    Dear All,
    i am having LMS 2.5 and nearly 50 cisco 3560 in my network. And I want to configure rcp. How can I do it. Kindly help
    regards,
    RAHIL KHAN

    Have a look at this link for the server:
    http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_resource_manager_essentials/4.0/user/guide/swmgt.html#wp1328314
    For the device you'll need something like:
    username cwuser password 7 000C1C0A05
    ip rcmd rcp-enable
    ip rcmd remote-host cwuser 172.17.246.221 cwuser enable
    ip rcmd remote-username cwuser

  • Embedded Event manager scripting help

    Hello,
    I'm looking into a way to do the following:
    If pinging of BGP peer detects packet loss, or circuit flapping, lets say 5 flaps in 60 secs, then I'd like the bgp peering to go into admin down state.
    Would be nice if it also recovered on its own when 1hour or X of stability was detected.
    Thank you

    I found a good doc and think i'll be going with this:
    IP SLA 3
       icmp-echo X.X.X.X  source-interface GIGXXXX
    IP SLA schedule  3 life forever  start-time now
    track 3 ip sla 3  reachability
    delay up XX
    event manager applet  WAN_DOWN
    event track 3 state  down
    action 1.0 syslog msg "Packet loss  or Primary WAN cct loss detected"
    action 2.0 cli command  "enable"
    action 3.0 cli command "config  t"
    action 4.0 cli command "router bgp XXXXX"
    action 5.0 cli command "neighbor X.X.X.X shut"
    action 6.0 cli command  "end"
    action 7.0 syslog msg "BGP neighbor  placed in Admin Down because of packet loss to  Peer"
    event managet applet  wan_up
    event track 3 state  up
    action 1.0 syslog msg "WAN network  restored"
    action 2.0 cli command  "enable"
    action 3.0 cli command "config  t"
    action 4.0 cli command "router bgp XXXXX"
    action 5.0 cli command "no neighbor  x.x.x.x shut"
    action 6.0 cli command  "end"
    action 7.0 syslog msg "BGP neighbor  was brought up due to sustained comm with Peer"

  • Cisco embedded event manager applet

    Hi everyone,
    Can someone please confirm me if we can use cisco eem applet in ASA firewall. I know its for sure used in IOS but whta bout firewall? if yes then please help me out.
    Thanks in advance.

    i want to log-off a vpn tunnel if the VPN tunnel gets stuck. Can it be done on ASA firewall?

Maybe you are looking for