Embeded Event Manager on cisco 3560 switch
Can someone help me please? I have EEM configured on cisco 3560 switch. The configuration is below. I want that switch inform me through email when device with particilular IP address become unavailable. For some reason this configuration is not good and I can't tell why. I already try to debug this with debug event manager action mail but didn't see any output .
ip sla 11
icmp-echo ip address
frequency 20
ip sla schedule 11 life forever start-time now
event manager applet device-TEST
event snmp oid 1.3.6.1.4.1.9.9.42.1.2.9.1.6.11 get-type exact entry-op lt entry-val "2" poll-interval 20
trigger occurs 5 period 120
action 02.0 mail server "ip address" to "[email protected]" from "[email protected]" subject "device is down"
The mail part looks good, I'm not sure you are hitting the trigger right.
Why not do a track on the ip sla instead of the snmp stuff?
Here's a good example of that.
https://learningnetwork.cisco.com/blogs/network-sheriff/2009/06/19/writing-your-first-eem-applet
Similar Messages
-
Hi team
I had open a post in lan switching for this particular problem and the expert from that forum has given the solution of embedded event manager so i need a help from this forum.
The probelm defination is==
Cisco 6509 (Core switch) connected to firewall on uplink side and on downlink its connected to 2 diffrent Cisco 6509 switches (Distribution) layer.All these links have been configured as Routed link and not as SVI.Now issue is when both the downlinks (coming from both distribution) switches go down i want to make the uplink from core to firewall to go down so that other core switch will take over and transfer teh traffic.
Attached diagram has details.tried configuring HSRP between 2 core switches but as teh links are routed link HSRP not working and both switches remain master but as on oppsite side Juniper firewall NSRP is implemented 2nd firewall not responding and core-2 ==fw2 link not transfer traffic.now when both the links of core go down link from core1-fw1 should go down so Fw2 will get active and will send traffic on link betwene core2-firewall2..please let me know what kind of configursation is required in EEM..Do the following (assuming you have a disk0:):
mkdir disk0:/policies
copy tftp://x.x.x.x/sl_intf_watch.tcl disk0:/policies
config t
event manager directory user policy disk0:/policies
event manager environment intf_watch_interfaces TenGigabitEthernet9/1,TenGigabitEthernet9/3
event manager environment intf_watch_uplink GigabitEthernet1/2
event manager policy sl_intf_watch.tcl
Where x.x.x.x is the IP address of your TFTP server.
After that, the policy is registered, and waiting for the interfaces to go down. -
Embedded Event Manager - SNMP - run TCL script
I would like to run a tcl script on a router using snmp. I understand Embedded Event Manager can do this but haven't found what I need to run that. Can someone point me in the right direction?
Yeah, you could do this, but it depends on your version of IOS. You will need EEM 3.1 or higher (15.0) to be able to intercept SNMP GET requests. Then, you could do something like:
event manager applet snmp-trigger event snmp-object oid 1.9.9.9.9 type gauge sync yes istable no action 1.0 policy my_tcl_policy.tcl action 2.0 snmp-object-value event-id _event_id gauge 0 next-oid 1.9.9.9.9.0 action 3.0 exit 1!snmp-server manager
Then, when you query 1.9.9.9.9.0 on the device, the Tcl policy "my_tcl_policy.tcl" should execute, and the snmp-trigger applet policy will return a value of 0.
Please support CSC Helps Haiti
https://supportforums.cisco.com/docs/DOC-8895
https://supportforums.cisco.com -
Monitoring PRI using Embedded Event Manager
Hi,
I am trying to use Embedded Event Manager to flag when calls on a pri get above
28 but its not working. I found an OID which shows number of calls currently on
the B Channels of a pri. I dropped the threshold to two just to check it was
functioning correctly. Config below:
event manager applet bchan-mon
event snmp oid 1.3.6.1.4.1.9.10.19.1.1.11 get-type exact entry-op gt entry-val
2 poll-interval 60
action exceeded syslog priority critical msg "All Chanels in Use"
I have done a debug and it says the OID is not found even though if i do a show
snmp mib i see the OID. Output below:
Feb 9 08:35:58.097: fh_process_async: re=445EF694, timer_type=POLL
Feb 9 08:35:58.097: snmp_entry_value_check: OID unavailable, value check
skipped
Feb 9 08:35:58.097: snmp_entry_value_check:Returning FALSE
Feb 9 08:35:58.097: fh_process_async: update_t=0cron_tick: num_matches 0
Has anyone successfullly used EEM to do this?
Any help appreciated.
Thanks
KevHi Joe,
I get this from an snmp walk:
rh019654@c_nnm_u > snmpwalk lr2196 1.3.6.1.4.1.9.10.19.1.1.11
cisco.ciscoExperiment.19.1.1.11.0 : Unsigned32: 0
The device is a cisco 2851 and the IOS is C2800NM-SPSERVICESK9-M 12.4(18e).
If i run a debug now after adding the 0 i dont get a OID error not found anymore but its still not flagging the message in the log when the amount of calls go above 2. See below:
Feb 10 09:43:17.774: fh_process_async: re=463448F0, timer_type=POLL
Feb 10 09:43:17.774: snmp_value_uint_compare:op1=0 op2=2 ret=FALSE
Feb 10 09:43:17.774: snmp_entry_value_check:Returning FALSE
Feb 10 09:43:17.774: fh_process_async: update_t=0
Thanks
Kev -
Ipv6 HSRP gloabl unicast address on cisco 3560 switch
Dear Team,
We are using cisco 3560 switch. Now we are going to implement ipv6 in our network. But we are not disturbing to existing ipv4. my question is 1) Can we confiure the global unicast ipv6 address in ipv6 HSRP and 2) can cisco 3560 switch will support ipv4 and ipv6 standby group on same SVI ?YES
-
MTU Size Issue on Cisco 3560 Switch
Could anybody tell me how to change MTU Size on a Cisco 3560 Switch.i mean to say whether it is to be changed on FastEthernet Interfaces or on VLAN 1 or on Global Configuration Mode and with which Command to change it.
I am using MPLS on my Routers and the MTU size i have set on my Router Interfaces is 1524.
When i do a normal ping from Customer's one site to another (where my Traffic has to pass through this Switch VLAN)i get a reply , but when a Ping with a Byte Size of 1500 or more the Packets get completely dropped.
I think due to MTU Mistach bet. Switch and Router the Packets r getting droped,that is why i was trying to change it.
could the Packets get dropped because of this reason.Please suggest. -
DHCP and voice vlan on Cisco 3560 switch
Greetings,
I'm setting up a Cisco 3560 switch for voice and data comms. I'm looking for documentation with best practice guidelines for the following requirements.
1. Using the Cisco 3560 as a DHCP server - Config examples. Do I need to use different subnets for the voice and data vlans?
2. Layer 2 CoS QoS - I'm connecting Aastra phones as well as notebooks - I've been told that Aastra also makes use of the voice vlan config through LLDP and that Aastra phones supports CDP.
Your assistance will be appreciated.Hi ,
Cisco recommends that you have a separate vlan for voice and data with different ip subnets for voice and data. You will need to configure the dhcp pool accordingly.
Here is the config guide for setting up IOS DHCP server:
http://www.cisco.com/en/US/docs/ios/12_0t/12_0t1/feature/guide/Easyip2.html
Here is the LAN qos recommendations:
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/7x/netstruc.html#wp1044009 -
Cisco Embedded Event Manager Issue
Hello Experts,
I have taken the following sample EEM from
https://learningnetwork.cisco.com/blogs/network-sheriff/2009/06/19/writing-your-first-eem-applet
The intention is to send a notification to an email address about a network problem. I have modified it bit for illustrative purposes. You will see that there are various show commands.
Can someone please show me how to email the show commands instead just appending them to the directory called "server_unreachable"?
TechWiseTV4506(config)#eve
nt manager environment _email_server 172.16.1.44 (<-my Post Cast server)
TechWiseTV4506(config)#event manager environment _email_to [email protected]
TechWiseTV4506(config)#event manager environment _email_from [email protected]
event manager applet email_server_unreachable
event track 10 state down
action 1.0 syslog msg "Houston we have a problem. Ping failed, server unreachable!"
action 1.1 cli command "enable"
action 1.2 cli command "del /force flash:server_unreachable"
action 1.3 cli command "show clock | append server_unreachable"
action 1.4 cli command "show ip arp 172.16.1.55 | append server_unreachable"
action 1.5 cli command "show ip route 172.16.1.55 | append server_unreachable"
action 1.6 cli command "show interface FastEthernet0/1/1 | append server_unreachable"
action 1.7 cli command "more flash:server_unreachable"
action 1.8 mail server "$_email_server" to "$_email_to" from "$_email_from" subject "Server Unreachable: ICMP-Echos Failed" body "$_cli_result
action 1.9 syslog msg "Server unreachable alert has been sent to email server!"
Cheers
CarltonThis applet will actually email the results. However, in order to get all of the output together, it uses the server_unreachable file as an accumulator buffer. That file could be deleted as action 2.0:
action 2.0 cli command "delete /force flash:server_unreachable"
But that is already there in action 1.2, so it's not really needed.
What will happen is the applet will more the file to collect all of the output. That aggregated output will be stored in the $_cli_result variable. The result is that the body of your email will contain the consolidated command output. -
Problem with Embedded Event Manager and Object Tracking
Hi,
I have a 2801 running c2801-advipservicesk9-mz.124-24.T2.bin. It has the following configuration:
track 300 list boolean or
object 10
object 11
object 12
object 13
event manager applet clear_ipsec_tunnel
event track 300 state down
action 1.0 cli command "enable"
action 2.0 cli command "clear crypto session"
action 3.0 syslog msg "IPSec tunnel has been cleared by clear_ipsec_tunnel applet"
My problem is that after the tracked object number 300 transitions from an up state to a down state, nothing happens. It seems like the applet doesn't work with object tracking. Here's what I see in logs:
Dec 7 21:52:32.236 MCK: %TRACKING-5-STATE: 12 ip sla 12 reachability Up->Down
Dec 7 21:52:37.236 MCK: %TRACKING-5-STATE: 13 ip sla 13 reachability Up->Down
Dec 7 21:52:57.236 MCK: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
Dec 7 21:53:07.236 MCK: %TRACKING-5-STATE: 11 ip sla 11 reachability Up->Down
Dec 7 21:53:07.996 MCK: %TRACKING-5-STATE: 300 list boolean or Up->Down
That's it. For some reason, the applet won't execute the CLI commands when the EEM applet is triggered. Am I doing something wrong or I have encountered some bug? Thanks.jclarke,
Today I added the router into the tacacs server database and the applet started working just fine by using my login name. So the working configuration looks like this:
event manager session cli username "my login name"
event manager applet clear_ipsec_tunnel
event track 300 state down maxrun 30
action 1.0 cli command "enable"
action 2.0 cli command "clear crypto session"
action 3.0 syslog msg "IPSec tunnel has been cleared by clear_ipsec_tunnel applet"
Then I tried to use a login name from the local database that has "privelege 15" access and of course the debug output showed me this:
Dec 8 18:12:58.203 MCK: %TRACKING-5-STATE: 300 list boolean or Up->Down
Dec 8 18:12:58.203 MCK: fh_track_object_changed: Track notification 300 state down
Dec 8 18:12:58.203 MCK: fh_fd_track_event_match: track ED pubinfo enqueue rc = 0
Dec 8 18:12:58.215 MCK: fh_send_track_fd_msg: msg_type=64
Dec 8 18:12:58.215 MCK: fh_send_track_fd_msg: sval=0
Dec 8 18:12:58.219 MCK: %HA_EM-6-LOG: clear_ipsec_tunnel : DEBUG(cli_lib) : : CTL : cli_open called.
Dec 8 18:12:58.227 MCK: %HA_EM-6-LOG: clear_ipsec_tunnel : DEBUG(cli_lib) : : OUT : Router>
Dec 8 18:12:58.227 MCK: %HA_EM-6-LOG: clear_ipsec_tunnel : DEBUG(cli_lib) : : IN : Router>enable
Dec 8 18:12:58.747 MCK: %HA_EM-6-LOG: clear_ipsec_tunnel : DEBUG(cli_lib) : : OUT : Command authorization failed.
Dec 8 18:12:58.747 MCK: %HA_EM-6-LOG: clear_ipsec_tunnel : DEBUG(cli_lib) : : OUT :
Dec 8 18:12:58.747 MCK: %HA_EM-6-LOG: clear_ipsec_tunnel : DEBUG(cli_lib) : : OUT : Router>
Dec 8 18:12:58.747 MCK: %HA_EM-6-LOG: clear_ipsec_tunnel : DEBUG(cli_lib) : : IN : Router>clear crypto session
Dec 8 18:12:58.771 MCK: %HA_EM-6-LOG: clear_ipsec_tunnel : DEBUG(cli_lib) : : OUT : ^
Dec 8 18:12:58.771 MCK: %HA_EM-6-LOG: clear_ipsec_tunnel : DEBUG(cli_lib) : : OUT : % Invalid input detected at '^' marker.
Dec 8 18:12:58.771 MCK: %HA_EM-6-LOG: clear_ipsec_tunnel : DEBUG(cli_lib) : : OUT :
Dec 8 18:12:58.771 MCK: %HA_EM-6-LOG: clear_ipsec_tunnel : DEBUG(cli_lib) : : OUT : Router>
Dec 8 18:12:58.775 MCK: %HA_EM-6-LOG: clear_ipsec_tunnel: IPSec tunnel has been cleared by clear_ipsec_tunnel applet
Dec 8 18:12:58.775 MCK: %HA_EM-6-LOG: clear_ipsec_tunnel : DEBUG(cli_lib) : : CTL : cli_close called.
So I guess this problem arises when you have command authorization enabled and the tacacs server is not reachable or something like that. I have tried to find a way to use the local database instead of using the aaa server but didn't succeed. Although I have found an interesting workaround. Here it is:
Link: http://blog.ioshints.info/2007/05/command-authorization-fails-with-eem.html
Workaround found after reading the "Executing IOS commands from Tcl shell" from the "Tclsh on Cisco IOS tutorial".
On the above article it is mentionned that the ios_config command is executed inside the context of another VTY line (also found with the AAA debug). The workaround is to define the FIRST VTY line with "transport input none" to prevent ssh or telnet to grab it and to configure the aaa authorization without any command authorization for this line.
Kind regards
Christian Chautems
Looks great, but I am not quite sure how to "configure the aaa authorization without any command authorization for this line".
Anyway, jclarke thank you so much for taking your time to look into my problem and for your help. -
Physical position of backup Cisco 3560 switch in relation to other produciton switches
We currently have three 3560 switches connected to each other using SPF interconnect cables. I have a backup switch ready in the event one of the three switches fails. I'd like to keep the backup switch configured and in the rack connected to the three switches. If a switch fails, do the interconnect cables have to be routed in the same way they're currently setup or can they be connected in any order. In other words, if I have the replacement switch in the rack at the bottom with the other three switches and the top switch fails, after loading the config of the top switch onto the replacement switch, can I keep the cables from the second switch connected to the third switch and run the interconnect cables from the failed switch, now switch 1, to the third switch, which is situated in the rack just above the replacement switch?
Thanks in advance.Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
For 3560s, what SPF ports you use doesn't really matter.
If the backup will be a cold spare, you may need to worry about port configurations, before you connect it.
If the backup will be warm spare, again, you can interconnect the SPF ports however you like. If, though, you create any L2 loops, you need something to break the loop, e.g. STP, FlexLink.
If you want intentional redundancy, the simplest configuration would be a ring, and assuming the backup is just a warm spare, a root switch defined with the other two non-backup switches connected to it (on the ring). (The backup would connect to the two non-root switches.)
Besides a ring topology for redundancy, you might setup a dual star topology, or as you only have four switches, even a full mesh. -
Multilayer Cisco 3560 Switched network
Hi,
I have a multilayer Cisco 3560 network. All sites are connected to each other using RIP V2. The area marked in red is what we are having an issue with.
1. We have remote sites connected by microwave links using Cisco 3560.
2. In the attached image "Site-1" inherits all the configuration from the Headoffice. They also get their internet connection from the Headoffice over the " 256Kbps DSL-DATALINK".
3. The area marked in red are the 2 sites, they were connected to each other using a data link.
4. The 100 Mbps microwave links were commissioned lately so we want to use these links for our Internet + Data connections.
5. HEAD OFFICE switch is running the VTP Domain.
Question
1. I have rip version 2 running how do I get "SITE-1" to share the internet connection from Headoffice over the Wireless Links
2. Site-1 should get the IP address from the HeadOffice DHCP server over the wireless links.
3. The "DSL-DATALINK" should work as a backup/redundant link. If my 100 Mbps link is down it should automatically switch to the DSL link.
Kindly give me your expert comments/suggestions in how do I go about achieving the above.
Regards
SarfarazRIP works on hop-count and it will prefer the DSL connection over the Wireless link (1 hop vs 4 hops).
You can alter this behavior by creating an offset list on routes incoming the data link.
router rip
version 2
offset-list 0 in 5 [data link interface]
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hirp_r/rte_rih.htm#wp999452
You need to this on both routers (site1 and HQ). -
Cisco 3560 switch| mls qos trust dscp question
Hi everybody
Hi everybody .
Please consider the following example:
3560 sw f1/1--------trunk---SW2
3560 sw
f1/1
mls qos trust dscp
3560 is using default cos-dscp map, assume a 3560 receives a frame carrying IP packet on f1/1 with COS 4, what will 3560 switch do?
1) will it use its default cos --dscp map ( cos 4--.dscp 32) and rewrite 32 in dscp field of the packet in the frame and provide PHB for dscp 32 ?
Much appreciated!!
Have a great weekend.Hi
No it will not trust the cos value, because You have configured to trust dcsp. So, the switch will trust the dcsp value in the incoming frame.
/Mikael -
Configuring rcp on ciscoworks LMS 2.5 and cisco 3560 switch
Dear All,
i am having LMS 2.5 and nearly 50 cisco 3560 in my network. And I want to configure rcp. How can I do it. Kindly help
regards,
RAHIL KHANHave a look at this link for the server:
http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_resource_manager_essentials/4.0/user/guide/swmgt.html#wp1328314
For the device you'll need something like:
username cwuser password 7 000C1C0A05
ip rcmd rcp-enable
ip rcmd remote-host cwuser 172.17.246.221 cwuser enable
ip rcmd remote-username cwuser -
Embedded Event manager scripting help
Hello,
I'm looking into a way to do the following:
If pinging of BGP peer detects packet loss, or circuit flapping, lets say 5 flaps in 60 secs, then I'd like the bgp peering to go into admin down state.
Would be nice if it also recovered on its own when 1hour or X of stability was detected.
Thank youI found a good doc and think i'll be going with this:
IP SLA 3
icmp-echo X.X.X.X source-interface GIGXXXX
IP SLA schedule 3 life forever start-time now
track 3 ip sla 3 reachability
delay up XX
event manager applet WAN_DOWN
event track 3 state down
action 1.0 syslog msg "Packet loss or Primary WAN cct loss detected"
action 2.0 cli command "enable"
action 3.0 cli command "config t"
action 4.0 cli command "router bgp XXXXX"
action 5.0 cli command "neighbor X.X.X.X shut"
action 6.0 cli command "end"
action 7.0 syslog msg "BGP neighbor placed in Admin Down because of packet loss to Peer"
event managet applet wan_up
event track 3 state up
action 1.0 syslog msg "WAN network restored"
action 2.0 cli command "enable"
action 3.0 cli command "config t"
action 4.0 cli command "router bgp XXXXX"
action 5.0 cli command "no neighbor x.x.x.x shut"
action 6.0 cli command "end"
action 7.0 syslog msg "BGP neighbor was brought up due to sustained comm with Peer" -
Cisco embedded event manager applet
Hi everyone,
Can someone please confirm me if we can use cisco eem applet in ASA firewall. I know its for sure used in IOS but whta bout firewall? if yes then please help me out.
Thanks in advance.i want to log-off a vpn tunnel if the VPN tunnel gets stuck. Can it be done on ASA firewall?
Maybe you are looking for
-
How do I get attachment to open above Thunderbird, not below?
When a friend (Windows) opens an attachment with Thunderbird the web browser opens below the e-mail and not above Thunderbird. How do I get the web browser to open on top of Thunderbird?
-
Please email me the credit memo of $143.88 for receipt/order number AD014458308 that was credited to my purchasing card. Linda Rawlins [email protected]
-
Best method for importing mini DV tape movies directly to an Seagate external hard drive,for later import to imovie event???
-
Export as quicktime movie or dv stream
I've been using FCE 3.5 for quite some time and I have always exported the finished edit as a self-contained quicktime movie and then I have used Toast to compose the dvd. But I just recently realized I could do the same thing by exporting from FCE a
-
Why can't I download the IO S update for Iphone 4S on any browser? I have Itunes and Quicktime installed. Says it has detected a problem with audio settings, but all settings are enabled.