EEM Senario

From: Bud DeWayne <bdewayne_at_telecomsys.com>
Date: Thu, 14 Jan 2010 21:58:05 -0500

Hey group - Got a question:

Here is the requirement. A silent device connected to a MAR (Mobile Access
Router) does not respond to icmp, snmp, any routing protocols, tcp, http,
nothing, nada. This device is 100% completely silent to providing any sort of
response. The only thing that can be seen is if you apply an access list
based on the source address of this silent device and log it to see when there
is activity.

The MAR connects to a 3845 and here is the catch; there needs to be a way to
A) detect which "silent device" is sending traffic and B) add a static route
as soon as its detected to allow for return traffic to get back to the "silent
device". For informational purposes consider that the MAR has a default route
to the 3845 and the MAR does not support EEM. Part A can be done quite easily,
for example:

First, create the access-list:

      Access-list 30 permit 10.0.0.5 log

      access-list 30 permit any

Second, apply the access-list:

      interface FastEthernet 0/0

       description Connection to MAR Router

       ip address 172.16.1.1 255.255.255.252

       ip access-group 30 in

Third, create the EEM Applet:

      Event manager applet silent_dev_detector

       Event syslog pattern "10.0.0.5"

       Action 1.0 cli command "ip route 10.0.0.5 255.255.255.255 172.16.1.2"

       Action 2.0 syslog msg "Silent Device 1 Online"

As soon as the syslog comes up and says "Jan 14 21:31:26.012 EST:
%SEC-6-IPACCESSLOGNP: list 30 permitted 0 10.0.0.5 -> 192.168.0.1, 12 packets"
it will then immediately match the "10.0.0.5" pattern add the static route
allowing the return traffic hit 10.0.0.5.

Now comes part B:

Since the syslog will report a steady stream of this message once every 5
minutes it can be used as a constant that the device is still active, but what
happens when the device is turned off? By the mere absence of the syslog
messages occurring will indicate that the silent device has been removed from
the network. In turn, there needs to be a way for EEM to detect this and to
remove the static route.

How would you automate that process with EEM? CLI method is preferred, but
tcl would be acceptable as well.

Blogs and organic groups at http://www.ccie.net
Received on Thu Jan 14 2010 - 21:58:05 ART

This archive was generated by hypermail 2.2.0 : Thu Feb 04 2010 - 20:28:41 ART