Re: EEM Senario

Oh, right.
Starting really weird ways... what about rcmd from the 3845 to the MAR
to show arp ?
-Carlos

Bud DeWayne @ 15/01/2010 13:00 -0300 dixit:
> This would have to be done at the MAR, which doesn't support EEM. I don't know of a way to purely do this using IP SLA.
>
> Any other ideas?
>
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Carlos G Mendioroz
> Sent: Friday, January 15, 2010 7:19 AM
> To: ALL From_NJ
> Cc: Bud DeWayne; ccielab_at_groupstudy.com
> Subject: Re: EEM Senario
>
> Yup, it has to respond to ARP, or else, it will be unreachable.
> What about send one ping, look for it in ARP cache ?
>
> -Carlos
>
> ALL From_NJ @ 15/01/2010 0:39 -0300 dixit:
>> Sorry, another thought ...
>>
>> Any chance you can use IPSLA? This would tell if a device is 'silent but
>> listening' and whether it is able to respond.
>>
>> Can you link a second EEM script to IPSLA?
>>
>> HTH,
>>
>> Andrew
>>
>>
>> .
>> On Thu, Jan 14, 2010 at 10:35 PM, ALL From_NJ <all.from.nj_at_gmail.com> wrote:
>>
>>> Good evening,
>>>
>>> Unfortunately I cannot help you much ... but perhaps this site will help /
>>> show you an example.
>>>
>>>
>>> http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6815/product_promotion0900aecd8055c188.html
>>>
>>> There are some links off of the eem page. They also list the netpro
>>> community, although I have not searched this for EEM. HTH,
>>>
>>> Andrew Lee Lissitz
>>>
>>>
>>>
>>>
>>> On Thu, Jan 14, 2010 at 9:58 PM, Bud DeWayne <bdewayne_at_telecomsys.com>wrote:
>>>
>>>> Hey group - Got a question:
>>>>
>>>>
>>>>
>>>> Here is the requirement. A silent device connected to a MAR (Mobile Access
>>>> Router) does not respond to icmp, snmp, any routing protocols, tcp, http,
>>>> nothing, nada. This device is 100% completely silent to providing any
>>>> sort of
>>>> response. The only thing that can be seen is if you apply an access list
>>>> based on the source address of this silent device and log it to see when
>>>> there
>>>> is activity.
>>>>
>>>>
>>>>
>>>> The MAR connects to a 3845 and here is the catch; there needs to be a way
>>>> to
>>>> A) detect which "silent device" is sending traffic and B) add a static
>>>> route
>>>> as soon as its detected to allow for return traffic to get back to the
>>>> "silent
>>>> device". For informational purposes consider that the MAR has a default
>>>> route
>>>> to the 3845 and the MAR does not support EEM. Part A can be done quite
>>>> easily,
>>>> for example:
>>>>
>>>>
>>>>
>>>> First, create the access-list:
>>>>
>>>>
>>>>
>>>> Access-list 30 permit 10.0.0.5 log
>>>>
>>>> access-list 30 permit any
>>>>
>>>>
>>>>
>>>> Second, apply the access-list:
>>>>
>>>>
>>>>
>>>> interface FastEthernet 0/0
>>>>
>>>> description Connection to MAR Router
>>>>
>>>> ip address 172.16.1.1 255.255.255.252
>>>>
>>>> ip access-group 30 in
>>>>
>>>>
>>>>
>>>> Third, create the EEM Applet:
>>>>
>>>>
>>>>
>>>> Event manager applet silent_dev_detector
>>>>
>>>> Event syslog pattern "10.0.0.5"
>>>>
>>>> Action 1.0 cli command "ip route 10.0.0.5 255.255.255.255
>>>> 172.16.1.2"
>>>>
>>>> Action 2.0 syslog msg "Silent Device 1 Online"
>>>>
>>>>
>>>>
>>>> As soon as the syslog comes up and says "Jan 14 21:31:26.012 EST:
>>>> %SEC-6-IPACCESSLOGNP: list 30 permitted 0 10.0.0.5 -> 192.168.0.1, 12
>>>> packets"
>>>> it will then immediately match the "10.0.0.5" pattern add the static route
>>>> allowing the return traffic hit 10.0.0.5.
>>>>
>>>>
>>>>
>>>> Now comes part B:
>>>>
>>>>
>>>>
>>>> Since the syslog will report a steady stream of this message once every 5
>>>> minutes it can be used as a constant that the device is still active, but
>>>> what
>>>> happens when the device is turned off? By the mere absence of the syslog
>>>> messages occurring will indicate that the silent device has been removed
>>>> from
>>>> the network. In turn, there needs to be a way for EEM to detect this and
>>>> to
>>>> remove the static route.
>>>>
>>>>
>>>>
>>>> How would you automate that process with EEM? CLI method is preferred,
>>>> but
>>>> tcl would be acceptable as well.
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>> --
>>> Andrew Lee Lissitz
>>> all.from.nj_at_gmail.com
>>>
>>
>>
>

-- 
Carlos G Mendioroz  <tron_at_huapi.ba.ar>  LW7 EQI  Argentina
Blogs and organic groups at http://www.ccie.net