Sie sind auf Seite 1von 107

Cisco IOS Managing, Optimising and Tweaking

BRKRST - 2612

Objective
Introduce some of the lesser known features of IOS Encourage you to use these features

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Agenda
Smart Call Home Service
Monitoring System Resources
RMON & Threshold Notifications

Embedded Resource Manager IP Service Level Agent (IPSLA)

Enhanced Object Tracking (EOT)


Embedded Event Manager (EEM)

Device Configuration Management

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Smart Call Home

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Solution Architecture
Secure Authenticated Access to Hosted Portal

Customer & TAC access the same data

Smart Call Home Portal

TAC

EMAIL 4

1 Internet
Secure Transport
HTTPS Encryption & Certificate-based authentication

Remediation Recommendation

Automatic SR Opened

2
Diagnostics & Parsing Engine Remediation Recommendation Engine Device Diagnostic Library

Intelligent Monitoring & Collection Engine Call Home feature

Customer
BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

Cisco

SMART Call home


An embedded support feature available on a broad range of Cisco products http://www.cisco.com/en/US/services/ps2827/ps2978/p s7334/smartcall_supported_products_popup.html Enabled devices continuously perform proactive diagnostics Provided at no additional cost when you have an active SMARTnet Service, SP Base, Unified Computing Support Service, or Mission Critical Support Service
BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

SMART Call home


Visibility into your network through diagnostic reports
Real-time trouble shooting, alerts, and remediation advice

Automatic generation of Cisco Service Request


Secure, reliable data transport

Personalised Web-based portal to review Call Home messages, detailed diagnostics, recommendations, and inventory

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

SMART Call home Configuration - HTTPS to Cisco (1/3)


1. Enable Call Home Service
ISR#configure terminal ISR(config)#service call-home ISR(config)#call-home

2. Configure the mandatory contact email address


ISR(cfg-call-home)#contact-email-addr username@domain-name

3. Activate default CiscoTAC-1 profile and set transport option to http


ISR(cfg-call-home)#profile CiscoTAC-1 ISR(cfg-call-home-profile)#active ISR(cfg-call-home-profile)#destination transport-method http

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

SMART Call home Configuration - HTTPS to Cisco (2/3)


4. Install a security certificate Download the Cisco server certificate from http://www.cisco.com/warp/public/437/services/smartcall/docs/Cisco_Server_Security_Certificate.txt

ISR(config)#crypto pki trustpoint cisco ISR(ca-trustpoint)#enroll terminal ISR(ca-trustpoint)#revocation-check crl none ISR(ca-trustpoint)#exit ISR(config)#crypto pki authenticate cisco Enter the base 64 encoded CA certificate. End with a blank line or the word "quit" on a line by itself [paste the certificate here and accept it] % Do you accept this certificate? [yes/no]: yes Trustpoint CA certificate accepted. % Certificate successfully imported
BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

SMART Call home Configuration - HTTPS to Cisco (3/3)


5. Exit and save the configuration
ISR(config)#end ISR#copy run start

6. Send a Call Home Inventory message to start registration process


ISR#call-home send alert-group inventory profile CiscoTAC-1 Sending inventory info call-home message . . . Please wait. This may take some time . . .

7. Receive an Email from Cisco and follow the link to complete registration for Smart Call Home Further information - http://www.cisco.com/go/smartcall

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

10

Monitoring System Resources I


RMON & Threshold Notifications

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

11

Monitoring System Resources CPU (1/3)


Problem: Monitor CPU Utilisation and generate an snmp trap and/or syslog message when a threshold is crossed Solution 1: Configure RMON Events and Alarms
Generate syslog message

Router(config)# rmon event 1 log trap eventtrap description CPU Utilization > 80%" owner <ownername> Generate snmp trap with community eventtrap Router(config)# rmon event 2 log trap eventtrap description CPU Utilization < 50%" owner <ownername> Router(config)# rmon alarm 10 cpmCPUTotal1minRev.<cpmCPUTotalIndex> 60 absolute risingthreshold 80 1 falling-threshold 50 2 owner <ownername> 60 second sample interval

Complication : What If your device has multiple CPUs ?

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

12

Monitoring System Resources CPU (2/3)


Solution 1 : Configure RMON Events and Alarms (contd)
Perform an snmpwalk of cpmCPUTotalPhysicalIndex
cpmCPUTotalIndex

% snmpwalk -c public 10.66.76.16 .1.3.6.1.4.1.9.9.109.1.1.1.1.2 SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.2.1 = INTEGER: 4017 SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.2.2 = INTEGER: 4001

Perform an snmpwalk of entPhysicalDescr

cpmCPUTotalPhysicalIndex = entPhysicalIndex

% snmpwalk -c public 10.66.76.16 .1.3.6.1.2.1.47.1.1.1.1.2 | grep 4017 SNMPv2-SMI::mib-2.47.1.1.1.1.2.4017 = STRING: "CPU of Routing Processor 6" % snmpwalk -c public 10.66.76.16 .1.3.6.1.2.1.47.1.1.1.1.2 | grep 4001 SNMPv2-SMI::mib-2.47.1.1.1.1.2.4001 = STRING: "CPU of Switching Processor 6

To monitor the CPU Utilization of the RP in Slot 6 cpmCPUTotalIndex = 1


rmon alarm 10 cpmCPUTotal1minRev.1 60 absolute rising-threshold 80 1 falling-threshold 50 2 owner <ownername>

RMON Configuration Guide http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_cfg_rmon_sup_ps6350_TSD_Products_ Configuration_Guide_Chapter.html#wp1056328


BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

13

Monitoring System Resources CPU (3/3)


Solution 2 : CPU Threshold Notification
Router(config)# snmp-server enable traps cpu threshold Router(config)# snmp-server host host-address [traps | informs] [version {1 | 2c | 3 [auth | noauth | priv]}] community-string {total | process | interrupt} Router(config)# process cpu threshold type total rising 80 interval 5 falling 50 interval 5 Router(config)# process cpu statistics limit entry-percentage 40 size 300

Refer CISCO-PROCESS-MIB :
CPU Thresholds & CPU History can be found in cpmCPUThresholdTable & cpmCPUHistory respectively. Traps generated are cpmCPURisingThreshold & cpmCPUFallingThreshold.

Sets the process entry limit and the size of the history table for CPU utilisation statistics.

CPU Threshold Notification Configuration Guide http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_cpu_thresh_notif_ps6350_TSD_Product s_Configuration_Guide_Chapter.html


BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

14

Monitoring System Resources Memory


Problem: Monitor Memory Utilisation and generate an snmp trap and/or syslog message when a threshold is crossed Solution 1: Configure RMON Events and Alarms
Generate syslog message

Router(config)# rmon event 1 log trap eventtrap description Memory Utilization > 80%" owner <ownername> Generate snmp trap with community eventtrap Router(config)# rmon event 2 log trap eventtrap description Memory Utilization < 50%" owner <ownername> Router(config)# rmon alarm 10 ciscoMemoryPoolUtilization1Min.<ciscoMemoryPoolType> 60 absolute rising-threshold 80 1 falling-threshold 50 2 owner <ownername> 60 second sample interval

Devices have multiple Memory Pools, what value of <ciscoMemoryPoolType> to use ?

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

15

Monitoring System Resources Memory


Solution 1: Configure RMON Events and Alarms (contd)
Perform an snmpwalk of ciscoMemoryPoolName % snmpwalk -c public 10.66.91.113 .1.3.6.1.4.1.9.9.48.1.1.1.2 SNMPv2-SMI::enterprises.9.9.48.1.1.1.2.1 = STRING: "Processor" SNMPv2-SMI::enterprises.9.9.48.1.1.1.2.2 = STRING: "I/O" SNMPv2-SMI::enterprises.9.9.48.1.1.1.2.16 = STRING: "Driver text To monitor the Processor Memory Pool
<ciscoMemoryPoolType>

rmon alarm 10 ciscoMemoryPoolUtilization1Min.1 1 falling-threshold 50 2 owner <ownername>


Refer CISCO-MEMORY-POOL-MIB

60 absolute rising-threshold 80

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

16

Monitoring System Resources Memory


Solution 2 : Memory Threshold Notification
Router(config)# memory free low-watermark processor 20000 Router(config)# memory free low-watermark io 2000 KB

If free memory falls below the threshold


000029: *Aug 12 22:31:19.559: %SYS-4-FREEMEMLOW: Free Memory has dropped below 20000k Pool: Processor Free: 66814056 freemem_lwm: 204800000

When free memory recovers to 5% above the threshold


000032: *Aug 12 22:33:29.411: %SYS-5-FREEMEMRECOVER: Free Memory has recovered 20000k Pool: Processor Free: 66813960 freemem_lwm: 0

Generates syslog messages but no snmp traps


Memory Threshold Notification Configuration Guide http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_mem_thresh_note_ps6350_TSD_Produ cts_Configuration_Guide_Chapter.html
BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

17

Monitoring System Resources II


Embedded Resource Manager (ERM)

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

18

Monitoring System Resources ERM


Monitoring system resource usage. Setting the resource threshold at a granular level. Generating alerts when resource utilisation reaches the specified level.

Generating internal events using the Cisco IOS Embedded Event Manager feature.

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

19

Monitoring System Resources ERM


ERM provides for three types of thresholds to be defined:
The System Global Threshold is the point when the entire resource reaches a specified value. A notification is sent to all RUs once the threshold is exceeded. The User Local Threshold is the point when a specified RUs utilisation exceeds the configured limit. The User Global Threshold is the point when the entire resource reaches a configured value. A notification is sent to the specified RU once the threshold is exceeded.

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

20

Monitoring System Resources ERM


ERM Sample configuration - Global policy
snmp-server enable trap resource-policy resource policy policy cpu-global global system cpu total critical rising 90 interval 10 falling 80 interval 10 major rising 80 interval 10 falling 70 interval 10 minor rising 70 interval 10 falling 60 interval 5 ! ! module 6/0 cpu total critical rising 90 interval 10 falling 80 interval 10 ! ! ! user global cpu-global Needed to activate the policy

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

21

Monitoring System Resources ERM


ERM Sample configuration - User Local Policy
policy user-local-cpu type iosprocess system cpu process minor rising 10 interval 2 falling 5 interval 2 ! user "SNMP ENGINE" iosprocess user-local-cpu

ERM Sample configuration User Global Policy


policy user-global-cpu type iosprocess system cpu total minor rising 10 interval 2 falling 5 interval 2 global ! user "BGP Router" iosprocess user-global-cpu

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

22

Monitoring System Resources ERM


Other ERM Features :
Automatic CPUHOG Profiling Extended CPU load monitoring Packet Memory Reclamation functionality for "unwedging" interface input queues Automatic Buffer Tuning

MIB - CISCO-ERM-MIB
Traps generated ciscoErmGlobalPolicyViolation & ciscoErmLocalPolicyViolation
Embedded Resource Manager Configuration Guide http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_erm_resource_ps6350_TSD_Products_Configuration_Guide_C hapter.html
BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

23

IP Service Level Agent (IP SLA)

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

24

IP SLA Operations
Increasing Service Value
Jitter HTTP DLSw DNS/ DHCP Echo Path Echo Echo Path Jitter
VoIP UDP Jitter
Call Setup (PDD)

RTP

VoIP UDP ICMP L2

GK Delay

FTP

ATM
Frame Relay Metro E

TCP
Connect

SNA

Cisco IOS-Based IP Service Level Agent QoS Markings


2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

MPLS VPN Aware


25

BRKRST-2612

Platforms Supporting IP SLA


Catalyst 6500/7600 Catalyst 4500

Catalyst 3750
Catalyst 3550/3560 Catalyst 2960

Cisco 10K, 12K, CRS-1


Cisco 7200/7300 Cisco 3700/Cisco 3800 Cisco 2600/2800

Cisco 800/1700/1800 (Responder Only)


BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved.

Cisco IOS Software Releases 12.3T, 12.4 and 12.4T Cisco IOS Software Releases 12.2S
Cisco Public

26

How does Cisco IP SLA Work?


Management Application
Configure Collect Data SNMP Trap Reconfigure Source
IP SLA

IP Host

Target
Measure
IP SLA Responder

Measure Performance
BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

27

IP SLA Operation with Non-Responder


IP SLA Sender
IP SLA-Test

Sending Test Packet

IP Host

Reply to test Packet

Probing Phase

Operation types : dhcp, dns , echo , ftp, http, pathEcho, tcpConnect

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

28

IP SLA Operation with Responder


IP SLA Sender
IP SLA-Control UDP, 1967 Responder Says OK Start Listening on UDP Port 2020 Control Message Ask Receiver to Open Port 2020 on UDP

IP SLA Responder

Control Phase

Sending Test Packet(s)


IP SLA-Test UDP, 2020

Probing Phase

Done: Stop Listening

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

29

Define an Echo probe

Configuration example Change to backup link (1/2)


ip sla 1 icmp-echo <target> source-ip 24.249.14.209 timeout 2000 threshold 1000 frequency 1 ip sla schedule 1 life forever start-time now

Track the probe reachability


track 10 rtr 1 reachability delay down 5 up 10

Define default routes


ip route 0.0.0.0 0.0.0.0 <Main ISP> track 10 ip route 0.0.0.0 0.0.0.0 <Backup ISP> 200
BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

30

Configuration example Change to backup link (2/2)


Force probe packets to always go out the Main ISP Interface
ip local policy route-map MY-LOCAL-POLICY ! access-list 101 permit icmp any host <target> echo ! route-map MY-LOCAL-POLICY permit 10 match ip address 101 set interface <Main ISP Interface> set default interface <Main ISP Interface>

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

31

Enhanced Object Tracking (EOT)

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

32

Enhanced Object Tracking


Features
Separation between the objects to be tracked and the action to be taken. Each Tracked object has a unique number Boolean and and or functions to combine tracked objects

Advantages
Increases the availability and speed of recovery of a network. Decreases network outages and their duration.

Restriction
Enhanced Object Tracking is not statefull switchover (SSO) aware

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

33

Enhanced Object Tracking


What can be tracked :
Line-Protocol State of an Interface
IP-Routing State of an Interface IP-Route Reachability Threshold of IP-Route Metrics State of an IP SLA Operation

Reachability of an IP SLA IP Host


Mobile IP Applications
BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

34

Enhanced Object Tracking


Configuration Example - Line-Protocol State of an Interface
S1/0 S1/0

A
Fa0/0 Fa0/0

B
10.1.0.0/24

Router A Configuration
track 100 interface serial1/0 line-protocol ! interface FastEthernet0/0 ip address 10.1.0.21 255.255.0.0 standby 1 preempt standby 1 ip 10.1.0.1 standby 1 priority 110 standby 1 track 100 decrement 10

Router B Configuration
track 100 interface serial1/0 line-protocol ! interface FastEthernet0/0 ip address 10.1.0.22 255.255.0.0 standby 1 preempt standby 1 ip 10.1.0.1 standby 1 priority 110 standby 1 track 100 decrement 10

Further information on Enhanced Object Tracking http://www.cisco.com/en/US/docs/ios/ipapp/configuration/guide/ipapp_eot.html


BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

35

Embedded Event Manager

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

36

EEM Architecture
Syslog email notification SNMP set Counter SNMP get SNMP notification Reload or switch-over Application specific CLI Applets IOS.sh Policies TCL Policies

Actions
EEM Applets multi-event-correlation

Embedded Event Manager


Event Detectors
XML CLI OIR ERM EOT RF GOLD RPC ED ED ED ED ED ED ED CDP LLDP ED

Syslog ED

SNMP EDs

Timer EDs

none ED

HW EDs

Watchdog ED

Interface Counter ED

NetFlow ED

IPSLA Route ED ED

802.1x ED

MAC ED

Remote: Notification Syslog Local: Event Notification Get/Set


BRKRST-2612

Cron Count down

Fan Temp Env ...

Process Scheduler Database

Interface Descriptor Blocks


Cisco Public

2011 Cisco and/or its affiliates. All rights reserved.

37

Embedded Event Manager


Components that make up EEM
Policy Event Detectors http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_overview.html#wp1070290

Actions - http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_overview.html#wp1070842 Applet (cli) Script (tcl) Environment Variables


User defined Cisco defined
http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_overview.html#wp1071155

Cisco built-in

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

38

EEM Applets and Policies


CLI Applets
Part of the Cisco IOS Configuration Based on CLI Commands Simple Actions Programmatic Applet Extensions

IOS.sh Policies
Separate ASCII File mypolicy.sh Based on Cisco IOS CLI and Shell Commands Effective shell-like simple scripting Registered via the Cisco IOS Config

TCL Policies
Separate ASCII File mypolicy.tcl

Based on Cisco IOS CLI and Safe TCL Commands Flexible and powerful scripting capabilities
Registered via the Cisco IOS Config
39

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Embedded Event Manager cli Applet


Sample Applet Force switch over to redundant processor
snmp-server enable traps eventmanager Event detector ! event manager applet track-gig0 event syslog pattern ".*UPDOWN.*GigabitEthernet0.* changed state to down action 1.0 force-switchover action 2.0 syslog msg Gig0 down. EEM Forced-switch over

Command syntax for the syslog event detector


event syslog [occurs num-occurrences] [period period-value] [priority prioritylevel] pattern regular-expression

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

40

Embedded Event Manager cli Applet


Sample Applet Send a custom snmp trap on LINK_LOST/OK
snmp-server enable traps eventmanager ! event manager applet track_sfp_down event syslog pattern "SPAWBCMTS-4-SFP_LINK_LOST.*link changed state to down action 1.0 snmp-trap strdata "$_syslog_msg" ! event manager applet track_sfp_up event syslog pattern "SPAWBCMTS-4-SFP_LINK_OK.*link changed state to up action 1.0 snmp-trap strdata "$_syslog_msg"
Cisco defined environment variable

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

41

Which process is causing CPU spikes?

Embedded Event Manager cli Applet

cpmCPUTotal1minRev

1111 1 1112111111112111111111211111411221433 1 11113000011111230254 2 1 9756660293151131828147016175365762661890911641000056506500050919988258 100 **** * 90 **** * 80 **** * 70 **** * 60 **** * * 50 * **** * * 40 * ** **** * ** 30 * * ** *** ***** *** ** 20 ****** * ** * * ** * ******* *** * ******** ******* * 10 ######***************#**#***##**************######**#***************** 0....5....1....1....2....2....3....3....4....4....5....5....6....6....7. 0 5 0 5 0 5 0 5 0 5 0 5 0 CPU% per hour (last 72 hours) * = maximum CPU% # = average CPU%

event manager applet High_CPU_Monitor event snmp oid 1.3.6.1.4.1.9.9.109.1.1.1.1.7.1 get-type exact entry-op gt entry-val 75 exit-op lt exit-val 50 poll-interval 60 action 1.1 syslog msg "------ HIGH CPU DETECTED ------ CPU Currently: $_snmp_oid_val % action 2.1 cli command "enable" action 2.2 cli command "terminal exec prompt timestamp" action 2.3 cli command "show process cpu sort | exclude 0.0 | append flash:high_cpu_monitor.txt" action 2.4 cli command "show process cpu history | append flash:high_cpu_monitor.txt action 2.5 cli command "show logging | append flash:high_cpu_monitor.txt action 2.6 cli command "show interface stat | append flash:high_cpu_monitor.txt" end Caution : Make sure you dont fill up flash
BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

42

Embedded Event Manager cli Applet


Command syntax for the snmp oid event detector
event snmp oid oid-value get-type {exact | next} entry-op operator entry-val entry-value [exit-comb {or | and}] [exit-op operator] [exit-val exit-value] [exit-time exit-time-value] poll-interval poll-int-value

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

43

Embedded Event Manager tcl Scripts


Prepare tcl script or use / modify existing one

Download to device
Add other required device configuration

Define any User-Defined environment variables


Register the Policy

Test / Check the script


EEM Scripting Community - http://forums.cisco.com/eforum/servlet/EEM?page=main
BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

44

Embedded Event Manager tcl Scripts


Problem: Monitor a counter for which there is no snmp MIB Object Solution 1: Use the Cli Value 2 Snmp Expr MIB tcl script from the EEM Scripting Community (Network Management)
::cisco::eem::event_register_timer watchdog name watchdog time $snmp_mib_update_interval maxrun 240 namespace import ::cisco::eem::* namespace import ::cisco::lib::*

Example CliValueToSnmpExpressionMIB.tcl

Event Detector

User defined environment variable

<snip> # ====================================== CUSTOMIZE THIS SECTION FOR YOUR NEEDS =================================================# # ==============================================================================================================================# # Initialize ISG show commands to be executed... # proc Show Command ShowCmdId # ----------------------initShowCommand "show mls qos protocol module 6" 1

# Initialize match patterns, reference to the Id of the relevant show command above and specify the last OID index to be used... # proc ObjectName MatchPattern with (interesting value) in brackets ShowCmdId MIBIndex # ---------------------------------------------------------------------------initMatchPattern "AgForwardBy6" initMatchPattern "AgPolicedBy6"
BRKRST-2612

EEM Scripting Community - http://forums.cisco.com/eforum/servlet/EEM?page=main


2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

".*AgForward-By: +(\[0-9\]+) " ".*AgPoliced-By: +(\[0-9\]+)"

1 1

1 2

45

Embedded Event Manager tcl Scripts


Example CliValueToSnmpExpressionMIB.tcl
Download to device
Router# mkdir harddisk:eem Router#copy ftp:/opt/ftp/eem/CliValueToSnmpExpressionMib.tcl harddisk:/eem Address or name of remote host []? 10.10.10.2 Destination filename [/eem/CliValueToSnmpExpressionMib.tcl]? Accessing ftp://10.10.10.2//opt/ftp/eem/CliValueToSnmpExpressionMib.tcl...

Add other required device configuration


1) Enable SNMP server manager Router(config)# snmp-server manager 2) Add SNMP configuration allowing local SNMP queries and updates for the script to update expression MIB entries... Router(config)# no access-list 9 Change this to the management Router(config)# access-list 9 remark "SNMP Read-Write for EEM" address of your device Router(config)# access-list 9 remark "=======================" Router(config)# access-list 9 permit 10.10.10.1 0.0.0.0 User defined RW Community Router(config)# access-list 9 deny any log string to be used by EEM tcl script Router(config)# snmp-server community EemUpdateRw RW 9
BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

46

Example CliValueToSnmpExpressionMIB.tcl Define User-Defined environment variables Remember this from the script
Router(conf)# event manager environment snmp_mib_update_interval 60 # RW Community&IP address parameters are required by EEM to update MIBs locally on the device... Same as snmp config Router(conf)# event manager environment snmp_rw_community EemUpdateRw entered via cli Router(conf)# event manager environment snmp_ip_address 10.10.10.1 # Configure the default value to be filled into OIDs should the show command # or regular expression match fail... Router(conf)# event manager environment snmp_default_value -1

Embedded Event Manager tcl Scripts

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

47

Example CliValueToSnmpExpressionMIB.tcl Register the tcl Policy

Embedded Event Manager tcl Scripts

Router(conf)# event manager directory user policy harddisk:/eem Router(conf)# event manager policy CliValueToSnmpExpressionMib.tcl

Check the tcl policy has been registered successfully


Router#show event manager policy registered user No. Class Type Event Type Trap Time Registered Name 1 script user timer watchdog Off Thu Nov 4 01:17:16 2010 CliValueToSnmpExpressionMib.tcl name {watchdog} time 60.000 nice 0 queue-priority normal maxrun 240.000

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

48

Embedded Event Manager tcl Scripts


Example CliValueToSnmpExpressionMIB.tcl Check / test the script is working
Router#show management expression Expression: AgForwardBy6 is active Expression to be evaluated is 527930134 where: Expression: AgPolicedBy6 is active Expression to be evaluated is 347908 where:

Router#show mls qos protocol module 6 ----- Module [6] ----Protocol ARP is using AgId 1 AgForward-By: 527930134 AgPoliced-By: 347908 ARP : Policing and mode Cir = 1024000bps Burst = 10000bytes

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

49

Embedded Event Manager tcl Scripts


Example CliValueToSnmpExpressionMIB.tcl Check / test the script is working (contd)
% snmpwalk -c public1 10.10.10.1 <snip> expExpressionOwner.1 : = STRING: expExpressionOwner.2 : = STRING: <snip> expValueCounter32Val.1.0.0.0 : = expValueCounter32Val.2.0.0.0 : = 1.3.6.1.4.1.9.10.22

From an NMS system perform an snmpwalk of the EXPRESSION-MIB


Objectname as defined in the tcl script MIBIndex as defined in the tcl script These are the MIB Objects to poll

"AgForwardBy6 "AgPolicedBy6
Counter32: 527930134 Counter32: 347908

NB At present the script only supports 32 bit counters, which limits it to values < 4Gig . There is however a 64 bit counter expValueCounter64Val which could be used if the script was modified (and tested).
BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

50

Embedded Event Manager tcl Scripts


What if it doesnt work as expected ?
Router#debug action all api common detector policydir server tcl xml event Debug Debug Debug Debug Debug Debug Debug Debug Debug manager ? Event Manager Event Manager Event Manager Event Manager Event Manager Event Manager Event Manager Event Manager Event Manager Action with all debug messages enabled client API Common Event Detector policy director server tclsh interpreter xml

As with all debugging approach with caution. It may generate a lot of output

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

51

Embedded Event Manager tcl Scripts


Problem: What if I need to modify the tcl script ? Solution 1: Manual step by step
Unregister the tcl policy
Router(conf)# no event manager policy my.tcl

Delete the tcl script from flash


Router# del harddisk:/eem/my.tcl

Copy the new /edited tcl script to the flash device.


Router#copy ftp:/opt/ftp/eem/my.tcl harddisk:/eem

Register the new / edited tcl policy


Router(conf)# event manager policy my.tcl

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

52

Embedded Event Manager tcl Scripts


Solution 2: Use event manager update commands
Configure the default repository
Router(config)# event manager directory user repository tftp://172.16.64.1

Single exec command to download, un-register and re-register:


router# event manager update user policy name my %EEM: Update will use the repository path: tftp://172.16.64.1 %EEM: Attempting to copy tftp://172.16.64.1/my.tcl to flash:/eemtcl/my.tcl Loading my.tcl from 172.16.64.1 (via FastEthernet0): ! [OK - 647 bytes] %EEM: Copied 647 bytes from tftp://172.16.64.1/my.tcl to flash:/eemtcl/my.tcl %EEM: Policy my.tcl has been successfully copied and re-registered
*Dec 10 20:12:43.198: %HA_EM-6-FMPD_UPDATE_POLICY_COPY: Policy update has copied 647 bytes from tftp://172.16.64.1/my.tcl to flash:/eemtcl/my.tcl *Dec 10 20:12:43.230: %HA_EM-6-FMPD_UPDATE_POLICY_REGISTER: Policy update has successfully re-registered policy my.tcl

Available from: IOS 12.4(20)T


BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

53

Embedded Event Manager tcl Scripts


Solution 2: Use event manager update commands (contd)
Can also synch entire groups, based on regular expression match:
Router# event manager update user policy group m.*

Verify using show command


router# show event manager policy registered No. Class Type Event Type Trap Time Registered 1 script user syslog Off Wed Dec 10 20:12:43 2008 occurs 1 pattern {.*%NTP-5-PEERSYNC.*} nice 1 queue-priority low maxrun 90.000 scheduler rp_primary Name my.tcl

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

54

Embedded Event Manager tcl Scripts


Solution 3: Use New event manager update commands
Single exec command to specify repository, download, un-register and reregister:
router# event manager update user policy name my.tcl repository tftp://10.1.1.1/

Can also synch entire groups, based on regular expression match:


Router# event manager update user policy group m.* repository tftp://10.1.1.1/

Verify using show command


Router# show event manager policy registered No. Class Type Event Type Trap Time Registered 1 script user syslog Off Wed Dec 10 20:12:43 2008 occurs 1 pattern {.*%NTP-5-PEERSYNC.*} nice 1 queue-priority low maxrun 90.000 scheduler rp_primary
Name my.tcl

Available from: IOS 15.0(1)M


BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

55

Embedded Automation Systems (EASy)

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

56

Example: Install Embedded Automations


Problem: Embedded Automations based on Tcl Scripting or Embedded Event Manager may include multiple scripts, policies, configurations, variables and prerequisites. How can we install (and un-install) all of these in a consistent manner? Solution: Create a package and use the EASy Installer
Router# easy-installer tftp://10.1.1.1/my-package.tar flash:/easy ----------------------------------------------------------------------Configure and Install EASy Package my-package' ----------------------------------------------------------------------1. Display Package Description 2. Configure Package Parameters 3. Deploy Package Policies 4. Verify Installed Package 5. Exit Enter option: See: http://www.cisco.com/go/easy

Further information on EASy Installer http://www.cisco.com/en/US/products/ps10777/products_ios_protocol_group_home.html


BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

57

Editing Files on the CLI


Ed.tcl

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

58

Editing Files
Problem: Often ASCII files are being used when using Device Manageability
Instrumentation in IOS:
Tcl scripts and EEM Tcl Policies EMM Menu Definition Files Config Templates and other text files

During Development and Test it would be useful to be able to edit these files directly from IOS. But: IOS does not include an ASCII Editor ...

Solution: Use a Tcl implementation of an Editor in IOS


The GNU <ed> editor is a very simple, line-based editor available as Tcl implementation
see: http://en.wikipedia.org/wiki/Ed_(Unix) see: http://www.gnu.org/software/ed/ed.html
BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

59

Editing and a simple Using ed.tcl Files test file to the flash: 1. Copy ed.tcl
router# show flash : 8 27091 Nov 19 2008 10:51:26 ed.tcl 9 68 Nov 19 2008 11:00:12 testfile.txt

2. Define an Alias for simplicity:


router(config)# alias exec ed tclsh flash:/ed.tcl

3. Edit the file using ed:


router# ed flash:/testfile.txt 65 1,$p print lines 1 to last 1,$p line one of the test file line two of the test file another line ,p print all lines ,p line one of the test file line two of the test file another line ,n numbered print all lines ,n 1 line one of the test file 2 line two of the test file 3 another line a a add lines and here are yet another two lines . ,n . end adding 1 line one of the test file 2 line two of the test file 3 another line 4 and here are 5 yet another two lines w 99 w write file q router# q quit
60

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

IOS Shell Scripting


IOS.sh

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

61

IOS Shell
Problem: Sometimes we need more than what Interface ranges,
Macros, Auto SmartPorts and other CLI features already offer.
But we may not want all the power and complexity of Tcl Scripting or Embedded Event Manager Solution: Use IOS Shell (IOS.sh)
IOS Shell offers Environment Variables Pipe and Redirection Condition Testing Loops Built-in Functions Custom Function Definitions Phase I Available from: IOS 12.2(52)SE
BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

MY_VAR=value, %n | if []; then else fi show shell functions shell exec <function> function <name>(){}

IOS.sh # _

62

IOS Shell - Example


The pre-built shell functions for Auto SmartPorts are a good starting point:
switch# show shell functions CISCO_AP_AUTO_SMARTPORT function CISCO_AP_AUTO_SMARTPORT () { if [[ $LINKUP -eq YES ]]; then conf t interface $INTERFACE macro description $TRIGGER switchport trunk encapsulation dot1q switchport trunk native vlan $NATIVE_VLAN switchport trunk allowed vlan ALL switchport mode trunk switchport nonegotiate auto qos voip trust mls qos trust cos exit end fi if [[ $LINKUP -eq NO ]]; then :
BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

63

Tcl Shell
Tcl Scripting

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

64

Tool Command Language (TCL)


Language resources found at: http://www.tcl.tk/
TCL 7.x has been in Cisco IOS since 1994 TCL 8.3.4 first released in Cisco IOS in 12.3(2)T and merged into 12.2(25)S Use 12.3(14)T or later for best results Signed TCL Scripts introduced in 12.4(15)T
Router#tclsh slot0:myscript.tcl Router#tclsh Router(tcl)#source tftp://10.1.1.1/myscript.tcl

Use low-memory to prevent malloc failures


Router(config)# scripting tcl low-memory <water_mark>

TCL process runs at medium priority, so be careful with loops


BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

65

Tool Command Language (TCL)


http://www.cisco.com/go/ciscobeyond http://www.cisco.com/go/eem http://www.cisco.com/go/ioscommercial Guide To Writing EEM Policies documentation
Router#tclsh Router(tcl)#puts "Hello There" Hello There Router(tcl)#ios_config "interface fa0/0" "description Main Uplink" Router(tcl)#exit Router#

TCL Cisco IOS Extended Commands TCL Built In Command Cisco IOS Command

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

66

Signed TCL Scripts


TCL has the capability to verify a digital signature in order to indicate trust: A script can run in two modes:
If TCL script contains the right signature:
If TCL script doesnt contain the right signature:
TRUSTED MODE

It will be authenticated and run with trusted access to TCL interpreter


UNTRUSTED MODE

It will run in a limited mode for untrusted scripts or not run at all

See: http://www.cisco.com/en/US/docs/ios/12_4t/netmgmt/configuration/guide/sign_tcl.html Available from: IOS 12.4(15)T, 12.4(11)XW Platforms: 8xx, 18xx ISRs, 26xx, 36xx, 37xx, IAD, 72xx, 7301, UC520,

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

67

Kron Scheduler

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

68

Kron Scheduler
Run EXEC commands periodically or at a specified time First introduced in 12.3(1)

Runs commands in a fully-automated mode


Interactive commands (e.g. reload) are NOT supported Note: NTP must be configured or the router clock must be authoritative

Kron and Tcl can run together since 12.4(4)T


Alternative Option: use Embedded Event Manager (EEM) Timer ED
BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

69

Configuration Management

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

70

IOS Configuration Safety Features


Contextual configuration diff utility
(from 12.3(4)T, 12.2(25)S) Easily show differences between running and startup configuration Compare any two ASCII files Tracks config commands entered per user, per session Notification sent indicating config change has taken placechanges can be retrieved via SNMP

Config change logging and notification (from 12.3(4)T, 12.2(25)S)

Configuration replace and rollback

(from 12.3(7)T, 12.2(25)S) Replace running config with any saved configuration (only the diffs are applied) to return to previous state (from 12.4(23)T) (from 12.3(14)T, 12.2(25)S)
Cisco Public

Configuration revert
Automatically Rollback un-confirmed configurations

Configuration locking
Ensures exclusive configuration change access
BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved.

71

Example: Using Config Rollback


Problem: Critical config change to a remote router may result in loss of connectivity, requiring a reload Solution 1: Replace the running configuration with the latest good archive after two minutes unless the change made is confirmed Available from: IOS 12.3(7)T, 12.2(25)S
router# show archive There are currently 4 archive configurations saved. The next archive file will be named disk0:/config-archive-4 Archive # Name 0 1 disk0:/config-archive-1 2 disk0:/config-archive-2 3 disk0:/config-archive-3 <- Most Recent router# config replace disk0:/config-archive-3 time 120 : ... your Config Change work here ... : router# no config replace disk0:/config-archive-3
BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

72

Example: Using Config Revert


Problem: Critical config change to a remote router may result in loss of connectivity, requiring a reload
Solution 2: Revert the running configuration after two minutes unless the change made is confirmed
router# config terminal revert time 2 Rollback Confirmed Change: Backing up current running config to flash:bk-2 Enter configuration commands, one per line. End with CNTL/Z. : ... your Config Change work here ... : router# hostname oops oops(config)# end oops# Rollback Confirmed Change: Rollback will begin in one minute. Enter "configure confirm" if you wish to keep what you've configured oops# config confirm oops#

or

Available from: IOS 12.4(23)T, 12.2(33)S


BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved.

oops# Rollback Confirmed Change: rolling to:flash:bk-2 Total number of passes: 1 Rollback Done router#
Cisco Public

73

How to trigger a Config Change


Embedded Event Manager (EEM)

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

74

Example: Trigger a Config Change 1/3


Problem: a PKI related config change on a remote device should only happen once NTP has successfully synched the time
Router(config)# ntp logging Router(config)# ntp update-calendar Router(config)# ntp server 172.16.154.40 prefer

Solution I: use EEM Syslog Event Detector and a CLI Applet to trigger the change

CLI Applet
event manager applet config_upon_ntp event syslog pattern ".*%NTP-5-PEERSYNC.*" action 1.0 syslog msg "Starting ..." : ... Your Config Changes Here ... : Dec 10 3.0 syslog msg%NTP-5-PEERSYNC: NTP synced to peer 172.16.254.40 action 13:03:57.746: "... done" Dec 10 13:03:57.750: %HA_EM-6-LOG: config_upon_ntp: Starting ... Dec 10 13:03:57.750: %HA_EM-6-LOG: config_upon_ntp: ... done
BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

75

Example: Trigger a Config Change 2/3


Solution II: use EEM Syslog Event Detector and an IOS.sh Policy to trigger the change

IOS.sh Policy
##::cisco::eem::event_register_syslog pattern .*%NTP-5-PEERSYNC.* send log "Starting ..." enable conf t hostname $new_hostname : ... Your Config Changes Here ... : end router# send log "... done" *Dec 22 18:27:09.659: %HA_EM-6-LOG: sl_cfg_ntp.sh: Starting ... # End of IOS.sh Policy demo script *Dec 22 18:27:09.801: %SYS-5-CONFIG_I: Configured from console by on vty0 (EEM:sl_cfg_ntp.sh)
*Dec 22 18:27:09.927: %HA_EM-6-LOG: sl_cfg_ntp.sh: Set hostname from router to it-worked *Dec 22 18:27:09.927: %HA_EM-6-LOG: sl_cfg_ntp.sh: ... done it-worked#

Solution III: use EEM Syslog Event Detector and a TCL Policy to trigger the change
BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

76

TCL Policy
::cisco::eem::event_register_syslog occurs 1 pattern .*%NTP-5-PEERSYNC.* queue_priority low nice 1 maxrun 90 namespace import ::cisco::eem::* namespace import ::cisco::lib::* action_syslog msg "Starting ..." set oldname [info hostname] set newname "it-worked"

Policy runtime
Default = 20 seconds Increase this value if you see a Process Forced Exit message from the router.

if [catch {cli_open} result] { error $result $errorInfo } else { array set cli $result }
if [catch {cli_exec $cli(fd) enable\n conf term\n hostname $newname\n end"} result] { action_syslog msg "Failed to set hostname: $result : $errorInfo" error $result $errorInfo } else { action_syslog msg "Set hostname from $oldname to $newname" } cli_close $cli(fd) $cli(tty_id) action_syslog msg "... done"

router# *Dec 10 10:43:29.061: %HA_EM-6-LOG: config_upon_ntp.tcl: Starting ... *Dec 10 10:43:29.197: %SYS-5-CONFIG_I: Configured from console by on vty0 (EEM:config_upon_ntp.tcl) *Dec 10 10:43:29.329: %HA_EM-6-LOG: config_upon_ntp.tcl: Set hostname from router to it-worked *Dec 10 10:43:29.329: %HA_EM-6-LOG: config_upon_ntp.tcl: ... done it-worked# BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 77

How to trigger upon a Config Change


Embedded Event Manager (EEM)

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

78

Using EEM to trigger upon config change


Two Options: Syslog Event Detector upon any potential config change CLI Event Detector upon specific CLI command Asynchronous: Trigger Policy and then execute CLI command Trigger Policy and skip CLI command Synchronous: Trigger Policy and execute/skip based on exit status _exit_status == 0 skip CLI command (default) _exit_status == 1 execute CLI command
event [tag event-tag] cli pattern regular-expression {[default] [enter] [questionmark] [tab]} [sync {yes | no skip {yes | no}] [mode variable] [occurs num-occurrences] [period period-value] [maxrun maxruntime-number]
Available from: EEM 2.1, integrated with XML PI from EEM 3.0
BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

79

Problem: VLAN 380 should not be accidentally removed from a trunk Solution: use EEM CLI Event Detector:
Option a: Dont prevent anything, just issue a syslog notification:

Example: Using EEM CLI Event Detector


Other Examples: no mpls ip no router isis debug all

event manager applet cli-async event cli pattern "switchport trunk allowed vlan remove.*380.*" sync no skip no action 1.0 syslog msg "Removing VLAN 380"

Option b: Prevent the entire command and issue a syslog notification:


event manager applet cli-async-skip event cli pattern "switchport trunk allowed vlan remove.*380.*" sync no skip yes action 1.0 syslog msg "Will NOT remove VLAN 380"

Option c: Ask for confirmation, then allow or prevent the entire command:
event manager applet cli-sync event cli pattern "switchport trunk allowed vlan remove.*380.*" sync yes action 1.0 puts "Confirm removing VLAN 380 [yes|no]:" action 2.0 gets response action 3.0 if $response eq yes goto 5.0 action 4.0 puts "NOK - VLAN 380 will NOT be removed" action 4.1 exit 0 action 5.0 puts "OK - VLAN 380 will be removed" action 5.1 exit 1

Caveats: command may be (much) bigger than what you match! Ranges!
BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

80

Managing Versions and Revisions


Archive, EEM Update

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

81

Example: Archiving Configuration 1/4


Problem: Device configurations must be archived periodically, collecting them
from the outside should not be the only answer.

Solution 1: Manually create meaningful copies of the running config:


nexus-7000# copy run bootflash:/$(TIMESTAMP)-$(SWITCHNAME).conf nexus-7000# dir bootflash: 29796 Apr 27 17:38:16 2009 2009-04-27-17.38.16-nexus-7000.conf

nexus-7000# show cli variable VSH Variable List ----------------SWITCHNAME=nexus-7000" TIMESTAMP="2009-04-27-17.47.48"

Note: from IOS 12.3T onwards, refer to $h and $t variables within archive config path option

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

82

Example: Archiving Configuration 2/4


Solution 2: Archive the running configuration once every day locally:
archive path disk0:/config-archive maximum 7 time-period 1440

View the content of the archive:


Router#show archive There are currently 3 archive configurations saved. The next archive file will be named disk0:config-archive-3 Archive # Name 0 1 disk0:config-archive-1 2 disk0:config-archive-2 <- Most Recent 3 4 5 6
BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

83

Example: Archiving Configuration 3/4


Solution 3: Archive the running configuration to tftp upon write:
archive path tftp://10.1.1.1 write-memory

Note: Config can also be archived on-demand:


Router#archive config

Solution 4: Use Kron to schedule periodic archiving (plus other activity)


archive path tftp://10.1.1.1 ! kron policy-list backupconfig cli archive config ! kron occurrence backup-occur at 23:23 recurring policy-list backupconfig multiple policy-lists possible
BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

84

Example: Archiving Configuration 4/4


Solution 5: Use Embedded Event Manager (EEM) with a Syslog Event Detector and a TCL Applet to only archive configs if there was a change
Define EEM Environment Variable Router(config)# event manager environment filename <myfile.txt> Router(config)# event manager directory user policy "flash:/TCL" Router(config)# event manager policy archive.tcl type user Router(config)# archive Router(config-archive)# path flash:disk0 Router(config-archive)# maximum 14

Register EEM TCL Script

Configure Archive Location and Size The script Archive Config if Changes is available from www.cisco.com/go/ciscobeyond
BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

under Network Management ( See http://forums.cisco.com/eforum/servlet/EEM?page=eem&fn=script&scriptId=1103 )


85

Providing Interactive Menus on the CLI


Embedded Manager Menu (EMM)

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

86

Interactive Menus on the CLI


Problem: How to make some CLI commands available in a guided way (for example to 1st Line Support, Local IT, Field Force, etc) Solution I: Configure a Menu using the old <menu> commands Solution II: Define a custom Menu in Embedded Menu Manager (EMM)
IOS menu Command
easy to learn, simple to use limited functionality and flexibility menu only, cli only selections only part of the IOS config widely available
BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved.

Embedded Menu Manager (EMM)


easy to learn, simple to use
very flexible menus and wizards, cli and tcl

selections, inputs, actions, help texts


separate MDF file(s) recent development 12.4(20)T
Cisco Public

87

Menu Config Command 1/2


Simple Menu Defined in the Config Custom ASCII Menus Part of IOS Config Simple CLI Actions
menu OldMenu title ^C A simple example of the OLD menu command^C menu OldMenu prompt ^C Please select a menu item:^C menu OldMenu text 1 Run a ping test menu OldMenu command 1 ping 10.1.1.1 menu OldMenu options 1 pause menu OldMenu text 9 Exit menu OldMenu command 9 exit menu OldMenu status-line
BRKRST-2612

Menu name Menu Title Menu Item Label Menu Item Action

Remember to provide an <exit> option Simple menus and actions only No user input other than menu items Part of the running- and startup-config

Available from: IOS 10.0, 12.2(33)S


2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

88

Menu Config Command 2/2


router# menu OldMenu Server router" Line 0 Terminal-type (unknown) A simple example of the OLD menu command 1 9 Run a ping test Exit

Please select a menu item: 1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) --More Server router" Line 0 Terminal-type (unknown) A simple example of the OLD menu command 1 Run a ping test

Exit

Please select a menu item:


BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

89

Embedded Menu Manager (EMM)


Programmable Menu Framework Custom ASCII Menus XML based Menu Definition Files (MDF) Range / Type Checking TCL Scripting Actions Nested and Sequential Menus (Wizards)

================================================================================ Branch Router Operations Menu on branch-99 Enter ? for help or ?# for item help -------------------------------------------------------------------------------1. Install Diagnostic Scripts 2. Change Hostname

3. Run CPU Diagnostic Script


4. Check for most recent EEM Policy Files 5. Run WAN Diagnostic Script 6. Instant World Peace

7. Exit
Enter selection [6]:
BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

Available from: IOS 12.4(20)T See: http://tinyurl.com/emm-in-124t


90

EMM Menu Definition File Example 1/2


<?xml version="1.0"?> Menu name and required <Menu MenuName="NMS" schemaVersion="1.1"> schema version <MenuTitle> <EmbTCLValue> <TCLCommand> return " Branch Router Operations Menu on [hostname]" </TCLCommand> Title can be constant or generated </EmbTCLValue> with Tcl </MenuTitle> <HelpString> <Constant String="View and modify some common Network Management configuration parameters"/> </HelpString> The menu and each item can have <GlobalTCL> its own help text <TCLCommand> proc get_config { regex } { set config [exec "show run | inc $regex"] return $config } </TCLCommand> Optional global Tcl section to store procs </GlobalTCL> used throughout menu : :
BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

91

EMM Menu Definition File Example 2/2


From simple menu choices to complete customised wizards
: : <Item ContinuePrompt="true" ItemJustification="LEFT"> <ItemTitle> <Constant String=Change Hostname" /> </ItemTitle> <HelpString> <Constant String="This selection lets you type a new hostname" /> </HelpString> <Wizard> <QueryPrompt> <Constant String="What hostname do you suggest?" /> </QueryPrompt> <FreeForm /> </Wizard> <IOSConfigCommand> "hostname $r(1)" </IOSConfigCommand> : :
BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

92

In Summary
Smart Call Home Service
Monitoring System Resources
RMON & Threshold Notifications

Device Configuration Management


Config rollback and revert via cli Trigger config change via EEM Use EEM to prevent a config change Config Archive Managment

Embedded Resource Manager

IP Service Level Agent (IPSLA) Enhanced Object Tracking (EOT) Embedded Event Manager (EEM)
Embedded Automation System (EASy) Ed.tcl IOS Shell Tcl Shell Kron Scheduler
BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

Embedded Menu Manager

93

References Instrumentation (DMI) www.cisco.com/go/instrumentation Instrumentation Device Manageability


Embedded Event Manager (EEM): www.cisco.com/go/eem Cisco Beyond EEM Community: www.cisco.com/go/ciscobeyond Embedded Menu Manager (EMM): http://tinyurl.com/emm-in-124t


BRKRST-2612

Embedded Packet Capture (EPC): www.cisco.com/go/epc


Flexible NetFlow: www.cisco.com/go/netflow and www.cisco.com/go/fnf GOLD: http://www.cisco.com/en/US/products/ps7081/products_ios_protocol_group_home.html IPSLA (formerly SAA, formerly RTR): www.cisco.com/go/ipsla Network Analysis Module: http://www.cisco.com/go/nam Network Based Application Recognition (NBAR): www.cisco.com/go/nbar Security Device Manager (SDM): http://www.cisco.com/go/sdm Smart Call Home: www.cisco.com/go/smartcall Web Services Management Agents (WSMA): http://tinyurl.com/wsma-in-150M Feature Navigator: www.cisco.com/go/fn MIB Locator: www.cisco.com/go/mibs
2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

94

References Embedded Automations


Embedded Automation Systems (EASy) 1. 2. 3. 4. Browse and Download EASy Packages www.cisco.com/go/easy Make Sure to also download EASy Installer Browse Other Embedded Automations www.cisco.com/go/ciscobeyond Learn About The Technology Under The Hood www.cisco.com/go/instrumentation www.cisco.com/go/eem www.cisco.com/go/pec Discuss, Ask Questions, Suggest Answers supportforums.cisco.com Upload your own Examples to CiscoBeyond www.cisco.com/go/ciscobeyond Engage via ask-easy@cisco.com

5. 6. 7.

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

95

Q&A

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

96

Complete Your Online Session Evaluation


Complete your session evaluation:
Directly from your mobile device by visiting www.ciscoliveaustralia.com/mobile and login by entering your badge ID (located on the front of your badge) Visit one of the Cisco Live internet stations located throughout the venue Open a browser on your own computer to access the Cisco Live onsite portal

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

97

Appendix I: Feature Availability


Note: May include futures, subject to change; no commitments implied.

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

99

Embedded Management SNMP Roadmap


Cisco IOS Software Platforms
Periodic MIB Data Collection and Transfer Mechanism VPN aware SNMP Infrastructure SNMP over IPv6 Cisco 10000 Series
12.2SB 12.2(33)SB 12.2(33)SB 12.2(33)SB 12.2(33)SB 12.2(33)SB 12.2(31)SB 12.2(33)SB 12.2(31)SB 12.2(33)SB 12.2(33)SB 12.2(33)SB 12.2(33)SB

Cisco 7600 Series


12.2SR/ SX 12.2(33)SRA 12.2(33)SRA 12.2(33)SRB 12.2(33)SRB 12.2(33)SRB1 12.2(33)SRA

Cisco 7500 Series


12.2SB 12.2(22)S 12.2(22)S 12.3(14)T

Cisco 7304 Router


12.2SB 12.2(33)SB 12.2(33)SB 12.2(33)SB 12.2(33)SB 12.2(33)SB

Cisco 7301 and 7200 Routers


12.2SB/SR 12.2(33)SRA 12.2(33)SRA 12.2(33)SRB 12.2(33)SRB 12.2(33)SRB1 12.2(33)SRA

Cisco Catalyst 6500 Series


12.2SX/ SR 12.2(33)SXH 12.2(33)SXH 12.2(33)SXI 12.2(33)SXI 12.2(33)SXI 12.2(33)SXH

Cisco Catalyst 4500 Series


12.2SG 12.2(44)SG 12.2(44)SG 12.2(44)SG 12.2(44)SG 12.2(44)SG 12.2(44)SG 12.2(44)SG 12.2(44)SG

Cisco 3750 & 2900 Series


12.2SE 12.2(35) SE1 12.2(7th)SE 12.2(44)SE 12.2(7th)SE

ASR1000
12.2 XNA 12.2(33)XN A 12.2(33)XN A 12.2(33)XN A 12.2(33)XN A 12.2(33)XN A 12.2(33)XN A 12.2(33)XN A 12.2(33)XN A 12.2(33)XN A

Cisco 800, 1800 & 2800 Series


M&T 12.3(2)T 12.3(2)T 12.3(14)T 12.4(2)T

AES (RFC 3826) and 3DES Encryption for SNMP v3


ISSU - SNMP

Interface MIB Enhancements


CEF-MIB URPF-MIB SNMP Infrastructure for MTR IP-TUNNEL-MIB Interfaces MIB: SNMP context based access CISCO-DATA-COLLECTION-MIB

12.2(31)SB

12.2(31)SB 12.2(33)SB 12.2(31)SB 12.2(33)SB 12.2(33)SB 12.2(33)SB 12.2(33)SB

12.2(33)SRC
12.2(33)SRC 12.2(33)SRB 12.2(33)SRB 12.2(33)SRB 12.2(33)SRC

12.2(31)SB
12.2(31)SB

12.2(33)SRC
12.2(33)SRC 12.2(33)SRB 12.2(33)SRB 12.2(33)SRB 12.2(33)SRC

12.2(TBD)S E 12.2(TBD)S E

12.4(20)T 12.4(20)T

12.2(44)SG 12.2(44)SG 12.2(44)SG 12.2(7th)SE 12.2(TBD)S E 12.2(37)SE

12.4(20)T

12.2(33)XN A 12.2(33)XN A 12.4(20)T 12.4(20)T 12.2(33)XN A 12.3(2)T

CISL - SNMP Support (Licensing MIB)


SNMP secure Views
12.2(33)SB 12.2(33)SRA 12.2(22)S 12.2(33)SB 12.2(33)SRA 12.2(33)SXH 12.2(44)SG

12.2(7th)SE

Shipping Code Committed ECd


BRKRST-2612 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public

100

Embedded Management SNMP Roadmap


Cisco IOS Software Platforms
Cisco 10000 Series Cisco 7600 Series Cisco 7500 Series
12.2SB

Cisco 7304 Router

Cisco 7301 and 7200 Routers


12.2SB/SR 12.2(33)SRB 12.2(33)SRE 12.2(33)SRE 12.2(33)SRE

Cisco Catalyst 6500 Series


12.2SX/ SR 12.2(33)SXI 12.2(33)SXI 12.2(33)SXI 12.2(33)SXI

Cisco Catalyst 4500 Series


12.2SG 12.2(44)SG

Cisco 3750 & 2900 Series


12.2SE

ASR1000

Cisco 800, 1800 & 2800 Series M&T


12.4(4)T

12.2SB

12.2SR/ SX 12.2(33)SRB 12.2(33)SRE 12.2(33)SRE 12.2(33)SRE

12.2SB

12.2 XNA 12.(33)XN A

Alarm filtering support in CiscoEntity-Alarm-MIB SNMP Trap Simulation RMON-MIB enhancement for 64 bit counter support Support for HC-Alarm-MIB RFC2576: SNMP v1/v2c PDU conversions for proxy forwarder SCP, FTP & RCP Support in CISCO-CONFIG-COPY-MIB FileType support in CISCOFLASH-MIB Event MIB and Expression MIB Enhancements Show Port Status Command SNMP Diagnostic Enhancements SNMP Support for Cisco Power Extension SNMP trap support for EEM SNMP support for Named Access List Licensing MIB Enhancement for STG
BRKRST-2612

12.3(2)T

12/3(2)T 12.3(2)T 12.2(33)SRE 12.2(33)SRE 12.2(33)SRE 12.2(33)SRE 12.2(33)SRE 12.2(33)SRE 12.2(1st)SY 12.2(33)SXI 12.2(33)SY 12.2(52) SG 12.2(50)SE 12.4(22)T 12.3(2)T 12.4(11)T 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 12.4(20)T 12.2(44)SG 12.4(20)T

101

Embedded Management - Configuration


Cisco IOS Software Platforms
Cisco 10000 Series
12.2SB

Cisco 7600 Series


12.2SR/ SX 12.2(18)SXE5

Cisco 7500 Series


12.2SB

Cisco 7304 Router


12.2SB 12.2(18)SXE5

Cisco 7301 and 7200 Router


12.2SB/SR 12.2(33)SRC

Cisco Catalyst 6500 Series


12.2SX/ SR 12.2(18)SXE5

Cisco Catalyst 4500 Series


12.2SG

Cisco 3750 & 2900 Series


12.2SE 12.2(25)SEC

ASR1000
12.2 XNA 12.2(33)XN A 12.2(33)XN A 12.2(33)XN A 12.2(33)XN A 12.2(33)XN A

Cisco 800, 1800 & 2800 Series


M&T 12.3(4)T

UDI Support and Configuration Enhancements CNS Agents (Configuration Agent Event Agent, Image Agent) Config Retrieve Retry CNS Agents over IPv6 Netconf over SSHv2, BEEP Config Change Notification (Netconf) Netconf over IPv6 Cisco Software Licensing CNS-Interactive CLI Command scheduler Policy for system startup TR-69 agent, Ethernet LAN, Time, ATM, loopback, traceroute profiles, HTTP client API to close persistent conn. Web Services Management Agent

12.2(28)SB

12.2(33)SB 12.2(33)SB 12.2(33)SB 12.2(33)SB 12.2(33)SB 12.2(33)SB

12.2(33)SRB 12.2(33)SRC 12.2(33)SRC 12.2(33)SRA 12.2(33)SRA 12.2(33)SRC

12.2(31)SB

12.2(33)SB 12.2(33)SB

12.2(31)SB 12.2(33)SRC 12.2(33)SRC

12.2(33)SXI 12.2(1st)SY 12.2(1st)SY 12.2(33)SXH 12.2(33)SXH 12.2(1st)SY

12.2(44)SG 12.2(44)SG 12.2(44)SG 12.2(44)SG 12.2(44)SG 12.2(44)SG

12.2(25)SEE 12.2(44)SE

12.3(1) 12.4(15)T 12.4(20)T 12.4(9)T 12.4(9)T 12.4(20)T 12.4(20)T

12.2(33)SB 12.2(33)SB 12.2(33)SB

12.2(33)SRA 12.2(33)SRA 12.2(33)SRC

12.2(33)XN A
12.2(33)XN A 12.2(37)SE

12.2(33)SRC 12.2(33)SB 12.2(33)SRC 12.2(33)SB

12.2(33)SRC 12.2(33)SRC

12.2(33)SXI 12.2(1st)SY

12.2(44)SG 12.2(44)SG

12.2(33)XN A 12.2(33)XN A 12.4(15)T

12.4(20)T

Planning

Planning

12.2(1st)SY

Planning

Planning

Planning

12.4(24)T

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

102

Embedded Management Infra - Transports


Cisco IOS Software Platforms
Cisco 10000 Series
12.2SB

Cisco 7600 Series


12.2SR/ SX 12.2(33)SRA

Cisco 7500 Series


12.2SB NA

Cisco 7304 Router


12.2SB 12.2(33)SB

Cisco 7301 and 7200 Routers


12.2SB/SR 12.2(33)SRA

Cisco Catalyst 6500 Series


12.2SX/ SR 12.2(33)SXH

Cisco Catalyst 4500 Series


12.2SG 12.2(44)SG

Cisco 3750 & 2900 Series


12.2SE 12.2(25)SE

ASR1000
12.2 XNA

Cisco 800, 1800 & 2800 Series


M&T 12.3(2)T

HTTPS - HTTP with SSL 3.0 HTTP(S) USB Support For Content Delivery from USB Media; PAI enhancement; TACAC+ Accounting support HTTP IPv6 Support BEEP Infrastructure; IPV6 Support SOAP IPv6 Support Cisco IOS Scripting with TCL TCL SNMP MIB access Signed TCL scripts TCL over IPv6 HTTP Cookie support (RFC2965) HTTP Digest Authentication Support

12.2(33)SB

12.2(33)X NA

12.2(33)SB

12.2(33)SRC

NA

12.2(33)SB

12.2(33)SRC

12.2(33)SXI

12.2(44)SG

12.4(15)T

12.2(33)SB 12.2(33)SB 12.2(33)SB 12.2(33)SB 12.2(33)SB

12.2(33)SRC 12.2(33)SRA 12.2(33)SRC 12.2(33)SRC 12.2(33)SRC

NA NA NA NA NA NA

12.2(33)SB 12.2(33)SB 12.2(33)SB 12.2(33)SB 12.2(33)SB

12.2(33)SRC 12.2(33)SRA 12.2(33)SRC 12.2(33)SRC 12.2(33)SRC

12.2(1st)SY 12.2(33)SXH 12.2(1st)SY 12.2(33)SXH 12.2(33)SXH

12.2(44)SG 12.2(44)SG 12.2(44)SG 12.2(44)SG 12.2(44)SG

12.2(44)SE 12.2(7th)SE 12.2(7th)SE 12.2(TBD)S E 12.2(7th)SE

12.2(33)X NA
12.2(33)X NA 12.2(33)X NA 12.2(33)X NA 12.2(33)X NA

12.4(20)T 12.4(4)T 12.4(20)T 12.3(2)T 12.3(7)T 12.4(15)T

12.2(33)SB

12.2(33)SRC 12.2(1st)SRE

NA

12.2(33)SB

12.2(33)SRC

12.2(1st)SY

12.2(44)SG

12.2(7th)SE

12.2(33)X NA

12.4(20)T 12.4(20)T 12.4(20)T

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

103

Embedded Management Config/Parser


Cisco IOS Software Platforms
Cisco 10000 Series
12.2SB

Cisco 7600 Series

Cisco 7500 Series


12.2SB

Cisco 7304 Router

Cisco 7301 and 7200 Routers


12.2SB/SR

Cisco Catalyst 6500 Series


12.2SX/ SR

Cisco Catalyst 4500 Series


12.2SG

Cisco 3750 & 2900 Series


12.2SE

ASR-1000

Cisco 800, 1800 & 2800 Series


M&T

12.2SR/ SX

12.2SB

12.2 XNA

Configuration Replace and Configuration Rollback, including config versioning (archive) and timed rollback Configuration Change Notification and Logging Contextual Configuration Diff Utility Configuration Generation Performance Enhancement Role-Based Access Control CLI commands Configuration Partitioning Configuration Rollback Confirmed Change IPv6 for Config Logger

12.2(33)SB

12.2(33)SRA

12.2(25)S

12.2(33)SB

12.2(31)SB2

12.2(33)SXH

12.2(44)SG

12.2(40)SE

12.2(33)XNA

12.3(7)T

12.2(33)SB 12.2(33)SB 12.2(33)SB 12.2(33)SB 12.2(33)SB 12.2(33)SB

12.2(33)SRA 12.2(33)SRA 12.2(33)SRC 12.2(33)SRB 12.2(33)SRB 12.2(33)SRC

12.2(25)S 12.2(25)S 12.2(25)S

12.2(33)SB 12.2(33)SB 12.2(33)SB 12.2(33)SB 12.2(33)SB 12.2(33)SB

12.2(25)S

12.2(33)SXH 12.2(33)SXH

12.2(44)SG 12.2(44)SG 12.2(44)SG 12.2(44)SG 12.2(44)SG 12.2(44)SG

12.2(25)SEC 12.2(40)SE

12.2(33)XNA 12.2(33)XNA 12.2(33)XNA 12.2(33)XNA

12.3(4)T 12.3(4)T 12.3(7)T 12.3(11) T

12.2(33)SRC

12.2(33)SXI 12.2(33)SXI

12.2(33)SRB 12.2(33)SRC

12.2(33)SXI 12.2(33)SXI

12.2(7th)SE

12.2(33)XNA 12.2(33)XNA 12.4(20) T 12.4(20) T 12.4(11) T 12.4(11) T 12.4(20) T 12.4(20) T

12.2(33)SB
12.2(33)SB 12.2(33)SB

12.2(33)SRC
12.2(33)SRA 12.2(33)SRA

12.2(33)SB
12.2(33)SB 12.2(33)SB

12.2(33)SRC

12.2(1st)SY
12.2(33)SXH 12.2(33)SXH

12.2(44)SG
12.2(44)SG 12.2(44)SG

12.2(7th)SE

12.2(33)XNA
12.2(33)XNA 12.2(33)XNA

Config Logger Persistency


Exclusive Configuration Change Access and Access Session Locking Config Change Tracking Identifier XML Programmatic Interface w/TLS and Initiator
BRKRST-2612

12.2(33)SB

12.2(33)SRC

12.2(33)SB

12.2(33)SRC

12.2(33)SXI

12.2(44)SG

12.2(33)XNA

12.2(1st)SRE

12.2(1st)SRE
Cisco Public

12.2(1st)SY

12.2(47)SG

12.2(7th)SE

2011 Cisco and/or its affiliates. All rights reserved.

104

EEM Version/Product Support Matrix


CISCO ACCESS ROUTERS - Current models EEM Version Cisco 800 Series
1.0 2.0 2.1 2.1.5 2.2 2.3 2.4 3.0 3.1 3.2 3.4

Cisco 1800 Series


12.3(11)T
12.3(14)T1

Cisco 2800 Series


12.3(11)T
12.3(14)T1 12.4(2)T 12.4(11)T 12.4(20)T 12.4(22)T 15.0(1)M 15.1(3)T Planning

Cisco 3800 Series


12.3(11)T
12.3(14)T1 12.4(2)T 12.4(11)T 12.4(20)T 12.4(22)T 15.0(1)M 15.1(3)T Planning

Cisco 1900 Series

Cisco 2900 Series

Cisco 3900 Series

12.4(2)T 12.4(11)T 12.4(20)T 12.4(22)T 15.0(1)M 15.1(3)T Planning

12.4(2)T 12.4(11)T 12.4(20)T 12.4(22)T 15.0(1)M 15.1(3)T Planning

15.0(1)M 15.1(3)T Planning

15.0(1)M 15.1(3)T Planning

15.0(1)M 15.1(3)T Planning

CISCO ACCESS ROUTERS - Old models EEM Version Cisco 1700 Series
1.0 2.0 2.1 2.1.5 2.2 2.3 2.4 3.0 3.1 3.2 12.3(4)T 12.3(14)T1 12.4(2)T 12.4(11)T

Cisco 2600 Series


12.3(4)T 12.3(14)T1 12.4(2)T 12.4(11)T

Cisco 2600XM Series


12.3(4)T 12.3(14)T1 12.4(2)T 12.4(11)T

Cisco 2691 Series

Cisco 3600 Series


12.3(4)T

Cisco 3700 Series

12.3(14)T1 12.4(2)T 12.4(11)T

12.3(14)T1 12.4(2)T 12.4(11)T

12.3(14)T1 12.4(2)T 12.4(11)T

Shipping EC Planning

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

105

EEM Version/Product Support Matrix, cont.


CISCO SERVICE AGGREGATION/CORE ROUTERS Cisco EEM Cisco 7200 Cisco 7600 Cisco UBR Cisco UBR ASR1000 Cisco 7301 Cisco 7304 Version Series Series 10000 7200 Series
1.0 2.0 2.1 2.1.5 2.2 2.3 2.4 3.0 3.1 3.2 3.4 2.1XE 12.2(33)XN RLS7 12.2(33)XN RLS7 Planning Planning Planning 12.3(14)T1 12.4(2)T 12.4(11)T 12.4(20)T 12.4(22)T 15.0(1)M 15.1(3)T Planning 12.3(14)T1 12.4(2)T1 12.2(33)SB 12.2(33)SRE 12.2(33)SRE Planning Planning Planning 12.2(33)SB 12.2(33)SRE 12.2(33)SRE Planning Planning Planning 12.2(33)SRB 12.2(33)SRE 12.2(33)SRE Planning Planning Planning 12.2(33)SB 12.2(33)SRE 12.2(33)SRE Planning Planning Planning 12.2(33)SB 12.2(33)SRE 12.2(33)SRE Planning Planning Planning Planning Planning Planning 12.2(27)SBC 12.2(28)SB 12.2(18)SXF5 12.2(28)SB 12.2(28)SB

Cisco 12000 Series


12.0(26)S

Cisco XR 12000
FM FM FM FM FM FM FM Planning Planning Planning

Cisco CRS-1
FM FM FM FM FM FM FM Planning Planning Planning

Cisco ASR 9000


FM FM FM FM FM FM FM Planning Planning Planning

CISCO CATALYST SWITCHES EEM Version


1.0 2.0 2.1 IOS w/o Modularity 12.2(18)SXF5 w/ Modularity 12.2(18)SXF4

Catalyst 3000 Switches

Cisco 3400ME Switches

Catalyst 4500 Switches

Catalyst 4900 Switches

Catalyst 6500 Switches

2.1.5 2.2 2.3 2.4 3.0 3.1 3.2 3.4 12.2(40)SE 12.2 (50) SE 12.2 (52) SE 12.2 (52) SE 12.2 (52) SE Planning 12.2(40)SE 12.2 (50) SE 12.2 (52) SE 12.2 (52) SE 12.2 (52) SE Planning 12.2(44)SG 12.2(52)SG Summer'10 (Zanzibar) Summer'10 (Zanzibar) Summer'10 (Zanzibar) Planning 12.2(44)SG 12.2(52)SG 12.2 (1st)SY Planning Planning Planning

Shipping EC Planning

12.2(33)SXH 12.2(33)SXI 12.2 (1st)SY Planning Planning Planning

BRKRST-2612

2011 Cisco and/or its affiliates. All rights reserved.

Cisco Public

106