Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2871
Views
0
Helpful
5
Replies

N5K EEM script to shutdown interface if CDP neighbor drops

Go to solution
j-mccarthy
Level 1
Level 1

‎09-30-2013 10:08 PM

Hi

Total n00b on EEM here. Background - we have an inline transparent L2 firewall sitting between our Nexus core switch and our UCS. If the physical interfaces on one of the firewalls go down, our UCS virtual hosts can detect that and will automatically fail over to their other NIC and network connectivity is restored. However if theres a software or process problem on the firewall we can lose connectivity to half of the UCS because all the links are physically staying up but the server traffic is getting blackholed.

If the L2 firewall stops passing traffic we will lose the CDP neighbor entry for the UCS on the N5K. If that happens I want to shut down the port channel interface that connects the Nexus to the firewall, triggering the virtual hosts to fail over to their second NIC.

Basically

1)     Check for presence of CDP neighbor on e1/17

2)     If there is an entry there do nothing

3)     If there is no entry there then issue the following cli commands "conf t, interface port-channel 17, shutdown"

I would like the switch to execute the script once per minute all day every day.

NEXUS-SW1# sh cdp ne int e1/17
Capability Codes: R - Router, T - Trans-Bridge, B - Source-Route-Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater,
                  V - VoIP-Phone, D - Remotely-Managed-Device,
                  s - Supports-STP-Dispute


Device-ID             Local Intrfce Hldtme Capability  Platform      Port ID
UCS-FABRIC-A(SSI171402MC)
                    Eth1/17        173    S I s     UCS-FI-6248UP Eth1/17
NEXUS-SW1#

Could anyone give me a hand on a script to do this please? Looks like there is EEM neighbor discovery stuff in IOS but not NX-OS on the 5K, so I think this script will have to use the CLI to detect failure. Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to j-mccarthy

‎10-02-2013 09:33 AM

At least for now, it likely would be.  NX-OS 7.0 is going to provided tested support for executing scheduled scripts, which would give you more control over the conditions and the actions.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee

‎10-01-2013 12:39 PM

I do not think the N5K supports EEM at all yet.  Even if it did, there is no neighbor-discovery or timer event detector yet to be able to do what you want.  In fact, given that the port doesn't go down, I can't think of any event that will work for you.  I suppose you could use the scheduler to run a Tcl script, but that is not officially supported, and I'm not sure if Tcl exists on the N5K yet, either.

0 Helpful

Go to solution
j-mccarthy
Level 1
Level 1
In response to Joe Clarke

‎10-01-2013 04:00 PM

I'm running the latest 6.0(2)N2(1) NX-OS on the 5548 with the Layer 3 daughtercard and LAN Enterprise Services license. There is some EEM stuff in the CLI but it appears basic compared to what is in IOS.

NEXUS-SW1(config-applet)# event ?
  cli             Create a cli event specification
  counter         Create a counter event
  fanabsent       Create fanabsent event specification
  fanbad          Create fanbad event specification
  oir             Create Online-Insertion-Removal event specification
  policy-default  Use the event in the system policy being overridden
  snmp            Create a 'snmp' event specification.
  storm-control   Create a storm control event specification
  syslog          Create a syslog event specification
  sysmgr          System manager related events
  temperature     Create temperature event specification
  track           Create a 'track' event specification

NEXUXS-SW1(config-applet)# event cli ?
  match  Enter cli regex to be used for matching
  tag    Event tag identifier

I was hoping I could use the "event cli match" or something like that to detect the loss of the cdp neighbor. And then shut down the interface if it is not there.

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to j-mccarthy

‎10-01-2013 04:26 PM

Ah, good.  This is consistent with 6.0(2) for N3K.  I still don't see how you're going to use the CLI ED for this.  This ED will match on commands being run, not on command output.  The scheduler feature would allow you to schedule something like a Tcl or Python script, but neither would be officially supported.

0 Helpful

Go to solution
j-mccarthy
Level 1
Level 1
In response to Joe Clarke

‎10-01-2013 11:40 PM

Ok thanks, dont want to waste any time on it if its not going to work. If it doesnt look at cli output then I would probably need the neighbor discovery cdp stuff thats not available in NX-OS.

Looks like UDLD feature will be available in the next version of UCS manager, hopefully we can use that to detect a firewall failure instead of trying to keep track of the CDP neighbor through the firewall with an EEM script. Would probably be a much better way to do it anyway.

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to j-mccarthy

‎10-02-2013 09:33 AM

At least for now, it likely would be.  NX-OS 7.0 is going to provided tested support for executing scheduled scripts, which would give you more control over the conditions and the actions.

0 Helpful
Customers Also Viewed These Support Documents