05-22-2009 06:16 AM
Hi, is there a way to track the presence of a mroute and generate alert if it's not in the mroute table? Thanks.
Solved! Go to Solution.
05-22-2009 08:19 PM
Here is a policy which should do what you want. Before registering it, you will need to define two EEM environment variables, mroute_route and mroute_schedule. For example, to run the policy every Monday through Friday at 0700 local time, and check for the mroute 10.0.0.1 239.1.1.225, configure:
event manager environment mroute_schedule 0 7 * * 1-5
event manager environment mroute_route 10.0.0.1 2239.1.1.225
05-28-2009 10:06 AM
These traps are sent using the CISCO-EMBEDDED-EVENT-MGR-MIB. That MIB can be found at ftp://ftp.cisco.com/pub/mibs/v2/ .
05-22-2009 07:17 AM
You could do this with the Embedded Event Manager. What version of IOS are you running?
05-22-2009 07:28 AM
12.2(33)SRD1
event ?
application Application specific event
cli CLI event
config Configuration policy event
counter Counter event
env Environmental event
gold GOLD event
interface Interface event
ioswdsysmon IOS WDSysMon event
none Manually run policy event
oir OIR event
resource Resource event
rf Redundancy Facility event
snmp SNMP event
syslog Syslog event
timer Timer event
track Tracking object event
I can only find command to track unicast route...
Thanks!
05-22-2009 10:13 AM
There is no specific ED for this, but you could use the timer or syslog EDs to accomplish what you want. Since you're asking for some kind of event, it sounds like syslog is out of the question. So a timer is probably the way to go.
The idea is you run a show command periodically, and parse it to determine if there was a route change. If there is, then a syslog, trap, or email is sent from the EEM policy. This would require a Tcl policy given your version of IOS. This guide should help get you started:
I can also provide help if you need it.
05-22-2009 11:14 AM
That sounds great. I want to track the following mroute 7:00am Mon-Friday:
sh ip mroute 10.0.0.1 239.1.1.225
(10.0.0.1, 239.1.1.225), 10:42:02/00:03:27, flags: MT
Incoming interface: VlanXXXX, RPF nbr X.X.X.X, RPF-MFD
Outgoing interface list:
VlanXXXX, Forward/Sparse, 10:42:02/00:03:10, H
If the upstream firewall hits the multicast bug, the result will be:
(*, 239.1.1.225), 1w2d/00:02:59, RP X.X.X.X, flags: S
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
VlanXXXX, Forward/Sparse, 1w1d/00:02:59
Could you provide some help on the config of TCL with EEM since I am not familiar with it? Like a sample config showing how to track the key words from the reult of show ip mroute using tcl and eem. Thanks a lot.
05-22-2009 11:16 AM
What will the output of the command be if the route doesn't exist? What in this good output do you want to trigger on to know the route is installed and functional?
05-22-2009 11:28 AM
I believe a good way is to check "sh ip mroute 10.0.0.1 239.1.1.225" If it shows 'Incoming Interface: Null' or "not found", a snmp trap should be generated reporting a problem. Otherwise, it should be good.
Output when the mrouter doesn't exist:
(*, 239.1.1.225), 1w2d/00:02:59, RP X.X.X.X, flags: S
"Incoming interface: Null", RPF nbr 0.0.0.0
Or "Group 239.1.1.225 not found"
05-22-2009 08:19 PM
Here is a policy which should do what you want. Before registering it, you will need to define two EEM environment variables, mroute_route and mroute_schedule. For example, to run the policy every Monday through Friday at 0700 local time, and check for the mroute 10.0.0.1 239.1.1.225, configure:
event manager environment mroute_schedule 0 7 * * 1-5
event manager environment mroute_route 10.0.0.1 2239.1.1.225
05-26-2009 07:22 AM
Thanks Joe! I am going to put the following commands into the routers.
event manager environment mroute_schedule 0 7 * * 1-5
event manager environment mroute_route x.x.x.x x.x.x.x
event manager policy tm_mroute_watch.tcl type user
Do I need to put the script into tmpsys:eem_policy?
05-26-2009 09:07 AM
No. The script will need to go into your locally configured EEM policy directory. I typically create a directory on flash called policies to hold my EEM Tcl policies. Then I configure:
event manager directory user policy flash:/policies
This must be done before registering the EEM policy.
05-28-2009 07:03 AM
Hi, the script works fine. I could see snmp trap generated and sent to CiscoWorks. But it didn't show up in the DFM monitoring console. There were some link updown entries. But not the trap the router sent. It's DFM 1.2. How to make DFM pick up the trap? Thanks again!
05-28-2009 08:27 AM
DFM will not pick up the trap. DFM only handles a few set traps, and this is not one of them. FYI, DFM 1.2 is obsolete, and no longer supported. You should upgrade to LMS 2.6 or higher (DFM 2.0 or higher). That said, there is no version of DFM that can understand these traps. The most DFM can do with them is forward them to another trap manager.
05-28-2009 09:48 AM
We can send the trap to another snmp trap server or forward the trap from DFM to anotehr trap server. What MIB does this trap use? And where can I find the MIB file? Thanks!
05-28-2009 10:06 AM
These traps are sent using the CISCO-EMBEDDED-EVENT-MGR-MIB. That MIB can be found at ftp://ftp.cisco.com/pub/mibs/v2/ .
05-28-2009 09:48 AM
We can send the trap to another snmp trap server or forward the trap from DFM to anotehr trap server. What MIB does this trap use? And where can I find the MIB file? Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide