Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1968
Views
5
Helpful
9
Replies

Trigger an EEM script from a Remote Server and pass data into the script

Go to solution
jefferykout
Level 1
Level 1

‎04-03-2017 04:32 PM

Hello all,

I have a script that will modify an otherwise static configuration. I need to send a trigger to the router from a remote Linux server (SNMPv3 preferred) with a parameter that tells the script the value to set this configuration to.

Does anyone have an idea how to do this? I'd like to use SNMPv3 to pass the data along with the auth/priv functions of SNMPv3, but the TAC is saying there is no way to do this and that I should look on the Cisco Support Forums.

Thanks,

Jeff

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee

‎04-17-2017 08:16 AM

You could use SNMP traps from Linux to the router.  I've only ever used v1 traps for this, though.  There was a bug where v2 traps did not work, but that may be resolved now.  You could try this with v3.

But if you need reliability and security, I recommend the XML RPC event detector.  This allows you to send XML over SSH to trigger EEM policies.  I wrote a small Perl API for this at https://supportforums.cisco.com/sites/default/files/legacy/2/3/6/14632-Cisco-EEM-RPC-1.0.1.zip .

View solution in original post

9 Replies 9

Go to solution
matthewathom
Level 1
Level 1

‎04-14-2017 01:46 PM

This sounds very similar to an issue I'm trying to resolve.

-Matt

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee

‎04-17-2017 08:16 AM

You could use SNMP traps from Linux to the router.  I've only ever used v1 traps for this, though.  There was a bug where v2 traps did not work, but that may be resolved now.  You could try this with v3.

But if you need reliability and security, I recommend the XML RPC event detector.  This allows you to send XML over SSH to trigger EEM policies.  I wrote a small Perl API for this at https://supportforums.cisco.com/sites/default/files/legacy/2/3/6/14632-Cisco-EEM-RPC-1.0.1.zip .

Go to solution
jefferykout
Level 1
Level 1
In response to Joe Clarke

‎04-17-2017 01:23 PM

Joe,

The TAC is saying that the router can only do SNMPv3 in an auth/nopriv mode. I cannot use this, I need to have both auth and priv to meet my security needs.

As for using the RPC event detector, I can see the "event rpc" in the EEM handbook, but I cannot see how to parse out the XML from the RPC and then use values passed via the XML.

I assume the scripts you attached to tis are for the Linux server, right?

Jeff

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to jefferykout

‎04-17-2017 01:33 PM

The router definitely supports SNMPv3 authPriv, but I would not use the EEM SNMP Object ED.  It is not very reliable.  The Perl API I provided includes a sample Perl script and sample EEM Tcl policies in the "eg" directory.  Yes, this API will work on Linux.

0 Helpful

Go to solution
matthewathom
Level 1
Level 1
In response to Joe Clarke

‎04-17-2017 01:52 PM

Though the router supports SNMPv3 authPriv, my understanding from what I've found online was that the the EEM SNMP event detector did not.  So you are saying that if the server mentioned above sends an SNMPv3 authPriv trap to the router (attempting to trigger an event) the event detector on the router would be able to authenticate and decrypt the trap?  Is that correct? 

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to matthewathom

‎04-17-2017 02:13 PM

I know there used to be a bug with v2 notifications (the kind used by SNMPv3), but I believe it is fixed.  There could also be a problem with the SNMP manager handling v3 traps.  Again, I have not personally tested SNMPv3 traps with the EEM SNMP notification ED.  You could give it a try if you have your heart set on SNMP.  But the XML RPC thing will work, is secure, and has the advantage of using a reliable transport.

0 Helpful

Go to solution
jefferykout
Level 1
Level 1
In response to Joe Clarke

‎04-17-2017 02:51 PM

Joe,

Whereas I like to think that I am somewhat knowledgeable with EEM, I am not knowledgeable in TCL. Concerning the zip file, what goes on the router and what goes on the server? For the items that go on the router, how do I convert TCL into EEM?

Thanks,

Jeff

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to jefferykout

‎04-17-2017 02:58 PM

First, read the README.txt in the API bundle as that will give you some clues as how to get started.  Second, the EEM Tcl script examples are EEM.  They are just Tcl policies as opposed to applets.  There is no converting Tcl to applets.

For registering Tcl policies with the EEM server, see http://www.cisco.com/c/en/us/td/docs/ios/netmgmt/configuration/guide/12_2sx/nm_12_2sx_book/nm_eem_policy_tcl.html and search for "registering".  You might be able to do what you want with applets using the $_rpc_arg0, $_rpc_arg1, ... variables to get your arguments.  However, I find using Tcl for things a bit easier if the arguments will vary.

0 Helpful

Go to solution
jefferykout
Level 1
Level 1
In response to Joe Clarke

‎04-18-2017 12:46 PM

Hi Joe,

Unfortunately, my company has decided that this feature will not make it into our current baseline, but I hope to add this into a baseline in the coming year.

In the meantime, I shall mark your original answer as correct so you can get credit for the right answer.

If I have questions about this in the future, may I email you directly?

Thank you for your assistance,

Jeff

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card