Re: C1000 - TCL script to be triggered on Syslog message

aales1 · ‎12-06-2022

Hello,

I am new to scripting on Cisco switches, so I would need your help.

On C1000 I am trying to create a tcl script that will shutdown all ports on the switch, if it receives Root guard blocking port Syslog message. From what I understand, this switch does not support EEM, so only option is custom .tcl script.

I was able to create .tcl script that is stored on flash, which shutdown all ge interfaces, if triggered manually. I did not found a solution that will trigger the script on syslog event.

Syslog event that I want to trigger the script is: 000024: *Nov 29 17:04:43.945: %SPANTREE-2-ROOTGUARD_BLOCK: Root guard blocking port GigabitEthernet1/0/1 on VLAN0100.

If I try to add ::cisco::eem::event_register_syslog to the script, it will generate error ( invalid command name ) when triggering the script manually - saying that ::cisco::eem::event_register_syslog.

Thank you for your help!

Best regards,
Aleš

MHM Cisco World · ‎12-06-2022

if the C1000 have event and action command then it support EEM
EEM is easy than TcL

aales1 · ‎12-06-2022

I am not sure how to verify both of these actions, but in configuration mode, I do not have an option to create event manager applets, thats why I assume there is no EEM functionality on this switch.

Documentations for C1000 does not mention anything related to EEM/Event management:

https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-1000-series-switches/nb-06-cat1k-ser-switch-ds-cte-en.html

MHM Cisco World · ‎12-06-2022

That give us one way use Tcl.
I will check and share with you the command need.

balaji.bandi · ‎12-06-2022

as per the information the port already blocked, why you looking to shutdown all the ports - if that is case you can not reach the switch from outside.

also everything you see the message and run EEM or TCL, this has more overhead on CPU and switch may crash.

i would investigate physically and shutdown the ports if not used, use admin level control to up the ports where required based on the requirement.

as per the Datasheet it do support EEM :

https://www.cisco.com/c/en/us/products/collateral/routers/1000-series-integrated-services-routers-isr/datasheet-c78-739512.html

My suggestion you can use EEM generate email alerts or any syslog alerts to syslog and take appropriate action based on the troubleshooting tips.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

aales1 · ‎12-06-2022

Hello. We need something like this because equipment is getting prepared in one location to standardized configuration and then shipped all over the world, where it works in "standalone" non managed environment with zero monitoring. If user will connect two switches together some functionality in the network will not work properly (duplicated IPs for IGMP querier).

Since we want to prevent long term operational problems, I would rather have in event of that happening, all ports shut down, which will give a user a sign that something is not ok.

Documentation provided is for Cisco router. We use C1000 switches: https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-1000-series-switches/nb-06-cat1k-ser-switch-ds-cte-en.html

If the quantity of syslog events might crash the switch, is there an option to limit just specific events to be passed to TCL (which can then be filtered to a specific syslog - text)