12-06-2022 02:54 AM
I am new to scripting on Cisco switches, so I would need your help.
On C1000 I am trying to create a tcl script that will shutdown all ports on the switch, if it receives Root guard blocking port Syslog message. From what I understand, this switch does not support EEM, so only option is custom .tcl script.
I was able to create .tcl script that is stored on flash, which shutdown all ge interfaces, if triggered manually. I did not found a solution that will trigger the script on syslog event.
Syslog event that I want to trigger the script is: 000024: *Nov 29 17:04:43.945: %SPANTREE-2-ROOTGUARD_BLOCK: Root guard blocking port GigabitEthernet1/0/1 on VLAN0100.
If I try to add ::cisco::eem::event_register_syslog to the script, it will generate error ( invalid command name ) when triggering the script manually - saying that ::cisco::eem::event_register_syslog.
Thank you for your help!
12-06-2022 02:59 AM
if the C1000 have event and action command then it support EEM
EEM is easy than TcL
12-06-2022 05:44 AM
I am not sure how to verify both of these actions, but in configuration mode, I do not have an option to create event manager applets, thats why I assume there is no EEM functionality on this switch.
Documentations for C1000 does not mention anything related to EEM/Event management:
12-06-2022 05:47 AM
That give us one way use Tcl.
I will check and share with you the command need.
12-06-2022 03:25 AM
as per the information the port already blocked, why you looking to shutdown all the ports - if that is case you can not reach the switch from outside.
also everything you see the message and run EEM or TCL, this has more overhead on CPU and switch may crash.
i would investigate physically and shutdown the ports if not used, use admin level control to up the ports where required based on the requirement.
as per the Datasheet it do support EEM :
My suggestion you can use EEM generate email alerts or any syslog alerts to syslog and take appropriate action based on the troubleshooting tips.
***** Rate All Helpful Responses *****
12-06-2022 05:53 AM
Hello. We need something like this because equipment is getting prepared in one location to standardized configuration and then shipped all over the world, where it works in "standalone" non managed environment with zero monitoring. If user will connect two switches together some functionality in the network will not work properly (duplicated IPs for IGMP querier).
Since we want to prevent long term operational problems, I would rather have in event of that happening, all ports shut down, which will give a user a sign that something is not ok.
Documentation provided is for Cisco router. We use C1000 switches: https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-1000-series-switches/nb-06-cat1k-ser-switch-ds-cte-en.html
If the quantity of syslog events might crash the switch, is there an option to limit just specific events to be passed to TCL (which can then be filtered to a specific syslog - text)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: