13 Smart Automations to Configure Your Cisco IOS Network

BRKNMS-2464

13 Smart Automations to Configure Your Cisco IOS Network

Follow us on Twitter for real time updates of the event:

@ciscoliveeurope, #CLEUR

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKNMS-2464 2

Housekeeping

We value your feedback- don't forget to complete your online session evaluations after each session & the Overall Conference Evaluation which will be available online from Thursday

Visit the World of Solutions and Meet the Engineer

Visit the Cisco Store to purchase your recommended readings

Please switch off your mobile phones

After the event don‘t forget to visit Cisco Live Virtual: www.ciscolivevirtual.com

Follow us on Twitter for real time updates of the event: @ciscoliveeurope, #CLEUR

http://www.ciscolivevirtual.com/

http://www.ciscolivevirtual.com/


Abstract

Is there too much manual configuration going on in your network? Have you ever accidentally locked yourself out of a remote device? Need to deploy a few hundred branch routers across the globe? Want to quickly apply maintenance config updates to a handful of devices running various different IOS releases?

Your Cisco IOS Network provides a wealth of advanced device manageability instrumentation (DMI) and Embedded Automation Systems (EASy) to design and implement your own Network Automations.

Learn how Network Automation allows you to automate manual tasks, better operate existing network services and even enable new and innovative networking solutions.

This Breakout Session uncovers embedded Network Automation capabilities you can use to interact with your network elements for the purpose of (re-)configuring them in a more effective, efficient and robust way. Network Automation fundamentals as well as the choice and use of appropriate practices are illustrated through a combination of presentation and best practice examples.

The topic is relevant for network planners and administrators, engineers and system integrators for both enterprises and service providers.


Welcome Aboard

This Session IS About:

HOW to get Configuration into a Device

Automating Custom Behavior Inside the Network

Using Network Automation

Based on Features Embedded within the Devices

Practical Examples

This Session Is NOT About:

WHAT to configure on a Device

An Introduction to NMS Concepts

An In-Depth Session on One Single Feature

Engineering Details of IOS

NMS applications


Agenda

1

2

3

4

5

6

7

8

9

10

11

12

13


Towards: Collaborative operations of a partially autonomic system

Highly motivated individuals

Full control over every single detail

Highly skilled and trained crew

Human brain in every control loop

Specialized distributed crew

Reasonable control within boundaries

From: Detailed control by a single central authority

Network Automation – An Analogy …


device groups large scale individual devices

config

network engineer support staff

scripts

scripts and tools applications

IOS

images *.tcl *.mdf

MOH & IVR

files

xDM

files

Not All ‘Configuration’ Tasks are Equal


Deployment Move physical network equipment into it‗s operating location

Commissioning Make new network equipment ready for

use and reachable by operations, NMS

Configuration Configure a network element depending

on it‘s role and function in the network

Provisioning Configure portions of a network for the

purpose of a specific user and/or service

Activation Enable users to start using a service

Fo

cu

s

hostname pe-south

!

enable password c

!

mpls ip

!

interface Loopbac

ip address 10.10

Not All ‘Configuration’ Tasks are Equal – Taxonomy

Command Line Interface I The Basics


Priviledged EXEC Mode

router#

show

ping

debug

...

User EXEC Mode

router>

show (limited)

ping

enable

...

Global Configuration Mode

router(config)#

hostname

ip route

interface ...

...

Line Configuration Sub-Mode

router(config-line)#

Routing Configuration Sub-Mode

router(config-router)#

Interface Configuration Sub-Mode

router(config-if)#

shutdown

ip address

encapsulation ...

...

ROM Monitor

rommon # >

Diagnostic Boot (only on ASR)

router(diag)#

conf t

interface

do ..

Running

Configuration

Startup

Configuration

See: www.cisco.com/en/US/docs/ios/preface/usingios.html

enable

Config Register

Command Line Interface I – Interface Modes

http://www.cisco.com/en/US/docs/ios/preface/usingios.html


Exec Commands from within Config Mode (from 12.0(21)S, 12.2(8)T)

Issue Exec commands without leaving Config Mode

router# conf t

router(config)# do copy run start

Destination filename [startup-config]?

Building configuration...

[OK]

router(config)#

A Series of usability features are available in IOS:

Command Aliases (from 10.3, 12.2(33)SRA)

Pre-defines Aliases are available on the CLI

Custom Aliases can be defined per (Sub-)Mode

Note: ROM Monitor also provides an alias command

router# show aliases

Exec mode aliases:

h help

lo logout

p ping

r resume

s show

u undebug

un undebug

w where

router# conf t

Enter configuration commands, one per line. End with CNTL/Z.

router(config)# alias exec shib show ip interface brief

router(config)# alias exec shru show running-config

router(config)# alias exec shrb show running-config | begin

router(config)# alias configure h hostname

Router(config)# alias interface nsh no shutdown

Command Line Interface (CLI) – Basics 1/2


Interface Ranges and Macros (from 12.1(5)T, 12.1(1)E, IOS XE 2.1)

Define Interface Ranges / Groups

Apply Config to Interface Ranges / Groups

router(config)# interface range FastEthernet 1 - 3

router(config-if-range)# no shut

router(config)# define interface-range mylist FastEthernet 2 , FastEthernet 4 - 6

router(config)# interface range macro mylist


Define and Use immediately Consequtive Range

Define Once Use multiple times

Arbitrary Group

router(config)# interface range FastEthernet 5/1.1 – FastEthernet 5/1.4

router(config-if-range)# encapsulation dot1Q 220


This will apply: VLAN ID 220 FastEthernet 5/1.1 VLAN ID 221 FastEthernet 5/1.2 VLAN ID 222 FastEthernet 5/1.3 VLAN ID 223 FastEthernet 5/1.4

Works on Subinterfaces and VLAN Ranges too

from 12.2(8)T

Command Line Interface (CLI) – Basics 2/2


Command Lookup Tool: http://tools.cisco.com/Support/CLILookup/

Feature Navigator: http://www.cisco.com/go/fn 3rd used tool on cisco.com 175‘000 hits per Q Phase I update deployed in November 2012 … [email protected]

Features and CLI Syntax

http://tools.cisco.com/Support/CLILookup/

http://www.cisco.com/go/fn

mailto:[email protected]





Command Line Interface II More Basics


Son: Dad, why are there always 2 Pilots? Dad: One has to prevent the other from doing stupid things Son: Which one is doing the stupid things?


Contextual configuration diff utility (from 12.3(4)T, 12.2(25)S)

Easily show differences between running and startup configuration

Compare any two configuration files

Config change logging and notification (from 12.3(4)T, 12.2(25)S)

Tracks config commands entered per user, per session

Notification sent indicating config change has taken place—changes can be retrieved via SNMP

Configuration replace and rollback (from 12.3(7)T, 12.2(25)S)

Replace running config with any saved configuration (only the diffs are applied) to return to previous state

Automatically save configs locally or off box

Config Rollback Confirmed Change (from 12.4(23)T, 12.2(33)S)

Configuration locking (from 12.3(14)T, 12.2(25)S)

Ensures exclusive configuration change access

CLI ‘Safety’ and Quality Features


router# show archive

There are currently 4 archive configurations saved.

The next archive file will be named disk0:/config-archive-4

Archive # Name

0

1 disk0:/config-archive-1

2 disk0:/config-archive-2

3 disk0:/config-archive-3 <- Most Recent

router# config replace disk0:/config-archive-3 time 120

:

... your Config Change work here ...

:

router# no config replace disk0:/config-archive-3

Problem: critical config change to a remote router may result in loss of connectivity, requiring a reload

Solution: replace the running configuration with the latest good archive after two minutes – unless the change made is confirmed

Available from: IOS 12.3(7)T, 12.2(25)S

Example: Config Rollback


router# config terminal revert time 2

Rollback Confirmed Change: Backing up current running config to flash:bk-2

Enter configuration commands, one per line. End with CNTL/Z.

:

... your Config Change work here ...

:

router# hostname oops

oops(config)# end

oops# Rollback Confirmed Change: Rollback will begin in one minute. Enter

"configure confirm" if you wish to keep what you've configured

Example: Config Revert

Problem: critical config change to a remote router may result in loss of connectivity, requiring a reload

Solution: revert the running configuration after two minutes – unless the change made is confirmed

Available from: IOS 12.4(23)T, 12.2(33)S

oops# Rollback Confirmed Change:

rolling to:flash:bk-2

Total number of passes: 1

Rollback Done

router#

oops# config confirm

oops# or

Automated Staging I Auto Install (AI)


?


IOS Auto Install Feature consists of:

Ethernet Interface up

DHCP Client + Option 150

Combined with external

DHCP and TFTP Server

this enables a new router to

automatically retrieve a default configuration

without manual interaction via console cable or telnet

See: http://www.cisco.com/en/US/docs/ios/12_1t/12_1t5/feature/guide/dt_dhcpa.html Available from: IOS 12.1(5)T, IOS-XE 2.1.0 Platforms: ASR 1000, x8xx ISR, x9xx ISR, 37xx, ME3400, ME4900, Cat4k, Cat6k, 76xx, 10k, UC520 See also: Smart Install

Staging from Factory Default – Auto Install

http://www.cisco.com/en/US/docs/ios/12_1t/12_1t5/feature/guide/dt_dhcpa.html


Problem: How to automatically pre-commission a new Cisco ISR without manual intervention on the Console

Solution: Use the AutoInstall Feature combined with an external DHCP and TFTP server

0. Power up the CPE and connect to Ethernet

1. CPE sends DHCP Discover

2. DHCP Server replies with Offer

3. CPE sends DHCP Request

4. DHCP Server replies with option 150

5. CPE requests hostname-confg file from TFTP

6. TFTP erver sends hostname-config file to CPE

CPE is now pre-commissioned

Example: Automated Pre-Commissioning


NE attempts to get hostname-config or

hostname.cfg from TFTP

NE is connected to the Network

Reverse DNS successful?

NE gets network-config file from TFTP

NE gets an IP address via BOOTP, SLARP or DHCP

File exists on TFTP?

AutoInstall Completes

copy run start

Yes

Yes

IP maps to hostname in

network-config file?

Yes

No Default config file exists on

TFTP?

NE gets router-config or

router.cfg from TFTP

AutoInstall Fails

AutoInstall Completes

manual config completion

Yes

No No

AutoInstall Fails

No

What exactly happens in Step 5

Example: Automated Pre-Commissioning – Customization

Automated Staging II Cisco Integrated Customization Service (CICS)


But I do not want to stage …


Cisco Integrated Customization Services (CICS)

New Service from Cisco

Open to all Cisco customers

Tiered Service

Integrated with Ordering Systems

Supported via Cisco Commerce Workspace (CCW) only - http://www.cisco.com/web/go/ccw

- http://www.cisco.com/web/services/ordering/downloads/cisco_commerce_workspace_vod.mp4

Helps customers

- reduce cost

- increase operational efficiency

- rollout network services faster (time-to-market)

http://www.cisco.com/web/go/ccw

http://www.cisco.com/web/services/ordering/downloads/cisco_commerce_workspace_vod.mp4


Cisco Integrated Customization Services (CICS)

Phase I : CICS Silver Level

Supports ISR G2 Platforms

Up to 999 IOS Config File Templates per Customer

New Templates to be qualified via test order of <= 3 devices

Templates can be attached to orders via CCW

- 1 Template can be associated with every major line in an order

- A sales order can have multiple templates

- Similar major line items can have different templates

Template management initially via existing CX interface, from mid-2012 onward also via CCW

Automated Remote Deployment Zero-Touch Deployment (ZTD)


? Router>

Router> enable

Router# conf t revert time 2

Router(config)#

Telnet


Customer

Premise

Workflow / Ticketing Order Decomposition

Provisioning

Logistics

CPE Shipment

and pre-config

Work Order

package slip

Order

Entry

specific CPE to

be delivered to

specific

customer

premise

specific CPE

pre-configured

for specific

customer

premise

Manual

activation

feedback

- Target Configlets IOIO - Data and Physical flow interwoven

- everything happens on the critical path

- multiple manual interactions

- no closed-loop feedback

- inflexible logistics

Robustness ?

Authentication, privacy ?

Traditional Rollout Challenges


Router# cns id hardware-serial

Router# cns config initial MyConfigEngine 80 event no-persist

Router# cns id hardware-serial event

Router# cns event MyConfigEngine 11011

Problem: A large number of remote Routers have to be deployed. Access Technology and Service Provider vary; IP Addressing is not known in advance; we want to automate for

• Scale

• Robustness

• Security and Confidentiality

• Time, Skills and Cost

Solution: Preconfigure Routers with a generic boostrap config via AutoInstall or CICS. This config ensures initial IP connectivity, identifies the device and communicates back to Configuration Engine for appropriate target config.

Zero-Touch Deployment – 1/4


Customer

Premise


Provisioning

Logistics

IOIO

bootsrap

configs

Config Engine Config Engine

LDAP

Order

Entry

CNR DHCP / TFTP



Customer

Premise


Provisioning

- Standard Service Templates

- Service Options (Sub-)Templates

- Bespoke Customization Configlets

Linking:

- Order ID (= PIN)

- CNS Device ID (= HW Serial)

- Target Configlets IOIO

CPE Shipment

Work Order

Config Engine Config Engine

LDAP

- CNS/Device ID

- Template References

- Parameters

- de-coupling of Data and Physical flow

- generic bootstrap config, bulk loaded

- flexible logistics

- CPE driven provisioning

Robustness, Transactionality

Authentication, Encryption

Efficiency

welcome letter with PIN

Order

Entry

Logistics

bootsrap

configs

Periodic bulk of

CPE bootstrapped

and taken on stock

CNR DHCP / TFTP

0

1a

1b 1c

generic package slip

‚closest‘ tour

delivers any

matching CPE

2a

2c

3

4



CPE

DHCP

TFTP

1

3

CCE

DHCP Discover

DHCP Offer2

DHCP Request

4DHCP Ack - Option 150

5

TFTP Request:

bootstrap config

6

TFTP Response:

bootstrap config

CNS Config Request (HTTPS)7

Object ID

Device ID

Read Temp.

Send Config11

12

13

Success/Fail

Event

Publish

Success/Fail

Event

LDAP

CE

FS

9

10

8

CNR 1. CPE sends DHCP Discover

2. DHCP Server replies with Offer

3. CPE sends DHCP Request

4. DHCP Server replies with option 150

5. CPE requests bootstrap-confg file

via TFTP

6. TFTP server sends CPE bootstrap-

config file

CPE is shipped to Customer Site

Customer Order linked to CPE ID

Ware

house

Custo

mer

Pre

mis

e 7. CPE sends HTTP request to CNS-CE

8. CNS-CE verifies object ID

9. CNS-CE verifies Device ID

10. CNS-CE reads template from File System

11. CNS-CE sends Config

(= template + parameters from LDAP)

12. Successful event

13. Publish success event



There are:

Data- / Information Flow via the NMS Systems (left Hemisphere)

Physical Flow (CPE) to the Branch Office or Customer Premise (right Hemisphere)

ZTD Automation uses:

Separation to allow for Efficiency and Flexibility

CNS Device ID and CNS Config ID to link the two Flows

router(config)#cns id ?

Async Async interface

Auto-Template Auto-Template interface

BVI Bridge-Group Virtual Interface

CDMA-Ix CDMA Ix interface

CTunnel CTunnel interface

Dialer Dialer interface

FastEthernet FastEthernet IEEE 802.3

Group-Async Async Group interface

Lex Lex interface

Loopback Loopback interface

MFR Multilink Frame Relay bundle interface

Multilink Multilink-group interface

Port-channel Ethernet Channel of interfaces

Service-Engine cisco service engine module

Tunnel Tunnel interface

Vif PGM Multicast Host interface

Virtual-Dot11Radio Virtual dot11 interface

Virtual-PPP Virtual PPP interface

Virtual-Template Virtual Template interface

Virtual-TokenRing Virtual TokenRing

hardware-serial Use hardware serial number as unique ID

hostname Use hostname as unique ID

string Use an arbitrary string as the unique ID

udi Use the UDI as unique ID

vmi Virtual Multipoint Interface


Automated Branch/Campus Deployment Smart Install (SI)


Aggregation Layer

Access Layer

? Switch

Deployment

Switch

Replacement


Smart Install

Smart Install provides deployment automations

Automated Access Switch IOS Image and Config deployment from factory default configuration

Automated Access Switch replacement and Image/Config restoration

from factory default configuration

Smart Install Director acts as a single management point for images and configuration of client switches.

Smart Install Director detects new switches, and identifies the correct Cisco IOS image and the configuration file for downloading. It can allocate an IP address and host name to a client.

On-demand group configuration and software image updates are available via the director too.


DHCP

Server

TFTP

Server

Central DHCP / TFTC Servers

Client Switches

Smart Install Client Switches Grouping for ease of management

Smart Install

Aggregation Layer

Access Layer

Director Smart Install Director on Aggregation Switch or Router


Director Switches: 3750, 3750G, 3750v2, 3750E, 3560, 3560v2, 3560E, 3560G, 3750X, 3560X IOS Version 12.2.(53)SE or later, recommended 12.2.(55)SE3 or later Director Routers: ISR G1: 1841, 2801, 2811, 2821, 2851, 3825, 3845 ISR G2: 1921, 1941, 2901, 2911, 2921, 2951, 3925, 3945, 3925E, 3945E, NM-16-ESW IOS Version 15.1.(3)T or later

Client Switches: 3750, 3750v2, 3750E, 3750X, 3560, 3560v2 3560E, 3560X, 3560C 2960, 2960S, 2975, 2960G, 2960C NME-16ES-1G-P, SM-ES3SM-ES2-16-P 3560v2, 3750v2, Industrial Ethernet Series

Smart Install – Platform Support

For Your Reference


Problem: Smart Install Client assumes VLAN 1 for initial connectivity, however best practice is to NOT use VLAN 1 for management. Workaround: Reconfigure access port on Smart Install Director:

Smart Install – Caveat VLAN 1 Requirement

interface Port-channel101

description Connected to clientsw123

switchport

switchport trunk encapsulation dot1q

switchport trunk native vlan 4001

switchport trunk allowed vlan 2-17,4093

switchport mode trunk

logging event link-status

logging event bundle-status

load-interval 30

carrier-delay msec 0

mls qos trust dscp

hold-queue 2000 out

interface Port-channel101

description Connected to clientsw123

switchport


switchport access vlan 4093

switchport trunk native vlan 4001

switchport trunk allowed vlan 2-17,4093


logging event link-status

logging event bundle-status

load-interval 30

carrier-delay msec 0

mls qos trust dscp

hold-queue 2000 out

Since Client Switch doesn‘t have VTP configured in factory default, no VLAN mismatch will be reported Client Switch target config should provide consistency

Custom Scripting IOS Shell (IOS.sh) and Tcl


IOS Shell

Problem: Sometimes we need more than what Interface ranges, Macros, Auto SmartPorts and other CLI features already offer.

But we may not want all the power and complexity of Tcl Scripting or Embedded Event Manager

Solution: Use IOS Shell (IOS.sh)

Available from: IOS 12.2(52)SE

IOS.sh # _

IOS Shell offers

Environment Variables MY_VAR=value, %n

Pipe and Redirection |

Condition Testing if […]; then else fi

Loops

Built-in Functions show shell functions

shell exec <function>

Custom Function Definitions function <name>(…){…}


IOS Shell – Example

The pre-built shell functions for Auto SmartPorts are a good starting point:

switch# show shell functions CISCO_AP_AUTO_SMARTPORT

function CISCO_AP_AUTO_SMARTPORT () {

if [[ $LINKUP -eq YES ]]; then

conf t

interface $INTERFACE

macro description $TRIGGER


switchport trunk native vlan $NATIVE_VLAN

switchport trunk allowed vlan ALL


switchport nonegotiate

auto qos voip trust

mls qos trust cos

exit

end

fi

if [[ $LINKUP -eq NO ]]; then

:


Tool Command Language (Tcl)

Language resources found at: http://www.tcl.tk/

TCL 7.x has been in Cisco IOS since 1994

TCL 8.3.4 first released in Cisco IOS in 12.3(2)T and merged into 12.2(25)S

Use 12.3(14)T or later for best results

Signed TCL Scripts introduced in 12.4(15)T

Router#tclsh flash:/myfolder/myscript.tcl

Router#tclsh

Router(tcl)#source tftp://10.1.1.1/myscript.tcl

Router(tcl)#puts "Hello There"

Hello There

Router(tcl)#ios_config "interface fa0/0"

"description Main Uplink"

Router(tcl)#exit

Router#

TCL Cisco IOS Extended Commands

TCL Built In Command

Cisco IOS Command

See www.cisco.com/go/ciscobeyond www.cisco.com/go/eem www.cisco.com/go/easy

http://www.tcl.tk/

http://www.cisco.com/go/ciscobeyond

http://www.cisco.com/go/eem


Configuration-based Events Embedded Event Manager (EEM) I


Two Options:

Syslog Event Detector upon any potential config change

CLI Event Detector upon specific CLI command

– Asynchronous:

• Trigger Policy and then execute CLI command

• Trigger Policy and skip CLI command

– Synchronous:

• Trigger Policy and execute/skip based on exit status

_exit_status == 0 skip CLI command (default)

_exit_status == 1 execute CLI command

event [tag event-tag] cli pattern regular-expression

{[default] [enter] [questionmark] [tab]}

[sync {yes | no skip {yes | no}]

[mode variable]

[occurs num-occurrences] [period period-value]

[maxrun maxruntime-number]

Available from: EEM 2.1, integrated with XML PI from EEM 3.0

Configuration-based Events – EEM CLI Event Detector – 1/2


Problem: VLAN 380 should not be accidentally removed from a trunk

Solution: use EEM CLI Event Detector:

event manager applet cli-async

event cli pattern "switchport trunk allowed vlan remove.*380.*" sync no skip no

action 1.0 syslog msg "Removing VLAN 380"

Option a: Don‘t prevent anything, just issue a syslog notification:

event manager applet cli-sync

event cli pattern "switchport trunk allowed vlan remove.*380.*" sync yes

action 1.0 puts "Confirm removing VLAN 380 [yes|no]:"

action 2.0 gets response

action 3.0 if $response eq yes goto 5.0

action 4.0 puts "NOK - VLAN 380 will NOT be removed"

action 4.1 exit 0

action 5.0 puts "OK - VLAN 380 will be removed"

action 5.1 exit 1

Option c: Ask for confirmation, then allow or prevent the entire command:

event manager applet cli-async-skip

event cli pattern "switchport trunk allowed vlan remove.*380.*" sync no skip yes

action 1.0 syslog msg "Will NOT remove VLAN 380"

Option b: Prevent the entire command and issue a syslog notification:

Caveat: command may be (much) bigger than what you match! Ranges!

Other Examples: • no mpls ip • no router isis • debug all

Configuration-based Events – EEM CLI Event Detector – 2/2


*Not all available in all releases

2. An EEM Event Detector receives notification

3. An EEM Policy is activated that initiates a pre-defined set of actions

1. Something happens on the causing an Event to trigger

Event Detector

Embedded Event

Manager

Policy

Applets TCL

Policies IOS.sh Policies

Embedded Event Manager (EEM) – 1/3


Embedded Event

Manager

Syslog email

notification

SNMP set

Counter

CLI

Applets

SNMP

get

SNMP

notification

Application

specific

TCL

Policies

Reload or

switch-over

EEM Applets

multi-event-correlation

IOS.sh

Policies

Actions

Event Detectors

Syslog

Event

Process

Scheduler

Database

Interface

Descriptor

Blocks

Syslog

ED

Watchdog

ED

Interface

Counter

ED

CLI

ED

OIR

ED

ERM

ED

EOT

ED

RF

ED

none

ED

GOLD

ED

XML

RPC

ED

SNMP

EDs

Remote:

• Notification

Local:

• Notification

• Get/Set

NetFlow

ED

IPSLA

ED

Route

ED

Timer

EDs

• Cron

• Count

down

HW

EDs

• Fan

• Temp

• Env

• ...

CDP

LLDP

ED

802.1x

ED

MAC

ED



CLI

Applets

Programmatic Applet

Extensions

IOS.sh

Policies

Separate ASCII File my-policy.sh

Based on Cisco IOS

CLI and Shell

Commands

Effective shell-like

simple scripting

Registered via the

Cisco IOS Config

TCL

Policies

Separate ASCII File my-policy.tcl

Based on Cisco IOS

CLI and Safe TCL

Commands

Flexible and powerful

scripting capabilities

Registered via the

Cisco IOS Config

Part of the Cisco IOS

Configuration

Based on CLI

Commands

Simple Actions


Event-based Configurations Embedded Event Manager (EEM) II


Pre-built port configuration templates for various devices simplify user experience and minimize configuration error

Automatic event detection (CDP/LLDP/MAC) triggers auto configuration

Authentication (802.1x, MAB) and authorization can be conducted before port configuration applied

Automatic notification can be sent to NMS system to help with asset tracking

Plug-n-play device deployment lowers overall management cost

CDP

MAC Addr

Radius

Server

802.1x

LLDP

NMS station

Event-based Configurations – Example EEM Layer 2 – 1/2

http://images.google.com/imgres?imgurl=https://mareeg.2u.co.uk/pda_palm_insurance/images/pda.jpg&imgrefurl=http://mareeg.2u.co.uk/pda_palm_insurance/&h=205&w=230&sz=48&hl=en&start=45&tbnid=CuhcU5Nq0OcWNM:&tbnh=96&tbnw=108&prev=/images?q=pda&start=40&ndsp=20&svnum=10&hl=en&lr=&sa=N


Auto SmartPorts are powered by EEM

When a printer is added to the network, use an EEM applet to create a new ASP event

event manager applet dectect-printer

event neighbor-discovery interface regexp FastEthernet.* cdp add

action 001 regexp ".*LasterJet.*" "$_nd_cdp_platform"

action 002 if $_regexp_result eq 1

action 003 cli command "enable"

action 004 cli command "config t"

action 005 cli command "interface $_nd_local_intf_name"

action 006 cli command "switchport access vlan $printer_vlan"

action 007 cli command "switchport mode access"

action 008 cli command "switchport port-security"

action 009 cli command "switchport port-security violation restrict"

action 010 cli command "switchport port-security aging time 2"

action 011 cli command "switchport port-security aging type inactivity"

action 012 cli command "spanning-tree portfast"

action 013 cli command "spanning-tree bpduguard enable"

action 014 cli command "end"

action 015 syslog msg "New printer added: $_nd_cdp_entry_name , type:

$_nd_cdp_platform"

action 016 end

Event-based Configurations – Example EEM Layer 2 – 2/2


On active cluster switches

If we are in HSRP ‚Active‗ state && sender is a secondary ASA going to active {

For each ASA-facing interface { shut }

}

::cisco::eem::event_register_snmp_notification oid 1.3.6.1.4.1.9.9.41.1.2.3.1.5.0 oid_val 0 op ne

1 – ASA active

2 – shut ASA intf

2 – shut ASA intf

Problem: Upon a standby ASA deciding to become active, we want to force full cluster failover by shutting down all ASA-facing interfaces on the other cluster‘s switch.

Solution: use EEM SNMP Event Detector

Event-based Configurations – Example Custom Failover

Editing Files on IOS The ed Editor


Problem: Often ASCII files are being used when using Device Manageability Instrumentation in IOS:

Tcl scripts and EEM Tcl Policies

EMM Menu Definition Files

Config Templates and other text files

During Development and Test it would be useful to be able to edit these files directly from IOS.

But: IOS does not include an ASCII Editor ...

Solution: Use a Tcl implementation of an Editor in IOS

The GNU <ed> editor is a very simple, line-based editor available as Tcl implementation

see: http://en.wikipedia.org/wiki/Ed_(Unix) see: http://www.gnu.org/software/ed/ed.html

Editing ASCII Files – ed

http://en.wikipedia.org/wiki/Ed_(Unix)

http://www.gnu.org/software/ed/ed.html


Available from www.cisco.com/go/ciscobeyond (http://tinyurl.com/ed-4-ios)

router# show flash

:

8 27091 Nov 19 2008 10:51:26 ed.tcl

9 68 Nov 19 2008 11:00:12 testfile.txt

a

and here are

yet another two lines

.

,n

1 line one of the test file

2 line two of the test file

3 another line

4 and here are

5 yet another two lines

w

99

q

router#

1. Copy ed.tcl and a simple test file to the flash:

router(config)# alias exec ed tclsh flash:/ed.tcl

2. Define an Alias for simplicity:

router# ed flash:/testfile.txt

65

1,$p

line one of the test file

line two of the test file

another line

,p

line one of the test file

line two of the test file

another line

,n

1 line one of the test file

2 line two of the test file

3 another line

3. Edit the file using ed:

1,$p – print lines 1 to last a – add lines

w – write file

q – quit

. – end adding

,p – print all lines

,n – numbered print all lines

Editing ASCII Files – ed.tcl on IOS


http://tinyurl.com/ed-4-ios





Custom Menus on the CLI Embedded Menu Manager (EMM)


Embedded Menu Manager (EMM)

================================================================================

Branch Router Operations Menu on branch-99

Enter ? for help or ?# for item help

--------------------------------------------------------------------------------

1. Install Diagnostic Scripts

2. Change Hostname

3. Run CPU Diagnostic Script

4. Check for most recent EEM Policy Files

5. Run WAN Diagnostic Script

6. Instant World Peace

7. Exit

Enter selection [6]:

Programmable Menu Framework

Custom ASCII Menus

XML based Menu Definition Files (MDF)

Range / Type Checking

TCL Scripting Actions

Nested and Sequential Menus (Wizards)

Available from: IOS 12.4(20)T See: http://tinyurl.com/emm-in-124t https://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_emm_ps6441_TSD_Products_Configuration_Guide_Chapter.html

http://tinyurl.com/emm-in-124t





https://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_emm_ps6441_TSD_Products_Configuration_Guide_Chapter.html


EMM Menu Definition File Example – 1/2

<?xml version="1.0"?>

<Menu MenuName="NMS" schemaVersion="1.1">

<MenuTitle>

<EmbTCLValue>

<TCLCommand>

return " Branch Router Operations Menu on [hostname]"

</TCLCommand>

</EmbTCLValue>

</MenuTitle>

<HelpString>

<Constant String="View and modify some common Network Management

configuration parameters"/>

</HelpString>

<GlobalTCL>

<TCLCommand>

proc get_config { regex } {

set config [exec "show run | inc $regex"]

return $config

}

</TCLCommand>

</GlobalTCL>

:

:

Menu name and required schema version

Title can be constant or generated with Tcl

The menu and each item can have its own help text

Optional global Tcl section to store procs used throughout menu


EMM Menu Definition File Example – 2/2

: :

<Item ContinuePrompt="true" ItemJustification="LEFT">

<ItemTitle>

<Constant String=“Change Hostname" />

</ItemTitle>

<HelpString>

<Constant String="This selection lets you type a new hostname" />

</HelpString>

<Wizard>

<QueryPrompt>

<Constant String="What hostname do you suggest?" />

</QueryPrompt>

<FreeForm />

</Wizard> <IOSConfigCommand>

"hostname $r(1)"

</IOSConfigCommand>

: :

From simple menu choices to complete customized wizards

Custom Menus via HTTP EASy HTTx Package


Extensible HTTP Server in IOS – 1/2

Problem: Sometimes we may event want to (or need to) provide a web-based custom interaction with IOS

Solution: Customize the EASy HTTx Package – which provides an extensible HTTP Server running on IOS

c1812-easy#

c1812-easy# httx-start *Jan 6 11:02:44.649: %HA_EM-6-LOG: no_easy_httx_start.tcl: Accepting connection from 10.55.146.51:3235

*Jan 6 11:02:44.669: %HA_EM-6-LOG: no_easy_httx_start.tcl: "GET flash:/easy/easy-httx_public/html/index.html HTTP/1.1" 200

*Jan 6 11:02:44.825: %HA_EM-6-LOG: no_easy_httx_start.tcl: Accepting connection from 10.55.146.51:3236

:

c1812-easy#

c1812-easy#httx-stop *Jan 6 11:11:31.129: %HA_EM-6-LOG: no_easy_httx_stop.tcl: Stopping the EASy httx server ...

*Jan 6 11:11:34.017: %HA_EM-6-LOG: no_easy_httx_stop.tcl: ... EASy httx server stopped.

*Jan 6 11:11:34.073: %SYS-5-CONFIG_I: Configured from console by vty1


Embedded Automation Systems (EASy)

HTTx EASy Package Provides:

Interactive Installation

Light-weight HTTP Server in Tcl

Ability to trigger Tcl scripts on IOS

Extensible Framework

To use the Package:

1. Browse and Download HTTx EASy Package www.cisco.com/go/easy

2. Make Sure to also download EASy Installer

3. Watch VOD and/or read documentation www.cisco.com/go/easy

4. Customize and tailor to your needs

5. Install and Use

Extensible HTTP Server in IOS – 2/2

http://www.cisco.com/go/easy


Packaging Embedded Automations EASy Packages and EASy Installer


Problem: Cisco IOS Embedded Automation Systems often include multiple configuration items, files, checks and procedures.

Solution: Cisco EASy provides a simple packaging mechanism and open-source EASy Installer. A developer guide is available online to assist with the creation of EASy packages.

MyPackage.tar

Package Description

Pre-Requisite Verification

Pre-Installation Config

Pre-Installation Exec

Environment Variables

Configuration

Files

Post-Requisite Verification

Post-Installation Config

Post-Installation Exec

Uninstall

+

EASy Installer = Menu Guided Installation

Router# easy-installer tftp://10.1.1.1/mypackage.tar flash:/easy

-----------------------------------------------------------------

Configure and Install EASy Package ‘mypackage-1.03'

-----------------------------------------------------------------

1. Display Package Description

2. Configure Package Parameters

3. Deploy Package Policies

4. Exit

Enter option: 2

See: http://www.cisco.com/go/easy EASy Package guide: http://tools.cisco.com/squish/cEAe3

Packaging Network Automations – Cisco EASy – 1/3



http://tools.cisco.com/squish/cEAe3



Community initiative driving development of innovative solutions using embedded automation technologies

Virtual team formed by embedded automation experts from different groups in Cisco

Provides packaged solutions built with EEM and related technologies available for free download

15 EASy solutions available now covering 5 categories, including network management, high availability, security, diagnostics and config automation and growing …

www.cisco.com/go/easy

[email protected]








1. Browse and Download EASy Packages www.cisco.com/go/easy


3. Browse Other Embedded Automations www.cisco.com/go/ciscobeyond

4. Learn About The Technology Under The Hood www.cisco.com/go/instrumentation www.cisco.com/go/eem www.cisco.com/go/pec

5. Discuss, Ask Questions, Suggest Answers supportforums.cisco.com supportforums.cisco.mobi

6. Upload your own Examples to CiscoBeyond www.cisco.com/go/ciscobeyond

7. Engage via [email protected]

For Your Reference



http://www.cisco.com/go/instrumentation


http://www.cisco.com/go/pec

https://supportforums.cisco.com/

http://www.supportforums.cisco.com/





In Summary


Recap

1 Command Line Interface I – Basics

2 Command Line Interface II – More Basics

3 Automated Staging I – Auto Install

4 Automated Staging II – Cisco Integrated Customization Service (CICS)

5 Automated Remote Deployment – Zero-Touch Deployment

6 Automated Branch/Campus Deployment – Smart Install

7 Custom Scripting – IOS.sh and Tcl Scripting

8 Configuration-based Events – Embedded Event Manager (EEM) I

9 Event-based Configurations – Embedded Event Manager (EEM) II

10 Editing Files on IOS – The ed Editor

11 Custom Menus on the CLI – Embedded Menu Manager (EMM)

12 Custom Menus via HTTP – EASy HTTx Package

13 Packaging Embedded Automation Systems – EASy

References


References – Instrumentation

Device Manageability Instrumentation (DMI) www.cisco.com/go/instrumentation

Embedded Event Manager (EEM): www.cisco.com/go/eem

Cisco Beyond – EEM Community: www.cisco.com/go/ciscobeyond

Embedded Menu Manager (EMM): http://tinyurl.com/emm-in-124t

Embedded Packet Capture (EPC): www.cisco.com/go/epc

Flexible NetFlow: www.cisco.com/go/netflow and www.cisco.com/go/fnf

GOLD: http://www.cisco.com/en/US/products/ps7081/products_ios_protocol_group_home.html

IPSLA (formerly SAA, formerly RTR): www.cisco.com/go/ipsla

Network Analysis Module: http://www.cisco.com/go/nam

Network Based Application Recognition (NBAR): www.cisco.com/go/nbar

Security Device Manager (SDM): http://www.cisco.com/go/sdm

Smart Call Home: www.cisco.com/go/smartcall

Web Services Management Agents (WSMA): http://tinyurl.com/wsma-in-150M

Cisco Configuration Engine (CCE): www.cisco.com/go/ciscoce

Feature Navigator: www.cisco.com/go/fn

MIB Locator: www.cisco.com/go/mibs

For Your Reference









http://www.cisco.com/go/epc

http://www.cisco.com/go/netflow

http://www.cisco.com/go/fnf

http://www.cisco.com/en/US/products/ps7081/products_ios_protocol_group_home.html

http://www.cisco.com/go/ipsla

http://www.cisco.com/go/nam

http://www.cisco.com/go/nbar

http://www.cisco.com/go/sdm

http://www.cisco.com/go/smartcall

http://tinyurl.com/wsma-in-150M





http://www.cisco.com/go/ciscoce

http://www.cisco.com/go/fn

http://www.cisco.com/go/mibs


Network Management @ CiscoLive Europe 2012

Session ID Title Day Start Time

BRKNMS-2006 Manage and Optimize IT Energy Usage with Cisco EnergyWise Tuesday 2012-01-31 11:15:00

BRKNMS-2841 Enterprise Network Device Administration with TACACS+ Tuesday 2012-01-31 11:15:00

BRKNMS-2464 13 Smart Automations to Configure Your Cisco IOS Network Tuesday 2012-01-31 15:45:00

BRKNMS-3134 Advanced NetFlow Tuesday 2012-01-31 15:45:00

BRKNMS-2005 DataCenter & Virtualization Management Overview Wednesday 2012-02-01 09:00:00

BRKNMS-2009 Simplify the Deployment of Cisco Platforms and Technologies Wednesday 2012-02-01 09:00:00

BRKNMS-3133 Advanced - Using the UCS XML API Wednesday 2012-02-01 09:00:00

BRKNMS-2465 13 Smart Automations to Monitor Your Cisco IOS Network Wednesday 2012-02-01 13:30:00

BRKNMS-2847 Ethernet OAM - Technical Overview and Deployment Scenarios Wednesday 2012-02-01 13:30:00

BRKNMS-2466 13 Smart Automations to Troubleshoot Your Cisco IOS Network Wednesday 2012-02-01 16:00:00

BRKNMS-2842 Managing Network Performance in WAAS Environments Wednesday 2012-02-01 16:00:00

BRKNMS-2943 Smart Services for Business Video - Turning Vision into Reality Thursday 2012-02-02 09:00:00

BRKNMS-3135 Advanced - Application Visibility and Performance in Cisco devices with Network

Based Application Recognition (NBAR) Thursday 2012-02-02 09:00:00

BRKNMS-2031 SYSLOG Design, Methodology and Best Practices Thursday 2012-02-02 16:00:00

BRKNMS-2846 Paket Transport and its Management Thursday 2012-02-02 16:00:00

BRKNMS-2659 Cloud Automation Friday 2012-02-03 09:00:00

BRKNMS-2844 A walkthrough over Service Management Friday 2012-02-03 09:00:00

BRKNMS-3999 Using a Network Hypervisor to Automatically Create End to End Topologies

―Network Containers‖ in a Multi-Tenant Data Center Friday 2012-02-03 09:00:00

BRKNMS-2845 Best Network Mgmt Practice in Cisco Device Instrumentation: what (not) to do? Friday 2012-02-03 11:00:00

For Your Reference


1. Navigate to http://bit.ly/cSMV3N

2. Search for ‚Network Automation‗

3. Join us and Enjoy !

Network Automation @ CiscoLive Europe 2012

Session Title Format

BRKCRS-2437 Incorporating Intelligent Access at the Campus Edge Technical Breakout

BRKIPM-2090 Implementing Network Automations Technical Breakout

BRKNMS-2464 13 Smart Automations to Configure Your Cisco IOS Network Technical Breakout

BRKNMS-2465 13 Smart Automations to Monitor Your Cisco IOS Network Technical Breakout

BRKNMS-2466 13 Smart Automations to Troubleshoot Your Cisco IOS Network Technical Breakout

LABNMS-1262 Implementing Network Automation Module 0 - Basics Lab: Walk in

LABNMS-1263 Implementing Network Automation Module 1- Planning Lab: Walk in

LABNMS-1264 Implementing Network Automation Module 2 - Deployment Lab: Walk in

LABNMS-1265 Implementing Network Automation Module 3 - Monitoring Lab: Walk in

LABNMS-1266 Implementing Network Automation Module 4 - Troubleshooting Lab: Walk in

LABNMS-1422 Network Automation Solutions using Cisco IOS EEM Lab: Walk in

LABNMS-2001 Advanced Network Automation and Solutions using Cisco IOS EEM Lab: Instructor Led

TECNMS-3601 Advanced Network Automation Technical Seminar

BRKCDN-1114 Building Innovative Solutions with IOS Embedded Automation Technical Breakout

For Your Reference


Network Automation Hands-On Lab

Join us in the Lab

At CiscoLive:

1. Walk up to the WISP Labs

2. Book a seat for: LABNMS-1262 ... LABNMS-1266 Implementing Network Automation - Mobule 0 - Basics - Module 1 - Planning - Module 2 - Deployment - Module 3 - Monitoring - Module 4 - Troubleshooting

Partners any time via PEC:

1. Navigate to http://www.cisco.com/go/pec

2. Click on >Launch

3. Search for ‚%Network Automation%‗

4. Enjoy !

%Network Automation%

For Your Reference



Embedded Automation Systems (EASy)

1. Browse and Download EASy Packages www.cisco.com/go/easy


3. Browse Other Embedded Automations www.cisco.com/go/ciscobeyond

4. Learn About The Technology Under The Hood www.cisco.com/go/instrumentation www.cisco.com/go/eem www.cisco.com/go/pec

5. Discuss, Ask Questions, Suggest Answers supportforums.cisco.com supportforums.cisco.mobi

6. Upload your own Examples to CiscoBeyond www.cisco.com/go/ciscobeyond

7. Engage via [email protected]

For Your Reference






https://supportforums.cisco.com/

http://www.supportforums.cisco.com/







Discussion forums

Ask questions, get answers

Video tutorials

Coming soon!

Cast your vote!

Which scripting language would you

like to see supported in the future?

Script repository

Over 130+ open source scripts,

learn by example

For Your Reference

CiscoBeyond Has A New Home


Recommended Reading

Please visit the Cisco Store for suitable reading.


Conclusion

Not all Configuration Tasks are Equal

Network Automation …

… is a Paradigm Change

… offers opportunities far beyond OPEX savings

… is EASy to adopt now

How will You use Network Automation?


Please complete your Session Survey

Don't forget to complete your online session evaluations after each session.

Complete 4 session evaluations & the Overall Conference Evaluation

(available from Thursday) to receive your Cisco Live T-shirt

Surveys can be found on the Attendee Website at www.ciscolivelondon.com/onsite

which can also be accessed through the screens at the Communication Stations

Or use the Cisco Live Mobile App to complete the

surveys from your phone, download the app at

www.ciscolivelondon.com/connect/mobile/app.html

We value your feedback

http://m.cisco.com/mat/cleu12/

1. Scan the QR code

(Go to http://tinyurl.com/qrmelist for QR code reader

software, alternatively type in the access URL above)

2. Download the app or access the mobile site

3. Log in to complete and submit the evaluations

http://www.ciscolivelondon.com/onsite

http://www.ciscolivelondon.com/connect/mobile/app.html

http://tinyurl.com/qrmelist


Thank you.

13 Smart Automations to Configure Your Cisco IOS Network

Documents

Transcript of 13 Smart Automations to Configure Your Cisco IOS Network