标签为 ‘IOX’的文章

Do action by EEM+TCL after the log happen X Times in Y LC/RSP at ASR9k


We can do more automated action by EEM + TCL on Cisco router, and have more trigger way for syslog pattern trigger, OID trigger, CPU Threshold trigger and so on. That will match IOS platform, no any issue. But in XR platform, each LC/RSP have separate alarm, we maybe have special requirement, e.g:

Some alarms frequency happen, I want to restart the process (base on pid) if the alarm happen 3 times in 5min on each LC, how to do that?

0/3/cpu0: alarm report "C", Pid = zzz
0/1/cpu0: alarm report "A", Pid = xxx
0/2/cpu0: alarm report "B", pid = yyy
0/3/cpu0: alarm report "C", pid = zzz
0/1/cpu0: alarm report "A", pid = xxx
0/1/cpu0: alarm report "A", pid = xxx


We can do interactive script by TCL I/O, create a file in Harddisk/disk which has the history/count of syslog for Lcs. We can read this file using the script whenever the syslog is observed. Based on the number of syslogs the script can take the required action.

The steps will be like this, please check attachment and script flow chart for detail script, in my example, I only dump arp process for testing, please change script base on your requirement, in order to test script, you can add flag to test that, e.g “action_syslog priority info msg “a””: 完整阅读


ASR9k EEM + TCL Interactive Scripting

1. Capture interface tunnel port each 5 minutes, if traffics > X, will capture other information.
2. Store those information to disk0/harddisk.

In fact, the requirement is very easy by Python + CRT, but customer couldn’t find a PC to continue to run python script, so only use EEM + TCL on ASR9k. And in TCL script, I use two function: foreach and scan.

Follow CLI need config before do script, if you change any variable or script, you need re-config “event manager policy tac_te.tcl username cisco”:

aaa authorization eventmanager default local
event manager environment _cron_entry1 */5 * * * *
event manager directory user policy disk0:
event manager policy tac_te.tcl username cisco persist-time 3600 type user



ASR9k EEM+TCL General custom SNMP Trap

If customer want to focus a alarm on their NMS by SNMP Trap, they can config “snmp-server traps syslog”. But if customer no filter feature on NMS, they couldn’t find special alarm in all syslog, now we can use EEM + TCL to match customer requirement.

Follow TCL Script:

::cisco::eem::event_register_syslog pattern $_error_log occurs $_number period $_times maxrun 300
namespace import ::cisco::eem::*
namespace import ::cisco::lib::*

set alarm "***OOB_ERROR Happened!***"

sys_reqinfo_snmp_trapvar var temp oid string $alarm
sys_reqinfo_snmp_trap enterprise_oid generic_trapnum 6 specific_trapnum 2 trap_oid trap_var temp



How to sniffer Dummy VLAN on L2VPN ?

什么是dummy vlan?

由于EVC平台在入端口可以通过rewrite命令剥离VLAN tag,这样导致在PW中没有任何tag,在Type 4时会有问题,两边VLAN的QOS无法传递给对端,所以就有了这个所谓的dummy vlan,它不是一个真正的VLAN,他只是传递一些QOS字段并且占一个位。那么dummy VLAN长什么样?其实大鹏之前的文章里已经详细介绍了EVC的各种行为,我这里只是介绍抓dummy VLAN的“心路历程”以及dummy VLAN的“样子”~


起始测试环境为VPLS BGP auto discovery + LDP Sig,在76的入向抓包


1. 默认Type 5,在CE1 ping 带cos 5,ASR9k-1在AC上不配置rewrite,透传的VLAN是否带着802.1p?根据抓包信息,正常带着802.1p,详细看“bgp-ldp-vlan-cos5.pcapng”;另外有个疑问,既然type 5支持VLAN透传,为什么还要Type 4?答案请看文章结束部分


ASR9k + Freeradius

Refer to IOX + Freeradius article that very less on Internet and lots of IOS with Freeradius, after study that, I summarized that by follow:

1: Install freeradius
You need install free radius first, ignore the part, you can check it by yourself or check my last article <RHEL7 install freeradius>

2: Config freeradius

[root@frank radius]# more /etc/raddb/clients.conf
client 10.x.x.x {
        secret = cisco123
        shortname = iox-5.2.2
        nas_type = cisco


Notes: as follow, we can assign a group for user “frank”, now priv5 is custom group, you can assign default group, e.g:
Cisco-avpair = “shell:task=#netadmin,#sysadmin,#cisco-support”

Btw, you can direct defined priv15 by follow:
Cisco-AVPair = “shell:priv-lvl=15”

Or direct defined cmd by follow:
Cisco-AVpair = “shell:cmd=show”

If you assign cisco-support group first, and then to limit command by “cmd=show”, cmd will unavailable; and vice versa.

[root@frank radius]# more /etc/raddb/users
frank   Cleartext-Password := "frank"
                Service-Type = NAS-Prompt-User,
                Reply-Message = "Hello!",
                Login-Service = Telnet,
                Cisco-AVPair = "shell:tasks*=#priv5,"


blonde teen swallows videos