13 smartways to configure cisco device

13 Smart Ways To Configure Your Cisco IOS Device

1© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKNMS-2000

BRKNMS-2000

Housekeeping

� We value your feedback- don't forget to complete your online session evaluations after each session & complete the Overall Conference Evaluation which will be available online from Thursday

� Visit the World of Solutions

� Please remember this is a 'non-smoking' venue!

© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKNMS-2000 2

� Please remember this is a 'non-smoking' venue!

� Please switch off your mobile phones

� Please make use of the recycling bins provided

� Please remember to wear your badge at all times

Abstract

Have you ever accidentally locked yourself out of a remote device? Need to deploy a few hundred branch routers across the globe?

Want to quickly apply maintenance config updates to a handful of devices running various different IOS releases?

What is the most appropriate mechanism to get your target config into those network elements?

Cisco IOS® today offers a plethora of Device Manageability Instrumentation (DMI) features and


Cisco IOS® today offers a plethora of Device Manageability Instrumentation (DMI) features and protocols that simplify device configuration - both for human beings as well as for software applications and scripts; for large scale deployments as well as for single devices and small groups.

This Breakout Session uncovers some of the not-so-well-known ways to interact with your network elements for the purpose of (re-)configuring them.

Technology fundamentals as well as the choice and use of appropriate practices are illustrated through a combination of presentation and best practice examples.

The topic is relevant for network planners and administrators, engineers and system integrators for both enterprises and service providers.

Welcome aboard ...This session is not about:

� An introduction to NMS concepts

� An in-depth session on 1 single feature

� Engineering details of the IOS parser

� NMS applications

� WHAT to configure on a device


� WHAT to configure on a device

This Session is about:

� HOW to get configuration into a device

� Using Device Manageability Instrumentation (DMI)and Embedded Automations (EASy)

� Practical examples

Agenda

Introduction

1

2

3

4

5

6


6

7

8

9

10

11

12

13Summary

Introduction & Overview‘Configuration‘ in a Service Life Cycle

config

network engineer support staff

scripts

scripts and tools applications

IOS

images*.tcl*.mdf

MOH & IVR

files

xDM

files


device groups large scaleindividual devices

Demand for Differentiation

Bu

sin

ess V

alu

e / R

even

ue P

ote

nti

al

ComputeCloud, XaaS,Computing

ProgramEmbedded Automation

Systems (EASy)

CustomizeDevice ManageabilityInstrumentation (DMI)


Bu

sin

ess V

alu

e / R

even

ue P

ote

nti

al

ConnectManaged Network

Services

CollaborateUnified Comms

Security

Basic SLA

Quality of Service SLA

Transaction Experience SLA

Increase in - Application awareness- Real-time management- Custom requirements- Programmability

ConfigureBasic Instrumentation

GET / SET

Instrumentation (DMI)

1995 2000 2005 2010 2015

Introduction & Overview

Definition of Activities

DeploymentMove physical network equipment into it‘s operating location

�CommissioningMake new network equipment ready for use and reachable by operations, NMS


�ConfigurationConfigure a network element depending on it’s role and function in the network

ProvisioningConfigure portions of a network for the purpose of a specific user and/or service

�Activation Enable users to start using a service

Fo

cu

shostname pe-south!enable password c!mpls ip!interface Loopbacip address 10.10

Introduction & Overview

Feature Availability

� Main focus on what is available in IOS 15.0(1)M on ISR platforms

� Most Features have been around for some time already

� More Details in Appendix I

� Feature Navigator: www.cisco.com/go/fn

12.4(4)T 12.4(2)T 12.3(14)T 12.3(4)T 12.3(2)T 12.2(12)T


Cisco 7304 Router

Cisco 7301 and 7200 Routers

Cisco Catalyst

6500 Series

Cisco Catalyst 4500 Series

Cisco 3750 & 2900

Series

12.2SB 12.2SB/SR 12.2SX/ SR 12.2SG 12.2SE T

12.2(1st)SB5 12.2(1st)SRC 12.2(1st)SXH 12.2(12th)SG 12.2(6th)SE 12.3(2)T

12.2(1st)SB5 12.2(1st)SRC 12.2(1st)SXH 12.2(12th)SG 12.2(6th)SE 12.3(4)T

12.2(25)S 12.2(31)SB 12.2(1st)SXH 12.2(12th)SG 12.2(6th)SE

12.2(1st)SB5 12.2(1st)SRC 12.2(1st)SXI 12.2(11th)SG 12.2(44)SE 12.3(14)T

12.2(1st)SB5 12.2(1st)SRC 12.2(1st)SXI 12.2(12th)SG 12.2(6th)SE 12.4(2)T

12.2(1st)SB5 12.2(1st)SRC 12.2(1st)SXI 12.2(12th)SG 12.2(6th)SE 12.4(4)T

12.2(1st)SB5 12.2(1st)SRC 12.2(1st)SXI 12.2(31)SGA NA NA

12.2(31)SB 12.2(31)SB 12.2(1st)SXH 12.2(12th)SG 12.2(6th)SE

12.2(31)SB 12.2(31)SB HD 12.2(13th)SG 12.2(7th)SE 12.5(2nd)T

12.4(4)T 12.4(2)T 12.3(14)T 12.3(4)T 12.3(2)T 12.2(12)T

X X X X X X

X X X X X X

X X X X X

X X X X

X X X

Command Line Interface (CLI)

The Basics


The Basics

Command Line Interface (CLI) – Modes

Global Configuration Mode

router(config)#

hostname

ip route

interface ...

...

Line Configuration Sub-Mode

router(config-line)#

Routing Configuration Sub-Mode

router(config-router)#

Interface Configuration Sub-Mode

router(config-if)#

shutdown

ip address

encapsulation ...

interface

do ..

Running

Configuration


Priviledged EXEC Mode

router#

show

ping

debug

...

User EXEC Mode

router>

show (limited)

ping

enable

...

...

ROM Monitor

rommon # >

Diagnostic Boot (only on ASR)

router(diag)#

conf t

do ..

Startup

Configuration

See: www.cisco.com/en/US/docs/ios/preface/usingios.html

enable

Config Register

Command Line Interface (CLI) – Basics 1/2

� Exec Commands from within Config Mode (from 12.0(21)S, 12.2(8)T)

Issue Exec commands without leaving Config Mode

router# conf trouter(config)# do copy run startDestination filename [startup-config]?Building configuration...[OK]router(config)#

A Series of usability features are available in IOS:


router(config)#

� Command Aliases (from 10.3, 12.2(33)SRA)

Pre-defines Aliases are available on the CLI

Custom Aliases can be defined per (Sub-)Mode

Note: ROM Monitor also provides an alias command

router# show aliasesExec mode aliases:h helplo logoutp pingr resumes showu undebugun undebugw where

router# conf tEnter configuration commands, one per line. End with CNTL/Z.router(config)# alias exec shib show ip interface briefrouter(config)# alias exec shru show running-configrouter(config)# alias exec shrb show running-config | beginrouter(config)# alias configure h hostnameRouter(config)# alias interface nsh no shutdown

Command Line Interface (CLI) – Basics 2/2

� Interface Ranges and Macros (from 12.1(5)T, 12.1(1)E, IOS XE 2.1)

Define Interface Ranges / Groups

Apply Config to Interface Ranges / Groups

router(config)# interface range FastEthernet 1 - 3router(config-if-range)# no shut

Define and Use immediatelyConsequtive Range


router(config)# define interface-range mylist FastEthernet 2 , FastEthernet 4 - 6

router(config)# interface range macro mylistrouter(config-if-range)# no shut

Define OnceUse multiple times

Arbitrary Group

router(config)# interface range FastEthernet 5/1.1 – FastEthernet 5/1.4router(config-if-range)# encapsulation dot1Q 220router(config-if-range)# no shut

This will apply:VLAN ID 220 � FastEthernet 5/1.1VLAN ID 221 � FastEthernet 5/1.2VLAN ID 222 � FastEthernet 5/1.3VLAN ID 223 � FastEthernet 5/1.4

Works on Subinterfaces and VLAN Ranges too

from 12.2(8)T

Where to start with CLI ?

Feature Navigator:http://www.cisco.com/go/fn


Command Lookup Tool: http://tools.cisco.com/Support/CLILookup/

Command Line Interface (CLI)

More Advanced


More Advanced

Son: Dad, why are there 2 Pilots ?

Dad: One has to prevent the other from doing stupid things


from doing stupid things

Son: Which one is doing the stupid things ?

Deployment & Activation

IOS Configuration ‚Safety‘ Features

� Contextual configuration diff utility (from 12.3(4)T, 12.2(25)S)

Easily show differences between running and startup configuration

Compare any two ASCII files

� Config change logging and notification (from 12.3(4)T, 12.2(25)S)

Tracks config commands entered per user, per session

Notification sent indicating config change has taken place—changes can be retrieved via SNMP


via SNMP

� Configuration replace and rollback (from 12.3(7)T, 12.2(25)S)

Replace running config with any saved configuration (only the diffs are applied) to return to previous state

� Configuration revert (from 12.4(23)T)

Automatically Rollback un-confirmed configurations

� Configuration locking (from 12.3(14)T, 12.2(25)S)

Ensures exclusive configuration change access

router# show archive

There are currently 4 archive configurations saved.

The next archive file will be named disk0:/config-archive-4


Example: Using Config Rollback

� Problem: critical config change to a remote router may result in loss of connectivity, requiring a reload

� Solution: replace the running configuration with the latest good archive after two minutes – unless the change made is confirmed


The next archive file will be named disk0:/config-archive-4

Archive # Name

0

1 disk0:/config-archive-1

2 disk0:/config-archive-2

3 disk0:/config-archive-3 <- Most Recent

router# config replace disk0:/config-archive-3 time 120

:

... your Config Change work here ...

:

router# no config replace disk0:/config-archive-3

Available from: IOS 12.3(7)T, 12.2(25)S

router# config terminal revert time 2Rollback Confirmed Change: Backing up current running config to flash:bk-2


Example: Using Config Revert

� Problem: critical config change to a remote router may result in loss of connectivity, requiring a reload

� Solution: revert the running configuration after two minutes – unless the change made is confirmed


Enter configuration commands, one per line. End with CNTL/Z.

:

... your Config Change work here ...

:router# hostname oopsoops(config)# endoops# Rollback Confirmed Change: Rollback will begin in one minute. Enter "configure confirm" if you wish to keep what you've configured

Available from: IOS 12.4(23)T, 12.2(33)S

oops# Rollback Confirmed Change:

rolling to:flash:bk-2

Total number of passes: 1

Rollback Done router#

oops# config confirm oops#or

Simple Scripting I

IOS.sh


IOS.sh

IOS Shell

� Problem: Sometimes we need more than what Interface ranges,Macros, Auto SmartPorts and other CLI features already offer.

But we may not want all the power and complexity of Tcl Scripting orEmbedded Event Manager

� Solution: Use IOS Shell (IOS.sh)


Phase I Available from: IOS 12.2(52)SE

IOS.sh # _

IOS Shell offers

� Environment Variables MY_VAR=value, %n

� Pipe and Redirection |

� Condition Testing if […]; then else fi

� Loops

� Built-in Functions show shell functions

shell exec <function>

� Custom Function Definitions function <name>(…){…}

IOS Shell - Example

� The pre-built shell functions for Auto SmartPorts are a good starting point:

switch# show shell functions CISCO_AP_AUTO_SMARTPORT

function CISCO_AP_AUTO_SMARTPORT () {if [[ $LINKUP -eq YES ]]; then

conf tinterface $INTERFACE

macro description $TRIGGERswitchport trunk encapsulation dot1q


switchport trunk encapsulation dot1qswitchport trunk native vlan $NATIVE_VLANswitchport trunk allowed vlan ALLswitchport mode trunkswitchport nonegotiateauto qos voip trustmls qos trust cos

exitend

fiif [[ $LINKUP -eq NO ]]; then

:

Simple Scripting II

Tcl Scripting and CRON


Tcl Scripting and CRON


Tool Command Language (TCL)

� Language resources found at: http://www.tcl.tk/

� TCL 7.x has been in Cisco IOS since 1994

� TCL 8.3.4 first released in Cisco IOS in 12.3(2)Tand merged into 12.2(25)S

� Use 12.3(14)T or later for best results

� Signed TCL Scripts introduced in 12.4(15)T


� Signed TCL Scripts introduced in 12.4(15)T

� Use low-memory to prevent malloc failures

� TCL process runs at medium priority, so be careful with loops

Router(config)# scripting tcl low-memory <water_mark>

Router#tclsh slot0:myscript.tcl

Router#tclsh

Router(tcl)#source tftp://10.1.1.1/myscript.tcl

� http://www.cisco.com/go/ciscobeyond

� http://www.cisco.com/go/eem

� http://www.cisco.com/go/ioscommercial

� “Guide To Writing EEM Policies” documentation


Tool Command Language (TCL)


Router#tclsh

Router(tcl)#puts "Hello There"

Hello There

Router(tcl)#ios_config "interface fa0/0"

"description Main Uplink"

Router(tcl)#exit

Router#

• TCL Cisco IOSExtended Commands

• TCL Built In Command

• Cisco IOS Command

TCL has the capability to verify a digital signature in order to indicate trust:

� A script can run in two modes:

If TCL script contains the right signature: TRUSTED MODE


Signed TCL Scripts


If TCL script contains the right signature:

It will be authenticated and run with trusted access to TCL interpreter

If TCL script doesn´t contain the right signature:

It will run in a limited mode for untrusted scripts or not run at all

TRUSTED MODE

UNTRUSTED MODE

See: http://www.cisco.com/en/US/docs/ios/12_4t/netmgmt/configuration/guide/sign_tcl.htmlAvailable from: IOS 12.4(15)T, 12.4(11)XWPlatforms: 8xx, 18xx ISRs, 26xx, 36xx, 37xx, IAD, 72xx, 7301, UC520, …


Kron Scheduler

� Run EXEC commands periodically or at a specified time

� First introduced in 12.3(1)

� Runs commands in a fully-automated mode

� Interactive commands (e.g. reload)are NOT supported


Note:

� NTP must be configured or the router clock must be authoritative

� Kron and Tcl can run together since 12.4(4)T

Alternative Option: use Embedded Event Manager (EEM) Timer ED

How to trigger a Config Change

Embedded Event Manager (EEM)



Embedded Event

Syslogemail

notificationSNMP set Counter

CLI Applets

SNMP get

SNMP notification

Application specific

TCL Policies

Reload or switch-over

EEM Appletsmulti-event-correlation

IOS.sh Policies

Actions

Service Planning

EEM Architecture


Embedded Event Manager

multi-event-correlation

Event Detectors

SyslogEvent

Process SchedulerDatabase

InterfaceDescriptor

Blocks

SyslogED

WatchdogED

Interface Counter

ED

CLIED

OIRED

ERMED

EOTED

RFED

noneED

GOLDED

XMLRPCED

SNMPEDs

Remote:• NotificationLocal:• Notification• Get/Set

NetFlowED

IPSLAED

RouteED

TimerEDs

• Cron• Countdown

HWEDs

• Fan• Temp• Env• ...

CDPLLDP

ED

802.1xED

MACED

CLIApplets

IOS.shPolicies

� Separate ASCII File my-policy.sh

TCLPolicies

� Separate ASCII File my-policy.tcl

� Part of the Cisco IOS Configuration

Service Planning

EEM Applets and Policies


� Programmatic Applet Extensions

my-policy.sh

� Based on Cisco IOS CLI and Shell Commands

� Effective shell-like simple scripting

� Registered via the Cisco IOS Config

my-policy.tcl

� Based on Cisco IOS CLI and Safe TCL Commands

� Flexible and powerful scripting capabilities

� Registered via the Cisco IOS Config

Configuration

� Based on CLI Commands

� Simple Actions

Service Planning

Example: Trigger a Config Change – 1/3

Router(config)# ntp logging

Router(config)# ntp update-calendar

Router(config)# ntp server 172.16.154.40 prefer

� Problem: a PKI related config change on a remote device should only happen once NTP has successfully synched the time

� Solution I: use EEM Syslog Event Detector and a CLI Applet to trigger the change


CLI Applet

event manager applet config_upon_ntp

event syslog pattern ".*%NTP-5-PEERSYNC.*"

action 1.0 syslog msg "Starting ..."

:

... Your Config Changes Here ...

:

action 3.0 syslog msg "... done"

Dec 10 13:03:57.746: %NTP-5-PEERSYNC: NTP synced to peer 172.16.254.40

Dec 10 13:03:57.750: %HA_EM-6-LOG: config_upon_ntp: Starting ...

Dec 10 13:03:57.750: %HA_EM-6-LOG: config_upon_ntp: ... done

change

Service Planning

Example: Trigger a Config Change – 2/3

IOS.sh Policy

� Solution II: use EEM Syslog Event Detector and an IOS.sh Policy to trigger the change

##::cisco::eem::event_register_syslog pattern .*%NTP-5-PEERSYNC.*send log "Starting ..."enableconf thostname $new_hostname:


� Solution III: use EEM Syslog Event Detector and a TCL Policy to trigger the change …

:... Your Config Changes Here ...:end send log "... done"# End of IOS.sh Policy demo script

router#

*Dec 22 18:27:09.659: %HA_EM-6-LOG: sl_cfg_ntp.sh: Starting ...

*Dec 22 18:27:09.801: %SYS-5-CONFIG_I: Configured from console by on vty0 (EEM:sl_cfg_ntp.sh)

*Dec 22 18:27:09.927: %HA_EM-6-LOG: sl_cfg_ntp.sh: Set hostname from router to it-worked

*Dec 22 18:27:09.927: %HA_EM-6-LOG: sl_cfg_ntp.sh: ... done

it-worked#

TCL Policy

�� !�� "��#��$��%&��'�� (�� (��)��*�+��,��-��#��(��#��.�)(�+�*��,�/��0��-�/��1��1��2+�0��/��1��0

Policy runtimeDefault = 20 secondsIncrease this value if you see a “Process Forced Exit” messagefrom the router.


0�+�*��,�/��$��1��3+)4�5��'��6��+��6�,��1�#��6��)(0��-�/�� (7��)��,��1��1��2+�(��1��1��2+�

0��/�� (��,��+��1��)��1�#��(

0��1��3+)4�1��3��)4�� (��)��(router#

*Dec 10 10:43:29.061: %HA_EM-6-LOG: config_upon_ntp.tcl: Starting ...

*Dec 10 10:43:29.197: %SYS-5-CONFIG_I: Configured from console by on vty0 (EEM:config_upon_ntp.tcl)

*Dec 10 10:43:29.329: %HA_EM-6-LOG: config_upon_ntp.tcl: Set hostname from router to it-worked

*Dec 10 10:43:29.329: %HA_EM-6-LOG: config_upon_ntp.tcl: ... done

it-worked#


How to trigger upon a Config Change



Using EEM to trigger upon config change

Two Options:

� Syslog Event Detector upon any potential config change

� CLI Event Detector upon specific CLI command

– Asynchronous:

• Trigger Policy and then execute CLI command

• Trigger Policy and skip CLI command


• Trigger Policy and skip CLI command

– Synchronous:

• Trigger Policy and execute/skip based on exit status

_exit_status == 0 � skip CLI command (default)

_exit_status == 1 � execute CLI command

event [tag event-tag] cli pattern regular-expression

{[default] [enter] [questionmark] [tab]}

[sync {yes | no skip {yes | no}]

[mode variable]

[occurs num-occurrences] [period period-value]

[maxrun maxruntime-number]

Available from: EEM 2.1, integrated with XML PI from EEM 3.0

Example: Using EEM CLI Event Detector� Problem: VLAN 380 should not be accidentally removed from a trunk

� Solution: use EEM CLI Event Detector:

event manager applet cli-asyncevent cli pattern "switchport trunk allowed vlan remove.*380.*" sync no skip noaction 1.0 syslog msg "Removing VLAN 380"

Option a: Don’t prevent anything, just issue a syslog notification:

Option b: Prevent the entire command and issue a syslog notification:

Other Examples:• no mpls ip• no router isis• debug all


event manager applet cli-syncevent cli pattern "switchport trunk allowed vlan remove.*380.*" sync yesaction 1.0 puts "Confirm removing VLAN 380 [yes|no]:"action 2.0 gets responseaction 3.0 if $response eq yes goto 5.0action 4.0 puts "NOK - VLAN 380 will NOT be removed"action 4.1 exit 0action 5.0 puts "OK - VLAN 380 will be removed"action 5.1 exit 1

Option c: Ask for confirmation, then allow or prevent the entire command:

event manager applet cli-async-skipevent cli pattern "switchport trunk allowed vlan remove.*380.*" sync no skip yesaction 1.0 syslog msg "Will NOT remove VLAN 380"

Caveats: command may be (much) bigger than what you match! Ranges!

Managing Versions and Revisions

Archive, EEM Update and EASy Installer


Archive, EEM Update and EASy Installer

� Problem: Device configurations must be archived periodically, collecting them from the outside should not be the only answer.

� Solution 1: Manually create meaningful copies of the running config:

nexus-7000# copy run bootflash:/$(TIMESTAMP)-$(SWITCHNAME).conf

Example: Archiving Configuration – 1/6


nexus-7000# dir bootflash:

29796 Apr 27 17:38:16 2009 2009-04-27-17.38.16-nexus-7000.conf

nexus-7000# show cli variable

VSH Variable List

-----------------

SWITCHNAME=“nexus-7000"

TIMESTAMP="2009-04-27-17.47.48"

Note: from IOS 12.3T onwards, refer to $h and $t variables within archive config path option

archive

path disk0:/config-archive

maximum 7

time-period 1440

� Solution 2: Archive the running configuration once every day locally:



Router#show archive

There are currently 3 archive configurations saved.

The next archive file will be named disk0:config-archive-3

Archive # Name

0

1 disk0:config-archive-1

2 disk0:config-archive-2 <- Most Recent

3

4

5

6

7

View the content of the archive:

archive

path tftp://10.1.1.1

write-memory

Solution 3: Archive the running configuration to tftp upon write:

Router#archive config

Note: Config can also be archived on-demand:



Solution 4: Use Kron to schedule periodic archiving (plus other activity)

archivepath tftp://10.1.1.1!kron policy-list backupconfigcli archive config!kron occurrence backup-occur at 23:23 recurringpolicy-list backupconfig

multiple policy-lists possible

Solution 5: Use Embedded Event Manager (EEM) with a Syslog EventDetector and a TCL Applet to only archive configs if therewas a change


Router(config)# event manager environment filename <myfile.txt>

Define EEM Environment Variable


Router(config)# event manager environment filename <myfile.txt> Router(config)# event manager directory user policy "flash:/TCL" Router(config)# event manager policy archive.tcl type user

Router(config)# archive Router(config-archive)# path flash:disk0 Router(config-archive)# maximum 14

Register EEM TCL Script

Configure Archive Location and Size

This script is available from www.cisco.com/go/ciscobeyond( See http://forums.cisco.com/eforum/servlet/EEM?page=eem&fn=script&scriptId=1103 )

Example: Archiving Configuration – 5/6::cisco::eem::event_register_syslog pattern ".*%SYS-5-CONFIG.*" ########################################################## EEM TCL Script to archive the config upon change## Developed by Marisol Palmero# # The following EEM environment variable is used: # - filename: name of the file specified in the path command within ## Lets check if all the variable exists, otherwise quit#########################################################

maxrun 90

Sylog Event


#########################################################if {![info exists filename]} { set result "Policy cannot be run: variable filename not set"

error $result $errorInfo }

namespace import ::cisco::eem::* namespace import ::cisco::lib::*

if [catch {cli_open} result] { puts stderr $result exit 1

} else { array set cli1 $result

}

Policy runtimeDefault = 20 secondsIncrease this value if you see a “Process Forced Exit” messagefrom the router.

if [catch {cli_exec $cli1(fd) "en"} result] { puts stderr $result exit 1

}

set showarchive [cli_exec $cli1(fd) "show archive"] set lines [split $showarchive "\n"]

foreach line $lines { set result [regexp {<- Most Recent} $line ]



set result [regexp {<- Most Recent} $line ] if {$result != 0} {

set result1 [regexp {^\s+\d+\s+(.+)-(\d+)\s+<-} $line -> path extension] set output [cli_exec $cli1(fd) "show archive config differences

system:/running-config flash:$filename-$extension"] if { [regexp "!No changes were found" $output] } { break

} else { cli_exec $cli1(fd) "archive config" break

} } } if {$result == 0} { cli_exec $cli1(fd) "archive config" }

Archive if there was a change of if there was no archived version yet

Archive if there was a change of if there was no archived version yet

Example: Synchronizing EEM Scripts 1/2� Problem: Synchronize EEM Policy .tcl files from a central Repository

� Solution 1: Use event manager update commands

router(config)# event manager directory user repository tftp://172.16.64.1

1. Configure the default Repositiory:

router# event manager update user policy name my%EEM: Update will use the repository path: tftp://172.16.64.1%EEM: Attempting to copy tftp://172.16.64.1/my.tcl to flash:/eemtcl/my.tcl

2. Single exec command to download, un-register and re-register:

© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKNMS-2000 44Available from: IOS 12.4(20)T

*Dec 10 20:12:43.198: %HA_EM-6-FMPD_UPDATE_POLICY_COPY: Policy update has copied 647 bytes f

*Dec 10 20:12:43.230: %HA_EM-6-FMPD_UPDATE_POLICY_REGISTER: Policy update has successfully r

%EEM: Attempting to copy tftp://172.16.64.1/my.tcl to flash:/eemtcl/my.tclLoading my.tcl from 172.16.64.1 (via FastEthernet0): ![OK - 647 bytes]%EEM: Copied 647 bytes from tftp://172.16.64.1/my.tcl to flash:/eemtcl/my.tcl%EEM: Policy my.tcl has been successfully copied and re-registered

router# show event manager policy registeredNo. Class Type Event Type Trap Time Registered Name1 script user syslog Off Wed Dec 10 20:12:43 2008 my.tcl

occurs 1 pattern {.*%NTP-5-PEERSYNC.*}nice 1 queue-priority low maxrun 90.000 scheduler rp_primary

3. Verify using show command:

router# event manager update user policy group m.*

2bis. Can also synch entire groups, based on regular expression match:

Example: Synchronizing EEM Scripts 2/2� Solution 2: Use new event manager update command

router# event manager update user policy name my.tcl repository tftp://10.1.1.1/%EEM: Update will use the repository path: tftp://10.1.1.1%EEM: Attempting to copy tftp://10.1.1.1/my.tcl to flash:/eemtcl/my.tclLoading my.tcl from 10.1.1.1 (via FastEthernet0): ![OK - 647 bytes]%EEM: Copied 647 bytes from tftp://10.1.1.1/my.tcl to flash:/eemtcl/my.tcl%EEM: Policy my.tcl has been successfully copied and re-registered

1. Single exec command to specify repository, download, un-register and re-register:


Available from: IOS 15.0(1)M

*Dec 16 22:09:11.303: %HA_EM-6-FMPD_UPDATE_POLICY_COPY: Policy update has copied 647 bytes from

*Dec 12 22:09:11.329: %HA_EM-6-FMPD_UPDATE_POLICY_REGISTER: Policy update has successfully re-re

router# show event manager policy registeredNo. Class Type Event Type Trap Time Registered Name1 script user syslog Off Wed Dec 10 20:12:43 2008 my.tcl

occurs 1 pattern {.*%NTP-5-PEERSYNC.*}nice 1 queue-priority low maxrun 90.000 scheduler rp_primary

2. Verify using show command:

router# event manager update user policy group m.*

1bis. Can also synch entire groups, based on regular expression match:

� Problem: Embedded Automations based on Tcl Scripting or Embedded Event Manager may include multiple scripts, policies, configurations, variables and pre-requisites. How can we install (and un-install) all of these in a consistent manner?

Example: Install Embedded Automations

� Solution: Create a package and use the EASy InstallerRouter# easy-installer tftp://10.1.1.1/my-package.tar flash:/easy


See: http://www.cisco.com/go/easy

-----------------------------------------------------------------------Configure and Install EASy Package ‘my-package'

-----------------------------------------------------------------------1. Display Package Description2. Configure Package Parameters3. Deploy Package Policies4. Verify Installed Package5. Exit

Enter option:

Editing Files on the CLI

Ed.tcl


Ed.tcl

Editing Files � Problem: Often ASCII files are being used when using DeviceManageability Instrumentation in IOS:

� Tcl scripts and EEM Tcl Policies

� EMM Menu Definition Files

� Config Templates and other text files

During Development and Test it would be useful to be able toedit these files directly from IOS.


edit these files directly from IOS.

But: IOS does not include an ASCII Editor ...

� Solution: Use a Tcl implementation of an Editor in IOS

The GNU <ed> editor is a very simple,line-based editor available as Tclimplementation

see: http://en.wikipedia.org/wiki/Ed_(Unix)see: http://www.gnu.org/software/ed/ed.html

Editing Files – Using ed.tcl

router# show flash:8 27091 Nov 19 2008 10:51:26 ed.tcl9 68 Nov 19 2008 11:00:12 testfile.txt

a

1. Copy ed.tcl and a simple test file to the flash:

router(config)# alias exec ed tclsh flash:/ed.tcl

2. Define an Alias for simplicity:

router# ed flash:/testfile.txt

3. Edit the file using ed:

a – add lines


Available from www.cisco.com/go/ciscobeyond (http://tinyurl.com/ed-on-ios)( See http://forums.cisco.com/eforum/servlet/EEM?page=eem&fn=script&scriptId=1461 )

aand here areyet another two lines.,n1 line one of the test file2 line two of the test file3 another line4 and here are5 yet another two linesw99qrouter#

router# ed flash:/testfile.txt651,$pline one of the test fileline two of the test fileanother line,pline one of the test fileline two of the test fileanother line,n1 line one of the test file2 line two of the test file3 another line

1,$p – print lines 1 to lasta – add lines

w – write file

q – quit

. – end adding

,p – print all lines

,n – numbered print all lines

Embedded Menu Manager (EMM)

Providing Interactive Menuson the CLI



Interactive Menus on the CLI

Problem: How to make some CLI commands available in a guided way (for example to 1st Line Support, Local IT, Field Force, etc)

Solution I: Configure a Menu using the old <menu> commands

Solution II: Define a custom Menu in Embedded Menu Manager (EMM)

IOS menu Command Embedded Menu Manager (EMM)


IOS menu Command

☺☺☺☺ easy to learn, simple to use

�� limited functionality and flexibility

�� menu only, cli only

�� selections only

�� part of the IOS config

☺☺☺☺ widely available


☺☺☺☺ easy to learn, simple to use

☺☺☺☺ very flexible

☺☺☺☺ menus and wizards, cli and tcl

☺☺☺☺ selections, inputs, actions, help texts

☺☺☺☺ separate MDF file(s)

�� recent development – 12.4(20)T

Menu Config Command – 1/2

menu OldMenu title ^C

A simple example of the OLD menu command^C

menu OldMenu prompt ^C

Please select a menu item:^C

Simple Menu Defined in the Config

� Custom ASCII Menus

� Part of IOS Config

� Simple CLI Actions

Menu Title

Menu name


Please select a menu item:^C

menu OldMenu text 1 Run a ping test

menu OldMenu command 1 ping 10.1.1.1

menu OldMenu options 1 pause

menu OldMenu text 9 Exit

menu OldMenu command 9 exit

menu OldMenu status-line

Available from: IOS 10.0, 12.2(33)S

� Caveats:

– Remember to provide an <exit> option

– Simple menus and actions only

– No user input other than menu items

– Part of the running- and startup-config

Menu Item Label

Menu Item Action

Menu Config Command – 2/2

router# menu OldMenu

Server “router" Line 0 Terminal-type (unknown)

A simple example of the OLD menu command

1 Run a ping test

9 Exit


Please select a menu item: 1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

--More—

Server “router" Line 0 Terminal-type (unknown)

A simple example of the OLD menu command

1 Run a ping test

9 Exit

Please select a menu item:


================================================================================

Branch Router Operations Menu on branch-99

Programmable Menu Framework

� Custom ASCII Menus

� XML based Menu Definition Files (MDF)

� Range / Type Checking

� TCL Scripting Actions

� Nested and Sequential Menus (Wizards)


Branch Router Operations Menu on branch-99

Enter ? for help or ?# for item help

--------------------------------------------------------------------------------

1. Install Diagnostic Scripts

2. Change Hostname

3. Run CPU Diagnostic Script

4. Check for most recent EEM Policy Files

5. Run WAN Diagnostic Script

6. Instant World Peace

7. Exit

Enter selection [6]:

Available from: IOS 12.4(20)TSee: http://tinyurl.com/emm-in-124thttps://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_emm_ps6441_TSD_Products_Configuration_Guide_Chapter.html

EMM Menu Definition File Example – 1/2

<?xml version="1.0"?>

<Menu MenuName="NMS" schemaVersion="1.1">

<MenuTitle>

<EmbTCLValue>

<TCLCommand>

return " Branch Router Operations Menu on [hostname]"

</TCLCommand>

</EmbTCLValue>

</MenuTitle>

Menu name and required schema version

Title can be constant or generatedwith Tcl


</MenuTitle>

<HelpString>

<Constant String="View and modify some common Network Management

configuration parameters"/>

</HelpString>

<GlobalTCL>

<TCLCommand>

proc get_config { regex } {

set config [exec "show run | inc $regex"]

return $config

}

</TCLCommand>

</GlobalTCL>

:

:

The menu and each item can haveits own help text

Optional global Tcl section to store procsused throughout menu

EMM Menu Definition File Example – 2/2

::

<Item ContinuePrompt="true" ItemJustification="LEFT">

<ItemTitle>

<Constant String=“Change Hostname" />

</ItemTitle>

<HelpString>

From simple menu choices to complete customized wizards


<HelpString>

<Constant String="This selection lets you type a new hostname" />

</HelpString>

<Wizard>

<QueryPrompt>

<Constant String="What hostname do you suggest?" />

</QueryPrompt>

<FreeForm />

</Wizard><IOSConfigCommand>

"hostname $r(1)"</IOSConfigCommand>

::

What about Applications I

NETCONF and XML PI


NETCONF and XML PI

What are NETCONF and XML PI ? – 1/2

NETCONF

� is a Protocol designed to securely exchangeconfiguration information with a network element

� aims to provide simplicity to allow easy adoption in the industry and across hardware vendors

� aims to provide extensibility to allow devices toexpress their unique capabilities

Resp

on

seR

eq

uest

NETCONFClient

NE

TC

ON

F


express their unique capabilities

See: http://www.ops.ietf.org/netconf/

Cisco IOS XML PI

� Provides an XML Interface to Cisco IOS Network Elements

� Is a secure, unabigous and robust way of sending and receiving of CLI commands, without having to screen scrape, mediate or expect script

� Uses NETCONF and either SSHv2 or BEEP

Available from: IOS 12.4(9)T, 12.2(33)SRA, SB, SXI, IOS-XE 2.1, NX-OS 4.0Platforms: ASR 1000, x8xx ISRs, 37xx, Cat4k, Cat6k, 72xx, 73xx, 76xx, 10k, UC520, Nexus 7k

NETCONF Server

Retrieve the running config

GET-CONFIG

Response

What are NETCONF and XML PI ? – 2/2


Change the running config

Run a “show” command

EDIT-CONFIG

Response

GET

Response

<?xml version="1.0" encoding="UTF-8"?>

<rpc message-id="3"

xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<edit-config>

<target><running/></target>

<config>

<xml-config-data>

<Device-Configuration>

<ip>

<host>

<NameHost>

Request

Example: Edit the running config


<NameHost>

valhalla

</NameHost>

<HostIPAddress>

10.2.3.5

</HostIPAddress>

</host>

</ip>

</Device-Configuration>

</xml-config-data>

</config>

</edit-config>

</rpc>]]>]]>

<?xml version="1.0" encoding="UTF-8"?>

<rpc-reply message-id="3" xmlns="urn:ietf:params:netconf:base:1.0">

<ok/>

</rpc-reply>

Response

Using NETCONF over SSH step-by-step1. Configure SSH

router(config)# crypto key generate rsaThe name for the keys will be: router.yourdomain.com

Choose the size of the key modulus in the range of 360 to 2048 for your

General Purpose Keys. Choosing a key modulus greater than 512 may take

a few minutes.

How many bits in the modulus [512]:

% Generating 512 bit RSA keys, keys will be non-exportable...[OK]

router(config)# ip ssh version 2router(config)# ip ssh time-out 60


See:http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_cns_netconf.htmlhttp://www.cisco.com/en/US/docs/ios/12_2sr/12_2sra/feature/guide/srnetcon.htmlhttp://www.cisco.com/en/US/docs/ios/12_2sr/12_2srb/feature/guide/srbnetbe.html

2. Enable NETCONF over SSH:router(config)# netconf ssh acl 777router(config)# netconf lock-time 30router(config)# netconf max-sessions 5

Optional ACL

Default: 10 Seconds

3. Configure NETCONF payload format using *.ODM Spec Filesrouter(config)# netconf format flash:my-spec-file.odm

4. Configure Your NETCONF Client Application (XML Files see links below)

What about Applications II

Web Service Management Agents (WSMA)


Web Service Management Agents (WSMA)

Web Services Management Agents (WSMA)

Problem: There are CNS Agents in IOS and Config Engine to automate some typical zero-touch-deployment and maintenance scenarios. How can I automate other scenarios directly from my own Applications ?

Solution: Web Services Management Agents (WSMA) provides a standards-based, open API to embedded management Agents.

WSMA Application


See: http://tinyurl.com/wsma-in-150MAvailable from: IOS 12.4(24)TPlatforms: x8xx ISRs, 72xx, 73xx, UC520

API to embedded management Agents.

Phase I:

- Config Agent- Exec Agent- File System Agent- Notify Agent (Config Change Events)

Resp

on

seR

eq

uest

WSMA Engine + Agents

XM

L/S

OA

P

No

tificatio

n

WSMA – Architecture Phase I

WSMA Engine

XML / SOAPMessages

WSMA Transport

SSH HTTP HTTPS


Listeners Initiators

WSMA XMLSchema

WSMA Agents

ConfigAgent

ExecAgent

File SystemAgent

NotifyAgent

runningstartupconfig

execmode

file system

Using WSMA – step-by-step 1. Configure Desired WSMA Transport – HTTP, HTTPS or SSH v2:

router(config)# crypto key generate rsaThe name for the keys will be: router.yourdomain.com

Choose the size of the key modulus in the range of 360 to 2048 for your

General Purpose Keys. Choosing a key modulus greater than 512 may take

a few minutes.

How many bits in the modulus [512]:

% Generating 512 bit RSA keys, keys will be non-exportable...[OK]

router(config)# ip ssh version 2router(config)# ip ssh time-out 60

2. Enable WSMA Service Listener (WSSL):


See: http://tinyurl.com/wsma-in-150M and http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_cfg_wsma.html

2. Enable WSMA Service Listener (WSSL):

router(config)# wsma profile listener my-wsma-profilerouter((config-wsma-listen)# transport ssh subsys wsma

3. Enable WSMA Agent(s):

router(config)# wsma agent exec profile my-wsma-profile

4. Assign WSMA ID(s):

router(config)# wsma id ip-address fastethernet 0/0

Other Options:• hardware-serial• MAC Address• Hostname• string

5. If XML Formatted Exec Output is desired, deploy and use *.ODM Spec Files

How to pre-commission Routers

AutoInstall


AutoInstall

How to deal with new routers ...


IOS AutoInstall Feature consists of:

� Ethernet Interface up

� DHCP Client + Option 150

Combined with external

How to deal with new routers – Auto Install


Combined with external

� DHCP and TFTP Server

this enables a new router to

� automatically retrieve a default configuration

� without manual interaction via console cable or telnet

See: http://www.cisco.com/en/US/docs/ios/12_1t/12_1t5/feature/guide/dt_dhcpa.htmlAvailable from: IOS 12.1(5)T, IOS-XE 2.1.0Platforms: ASR 1000, x8xx ISR, x9xx ISR, 37xx, ME3400, ME4900, Cat4k, Cat6k, 76xx, 10k, UC520See also: Smart Install

Example: Automated Pre-Commissioning� Problem: How to automatically pre-commission a new Cisco ISR without manual intervention on the Console

� Solution: Use the AutoInstall Feature combined with an external DHCP and TFTP server

0. Power up the CPE andconnect to Ethernet


1. CPE sends DHCP Discover

2. DHCP Server replies with Offer

3. CPE sends DHCP Request

4. DHCP Server replies with option 150

5. CPE requests hostname-confgfile from TFTP

6. TFTP erver sends hostname-config file to CPE

� CPE is now pre-commissioned

Example: Automated Pre-CommissioningNE is connected to the Network

Reverse DNS successful?

NE gets network-config file from TFTP

NE gets an IP address via BOOTP, SLARP or DHCP

IP maps to hostname in

network-No

Default config file exists on

No No

What exactly happens in Step 5


NE attempts to gethostname-config or

hostname.cfg from TFTP

successful?

File exists on TFTP?

AutoInstallCompletes

copy run start

Yes

Yes

network-config file?

Yes

file exists on TFTP?

NE getsrouter-config or

router.cfg from TFTP

AutoInstallFails

AutoInstallCompletes

manual config completion

Yes

AutoInstallFails

No

Caveat: Combine Auto Install and SDM

Solution:

1. Order Router with no factory pre-config option:

2. Run AutoInstallEnsure commissioning includes SDM specific pre-config and downloaded SDM files:

Caveat: Routers ordered with Security Device Manager (SDM) arepre-configured, but AutoInstall only works on factory-default.


logging buffered 51200 warningsip http serverip http access-class 23ip http secure-serverip http authentication localip http timeout-policy idle 600 life 86400 requests 10000access-list 23 permit 10.10.10.0 0.0.0.7username username privilege 15 secret 0 passwordline vty 0 4access-class 23 inprivilege level 15login localtransport input telnettransport input telnet ssh

line vty 5 15access-class 23 inprivilege level 15login localtransport input telnettransport input telnet ssh

downloaded SDM files:

3. Run SDM

Automation and Large Scale

Zero-Touch Deployment


Zero-Touch Deployment

Typical Challenges:

• Large Scale- more than just a few 12 image updates- more than a few 100 config or file updates

• Robustness- unreliable / un-managed access- interruptions, outages

• Security

Sometimes we need to automate ...


• Security- authentication, privacy, - trust and skills of on-site staff- unknown hostnames / ip addresses

• Time- de-coupling of deployment and activation- many devices within small time window

• Cost- manual, skilled labour cost vs. automated solution

� Automate initial and partial configuration, image upgrades or distribution of files (any file, any place)

Zero-Touch Deployment Methods

MethodCisco IOS

Deployment AgentsExternal Mediation

ServerNotes

DOCSIS DOCSISCisco Broadband

Access Center (BAC)

For Cable Modem Access Only

Widely Standardized

TR-069 TR-069Cisco Broadband

Access Center (BAC)

For DSL Access

Standard Is Work in Progress with Currently Loose Definition, Check

Interop Test from Plugfest

Flexibility for Scenarios Not


Zero-Touch Deployment = Embedded Agents + External Mediation

EEMEmbedded Event

ManagerFTP, TFTP, SCP,…

Flexibility for Scenarios Not Covered by Any Other Method

Sometimes Used in Concert with Other Methods

Kron Kron and TCL FTP, TFTP, SCP,… When EEM Is Not Available

DHCP DHCPCisco Network

Registrar, TFTP

Agnostic of Access Technology

Partially Standardized, Multiple Options Used

CNS

CNS Config AgentCNS Image Agent

CNS Inventory AgentCNS Event Agent

Cisco Configuration Engine

Most Secure and Robust

Agnostic of Access Technology

Agnostic of IP Addressing

Example: Zero-Touch Deployment – 1/3

� Problem: A large number of Teleworker Routers have to be deployed. Access Technology and Service Provider vary; IP Addressing is not known in advance

� Solution: Pre-Configure Routers with a generic boostrap configThis config ensures initial IP connectivity, identifies the device and communicates back to Configuration Engine for appropriate config


Router # cns id hardware-serial

Router # cns config initial MyConfigEngine 80 event no-persist Router # cns id hardware-serial eventRouter # cns event MyConfigEngine 11011

Note: Many other options for ID exist and are often used insteadof hardware-serial:

CPE DHCP TFTP

1

3

CCE

DHCP Discover

DHCP Offer2

DHCP Request

4DHCP Ack - Option 150

TFTP Request:

bootstrap config

CNR 1. CPE sends DHCP Discover

2. DHCP Server replies with Offer

3. CPE sends DHCP Request

4. DHCP Server replies with option 150

5. CPE requests bootstrap-confg file via TFTP

6. TFTP server sends CPE bootstrap-config file

Wa

reh

ou

se



5 bootstrap config

6

TFTP Response:

bootstrap config

CNS Config Request (HTTPS)7

Object ID

Device ID

Read Temp.

Send Config11

12

13

Success/Fail

Event

Publish

Success/Fail

Event

LDAP

CE

FS

9

10

8

config file

⇒ CPE is shipped to Customer Site

⇒ Customer Order linked to CPE ID

Cu

sto

me

r P

rem

ise 7. CPE sends HTTP request to CNS-CE

8. CNS-CE verifies object ID

9. CNS-CE verifies Device ID

10. CNS-CE reads template from File System

11. CNS-CE sends Config(= template + parameters from LDAP)

12. Successful event

13. Publish success event


There are:

� Data- / Information Flow via the NMS Systems (left Hemisphere)

� Physical Flow (CPE) to the Branch Office or Customer Premise (right Hemisphere)

router(config)#cns id ?

Async Async interface


ZTD Automation uses:

� Separation to allow for Efficiency and Flexibility

� CNS Device ID and CNS Config ID to link the two Flows

Async Async interface

Auto-Template Auto-Template interface

BVI Bridge-Group Virtual Interface

CDMA-Ix CDMA Ix interface

CTunnel CTunnel interface

Dialer Dialer interface

FastEthernet FastEthernet IEEE 802.3

Group-Async Async Group interface

Lex Lex interface

Loopback Loopback interface

MFR Multilink Frame Relay bundle interface

Multilink Multilink-group interface

Port-channel Ethernet Channel of interfaces

Service-Engine cisco service engine module

Tunnel Tunnel interface

Vif PGM Multicast Host interface

Virtual-Dot11Radio Virtual dot11 interface

Virtual-PPP Virtual PPP interface

Virtual-Template Virtual Template interface

Virtual-TokenRing Virtual TokenRing

hardware-serial Use hardware serial number as unique ID

hostname Use hostname as unique ID

string Use an arbitrary string as the unique ID

udi Use the UDI as unique ID

vmi Virtual Multipoint Interface

When Designing Automation …


� Understand the bigger picture before automating individual Steps

� Best manual process may not be identical to best automated process

Agenda

Introduction

1 Command Line Interface (CLI) – The Basics

2 Command Line Interface (CLI) – More Advanced

3 Simple Scripting I – IOS.sh

4 Simple Scripting II – Tcl Scripting and CRON

5 How to trigger a Config Change – EEM

6 How to trigger upon a Config Change – EEM


6 How to trigger upon a Config Change – EEM

7 Managing Versions and Revisions – Archive, EASy Installer

8 Editing Files on the CLI – ed.tcl

9 Providing Interactive Menus on the CLI – EMM

10 What about Applications I – NETCONF and XML PI

11 What about Applications II – WSMA

12 How to pre-commission Routers – IOS AutoInstall

13 Automation and Large Scale – Zero Touch Deployment

Summary

Wrap-Up & Close

In Summary

� All ‘Configuration’ tasksare NOT equal

� There are a Range of Users / Applications with different configuration Skills and Needs


� It‘s not only about telnet and running-config

� Cisco IOS offers a plethora of configuration features to address the specific needs

Always choose the best fit

Q & A

References – Instrumentation

Device Manageability Instrumentation (DMI) www.cisco.com/go/instrumentation

� Embedded Event Manager (EEM): www.cisco.com/go/eem

� Cisco Beyond – EEM Community: www.cisco.com/go/ciscobeyond

� Embedded Menu Manager (EMM): http://tinyurl.com/emm-in-124t

� Embedded Packet Capture (EPC): www.cisco.com/go/epc

� Flexible NetFlow: www.cisco.com/go/netflow and www.cisco.com/go/fnf

� GOLD: http://www.cisco.com/en/US/products/ps7081/products_ios_protocol_group_home.html


� GOLD: http://www.cisco.com/en/US/products/ps7081/products_ios_protocol_group_home.html

� IPSLA (formerly SAA, formerly RTR): www.cisco.com/go/ipsla

� Network Analysis Module: http://www.cisco.com/go/nam

� Network Based Application Recognition (NBAR): www.cisco.com/go/nbar

� Security Device Manager (SDM): http://www.cisco.com/go/sdm

� Smart Call Home: www.cisco.com/go/smartcall

� Web Services Management Agents (WSMA): http://tinyurl.com/wsma-in-150M

� Feature Navigator: www.cisco.com/go/fn

� MIB Locator: www.cisco.com/go/mibs

Q & A

References – Embedded AutomationsEmbedded Automation Systems (EASy)

1. Browse and Download EASy Packageswww.cisco.com/go/easy

2. Make Sure to also download EASy Installer

3. Browse Other Embedded Automationswww.cisco.com/go/ciscobeyond


4. Learn About The Technology Under The Hoodwww.cisco.com/go/instrumentationwww.cisco.com/go/eemwww.cisco.com/go/pec

5. Discuss, Ask Questions, Suggest Answers supportforums.cisco.com

6. Upload your own Examples to CiscoBeyondwww.cisco.com/go/ciscobeyond

7. Engage via [email protected]

Questions ?


Meet the Engineer

To make the most of your time at Networkers at Cisco Live 2010, schedule a Face-to-Face Meeting with a top Cisco Engineers.

Designed to provide a "big picture" perspective as well as "in-depth" technology discussions, these face-to-face


"in-depth" technology discussions, these face-to-face meetings will provide fascinating dialogue and a wealth ofvaluable insights and ideas.

Visit the Meeting Centre reception desk located in the Meeting Centre in World of Solutions

Session ID Title Day

BRKNMS-2000 13 Smart ways to Configure your Cisco IOS Device Tue

BRKNMS-2421 Network Configuration and Compliance Management Tue

BRKNMS-2004 Management at work in the small and medium customer Tue

BRKNMS-2005 Managing Cisco Security Wed

BRKNMS-2001 Data Centre - Management End to End Wed

BRKNMS-2007 Deploying DHCP and DNS : Basic to Advanced Wed

BRKNMS-2008 Understanding the benefits of Ethernet OAM (E-OAM) Wed

BRKNMS-2009 UC Network Management: How to Ensure Your UC Services Are Operating as

Wed

Management and Operation Sessions


BRKNMS-2009 UC Network Management: How to Ensure Your UC Services Are Operating as Expected!

Wed

BRKNMS-2011 The economical impact of NMS/OSS features on Managed Services Wed

BRKNMS-2012 Cisco IOS Strategy and Evolution Wed

BRKNMS-3132 Advanced NetFlow Wed

BRKNMS-3003 Advanced Using CiscoWorks LMS to its full potential Thu

BRKNMS-2006 Performance Measurement for Critical IP traffic with IP SLAs Thu

BRKNMS-2361 Accounting and Performance Management with Network Based Application Recognition Thu

LABNMS-2001 Advanced Network Automation and Solutions using Cisco IOS EEM Tue + Thu

LABNMS-2005 Implementing Manageability and Embedded Automation Tue + Wed

Panel Large Scale Network Management Tue

Panel Cisco Software Activation Thu

BRKNMS-2000 Recommended Reading


Appendix I:Feature Availability


Note: The following information is provided in confidence and ‘as is’.

May include futures, subject to change; no commitments implied.

Embedded Management – SNMP Roadmap

Cisco IOS Software Platforms

Cisco 10000 Series

Cisco 7600

Series

Cisco 7500

Series

Cisco 7304

Router


Cisco Catalyst

6500 Series

Cisco Catalyst

4500 Series

Cisco 3750 & 2900

Series

ASR-1000

Cisco 800,

1800 & 2800

Series

12.2SB 12.2SR/ SX 12.2SB 12.2SB 12.2SB/SR 12.2SX/ SR 12.2SG 12.2SE12.2 XNA

M & T

Periodic MIB Data Collection and Transfer Mechanism

12.2(33)SB12.2(33)SR

A 12.2(22)S 12.2(33)SB 12.2(33)SRA

12.2(33)SXH

12.2(44)SG12.2(35)

SE112.2(33)

XNA12.3(2)T

VPN aware SNMP Infrastructure

12.2(33)SB 12.2(33)SR

A 12.2(22)S 12.2(33)SB 12.2(33)SRA

12.2(33)SXH

12.2(44)SG12.2(7th)

SE12.2(33)

XNA12.3(2)T

SNMP over IPv6 12.2(33)SB12.2(33)SR

B12.3(14)T

12.2(33)SB 12.2(33)SRB 12.2(33)SXI 12.2(44)SG12.2(44)S

E12.2(33)XNA

12.3(14)T

AES (RFC 3826) and 3DESEncryption for SNMP v3

12.2(33)SB12.2(33)SR

B12.2(33)SB 12.2(33)SRB 12.2(33)SXI 12.2(44)SG

12.2(7th)SE

12.2(33)XNA

12.4(2)T

ISSU - SNMP 12.2(33)SB12.2(33)SR

B112.2(33)SB

12.2(33)SRB1

12.2(33)SXI 12.2(44)SG12.2(33)

XNA


Interface MIB Enhancements 12.2(31)SB 12.2(33)SR

A 12.2(31)S

B 12.2(31)SB 12.2(33)SRA

12.2(33)SXH

12.2(44)SG12.2(33)XNA

CEF-MIB 12.2(33)SB12.2(33)SRC

12.2(31)SB

12.2(33)SB 12.2(33)SRC 12.2(44)SG12.2(TBD)

SE12.2(33)XNA

12.4(20)T

URPF-MIB 12.2(31)SB 12.2(33)SRC

12.2(31)SB

12.2(31)SB 12.2(33)SRC 12.2(44)SG12.2(TBD)

SE12.2(33)XNA

12.4(20)T

SNMP Infrastructure for MTR 12.2(33)SB12.2(33)SR

B12.2(33)SB 12.2(33)SRB

IP-TUNNEL-MIB 12.2(33)SB12.2(33)SR

B12.2(33)SB 12.2(33)SRB 12.2(44)SG

12.2(33)XNA

12.4(20)T

Interfaces MIB: SNMP context based access

12.2(33)SB12.2(33)SR

B12.2(33)SB 12.2(33)SRB 12.2(44)SG

12.2(7th)SE

12.2(33)XNA

CISCO-DATA-COLLECTION-MIB

12.2(33)SB12.2(33)SR

C12.2(33)SB 12.2(33)SRC 12.2(44)SG

12.2(TBD)SE

12.2(33)XNA

12.4(20)T

CISL - SNMP Support (Licensing MIB)

12.2(37)SE

12.4(20)T

SNMP secure Views 12.2(33)SB12.2(33)SR

A 12.2(22)S 12.2(33)SB 12.2(33)SRA

12.2(33)SXH

12.2(44)SG12.2(7th)

SE12.2(33)

XNA12.3(2)T

Shipping

Code Committed

EC’d

Embedded Management – SNMP Roadmap


Cisco 10000 Series

Cisco 7600

Series

Cisco 7500

Series

Cisco 7304

Router


Cisco Catalyst

6500 Series

Cisco Catalyst

4500 Series

Cisco 3750 & 2900

Series

ASR-1000

Cisco 800,

1800 & 2800

Series

12.2SB 12.2SR/ SX 12.2SB 12.2SB 12.2SB/SR 12.2SX/ SR 12.2SG 12.2SE12.2 XNA M & T

Alarm filtering support in Cisco-Entity-Alarm-MIB

12.2(33)SRB

12.2(33)SRB 12.2(33)SXI 12.2(44)SG12.(33)X

NA12.4(4)T

SNMP Trap Simulation12.2(33)SR

E12.2(33)SRE 12.2(33)SXI

RMON-MIB enhancement for 64 bit counter support

12.2(33)SRE

12.2(33)SRE 12.2(33)SXI

Support for HC-Alarm-MIB12.2(33)SR

E12.2(33)SRE 12.2(33)SXI

RFC2576: SNMP v1/v2cPDU conversions for proxy 12.3(2)T


PDU conversions for proxy forwarder

12.3(2)T

SCP, FTP & RCP Support in CISCO-CONFIG-COPY-MIB

12/3(2)T

FileType support in CISCO-FLASH-MIB

12.3(2)T

Event MIB and Expression MIB Enhancements

12.2(33)SRE

12.2(33)SRE12.2(1st)S

Y12.2(44)SG

12.4(20)T

Show Port Status Command

12.2(33)SRE

12.2(33)SRE 12.2(33)SXI

SNMP Diagnostic Enhancements

12.2(33)SRE

12.2(33)SRE 12.2(33)SY12.4(20)

T

SNMP Support for Cisco Power Extension

12.2(52) SG12.2(50)S

E

SNMP trap support for EEM12.4(22)

T

SNMP support for Named Access List

12.3(2)T

Licensing MIB Enhancement for STG

12.4(11)T

Embedded Management - Configuration


Cisco 10000 Series

Cisco 7600

Series

Cisco 7500

Series

Cisco 7304

Router

Cisco 7301 and

7200 Router

Cisco Catalyst

6500 Series

Cisco Catalyst

4500 Series

Cisco 3750 & 2900

Series

ASR-1000

Cisco 800, 1800 & 2800

Series


M & T

UDI Support and Configuration Enhancements

12.2(28)SB12.2(18)SX

E5 12.2(18)SX

E5 12.2(33)SR

C12.2(18)SX

E512.2(25)SE

C12.2(33)

XNA12.3(4)T

CNS Agents (Configuration Agent Event Agent, Image Agent)

12.2(33)SB12.2(33)SR

B12.2(31)SB

12.2(33)SB 12.2(31)SB 12.2(33)SXI12.2(44)S

G12.2(25)SE

E12.2(33)

XNA12.3(1)

Config Retrieve Retry 12.2(33)SB12.2(33)SR

C12.2(33)SB

12.2(33)SRC

12.2(1st)SY12.2(44)S

G12.2(44)SE

12.2(33)XNA

12.4(15)T

CNS Agents over IPv6 12.2(33)SB12.2(33)SR

C12.2(33)SR

C12.2(1st)SY

12.2(44)SG

12.2(33)XNA

12.4(20)T


C C G XNA

Netconf over SSHv2, BEEP 12.2(33)SB12.2(33)SR

A 12.2(33)SB

12.2(33)SRA

12.2(33)SXH

12.2(44)SG

12.2(33)XNA

12.4(9)T

Config Change Notification (Netconf)

12.2(33)SB12.2(33)SR

A 12.2(33)SB

12.2(33)SRA

12.2(33)SXH

12.2(44)SG

12.2(33)XNA

12.4(9)T

Netconf over IPv6 12.2(33)SB12.2(33)SR

C12.2(33)SB

12.2(33)SRC

12.2(1st)SY12.2(44)S

G12.2(33)

XNA12.4(20)T

Cisco Software Licensing 12.2(37)SE 12.4(20)T

CNS-Interactive CLI12.2(33)SR

C12.2(33)SR

C12.2(33)SXI

12.2(44)SG

12.2(33)XNA

Command scheduler Policy for system startup

12.2(33)SB12.2(33)SR

C12.2(33)SB

12.2(33)SRC

12.2(1st)SY12.2(44)S

G12.2(33)

XNA12.4(15)T

TR-69 agent, Ethernet LAN, Time, ATM, loopback, traceroute profiles, HTTP client API to close persistent conn.

12.4(20)T

Web Services Management Agent

Planning Planning 12.2(1st)SY Planning Planning Planning 12.4(24)T

Embedded Management – Infra - Transports


Cisco 10000 Series

Cisco 7600

Series

Cisco 7500

Series

Cisco 7304

Router


Cisco Catalyst

6500 Series

Cisco Catalyst

4500 Series

Cisco 3750 & 2900

Series

ASR-1000

Cisco 800, 1800

& 2800 Series


M & T

HTTPS - HTTP with SSL 3.0 12.2(33)SB12.2(33)SR

A NA 12.2(33)SB 12.2(33)SRA

12.2(33)SXH

12.2(44)SG12.2(25)S

E12.2(33)

XNA12.3(2)T

HTTP(S) USB Support For Content Delivery from USB Media; PAI enhancement; TACAC+ Accounting support

12.2(33)SB12.2(33)SR

CNA 12.2(33)SB 12.2(33)SRC

12.2(33)SXI

12.2(44)SG 12.4(15)T

HTTP IPv6 Support 12.2(33)SB12.2(33)SR

CNA 12.2(33)SB 12.2(33)SRC

12.2(1st)SY

12.2(44)SG12.2(44)S

E12.2(33)

XNA12.4(20)T


HTTP IPv6 Support 12.2(33)SBC

NA 12.2(33)SB 12.2(33)SRCY

12.2(44)SGE XNA

12.4(20)T

BEEP Infrastructure; IPV6 Support

12.2(33)SB12.2(33)SR

A NA 12.2(33)SB 12.2(33)SRA

12.2(33)SXH

12.2(44)SG12.2(7th)

SE12.2(33)

XNA12.4(4)T

SOAP IPv6 Support 12.2(33)SB12.2(33)SR

CNA 12.2(33)SB 12.2(33)SRC

12.2(1st)SY

12.2(44)SG12.2(7th)

SE12.2(33)

XNA12.4(20)T

Cisco IOS Scripting with TCL 12.2(33)SB12.2(33)SR

CNA 12.2(33)SB 12.2(33)SRC

12.2(33)SXH

12.2(44)SG12.2(TBD)

SE12.2(33)

XNA12.3(2)T

TCL SNMP MIB access 12.2(33)SB12.2(33)SR

CNA 12.2(33)SB 12.2(33)SRC

12.2(33)SXH

12.2(44)SG12.2(7th)

SE12.2(33)

XNA12.3(7)T

Signed TCL scripts NA 12.4(15)T

TCL over IPv6 12.2(33)SB12.2(33)SR

CNA 12.2(33)SB 12.2(33)SRC

12.2(1st)SY

12.2(44)SG12.2(7th)

SE12.2(33)

XNA12.4(20)T

HTTP Cookie support (RFC2965)

12.2(1st)SRE

12.4(20)T

HTTP Digest Authentication Support

12.4(20)T

Embedded Management – Config/Parser


Cisco 10000 Series

Cisco 7600

Series

Cisco 7500

Series

Cisco 7304

Router

Cisco 7301 and

7200 Routers

Cisco Catalyst

6500 Series

Cisco Catalyst

4500 Series

Cisco 3750 & 2900

Series

ASR-1000

Cisco 800, 1800

& 2800

Series

12.2SB 12.2SR/ SX 12.2SB 12.2SB 12.2SB/SR 12.2SX/ SR 12.2SG 12.2SE 12.2 XNA M & T

Configuration Replace and Configuration Rollback, including config versioning (archive) and timed rollback

12.2(33)SB12.2(33)SR

A12.2(25)S 12.2(33)SB

12.2(31)SB2

12.2(33)SXH 12.2(44)SG12.2(40)S

E12.2(33)XNA

12.3(7)T

Configuration Change Notification and Logging

12.2(33)SB12.2(33)SR

A12.2(25)S 12.2(33)SB 12.2(25)S 12.2(33)SXH 12.2(44)SG

12.2(25)SEC

12.2(33)XNA

12.3(4)T

Contextual Configuration Diff Utility

12.2(33)SB12.2(33)SR

A12.2(25)S 12.2(33)SB 12.2(33)SXH 12.2(44)SG

12.2(40)SE

12.2(33)XNA

12.3(4)T

Configuration Generation 12.2(33)SR 12.2(33)SR 12.2(33)XN 12.3(7)


Configuration Generation Performance Enhancement

12.2(33)SB12.2(33)SR

C12.2(25)S 12.2(33)SB

12.2(33)SRC

12.2(33)SXI 12.2(44)SG12.2(33)XN

A12.3(7)

T

Role-Based Access Control CLI commands

12.2(33)SB12.2(33)SR

B12.2(33)SB 12.2(33)SXI 12.2(44)SG

12.2(33)XNA

12.3(11)T

Configuration Partitioning 12.2(33)SB12.2(33)SR

B12.2(33)SB

12.2(33)SRB

12.2(33)SXI 12.2(44)SG12.2(7th)S

E12.2(33)XN

A

Configuration Rollback Confirmed Change

12.2(33)SB12.2(33)SR

C 12.2(33)SB

12.2(33)SRC

12.2(33)SXI 12.2(44)SG12.2(33)XN

A12.4(20

)T

IPv6 for Config Logger 12.2(33)SB12.2(33)SR

C12.2(33)SB

12.2(33)SRC

12.2(1st)SY 12.2(44)SG12.2(7th)S

E12.2(33)XN

A12.4(20

)T

Config Logger Persistency 12.2(33)SB12.2(33)SR

A12.2(33)SB 12.2(33)SXH 12.2(44)SG

12.2(33)XNA

12.4(11)T

Exclusive Configuration Change Access and Access Session Locking

12.2(33)SB12.2(33)SR

A 12.2(33)SB 12.2(33)SXH 12.2(44)SG

12.2(33)XNA

12.4(11)T

Config Change Tracking Identifier

12.2(33)SB12.2(33)SR

C12.2(33)SB

12.2(33)SRC

12.2(33)SXI 12.2(44)SG12.2(33)XN

A12.4(20

)T

XML Programmatic Interface w/TLS and Initiator

12.2(1st)SRE

12.2(1st)SRE

12.2(1st)SY 12.2(47)SG12.2(7th)S

E12.4(20

)T

EEM Version/Product Support Matrix

CISCO ACCESS ROUTERS - Current models

EEM Version

Cisco 800 Series

Cisco 1800 Series

Cisco 2800 Series

Cisco 3800 Series

Cisco 1900 Series

Cisco 2900 Series

Cisco 3900 Series

1.0 12.3(11)T 12.3(11)T 12.3(11)T

2.0

2.1 12.3(14)T1 12.3(14)T1 12.3(14)T1

2.1.5

2.2 12.4(2)T 12.4(2)T 12.4(2)T 12.4(2)T

2.3 12.4(11)T 12.4(11)T 12.4(11)T 12.4(11)T

2.4 12.4(20)T 12.4(20)T 12.4(20)T 12.4(20)T

3.0 12.4(22)T 12.4(22)T 12.4(22)T 12.4(22)T

3.1 15.0(1)M 15.0(1)M 15.0(1)M 15.0(1)M 15.0(1)M 15.0(1)M 15.0(1)M


3.1 15.0(1)M 15.0(1)M 15.0(1)M 15.0(1)M 15.0(1)M 15.0(1)M 15.0(1)M

3.2 15.1(3)T 15.1(3)T 15.1(3)T 15.1(3)T 15.1(3)T 15.1(3)T 15.1(3)T

3.4 Planning Planning Planning Planning Planning Planning Planning

CISCO ACCESS ROUTERS - Old models

EEM Version

Cisco 1700 Series

Cisco 2600 Series

Cisco 2600XM Series

Cisco 2691 Series

Cisco 3600 Series

Cisco 3700 Series

1.0 12.3(4)T 12.3(4)T 12.3(4)T 12.3(4)T

2.0

2.1 12.3(14)T1 12.3(14)T1 12.3(14)T1 12.3(14)T1 12.3(14)T1 12.3(14)T1

2.1.5

2.2 12.4(2)T 12.4(2)T 12.4(2)T 12.4(2)T 12.4(2)T 12.4(2)T

2.3 12.4(11)T 12.4(11)T 12.4(11)T 12.4(11)T 12.4(11)T 12.4(11)T

2.4

3.0

3.1

3.2

Shipping

EC

Planning

EEM Version/Product Support Matrix, cont.CISCO SERVICE AGGREGATION/CORE ROUTERS

EEM Version

Cisco ASR1000

Series

Cisco 7200 Series

Cisco 7301

Cisco 7304

Cisco 7600 Series

Cisco UBR

10000

Cisco UBR 7200

Cisco 12000 Series

Cisco XR 12000

CiscoCRS-1

Cisco ASR 9000

1.0 12.0(26)S

2.0 12.2(27)SBC FM FM FM

2.1 12.3(14)T1 12.3(14)T1 12.2(28)SB 12.2(18)SXF5 12.2(28)SB 12.2(28)SB FM FM FM

2.1.5 FM FM FM

2.2 12.4(2)T 12.4(2)T1 FM FM FM

2.3 2.1XE 12.4(11)T 12.2(33)SB 12.2(33)SB 12.2(33)SRB 12.2(33)SB 12.2(33)SB FM FM FM

2.4 12.2(33)XN RLS7 12.4(20)T 12.2(33)SRE 12.2(33)SRE 12.2(33)SRE 12.2(33)SRE 12.2(33)SRE FM FM FM

3.0 12.2(33)XN RLS7 12.4(22)T 12.2(33)SRE 12.2(33)SRE 12.2(33)SRE 12.2(33)SRE 12.2(33)SRE FM FM FM


3.1 Planning 15.0(1)M Planning Planning Planning Planning Planning Planning Planning Planning Planning

3.2 Planning 15.1(3)T Planning Planning Planning Planning Planning Planning Planning Planning Planning

3.4 Planning Planning Planning Planning Planning Planning Planning Planning Planning Planning Planning

CISCO CATALYST SWITCHES

EEM Version

Catalyst 3000 Switches

Cisco 3400ME Switches

Catalyst 4500

Switches

Catalyst 4900

Switches

Catalyst 6500

Switches1.0

2.0

2.1IOS w/o Modularity

12.2(18)SXF5

2.1.5w/ Modularity12.2(18)SXF4

2.2

2.3 12.2(40)SE 12.2(40)SE 12.2(44)SG 12.2(44)SG 12.2(33)SXH

2.4 12.2 (50) SE 12.2 (50) SE 12.2(52)SG 12.2(52)SG 12.2(33)SXI

3.0 12.2 (52) SE 12.2 (52) SESummer'10 (Zanzibar)

12.2 (1st)SY 12.2 (1st)SY


Planning Planning


Planning Planning

3.4 Planning Planning Planning Planning Planning

Shipping

EC

Planning

13 smartways to configure cisco device

Documents