13 Smart Automations To Configure Your Cisco IOS Network

13 Smart Automations to Configure Your Cisco IOS Network
BRKNMS-2464
Follow us on Twitter for real time updates of the event:
@ciscoliveeurope, #CLEUR
Housekeeping
We value your feedback- don't forget to complete your online session evaluations after each session & the Overall Conference Evaluation which will be available online from Thursday
Visit the World of Solutions and Meet the Engineer
Visit the Cisco Store to purchase your recommended readings

Please switch off your mobile phones After the event dont forget to visit Cisco Live Virtual: www.ciscolivevirtual.com Follow us on Twitter for real time updates of the event: @ciscoliveeurope, #CLEUR
BRKNMS-2464
2012 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Abstract
Is there too much manual configuration going on in your network? Have you ever accidentally locked yourself out of a remote device? Need to deploy a few hundred branch routers across the globe? Want to quickly apply maintenance config updates to a handful of devices running various different IOS releases? Your Cisco IOS Network provides a wealth of advanced device manageability instrumentation (DMI) and Embedded Automation Systems (EASy) to design and implement your own Network Automations. Learn how Network Automation allows you to automate manual tasks, better operate existing network services and even enable new and innovative networking solutions.
This Breakout Session uncovers embedded Network Automation capabilities you can use to interact with your network elements for the purpose of (re-)configuring them in a more effective, efficient and robust way. Network Automation fundamentals as well as the choice and use of appropriate practices are illustrated through a combination of presentation and best practice examples.
The topic is relevant for network planners and administrators, engineers and system integrators for both enterprises and service providers.
BRKNMS-2464 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
Welcome Aboard
This Session IS About: HOW to get Configuration into a Device
Automating Custom Behavior Inside the Network

Using Network Automation Based on Features Embedded within the Devices
Practical Examples
This Session Is NOT About: WHAT to configure on a Device An Introduction to NMS Concepts An In-Depth Session on One Single Feature Engineering Details of IOS NMS applications
Agenda
1 2 3 4 5 6 7 8 9 10 11
12
13
Network Automation An Analogy

Highly motivated individuals Full control over every single detail
Highly skilled and trained crew
Human brain in every control loop
Specialized distributed crew Reasonable control within boundaries
From: Detailed control by a single central authority Towards: Collaborative operations of a partially autonomic system
Not All Configuration Tasks are Equal

scripts and tools
scripts
network engineer
support staff
applications
*.mdf
*.tcl
config
IOS images
MOH & IVR files
xDM files
device groups
individual devices
large scale
BRKNMS-2464
Cisco Public
Not All Configuration Tasks are Equal Taxonomy
Deployment Commissioning
hostname pe-south ! enable password c ! mpls ip ! interface Loopbac ip address 10.10
Move physical network equipment into its operating location Make new network equipment ready for use and reachable by operations, NMS Configure a network element depending on its role and function in the network Configure portions of a network for the purpose of a specific user and/or service
Configuration
Provisioning Activation
Enable users to start using a service
BRKNMS-2464
Cisco Public
Focus
Command Line Interface I
The Basics
Command Line Interface I Interface Modes

Line Configuration Sub-Mode
router(config-line)#
Global Configuration Mode

router(config)# hostname ip route interface ...
Routing Configuration Sub-Mode

router(config-router)#
interface
Interface Configuration Sub-Mode

router(config-if)# shutdown ip address encapsulation ...
Running Configuration
...
Priviledged EXEC Mode

router#
show ping debug ... ROM Monitor
rommon # >
conf t
See: www.cisco.com/en/US/docs/ios/preface/usingios.html
do ..
...
User EXEC Mode

router>
show (limited) ping enable ...
Startup Configuration
enable
Diagnostic Boot (only on ASR)

router(diag)#
Config Register
10
Command Line Interface (CLI) Basics 1/2

A Series of usability features are available in IOS: Exec Commands from within Config Mode
(from 12.0(21)S, 12.2(8)T)
Issue Exec commands without leaving Config Mode

router# conf t router(config)# do copy run start Destination filename [startup-config]? Building configuration... [OK] router(config)#
Command Aliases
Pre-defines Aliases are available on the CLI
Custom Aliases can be defined per (Sub-)Mode
(from 10.3, 12.2(33)SRA)

router# show aliases Exec mode aliases: h help lo logout p ping r resume s show u undebug un undebug w where
router# conf t Enter configuration commands, one per line. End with CNTL/Z. router(config)# alias exec shib show ip interface brief router(config)# alias exec shru show running-config router(config)# alias exec shrb show running-config | begin router(config)# alias configure h hostname Router(config)# alias interface nsh no shutdown
Note: ROM Monitor also provides an alias command

11
Command Line Interface (CLI) Basics 2/2

Interface Ranges and Macros
Define Interface Ranges / Groups Apply Config to Interface Ranges / Groups
router(config)# interface range FastEthernet 1 - 3 router(config-if-range)# no shut
(from 12.1(5)T, 12.1(1)E, IOS XE 2.1)
Define and Use immediately
Consequtive Range
router(config)# define interface-range mylist FastEthernet 2 , FastEthernet 4 - 6 router(config)# interface range macro mylist router(config-if-range)# no shut
Define Once Use multiple times
Arbitrary Group
router(config)# interface range FastEthernet 5/1.1 FastEthernet 5/1.4 router(config-if-range)# encapsulation dot1Q 220 router(config-if-range)# no shut Works on
This will apply: VLAN ID 220 FastEthernet 5/1.1 VLAN ID 221 FastEthernet 5/1.2 VLAN ID 222 FastEthernet 5/1.3 VLAN ID 223 FastEthernet 5/1.4
Subinterfaces and VLAN Ranges too from 12.2(8)T
12
Features and CLI Syntax

Feature Navigator:
http://www.cisco.com/go/fn
3rd used tool on cisco.com 175000 hits per Q

Phase I update deployed in November 2012 fea-nav-help@cisco.com
Command Lookup Tool: http://tools.cisco.com/Support/CLILookup/

13
Command Line Interface II
More Basics
Son: Dad, why are there always 2 Pilots?
Dad: One has to prevent the other from doing stupid things
Son: Which one is doing the stupid things?
BRKNMS-2464
Cisco Public
15
CLI Safety and Quality Features

Contextual configuration diff utility
Compare any two configuration files
(from 12.3(4)T, 12.2(25)S)
Easily show differences between running and startup configuration
Config change logging and notification
(from 12.3(4)T, 12.2(25)S)
Tracks config commands entered per user, per session Notification sent indicating config change has taken placechanges can be retrieved via SNMP
Configuration replace and rollback
(from 12.3(7)T, 12.2(25)S)
Replace running config with any saved configuration (only the diffs are applied) to return to previous state Automatically save configs locally or off box Config Rollback Confirmed Change
(from 12.4(23)T, 12.2(33)S) (from 12.3(14)T, 12.2(25)S)
Configuration locking
Ensures exclusive configuration change access
16
Example: Config Rollback

Problem: critical config change to a remote router may result in loss of connectivity, requiring a reload
Solution: replace the running configuration with the latest good archive after two minutes unless the change made is confirmed
router# show archive There are currently 4 archive configurations saved. The next archive file will be named disk0:/config-archive-4 Archive # Name 0 1 disk0:/config-archive-1 2 disk0:/config-archive-2 3 disk0:/config-archive-3 <- Most Recent router# config replace disk0:/config-archive-3 time 120 : ... your Config Change work here ... : router# no config replace disk0:/config-archive-3
Available from: IOS 12.3(7)T, 12.2(25)S
17
Example: Config Revert

Problem: critical config change to a remote router may result in loss of connectivity, requiring a reload
Solution: revert the running configuration after two minutes unless the change made is confirmed
router# config terminal revert time 2 Rollback Confirmed Change: Backing up current running config to flash:bk-2 Enter configuration commands, one per line. End with CNTL/Z. : ... your Config Change work here ... : router# hostname oops oops(config)# end oops# Rollback Confirmed Change: Rollback will begin in one minute. Enter "configure confirm" if you wish to keep what you've configured oops# Rollback Confirmed Change: rolling to:flash:bk-2 Total number of passes: 1 Rollback Done router# Available from: IOS 12.4(23)T, 12.2(33)S
or
oops# config confirm oops#
18
Automated Staging I
Auto Install (AI)
?
20
Staging from Factory Default Auto Install

IOS Auto Install Feature consists of: Ethernet Interface up
DHCP Client + Option 150
Combined with external DHCP and TFTP Server
this enables a new router to
automatically retrieve a default configuration

without manual interaction via console cable or telnet
See: http://www.cisco.com/en/US/docs/ios/12_1t/12_1t5/feature/guide/dt_dhcpa.html Available from: IOS 12.1(5)T, IOS-XE 2.1.0 Platforms: ASR 1000, x8xx ISR, x9xx ISR, 37xx, ME3400, ME4900, Cat4k, Cat6k, 76xx, 10k, UC520 See also: Smart Install
21
Example: Automated Pre-Commissioning

Problem: How to automatically pre-commission a new Cisco ISR without manual intervention on the Console Solution: Use the AutoInstall Feature combined with an external DHCP and TFTP server
0.
1. 2. 3. 4. 5. 6.
Power up the CPE and connect to Ethernet

CPE sends DHCP Discover DHCP Server replies with Offer CPE sends DHCP Request DHCP Server replies with option 150 CPE requests hostname-confg file from TFTP TFTP erver sends hostnameconfig file to CPE
CPE is now pre-commissioned

22
Example: Automated Pre-Commissioning Customization

NE is connected to the Network NE gets an IP address via BOOTP, SLARP or DHCP NE gets networkconfig file from TFTP IP maps to hostname in networkconfig file?
Yes
What exactly happens in Step 5
Reverse DNS successful?

Yes
No
No
Default config file exists on TFTP?

Yes
No
NE attempts to get hostname-config or hostname.cfg from TFTP
NE gets router-config or router.cfg from TFTP
AutoInstall Fails
File exists on TFTP?

Yes
No
AutoInstall Completes
AutoInstall Fails
AutoInstall Completes
manual config completion
copy run start

23
Automated Staging II
Cisco Integrated Customization Service (CICS)
But I do not want to stage
BRKNMS-2464
Cisco Public
25
Cisco Integrated Customization Services (CICS) New Service from Cisco Open to all Cisco customers Tiered Service Integrated with Ordering Systems
Supported via Cisco Commerce Workspace (CCW) only

http://www.cisco.com/web/go/ccw http://www.cisco.com/web/services/ordering/downloads/cisco_commerce_workspace_vod.mp4
Helps customers
- reduce cost - increase operational efficiency
- rollout network services faster (time-to-market)

26
Cisco Integrated Customization Services (CICS)
Phase I : CICS Silver Level

Supports ISR G2 Platforms Up to 999 IOS Config File Templates per Customer New Templates to be qualified via test order of <= 3 devices
Templates can be attached to orders via CCW

- 1 Template can be associated with every major line in an order - A sales order can have multiple templates - Similar major line items can have different templates
Template management initially via existing CX interface, from mid-2012 onward also via CCW
27
Automated Remote Deployment
Zero-Touch Deployment (ZTD)
Telnet Router> Router> enable Router# conf t revert time 2 Router(config)#
?
29
BRKNMS-2464
Cisco Public
Traditional Rollout Challenges

Order Entry Order Decomposition Workflow / Ticketing CPE Shipment and pre-config Work Order
Logistics
Provisioning
specific CPE pre-configured for specific customer premise
IOIO
- Target Configlets
- Data and Physical flow interwoven - everything happens on the critical path - multiple manual interactions - no closed-loop feedback - inflexible logistics Robustness ? Authentication, privacy ?
Customer Premise Manual activation feedback
package slip
specific CPE to be delivered to specific customer premise
BRKNMS-2464
Cisco Public
30
Zero-Touch Deployment 1/4

Problem: A large number of remote Routers have to be deployed. Access Technology and Service Provider vary; IP Addressing is not known in advance; we want to automate for Scale Robustness Security and Confidentiality Time, Skills and Cost
Solution: Preconfigure Routers with a generic boostrap config via AutoInstall or CICS. This config ensures initial IP connectivity, identifies the device and communicates back to Configuration Engine for appropriate target config. Router# Router# Router# Router# cns cns cns cns id hardware-serial config initial MyConfigEngine 80 event no-persist id hardware-serial event event MyConfigEngine 11011
2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
BRKNMS-2464
31

Order Entry Order Decomposition Workflow / Ticketing Logistics CNR
DHCP / TFTP
bootsrap configs Provisioning
LDAP
IOIO
Config Config Engine Engine
BRKNMS-2464 2012 Cisco and/or its affiliates. All rights reserved.
Customer Premise
Cisco Public
32

Order Entry Order Decomposition Workflow / Ticketing Periodic bulk of CPE bootstrapped and taken on stock Logistics CNR
DHCP / TFTP
CPE Shipment Work Order
1c
- Standard Service Templates - Service Options (Sub-)Templates - Bespoke Customization Configlets
1a 1b
Provisioning
2c
LDAP
- de-coupling of Data and Physical flow - generic bootstrap config, bulk loaded - flexible logistics Linking: - CPE driven provisioning 3 Robustness, Transactionality - Order ID (= PIN) Authentication, Encryption - CNS Device ID (= HW Serial) Efficiency
- CNS/Device ID - Template References - Parameters
welcome letter with PIN
bootsrap configs
closest tour delivers any matching CPE
2a 4
Config Config Engine Engine
IOIO - Target Configlets
Customer Premise
generic package slip
33

CPE DHCP CNR
DHCP Discover
TFTP
CCE
1. 2.
CPE sends DHCP Discover DHCP Server replies with Offer
Warehouse
DHCP Offer
3.
2
CPE sends DHCP Request

DHCP Server replies with option 150 CPE requests bootstrap-confg file via TFTP TFTP server sends CPE bootstrapconfig file CPE is shipped to Customer Site Customer Order linked to CPE ID CPE sends HTTP request to CNS-CE CNS-CE verifies object ID CNS-CE verifies Device ID
4.
3
DHCP Request
5.
4
DHCP Ack - Option 150
6.
5
TFTP Request: bootstrap config TFTP Response: bootstrap config
8 9 10
LDAP
CNS Config Request (HTTPS) Object ID
Customer Premise
7. 8. 9.
Device ID Read Temp.
CE FS
10. CNS-CE reads template from File System

Send Config Success/Fail Event Publish Success/Fail Event
11
12 13
11. CNS-CE sends Config (= template + parameters from LDAP)
12. Successful event

13. Publish success event
Cisco Public
BRKNMS-2464
34

There are: Data- / Information Flow via the NMS Systems (left Hemisphere) Physical Flow (CPE) to the Branch Office or Customer Premise (right Hemisphere)
router(config)#cns id Async Auto-Template BVI CDMA-Ix CTunnel Dialer FastEthernet Group-Async Lex Loopback MFR Multilink Port-channel Service-Engine Tunnel Vif Virtual-Dot11Radio Virtual-PPP Virtual-Template Virtual-TokenRing hardware-serial hostname string udi vmi
BRKNMS-2464
? Async interface Auto-Template interface Bridge-Group Virtual Interface CDMA Ix interface CTunnel interface Dialer interface FastEthernet IEEE 802.3 Async Group interface Lex interface Loopback interface Multilink Frame Relay bundle interface Multilink-group interface Ethernet Channel of interfaces cisco service engine module Tunnel interface PGM Multicast Host interface Virtual dot11 interface Virtual PPP interface Virtual Template interface Virtual TokenRing Use hardware serial number as unique ID Use hostname as unique ID Use an arbitrary string as the unique ID Use the UDI as unique ID Virtual Multipoint Interface
ZTD Automation uses:
Separation to allow for Efficiency and Flexibility

CNS Device ID and CNS Config ID to link the two Flows
Cisco Public
35
Automated Branch/Campus Deployment
Smart Install (SI)
Aggregation Layer Access Layer
Switch Deployment Switch Replacement
?
37
BRKNMS-2464
Cisco Public
Smart Install
Smart Install provides deployment automations Automated Access Switch IOS Image and Config deployment from factory default configuration Automated Access Switch replacement and Image/Config restoration from factory default configuration Smart Install Director acts as a single management point for images and configuration of client switches.
Smart Install Director detects new switches, and identifies the correct Cisco IOS image and the configuration file for downloading. It can allocate an IP address and host name to a client.
On-demand group configuration and software image updates are available via the director too.
BRKNMS-2464
Cisco Public
38
Smart Install
DHCP Server
Central DHCP / TFTC Servers

TFTP Server
Director Aggregation Layer Access Layer
Smart Install Director on Aggregation Switch or Router

Smart Install Client Switches Grouping for ease of management
Client Switches
BRKNMS-2464
Cisco Public
39
For Your Reference
Smart Install Platform Support

Director Switches: 3750, 3750G, 3750v2, 3750E, 3560, 3560v2, 3560E, 3560G, 3750X, 3560X IOS Version 12.2.(53)SE or later, recommended 12.2.(55)SE3 or later
Director Routers: ISR G1: 1841, 2801, 2811, 2821, 2851, 3825, 3845 ISR G2: 1921, 1941, 2901, 2911, 2921, 2951, 3925, 3945, 3925E, 3945E, NM-16-ESW IOS Version 15.1.(3)T or later Client Switches: 3750, 3750v2, 3750E, 3750X, 3560, 3560v2 3560E, 3560X, 3560C 2960, 2960S, 2975, 2960G, 2960C NME-16ES-1G-P, SM-ES3SM-ES2-16-P 3560v2, 3750v2, Industrial Ethernet Series
BRKNMS-2464
Cisco Public
40
Smart Install Caveat VLAN 1 Requirement

Problem: Smart Install Client assumes VLAN 1 for initial connectivity, however best practice is to NOT use VLAN 1 for management.
Workaround: Reconfigure access port on Smart Install Director:

interface Port-channel101 description Connected to clientsw123 switchport switchport trunk encapsulation dot1q switchport trunk native vlan 4001 switchport trunk allowed vlan 2-17,4093 switchport mode trunk logging event link-status logging event bundle-status load-interval 30 carrier-delay msec 0 mls qos trust dscp hold-queue 2000 out interface Port-channel101 description Connected to clientsw123 switchport switchport trunk encapsulation dot1q switchport access vlan 4093 switchport trunk native vlan 4001 switchport trunk allowed vlan 2-17,4093 switchport mode trunk logging event link-status logging event bundle-status load-interval 30 carrier-delay msec 0 mls qos trust dscp hold-queue 2000 out
Since Client Switch doesnt have VTP configured in factory default, no VLAN mismatch will be reported Client Switch target config should provide consistency
41
Custom Scripting
IOS Shell (IOS.sh) and Tcl
IOS Shell
Problem: Sometimes we need more than what Interface ranges, Macros, Auto SmartPorts and other CLI features already offer.
But we may not want all the power and complexity of Tcl Scripting or Embedded Event Manager
Solution: Use IOS Shell (IOS.sh)
IOS Shell offers Environment Variables Pipe and Redirection Condition Testing Loops Built-in Functions Custom Function Definitions
Available from: IOS 12.2(52)SE
MY_VAR=value, %n | if []; then else fi show shell functions shell exec <function> function <name>(){}
IOS.sh # _
43
IOS Shell Example

The pre-built shell functions for Auto SmartPorts are a good starting point:
switch# show shell functions CISCO_AP_AUTO_SMARTPORT function CISCO_AP_AUTO_SMARTPORT () { if [[ $LINKUP -eq YES ]]; then conf t interface $INTERFACE macro description $TRIGGER switchport trunk encapsulation dot1q switchport trunk native vlan $NATIVE_VLAN switchport trunk allowed vlan ALL switchport mode trunk switchport nonegotiate auto qos voip trust mls qos trust cos exit end fi if [[ $LINKUP -eq NO ]]; then :
BRKNMS-2464
Cisco Public
44
Tool Command Language (Tcl)

Language resources found at: http://www.tcl.tk/ TCL 7.x has been in Cisco IOS since 1994 TCL 8.3.4 first released in Cisco IOS in 12.3(2)T and merged into 12.2(25)S Use 12.3(14)T or later for best results Signed TCL Scripts introduced in 12.4(15)T
Router#tclsh flash:/myfolder/myscript.tcl Router#tclsh Router(tcl)#source tftp://10.1.1.1/myscript.tcl Router(tcl)#puts "Hello There" Hello There Router(tcl)#ios_config "interface fa0/0" "description Main Uplink" Router(tcl)#exit Router#
See www.cisco.com/go/ciscobeyond www.cisco.com/go/eem www.cisco.com/go/easy
TCL Cisco IOS Extended Commands TCL Built In Command Cisco IOS Command
45
Configuration-based Events
Embedded Event Manager (EEM) I
Configuration-based Events EEM CLI Event Detector 1/2

Two Options: Syslog Event Detector upon any potential config change
CLI Event Detector upon specific CLI command

Asynchronous:
Trigger Policy and then execute CLI command Trigger Policy and skip CLI command
Synchronous:
Trigger Policy and execute/skip based on exit status
_exit_status == 0 _exit_status == 1 skip CLI command (default) execute CLI command
event [tag event-tag] cli pattern regular-expression {[default] [enter] [questionmark] [tab]} [sync {yes | no skip {yes | no}] [mode variable] [occurs num-occurrences] [period period-value] [maxrun maxruntime-number] Available from: EEM 2.1, integrated with XML PI from EEM 3.0 Cisco Public BRKNMS-2464 2012 Cisco and/or its affiliates. All rights reserved.
47
Configuration-based Events EEM CLI Event Detector 2/2

Problem: VLAN 380 should not be accidentally removed from a trunk Solution: use EEM CLI Event Detector:
Option a: Dont prevent anything, just issue a syslog notification:
event manager applet cli-async event cli pattern "switchport trunk allowed vlan remove.*380.*" sync no skip no action 1.0 syslog msg "Removing VLAN 380"
Other Examples: no mpls ip no router isis debug all
Option b: Prevent the entire command and issue a syslog notification:

event manager applet cli-async-skip event cli pattern "switchport trunk allowed vlan remove.*380.*" sync no skip yes action 1.0 syslog msg "Will NOT remove VLAN 380"
Option c: Ask for confirmation, then allow or prevent the entire command:
event manager applet cli-sync event cli pattern "switchport trunk allowed vlan remove.*380.*" sync yes action 1.0 puts "Confirm removing VLAN 380 [yes|no]:" action 2.0 gets response action 3.0 if $response eq yes goto 5.0 action 4.0 puts "NOK - VLAN 380 will NOT be removed" action 4.1 exit 0 action 5.0 puts "OK - VLAN 380 will be removed" action 5.1 exit 1
Caveat: command may be (much) bigger than what you match! Ranges!
48
Embedded Event Manager (EEM) 1/3

*Not all available in all releases
Applets IOS.sh Policies TCL Policies
3. An EEM Policy is activated that initiates a predefined set of actions
Policy
Embedded Event Manager

Event Detector
2. An EEM Event Detector receives notification
1. Something happens on the Event to trigger
causing an
BRKNMS-2464
Cisco Public
49
Syslog
email notification
SNMP set Counter
SNMP get
SNMP notification
Reload or switch-over
Application specific
CLI Applets
IOS.sh Policies
TCL Policies
Actions
EEM Applets multi-event-correlation
Embedded Event Manager
Event Detectors
Syslog ED SNMP EDs Timer EDs none ED HW EDs Watchdog ED
Interface Counter ED
XML CLI OIR ERM EOT RF GOLD RPC ED ED ED ED ED ED ED
NetFlow ED
IPSLA Route ED ED
CDP LLDP ED
802.1x ED
MAC ED
Remote: Notification Syslog Local: Event Notification Get/Set
Cron Count down
Fan Temp Env ...
Process Scheduler Database
Interface Descriptor Blocks
BRKNMS-2464
Cisco Public
50
CLI Applets
Part of the Cisco IOS Configuration
Based on CLI Commands Simple Actions Programmatic Applet Extensions
IOS.sh Policies
Separate ASCII File my-policy.sh
Based on Cisco IOS CLI and Shell Commands Effective shell-like simple scripting Registered via the Cisco IOS Config
TCL Policies
Separate ASCII File my-policy.tcl
Based on Cisco IOS CLI and Safe TCL Commands Flexible and powerful scripting capabilities Registered via the Cisco IOS Config
BRKNMS-2464
Cisco Public
51
Event-based Configurations
Embedded Event Manager (EEM) II
Event-based Configurations Example EEM Layer 2 1/2

Pre-built port configuration templates for various devices simplify user experience and minimize configuration error Automatic event detection (CDP/LLDP/MAC) triggers auto configuration Authentication (802.1x, MAB) and authorization can be conducted before port configuration applied Automatic notification can be sent to NMS system to help with asset tracking Plug-n-play device deployment lowers overall management cost
802.1x CDP MAC Addr
LLDP
NMS station
BRKNMS-2464
Cisco Public
Radius Server
53
Event-based Configurations Example EEM Layer 2 2/2

Auto SmartPorts are powered by EEM When a printer is added to the network, use an EEM applet to create a new ASP event
event manager applet dectect-printer event neighbor-discovery interface regexp FastEthernet.* cdp add action 001 regexp ".*LasterJet.*" "$_nd_cdp_platform" action 002 if $_regexp_result eq 1 action 003 cli command "enable" action 004 cli command "config t" action 005 cli command "interface $_nd_local_intf_name" action 006 cli command "switchport access vlan $printer_vlan" action 007 cli command "switchport mode access" action 008 cli command "switchport port-security" action 009 cli command "switchport port-security violation restrict" action 010 cli command "switchport port-security aging time 2" action 011 cli command "switchport port-security aging type inactivity" action 012 cli command "spanning-tree portfast" action 013 cli command "spanning-tree bpduguard enable" action 014 cli command "end" action 015 syslog msg "New printer added: $_nd_cdp_entry_name , type: $_nd_cdp_platform" action 016 end
BRKNMS-2464
Cisco Public
54
Event-based Configurations Example Custom Failover

Problem: Upon a standby ASA deciding to become active, we want to force full cluster failover by shutting down all ASA-facing interfaces on the other clusters switch.
2 shut ASA intf
1 ASA active 2 shut ASA intf
Solution: use EEM SNMP Event Detector

::cisco::eem::event_register_snmp_notification oid 1.3.6.1.4.1.9.9.41.1.2.3.1.5.0 oid_val 0 op ne
On active cluster switches If we are in HSRP Active state && sender is a secondary ASA going to active { For each ASA-facing interface { shut } }
55
Editing Files on IOS
The ed Editor
Editing ASCII Files ed

Problem: Often ASCII files are being used when using Device Manageability Instrumentation in IOS:
Tcl scripts and EEM Tcl Policies EMM Menu Definition Files Config Templates and other text files
During Development and Test it would be useful to be able to edit these files directly from IOS. But: IOS does not include an ASCII Editor ...
Solution: Use a Tcl implementation of an Editor in IOS

The GNU <ed> editor is a very simple, line-based editor available as Tcl implementation
see: http://en.wikipedia.org/wiki/Ed_(Unix) see: http://www.gnu.org/software/ed/ed.html
57
Editing ASCII Files ed.tcl on IOS

1. Copy ed.tcl and a simple test file to the flash: router# show flash : 8 27091 Nov 19 2008 10:51:26 ed.tcl 9 68 Nov 19 2008 11:00:12 testfile.txt 2. Define an Alias for simplicity: router(config)# alias exec ed tclsh flash:/ed.tcl 3. Edit the file using ed: router# ed flash:/testfile.txt 65 1,$p print lines 1 to last 1,$p line one of the test file line two of the test file another line ,p print all lines ,p line one of the test file line two of the test file another line ,n numbered print all lines ,n 1 line one of the test file 2 line two of the test file 3 another line
a a add lines and here are yet another two lines . . end adding ,n 1 line one of the test file 2 line two of the test file 3 another line 4 and here are 5 yet another two lines w 99 w write file q router# q quit
Available from www.cisco.com/go/ciscobeyond (http://tinyurl.com/ed-4-ios)

58
Custom Menus on the CLI
Embedded Menu Manager (EMM)
Embedded Menu Manager (EMM)

Programmable Menu Framework Custom ASCII Menus XML based Menu Definition Files (MDF) Range / Type Checking TCL Scripting Actions
Nested and Sequential Menus (Wizards)

================================================================================ Branch Router Operations Menu on branch-99 Enter ? for help or ?# for item help -------------------------------------------------------------------------------1. Install Diagnostic Scripts 2. Change Hostname 3. Run CPU Diagnostic Script 4. Check for most recent EEM Policy Files 5. Run WAN Diagnostic Script 6. Instant World Peace 7. Exit Enter selection [6]:
Available from: IOS 12.4(20)T See: http://tinyurl.com/emm-in-124t

https://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_emm_ps6441_TSD_Products_Configuration_Guide_Chapter.html Cisco Public BRKNMS-2464 2012 Cisco and/or its affiliates. All rights reserved. 60
EMM Menu Definition File Example 1/2

Menu name and required <?xml version="1.0"?> schema version <Menu MenuName="NMS" schemaVersion="1.1"> <MenuTitle> <EmbTCLValue> <TCLCommand> return " Branch Router Operations Menu on [hostname]" </TCLCommand> Title can be constant or generated </EmbTCLValue> with Tcl </MenuTitle> <HelpString> <Constant String="View and modify some common Network Management configuration parameters"/> The menu and each item can have </HelpString> its own help text <GlobalTCL> <TCLCommand> proc get_config { regex } { set config [exec "show run | inc $regex"] return $config } </TCLCommand> </GlobalTCL> Optional global Tcl section to store procs : used throughout menu :
61
EMM Menu Definition File Example 2/2

From simple menu choices to complete customized wizards
: : <Item ContinuePrompt="true" ItemJustification="LEFT"> <ItemTitle> <Constant String=Change Hostname" /> </ItemTitle> <HelpString> <Constant String="This selection lets you type a new hostname" /> </HelpString> <Wizard> <QueryPrompt> <Constant String="What hostname do you suggest?" /> </QueryPrompt> <FreeForm /> </Wizard> <IOSConfigCommand> "hostname $r(1)" </IOSConfigCommand> : :
BRKNMS-2464
Cisco Public
62
Custom Menus via HTTP
EASy HTTx Package
Extensible HTTP Server in IOS 1/2

Problem: Sometimes we may event want to (or need to) provide a webbased custom interaction with IOS
Solution: Customize the EASy HTTx Package which provides an extensible HTTP Server running on IOS
c1812-easy# c1812-easy# httx-start

*Jan *Jan *Jan :
6 11:02:44.649: %HA_EM-6-LOG: no_easy_httx_start.tcl: Accepting connection from 10.55.14 6 11:02:44.669: %HA_EM-6-LOG: no_easy_httx_start.tcl: "GET flash:/easy/easy-httx_public/ 6 11:02:44.825: %HA_EM-6-LOG: no_easy_httx_start.tcl: Accepting connection from 10.55.14
c1812-easy# c1812-easy#httx-stop
*Jan *Jan *Jan
BRKNMS-2464
6 11:11:31.129: %HA_EM-6-LOG: no_easy_httx_stop.tcl: Stopping the EASy httx server ... 6 11:11:34.017: %HA_EM-6-LOG: no_easy_httx_stop.tcl: ... EASy httx server stopped. 6 11:11:34.073: %SYS-5-CONFIG_I: Configured from console by vty1 Cisco Public 2012 Cisco and/or its affiliates. All rights reserved. 64
Extensible HTTP Server in IOS 2/2

Embedded Automation Systems (EASy)
HTTx EASy Package Provides: Interactive Installation Light-weight HTTP Server in Tcl Ability to trigger Tcl scripts on IOS Extensible Framework
To use the Package: 1. Browse and Download HTTx EASy Package www.cisco.com/go/easy
2.
3. 4. 5.
BRKNMS-2464
Make Sure to also download EASy Installer

Watch VOD and/or read documentation www.cisco.com/go/easy Customize and tailor to your needs Install and Use
Cisco Public
65
Packaging Embedded Automations
EASy Packages and EASy Installer
Packaging Network Automations Cisco EASy 1/3

Problem: Cisco IOS Embedded Automation Systems often include multiple configuration items, files, checks and procedures.
Solution: Cisco EASy provides a simple packaging mechanism and open-source EASy Installer. A developer guide is available online to assist with the creation of EASy packages.
Package Description Pre-Requisite Verification Pre-Installation Config Pre-Installation Exec Environment Variables Configuration Files Post-Requisite Verification Post-Installation Config Post-Installation Exec Uninstall
EASy Installer
Menu Guided Installation
+
MyPackage.tar
Router# easy-installer tftp://10.1.1.1/mypackage.tar flash:/easy ----------------------------------------------------------------Configure and Install EASy Package mypackage -1.03' ----------------------------------------------------------------1. Display Package Description 2. Configure Package Parameters 3. Deploy Package Policies 4. Exit Enter option: 2
See: http://www.cisco.com/go/easy EASy Package guide: http://tools.cisco.com/squish/cEAe3

67

Community initiative driving development of innovative solutions using embedded automation technologies Virtual team formed by embedded automation experts from different groups in Cisco
Provides packaged solutions built with EEM and related technologies available for free download
15 EASy solutions available now covering 5 categories, including network management, high availability, security, diagnostics and config automation and growing
www.cisco.com/go/easy
ask-easy@cisco.com
BRKNMS-2464
Cisco Public
68
For Your Reference

1. Browse and Download EASy Packages www.cisco.com/go/easy Make Sure to also download EASy Installer Browse Other Embedded Automations www.cisco.com/go/ciscobeyond Learn About The Technology Under The Hood www.cisco.com/go/instrumentation www.cisco.com/go/eem www.cisco.com/go/pec Discuss, Ask Questions, Suggest Answers supportforums.cisco.com supportforums.cisco.mobi Upload your own Examples to CiscoBeyond www.cisco.com/go/ciscobeyond Engage via ask-easy@cisco.com
2. 3.
4.
5.
6.
7.
BRKNMS-2464
Cisco Public
69
In Summary
Recap
1 2 3 4 5 6 7 8 9 10 11 Command Line Interface I Basics Command Line Interface II More Basics Automated Staging I Auto Install Automated Staging II Cisco Integrated Customization Service (CICS) Automated Remote Deployment Zero-Touch Deployment Automated Branch/Campus Deployment Smart Install Custom Scripting IOS.sh and Tcl Scripting Configuration-based Events Embedded Event Manager (EEM) I Event-based Configurations Embedded Event Manager (EEM) II Editing Files on IOS The ed Editor Custom Menus on the CLI Embedded Menu Manager (EMM)
12
13
Custom Menus via HTTP EASy HTTx Package

Packaging Embedded Automation Systems EASy
71
References
For Your Reference
References Instrumentation
Device Manageability Instrumentation (DMI) www.cisco.com/go/instrumentation
Embedded Event Manager (EEM): www.cisco.com/go/eem Cisco Beyond EEM Community: www.cisco.com/go/ciscobeyond Embedded Menu Manager (EMM): http://tinyurl.com/emm-in-124t Embedded Packet Capture (EPC): www.cisco.com/go/epc Flexible NetFlow: www.cisco.com/go/netflow and www.cisco.com/go/fnf GOLD: http://www.cisco.com/en/US/products/ps7081/products_ios_protocol_group_home.html IPSLA (formerly SAA, formerly RTR): www.cisco.com/go/ipsla Network Analysis Module: http://www.cisco.com/go/nam Network Based Application Recognition (NBAR): www.cisco.com/go/nbar Security Device Manager (SDM): http://www.cisco.com/go/sdm Smart Call Home: www.cisco.com/go/smartcall Web Services Management Agents (WSMA): http://tinyurl.com/wsma-in-150M Cisco Configuration Engine (CCE): www.cisco.com/go/ciscoce
Feature Navigator: www.cisco.com/go/fn

MIB Locator: www.cisco.com/go/mibs
73
For Your Reference
Network Management @ CiscoLive Europe 2012
Session ID
BRKNMS-2006 BRKNMS-2841 BRKNMS-2464 BRKNMS-3134 BRKNMS-2005 BRKNMS-2009 BRKNMS-3133 BRKNMS-2465 BRKNMS-2847 BRKNMS-2466 BRKNMS-2842 BRKNMS-2943 BRKNMS-3135 BRKNMS-2031 BRKNMS-2846 BRKNMS-2659 BRKNMS-2844 BRKNMS-3999 BRKNMS-2845
Title
Manage and Optimize IT Energy Usage with Cisco EnergyWise Enterprise Network Device Administration with TACACS+ 13 Smart Automations to Configure Your Cisco IOS Network Advanced NetFlow DataCenter & Virtualization Management Overview Simplify the Deployment of Cisco Platforms and Technologies Advanced - Using the UCS XML API 13 Smart Automations to Monitor Your Cisco IOS Network Ethernet OAM - Technical Overview and Deployment Scenarios 13 Smart Automations to Troubleshoot Your Cisco IOS Network Managing Network Performance in WAAS Environments Smart Services for Business Video - Turning Vision into Reality Advanced - Application Visibility and Performance in Cisco devices with Network Based Application Recognition (NBAR) SYSLOG Design, Methodology and Best Practices Paket Transport and its Management Cloud Automation A walkthrough over Service Management Using a Network Hypervisor to Automatically Create End to End Topologies Network Containers in a Multi-Tenant Data Center Best Network Mgmt Practice in Cisco Device Instrumentation: what (not) to do?
Day
Tuesday Tuesday Tuesday Tuesday Wednesday Wednesday Wednesday Wednesday Wednesday Wednesday Wednesday Thursday Thursday Thursday Thursday Friday Friday Friday Friday
Start Time
2012-01-31 11:15:00 2012-01-31 11:15:00 2012-01-31 15:45:00 2012-01-31 15:45:00 2012-02-01 09:00:00 2012-02-01 09:00:00 2012-02-01 09:00:00 2012-02-01 13:30:00 2012-02-01 13:30:00 2012-02-01 16:00:00 2012-02-01 16:00:00 2012-02-02 09:00:00 2012-02-02 09:00:00 2012-02-02 16:00:00 2012-02-02 16:00:00 2012-02-03 09:00:00 2012-02-03 09:00:00 2012-02-03 09:00:00 2012-02-03 11:00:00
BRKNMS-2464
Cisco Public
74
For Your Reference
Network Automation @ CiscoLive Europe 2012
Session
Title
Format
BRKCRS-2437 Incorporating Intelligent Access at the Campus Edge BRKIPM-2090 Implementing Network Automations BRKNMS-2464 13 Smart Automations to Configure Your Cisco IOS Network BRKNMS-2465 13 Smart Automations to Monitor Your Cisco IOS Network BRKNMS-2466 13 Smart Automations to Troubleshoot Your Cisco IOS Network LABNMS-1262 Implementing Network Automation Module 0 - Basics LABNMS-1263 Implementing Network Automation Module 1- Planning LABNMS-1264 Implementing Network Automation Module 2 - Deployment LABNMS-1265 Implementing Network Automation Module 3 - Monitoring LABNMS-1266 Implementing Network Automation Module 4 - Troubleshooting LABNMS-1422 Network Automation Solutions using Cisco IOS EEM TECNMS-3601 Advanced Network Automation BRKCDN-1114 Building Innovative Solutions with IOS Embedded Automation
BRKNMS-2464 2012 Cisco and/or its affiliates. All rights reserved.
Technical Breakout Technical Breakout Technical Breakout Technical Breakout Technical Breakout Lab: Walk in Lab: Walk in Lab: Walk in Lab: Walk in Lab: Walk in Lab: Walk in Technical Seminar Technical Breakout
Cisco Public
1. Navigate to http://bit.ly/cSMV3N 2. Search for Network Automation
3. Join us and Enjoy !
LABNMS-2001 Advanced Network Automation and Solutions using Cisco IOS EEM Lab: Instructor Led
75
For Your Reference
Network Automation Hands-On Lab
Join us in the Lab

At CiscoLive: 1. 2. Walk up to the WISP Labs Book a seat for: LABNMS-1262 ... LABNMS-1266 Implementing Network Automation - Mobule 0 - Basics - Module 1 - Planning - Module 2 - Deployment - Module 3 - Monitoring - Module 4 - Troubleshooting
Partners any time via PEC:

1.
%Network Automation%
Navigate to http://www.cisco.com/go/pec Click on >Launch Search for %Network Automation%
2. 3.
4.
Enjoy !
76
For Your Reference
Embedded Automation Systems (EASy)

1. Browse and Download EASy Packages www.cisco.com/go/easy Make Sure to also download EASy Installer Browse Other Embedded Automations www.cisco.com/go/ciscobeyond Learn About The Technology Under The Hood www.cisco.com/go/instrumentation www.cisco.com/go/eem www.cisco.com/go/pec Discuss, Ask Questions, Suggest Answers supportforums.cisco.com supportforums.cisco.mobi Upload your own Examples to CiscoBeyond www.cisco.com/go/ciscobeyond Engage via ask-easy@cisco.com
2. 3.
4.
5.
6.
7.
BRKNMS-2464
Cisco Public
77
For Your Reference
CiscoBeyond Has A New Home Script repository

Over 130+ open source scripts, learn by example
Discussion forums
Ask questions, get answers
Video tutorials
Coming soon!
Cast your vote!

Which scripting language would you like to see supported in the future?
http://www.cisco.com/go/ciscobeyond
78
Recommended Reading
Please visit the Cisco Store for suitable reading.
Conclusion
Not all Configuration Tasks are Equal
Network Automation
is a Paradigm Change offers opportunities far beyond OPEX savings is EASy to adopt now
How will You use Network Automation?

80
Please complete your Session Survey

We value your feedback
Don't forget to complete your online session evaluations after each session. Complete 4 session evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt Surveys can be found on the Attendee Website at www.ciscolivelondon.com/onsite which can also be accessed through the screens at the Communication Stations Or use the Cisco Live Mobile App to complete the surveys from your phone, download the app at www.ciscolivelondon.com/connect/mobile/app.html
1. Scan the QR code (Go to http://tinyurl.com/qrmelist for QR code reader software, alternatively type in the access URL above) 2. Download the app or access the mobile site 3. Log in to complete and submit the evaluations
http://m.cisco.com/mat/cleu12/
81
BRKNMS-2464
Cisco Public
82
Thank you.
BRKNMS-2464
Cisco Public
83

13 Smart Automations To Configure Your Cisco IOS Network

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

13 Smart Automations To Configure Your Cisco IOS Network

Încărcat de

Drepturi de autor:

Formate disponibile

13 Smart Automations to Configure Your Cisco IOS Network

Follow us on Twitter for real time updates of the event:

Visit the Cisco Store to purchase your recommended readings

2012 Cisco and/or its affiliates. All rights reserved.

Automating Custom Behavior Inside the Network

Network Automation An Analogy

Highly skilled and trained crew

Human brain in every control loop

Specialized distributed crew Reasonable control within boundaries

Not All Configuration Tasks are Equal

MOH & IVR files

2012 Cisco and/or its affiliates. All rights reserved.

Not All Configuration Tasks are Equal Taxonomy

Enable users to start using a service

2012 Cisco and/or its affiliates. All rights reserved.

Command Line Interface I

Command Line Interface I Interface Modes

Global Configuration Mode

Routing Configuration Sub-Mode

Interface Configuration Sub-Mode

Priviledged EXEC Mode

User EXEC Mode

Diagnostic Boot (only on ASR)

Command Line Interface (CLI) Basics 1/2

Issue Exec commands without leaving Config Mode

(from 10.3, 12.2(33)SRA)

Note: ROM Monitor also provides an alias command

Command Line Interface (CLI) Basics 2/2

(from 12.1(5)T, 12.1(1)E, IOS XE 2.1)

Define and Use immediately

Define Once Use multiple times

Subinterfaces and VLAN Ranges too from 12.2(8)T

Features and CLI Syntax

3rd used tool on cisco.com 175000 hits per Q

Command Lookup Tool: http://tools.cisco.com/Support/CLILookup/

Command Line Interface II

Son: Dad, why are there always 2 Pilots?

2012 Cisco and/or its affiliates. All rights reserved.

CLI Safety and Quality Features

Easily show differences between running and startup configuration

Config change logging and notification

(from 12.3(4)T, 12.2(25)S)

Configuration replace and rollback

(from 12.3(7)T, 12.2(25)S)

Example: Config Rollback

Example: Config Revert

oops# config confirm oops#

Auto Install (AI)

Staging from Factory Default Auto Install

DHCP Client + Option 150

Combined with external DHCP and TFTP Server

this enables a new router to

automatically retrieve a default configuration

Example: Automated Pre-Commissioning

Power up the CPE and connect to Ethernet

CPE is now pre-commissioned

Example: Automated Pre-Commissioning Customization

What exactly happens in Step 5

Reverse DNS successful?

Default config file exists on TFTP?

NE attempts to get hostname-config or hostname.cfg from TFTP

NE gets router-config or router.cfg from TFTP

File exists on TFTP?