Professional Documents
Culture Documents
UPDATE: I have received numerous submissions and currently in the process of reviewing Submit
them. I’m going to extend the deadline until Wednesday (2012-01-18). At that time all people
who submitted working solutions will be awarded 100 tokens! Tw eet
Categories
Select Category
Recently I have been working with a large enterprise customer that is looking to implement a new change control
policy. The main goal of the policy is to be able to track who is making changes to devices in the network, and
specifically what those changes are. As opposed to using a full blown network management suite to do this for
them, I suggested a simple solution of using TACACS for exec and command accounting (all devices are Cisco),
and EEM scripting along with a TFTP server for tracking the actual configuration changes in case they need to roll
back to a well-known good working config. The final result worked out very well, and I thought it would make a
good CCIE level challenge as well.
So here is the challenge – write an EEM script to manage change control in the network as follows. The first
person to submit a working script will win 100 rack rental tokens valid for any rack rental or mock lab
session.
Every time a user makes a change to the configuration, the router should automatically TFTP its running
configuration to the TFTP server 10.0.0.1 using the following naming convention:
HOSTNAME.YYYY-MM-DD.HHhMMmSSs.ADMIN_NAME.working.cfg
This ensures that if a change is made to the network but not actually saved to NVRAM, and there is a device
crash, you can recover the last working running config of the device. Also this naming format tells you when
exactly the change was made and by who. Remember that the router always generates a %SYS-5-CONFIG log
message when a change is made. So for example suppose the following change was made:
EDGE-ROUTER-1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
EDGE-ROUTER-1(config)#int lo1234
EDGE-ROUTER-1(config-if)#shutdown
EDGE-ROUTER-1(config-if)#
*Jan 11 19:05:49.694: %LINK-5-CHANGED: Interface Loopback1234, changed state to administratively down
*Jan 11 19:05:50.694: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1234, changed state to
down
EDGE-ROUTER-1(config-if)#end
EDGE-ROUTER-1#
*Jan 11 19:05:59.054: %SYS-5-CONFIG_I: Configured from console by bmcgahan on console
The router would then TFTP its running config to 10.0.0.1 using the filename EDGE-ROUTER-1.2011-01-
11.19h05m59s.bmcgahan.working.cfg
Secondly, the script should also make backups of configs that are actually saved to NVRAM. Similar to the
previous requirement, files should be backed up to TFTP using the naming convention HOSTNAME.YYYY-MM-
DD.HHhMMmSSs.ADMIN_NAME.startup.cfg. However in this case you need to account for the fact that different
admins use different syntax when saving configs. Some of them use “write memory” or shorter variations like “wr
m” or just “wr”, while others use the “copy run start” variations. However regardless which variation is used, the
router spits out the same output afterwards as follows:
CCIE Bloggers
EDGE-ROUTER-1#wr
Brian Dennis CCIE #2210
Building configuration...
Routing & Sw itching
ISP Dial
[OK] Security
EDGE-ROUTER-1#copy run start Service Provider
Voice
Destination filename [startup-config]?
Brian McGahan CCIE #8593
Building configuration...
Routing & Sw itching
Security
[OK] Service Provider
Petr Lapukhov CCIE #16379
Lastly make sure that the script doesn’t mistake a “show run” output for the same as a “write memory”, as the Routing & Sw itching
outputs are similar: Security
Service Provider
Voice
Submit your script as a comment and the first one with fully functional requirements wins 100 tokens! Cisco Live INE Customer
So is this really a challeng or are you just trying to get us to solve your problem and you can cashin with it at your enterprise
customer
Reply
Reply
I have it done with the exception of the time and tech name. Still working.
Reply
You can use the Cisco Beyond Product Extension Community as a reference as well. There’s lots of good example scripts
there:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6815/product_promotion0900aecd8055c188.html
Reply
can it be 2 scripts instead of 1? one for per command, the other one for NVRAM saved config?
Reply
Reply
Brian,
here is the config but i did not do that dynamic string part, i dont expect tokens i just did that for my knowledge and know i can do it,
archive
log config
logging enable
notify syslog
Reply
Can someone please throw light on how to get the dynamic string part please ?
Reply
Leave a Reply
Name (required)
Submit Comment
Congratulations to our IEOC Halfw ay through the first day of the Get the best #CCIE training now ! Time
Community Winners: Bassam Alkaff, #CCIE Security bootcamp w ith Brian is running out, just under 8 hours
CarlosG2, Qqabdal, Markus Wirth! McGahan, CCIEx3 #8593! remaining to save over 40% on
twitter.com/inetraining @brianmcgahan RS,VO,SC,SP. http://t.co/nrQVolVu
http://t.co/uxS0ZDS2
pdfcrowd.com