[c-nsp] Cisco - TCL script document

Sat Sep 9 18:00:33 EDT 2006

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I killed a SRA box by entering tclsh and typing quit or something  
like that two months ago.

9 sep 2006 kl. 23.43 skrev Mike Butash:

> Yeah, but we'd also had to explicitly removed globally tclsh access  
> via
> aaa authorization as a frisky engineer tried using it for something
> fairly simple and killed a core 6509 once.  After reading a buglist on
> tclsh, we decided to stick with expect via ssh remote.  Maybe it's
> gotten better over 6 months ago, but I'd be hard pressed to put  
> money on
> it in a critical environment, or my job for that matter. :)
>
> -mb
>
>
> Rodney Dunn wrote:
>> I just filed a bug where some new buffer configuration commands were
>> not parsing on reload because we coded it wrong.
>>
>> I was able to use an EEM applet as a simple workaround that looked
>> like this:
>>
>> Symptom:
>>
>> When tuning particle clone, F/S, and header pools after these were  
>> made
>> configurable
>> via CSCuk47328 the commands may be lost on a reload.
>>
>> Conditions:
>>
>> If the device is reloaded the commands are not parsed on a reload  
>> and this results
>> in the defaults being active. This may result in traffic loss if  
>> the increased
>> buffers
>> were needed to enable greater forwarding performance for the  
>> specific network
>> design.
>>
>> Workaround:
>>
>> To workaround the problem an applet can be configured to enter the  
>> buffer
>> values again after a reload. A sample applet would be:
>>
>> event manager applet add-buffer
>>  event syslog occurs 1 pattern ".*%SYS-5-RESTART: System restarted  
>> --.*"
>>  action 1.0 cli command "enable"
>>  action 2.0 cli command "configure terminal"
>>  action 3.0 cli command "buffers particle-clone 16384"
>>  action 4.0 cli command "buffers header 4096"
>>  action 5.0 cli command "buffers fastswitching 8192"
>>  action 6.0 syslog msg "Reinstated buffers command"
>>
>>
>> So on reload it would enter the configuration commands back for me.
>>
>> Take that Mr. Bug. :)
>>
>> Rodney
>>
>> On Fri, Sep 08, 2006 at 01:28:08PM -0400, Ed Ravin wrote:
>>> On Fri, Sep 08, 2006 at 08:49:29AM -0400, Rodney Dunn wrote:
>>>> And it gets much more powerful when you evaluate it in conjunction
>>>> with EEM.
>>>>
>>>> It's amazing the corner case workaround and detection scnearios
>>>> I see it being used for nowadays.
>>>>
>>>> ie: when a link comes up trigger a script to wait X seconds and  
>>>> check
>>>>     to see if it's a Cisco IP phone, if it is apply a specific  
>>>> QOS policy.
>>> Ooh, but I need examples...  How about this one:
>>>
>>> I need a script to work around a nasty bug in IOS - the script  
>>> should
>>> wake up every minute (I think that can be done with "kron"), test  
>>> something
>>> (either object tracking, a couple of pings, or check the status of a
>>> couple of interfaces, or maybe look for the presence of a couple of
>>> routes), and execute an IOS command ("like clear interface  
>>> fastethernet0")
>>> if the test result is negative.
>>>
>>> If someone familiar with TCL scripting on IOS could post a  
>>> skeleton to
>>> get me started, I would be very grateful.
>>>
>>> 	-- Ed
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

Med vänliga hälsningar

Peter Salanki
Nätansvarig
Bahnhof AB (AS8473)
www.bahnhof.se
Kontor: +46855577132
Mobil: +46709174932

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)

iD8DBQFFAzmCiQKhdiFGiogRAlAGAJ0WEAv7o9yTMTQnZOFCL8ZzSQFregCcDCt4
NLp23oonEST/VpKe5UlsJ6I=
=cTvJ
-----END PGP SIGNATURE-----