EEM Lab Tips

  • Check that no other EEM process is running before configuring using show event manager policy registered.
  • Create a process with event manager applet MY_PROCESS.
  • Applets are just IF and THEN statements. IF is a match and THEN is an action.
  • The IF Statement: event cli pattern “.*interface loopback.*” sync yes – Here we are looking for somebody typing on the CLI ‘interface loopback’. The [dot/period] means wildcard or anything and the [asterix] means zero or more occurrence of the [dot/period].
  • The THEN Statement: Perform the following commands to shutdown the interface
    • action 1.0 cli command “enable”
    • action 1.1 cli command “configure terminal”
    • action 1.2 cli command “$_cli_msg” (variable to get to the same interface)
    • action 1.3 cli command “shutdown”
  • Verify with debug event manager all
Advertisements

Policy Based Routing Lab Tips

  • Works only on the ingress of an interface.
  • ip policy route-map under the interface is PBR for transit traffic.
  • ip local policy route-map under global config is PBR for traffic sourced/destined by the router itself.

SRT Lab Tips (Stupid Router Tricks)

  • If asked to prevent resolving a name to an IP, you can use no ip domain-lookup or transport preferred none under a con, aux or VTY line. This will stop the router in attempting to telnet to, say, a mistyped word. Could potential put both commands in, if asked.
    • ‘transport preferred none’ – ‘ghghg’ or ‘x.x.x.x’ will not spawn any session; ‘ping ine.com’ (for example) will not work
    • ‘no ip domain-lookup’ – just turn off DNS, ‘ping ine.com’ will not work
    • In general you have to use ‘transport preferred none’ to prevent resolving mistyped name.
    • ‘no ip domain-lookup’ will work, but it’s not intended for this task. It’s not a good idea to disable DNS on a production router.
  • ip tcp synwait-time can be used to speed up non-connecting telnet sessions. e.g. you telnet to a device that is not allowing telnet, typically you will need to wait around 30 seconds. This command shortens that wait time.
  • store password in MD5 Hash: you would think to use service password encryption command but that is wrong. to store password as MD5 hash you must use secret instead of password.