Cisco EEM Applet – Send Email Notification on Internet Circuit Failure

I needed to setup notification to be sent via email when a circuit went down and failed over to a backup circuit on a Cisco Router 2921. Here’s what I did.

Create IP SLA

I create my IP SLA to monitor ICMP of the internet…

router(config)#ip sla 1
router(config)#icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0
router(config)#ip sla schedule 1 life forever start-time now

Note: Instead of specifying source-interface GigabitEthernet0/0, I could configure a route to use that interface’s gateway. In my setup, I have 2 WAN links, so I need to be specific at the least in which interface I’m monitoring.

Create Track Object

Now that the IP SLA is set up, I can set up a track object to monitor up/down state of IP SLA

router(config)#track 1 ip sla 1 reachability
router(config)#delay down 5 up 10

This means that if the remote IP (8.8.8.8) is unreachable for 5 seconds, it is down. If it comes back up and is reachable for 10 seconds, it is considered up.
With both of these in place, now I can create my event monitor applet.

Create Event Monitor Applet

I define a few variables to make life easier when writing future applets.

router(config)#event manager environment _email_server 192.168.1.10
router(config)#event manager environment _email_from alerts@domain.local
router(config)#event manager environment _email_to oncall@domain.local

This sets up 3 variables I can use later in my action stanzas by simply referencing $_email_server, $_email_from and $_email_to.
Now, I configure the applet.

router(config)#event manager applet internet_down
router(config-applet)#event track 1 state down
router(config-applet)#action 1.0 syslog msg Primary Internet Circuit Down
router(config-applet)#action 1.1 mail server $_email_server to $_email_to from $_email_from subject Circuit Down body Primary Internet Circuit Down.

Conclusion

That’s all there is to it. You could add another applet, say, internet_up to track 1 state up and send a different message when circuit comes back up. I do have a second applet to notify of circuit up since I have 2 WAN links I monitor on a single router and both WAN links failover to each other to provide reliability for the multiple VLANs on the network that require high availability.

Resources

Cisco documentation for Embedded Event Manager
Cisco EEM Configuration Example for ISR

How To Factory Reset a Cisco PIX 501

A quick note on factory resetting Cisco PIX 501 devices.
In enable mode:

pix501# config t
pix501(config)# configure factory-default

Cisco ASA Debug a Specific VPN Tunnel

Just a quick note to myself on debugging VPN connectivity; you can specify a peer, user, etc. as a condition to the crypto debug.
Here’s how I did it from the CLI:

ciscoasa# debug crypto condition peer 1.2.3.4
ciscoasa# debug crypto isakmp 255
ciscoasa# debug crypto ipsec 255
ciscoasa# term mon

This will allow you to just narrow in on the debug information for the specific VPN peer specified in the first line.

ToolTip: Portable Windows Port Scanner

I came across a nice little tool while searching the other day. This tool, called YAPS (Yet Another Port Scanner) is portable and works well (tested on Windows 7 x64 and Server 2008 R2).
You can grab YAPS from SteelBytes here: http://www.steelbytes.com/?mid=19

A little information from the site about YAPS:

Fast TCP/IP port scanner.

Supports simultaneous connecting to many targets

Supports command line and GUI mode

Customisable timeout

Can scan range of addresses, or single address

Can resolve addresses

Includes names for well known ports

Valkyrie Wireless Equipment

Here’s a gallery of some of the old photos (2004-2008) of Valkyrie Internet Services (Valkyrie Wireless) network and tower equipment I had the privilege of working on. Definitely a fun time in the early years of my technical work, and definitely the most fun.