10-13-2021 03:19 AM
Morning All,
I hoping someone will be able to help with an issue im having with an EEM Applet not triggering, Nexus 5k version 7.3(5)N1(1).
The script will simply reactivate an interface when in error-disabled state.
event manager applet Error-Disable-fc2.16
event syslog pattern "Interface fc2/16 is down (Error disabled)"
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "int fc2/16"
action 4.0 cli command "sh"
action 5.0 cli command "no sh"
action 6.0 cli command "end"
action 7.0 syslog priority errors msg "[EEM-Applet] Error-Disabled Recovery fc2/16"
exit
The problem is the applet does not trigger and appears to be stopped by some back ground process.
debug aaa events:
2021 Oct 13 10:29:47.341218 eem_policy_dir: fu_sdb_publisher_invoke_app_callback:App is not a publisher;Bail-out.
2021 Oct 13 10:29:47.341404 eem_policy_dir: fu_fsm_engine_post_event_processing: mts msg MTS_OPC_EEM_POLICY_ACTION_CONFIG(msg_id 307396592) dropped
Solved! Go to Solution.
10-15-2021 01:42 AM
Hi Dawei, Thanks for replying
This has been tried previously but doesn't seem to work with fibre-channel interfaces.
Its not clear why these interfaces are being error-disabled, this is being investigated by Cisco TAC and Dell.
# sh errdisable recovery
ErrDisable Reason Timer Status
----------------- ------------
link-flap enabled
udld enabled
bpduguard enabled
loopback enabled
psec-violation enabled
failed-port-state enabled
dcbx-error enabled
pause-rate-limit enabled
miscabling enabled
# sh errdisable detect
ErrDisable Reason Timer Status
----------------- ------------
link-flap enabled
loopback enabled
miscabling enabled
The script is a temporary solution so the interfaces dont have to be manually recovered.
With regard to the EEM script, we think that AAA is blocking EEM, is it possible to bypass this on a Nexus 5k version 7.3(5)N1(1).
10-15-2021 12:19 AM
Why don't you use errordisable recovery?
An interface is in the error-disabled (err-disabled) state when the inteface is enabled administratively (using the no shutdown command) but disabled at runtime by any process. For example, if UDLD detects a unidirectional link, the interface is shut down at runtime. However, because the interface is administratively enabled, the interface status displays as err-disabled. Once an interface goes into the err-disabled state, you must manually reenable it or you can configure an automatic timeout recovery value. The err-disabled detection is enabled by default for all causes. The automatic recovery is not configured by default.
When an interface is in the err-disabled state, use the errdisable detect cause command to find information about the error.
You can configure the automatic err-disabled recovery timeout for a particular err-disabled cause by changing the time variable.
The errdisable recovery cause command provides automatic recovery after 300 seconds. To change the recovery period, use the errdisable recovery interval command to specify the timeout period. You can specify 30 to 65535 seconds.
If you do not enable the err-disabled recovery for the cause, the interface stays in the err-disabled state until you enter the shutdown and no shutdown commands. If the recovery is enabled for a cause, the interface is brought out of the err-disabled state and allowed to retry operation once all the causes have timed out. Use the show interface status err-disabled command to display the reason behind the error.
10-15-2021 01:42 AM
Hi Dawei, Thanks for replying
This has been tried previously but doesn't seem to work with fibre-channel interfaces.
Its not clear why these interfaces are being error-disabled, this is being investigated by Cisco TAC and Dell.
# sh errdisable recovery
ErrDisable Reason Timer Status
----------------- ------------
link-flap enabled
udld enabled
bpduguard enabled
loopback enabled
psec-violation enabled
failed-port-state enabled
dcbx-error enabled
pause-rate-limit enabled
miscabling enabled
# sh errdisable detect
ErrDisable Reason Timer Status
----------------- ------------
link-flap enabled
loopback enabled
miscabling enabled
The script is a temporary solution so the interfaces dont have to be manually recovered.
With regard to the EEM script, we think that AAA is blocking EEM, is it possible to bypass this on a Nexus 5k version 7.3(5)N1(1).
10-15-2021 02:07 AM
Hi Mark_Herbert,
I tested your script in my lab, it seems that () it was not treated as string, you can try to escape them:
event manager applet Error-Disable-fc2.16
event syslog pattern "Interface fc2/16 is down \(Error disabled\)" <<<<
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "int fc2/16"
action 4.0 cli command "sh"
action 5.0 cli command "no sh"
action 6.0 cli command "end"
action 7.0 syslog priority errors msg "[EEM-Applet] Error-Disabled Recovery fc2/16"
exit
10-15-2021 03:09 AM
Hi Dawei,
When we enter the line: event syslog pattern "Interface fc2/13 is down (Error disabled)" we get: Configuration accepted successfully. its the same when we escape the () as you suggested.
Below is a syslog we receive after applying the script:
2021-10-15 10:48:10 Local5.Notice #.#.#.# Oct 15 10:48:10 VM-ISE-02 CISE_RADIUS_Accounting 0016056876 2 0 2021-10-15 10:48:10.279 +01:00 3955943393 3001 NOTICE Radius-Accounting: RADIUS Accounting stop request, ConfigVersionId=5,
Device IP Address= #.#.#.#, RequestLatency=2, NetworkDeviceName=LGI-LSW-03, User-Name=#####, NAS-IP-Address= #.#.#.#, NAS-Port=0, Acct-Status-Type=Stop, Acct-Session-Id=#.#.#.#@pts/0<000>, Acct-Authentic=RADIUS, NAS-Port-Type=Virtual,
cisco-av-pair=accounting:accountinginfo=configure terminal \; event manager applet Err-fc2.13 \; action 7.0 syslog priority errors msg "[EEM-Applet] Error-Disabled Recovery fc2/13" (SUCCESS)<000>,
AcsSessionID=VM-ISE-02/422019672/30651987, SelectedAccessService=Default Network Access, Step=11004, Step=11017, Step=15049, Step=15008, Step=15048, Step=15048, Step=15048, Step=15048, Step=15048, Step=15048, Step=15004, Step=11005, NetworkDeviceGroups=Device Type#All
Device Types#DataCentreKit, NetworkDeviceGroups=Location#All Locations,
Cheers
Mark
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide