The ASA doesn't really

yumi.koizumi · ‎08-01-2014

I asked this question here, on ServerFault, and they guided me to here.

The issue is basic. If I need to run hundreds of al/ag/ng/no commands on a Cisco ASA programmatically, I need to do it via a SSH shell, with the restriction that the ASA will not take a command size greater than 1024 bytes. I take my batch, and find the number of whole lines, as long as they are under 1,000 characters, and send commands like this-effectively "chunking" the batch into smaller pieces. This takes forever.

I am not talking about a replacement config, frequently run commands, or rebooting the AS in any way. I am just talking about making 'hot' modifications remotely via computer program.

I don't know if EEM is the way, but if it can do the following (exactly, or functionally), it is of great interest:

1. A remote client creates a batch file-nothing more than a sequence of commands for the CLI.

2. That batch file makes it's way to the ASA (any number of ways).

3. The commands in the batch are run, in order, as if typed in on the command line.

4. I imagine some sort of feedback would be nice, or even a signal that it is done, etc.

What are your thoughts?

Thank you!

P.S. I am not debating whether it is a good idea or not (unless you have a better way). I am merely asking how it can be done, and if EEM isn't the key, than what else might be?

Joe Clarke · ‎08-01-2014

The ASA doesn't really support EEM. Yes, there is a now a feature called EEM in 9.2, but it is quite limited compared to IOS. In IOS, what you want would be possible, but on the ASA, you'll need to do all of your CLI commands off box using something like Expect. I'm not sure how you're automating this now, but perhaps you are already using Expect. That would be what I'd likely do in this situation.

Can I use EEM to upload long scripts and run them?`