Solved: Crypto Generate script - Page 2

Richard Clayton · ‎03-03-2014

HI

My goal

- crypto key generated by startup config

- 'no shut' a specifc interface

- save the config to nvram

My Script

!

kron occurrence crypto_key in 2 oneshot

policy-list crypto_key

!

kron policy-list crypto_key

cli event manager run crypto_key

!

event manager applet crypto_key

event none sync yes

action 1 cli command "enable"

action 2 cli command "config t"

action 3 cli command "crypto key generate rsa modulus 2048"

action 4 cli command "interface GigabitEthernet0/0"

action 5 cli command "no shut"

action 6 cli command "exit"

action 7 cli command "exit"

action 8 cli command "write mem"

action 9 cli command "end"

!

The result

- The key is generated

- The interface is 'no shut'

- The config is not saved so each reboot starts the process again

Any ideas why the save isn't working or if there is a better way of achieving my goals.

Thanks

Rick

Richard Clayton · ‎03-07-2014

This looks perfect but I have two questions

1. Does the "@reboot" cover all boot reasons, i.e. reload, power cycle etc.

2. The reson I ran the kron to trigger the EEm was because I wanted it to be a one time event which the kron 'oneshot' allowed me to do, I didn't want a new crypto key generated at every boot, is there the equivalent of the kron 'oneshot' in EEM?

Our CPE commissioning process is as follows

1. format flash.

2. copy selected IOS and verify.

3. enable licensing and wr mem.

4. copy new startup-config over existing startup-config.

6. power off router and ship to customer.

7. when the router is first powered on it, creates the crypto key, no shuts the WAN interface and does a wr mem.

Thanks for your time btw.

Rick

Joe Clarke · ‎03-08-2014

1. Yes, it covers all reload reasons.

2. I assume this is veyr new code. So you can just add an action to remove the applet from the config once it runs. After removing it, exit config t and do your write mem, then you're set.