Solved: Your second regexp is wrong.

alexanderkieser · ‎08-18-2015

So I'm having a small issue, the following script will work, but after some time the interface will revert to the detect-AP-remove EEM.

event manager applet detect-AP-add authorization bypass
event neighbor-discovery interface regexp Ethernet.* cdp add
action 1.0 regexp "(AIR-)" "$_nd_cdp_platform"
action 2.0 if $_regexp_result eq 1
action 3.0 cli command "enable"
action 4.0 cli command "config t"
action 5.0 cli command "default interface $_nd_local_intf_name"
action 5.1 cli command "int $_nd_local_intf_name"
action 5.2 cli command "switch access vlan 500"
action 5.3 cli command "switchport mode access"
action 5.4 cli command "load-interval 30"
action 5.5 cli command "spanning-tree portfast"
action 5.6 cli command "spanning-tree link-type shared"
action 6.0 cli command "end"
action 6.1 cli command "exit"
action 7.0 end
event manager applet detect-AP-remove authorization bypass
event neighbor-discovery interface regexp Ethernet.* cdp delete
action 1.0 regexp "(AIR-)" "$_nd_cdp_platform"
action 2.0 if $_regexp_result eq 1
action 3.0 cli command "enable"
action 4.0 cli command "config t"
action 5.0 cli command "default interface $_nd_local_intf_name"
action 5.1 cli command "int $_nd_local_intf_name"
action 5.2 cli command "switchport mode access"
action 5.3 cli command "switchport access vlan 205"
action 5.4 cli command "spanning-tree portfast"
action 5.5 cli command "switchport nonegotiate"
action 6.0 cli command "end"
action 6.1 cli command "exit"
action 7.0 end

3750-Switch-TESTING#show cdp ne
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID Local Intrfce Holdtme Capability Platform Port ID
AP649e.f32f.XXXX Fas 1/0/43 173 R T AIR-LAP11 Gig 0.1

3750-Switch-TESTING#show run int Fas 1/0/43
Building configuration...

Current configuration : 136 bytes
!
interface FastEthernet1/0/43
switchport access vlan 205
switchport mode access
switchport nonegotiate
spanning-tree portfast
end

Any help would be appreciated, or even converting two EEM's into one ? Basiclly a AP connects, the EEM kicks off and configures the interface accordingly, once disconnected or removed form CDP, it'll re-configure the interface to a regular user interface,

Joe Clarke · ‎08-19-2015

You can't use the cdp delete event as it will cause a bounce. Instead, use a syslog policy for the second one to look for the link going down. I did this for CiscoLive US. You can read about it in the blog linked from this community.

View solution in original post

Joe Clarke · ‎09-11-2015

You realize that your port description contains "CDP -" and the logic you have your reset applet will abort if the port description contains CDP? Seems like it's working as designed.

View solution in original post

Joe Clarke · ‎08-19-2015

You can't use the cdp delete event as it will cause a bounce. Instead, use a syslog policy for the second one to look for the link going down. I did this for CiscoLive US. You can read about it in the blog linked from this community.

alexanderkieser · ‎09-11-2015

So this is what I've updated to, and doesn't look the second part is working, any input is appreciated 🙂

event manager applet detect-AP-add authorization bypass
event neighbor-discovery interface regexp Ethernet.* cdp add
action 1.0 regexp "(AIR-)" "$_nd_cdp_platform"
action 2.0 if $_regexp_result eq 1
action 3.0 cli command "enable"
action 4.0 cli command "config t"
action 5.0 cli command "default interface $_nd_local_intf_name"
action 5.1 cli command "int $_nd_local_intf_name"
action 5.2 cli command "switch access vlan 500"
action 5.3 cli command "switchport mode access"
action 5.4 cli command "load-interval 30"
action 5.5 cli command "spanning-tree portfast"
action 5.6 cli command "spanning-tree link-type shared"
action 6.0 cli command "end"
action 6.1 cli command "exit"
action 7.0 end

event manager applet reset-port authorization bypass
event syslog pattern "LINK-3-UPDOWN.*Interface Ethernet.* changed state to down"
action 001 regexp "Interface ([^,]+)" $_syslog_msg match intf
action 002 cli command "enable"
action 003 cli command "show int $intf | inc Description:"
action 004 regexp "CDP -" $_cli_result
action 005 if $_regexp_result eq 1
action 006 exit 0
action 007 end
action 008 cli command "config t"
action 009 cli command "default interface $intf"
action 010 cli command "interface $intf"
action 011 cli command "switchport mode access"
action 012 cli command "switchport access vlan 205"
action 017 cli command "switchport nonegotiate"
action 020 cli command "spanning-tree portfast"
action 021 cli command "end"

3750-Switch-TESTING#show run int fa1/0/43
Building configuration...

Current configuration : 217 bytes
!
interface FastEthernet1/0/43
description CDP - Alex-Personal-AP:GigabitEthernet0.1
switchport access vlan 500
switchport mode access
load-interval 30
spanning-tree portfast
spanning-tree link-type shared
end

Joe Clarke · ‎09-11-2015

Your second regexp is wrong. If you want to match on all Ethernet interfaces, use:

LINK-3-UPDOWN.*Interface .*Ethernet.* changed state to down

alexanderkieser · ‎09-11-2015

I've updated, and the interface still doesn't update once the AP interface goes down;

Sep 11 18:38:09.967: %LINK-3-UPDOWN: Interface FastEthernet1/0/43, changed state to down
Sep 11 18:38:11.167: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/43, changed state to down
Sep 11 18:38:13.919: %LINK-3-UPDOWN: Interface FastEthernet1/0/43, changed state to up
Sep 11 18:38:14.925: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/43, changed state to up
Sep 11 18:39:48.645: %SYS-5-CONFIG_I: Configured from console by on vty1 (EEM:detect-mac)
Sep 11 18:39:52.160: %SYS-5-CONFIG_I: Configured from console by on vty3 (EEM:CDP)
Sep 11 18:39:54.609: %SYS-5-CONFIG_I: Configured from console by on vty1 (EEM:detect-AP-add)

event manager applet detect-AP-add authorization bypass
event neighbor-discovery interface regexp Ethernet.* cdp add
action 1.0 regexp "(AIR-)" "$_nd_cdp_platform"
action 2.0 if $_regexp_result eq 1
action 3.0 cli command "enable"
action 4.0 cli command "config t"
action 5.0 cli command "default interface $_nd_local_intf_name"
action 5.1 cli command "int $_nd_local_intf_name"
action 5.2 cli command "switch access vlan 500"
action 5.3 cli command "switchport mode access"
action 5.4 cli command "load-interval 30"
action 5.5 cli command "spanning-tree portfast"
action 5.6 cli command "spanning-tree link-type shared"
action 6.0 cli command "end"
action 6.1 cli command "exit"
action 7.0 end

event manager applet reset-port authorization bypass
event syslog pattern "LINK-3-UPDOWN.*Interface .*Ethernet.* changed state to down"
action 001 regexp "Interface ([^,]+)" $_syslog_msg match intf
action 002 cli command "enable"
action 003 cli command "show int $intf | inc Description:"
action 004 regexp "CDP -" $_cli_result
action 005 if $_regexp_result eq 1
action 006 exit 0
action 007 end
action 008 cli command "config t"
action 009 cli command "default interface $intf"
action 010 cli command "interface $intf"
action 011 cli command "switchport mode access"
action 012 cli command "switchport access vlan 205"
action 017 cli command "switchport nonegotiate"
action 020 cli command "spanning-tree portfast"
action 021 cli command "end"

Joe Clarke · ‎09-11-2015

You realize that your port description contains "CDP -" and the logic you have your reset applet will abort if the port description contains CDP? Seems like it's working as designed.

alexanderkieser · ‎09-11-2015

And that's why you are the man!

EEM Auto Access Point Scipt