Thank you for your response Joe.

I have used tested your script and it worked to shut the interface down but not to re-enable it  (which I'm not going to worry about). I'd rather manually re-enable the interface

BUT as soon as I tried to manually re-enable the interface it immedeately shut it down. I have run debug and saw the log

"tty is now going through its death sequence" I have attached the debug log.

Also can I add multiple interface in this script? I want to be able to include like 10-15 interfaces per switch so that when a cable is pulled or interface status chnages to down, EEM can shut the interface.

OK I figured out how to add multiple interfaces and tested successfully.

Now the real problem is that I CANNOT re-enable the shut interfaces manually, EEM script is immedeately shutting it down. The only work around I see is to remove EEM config and re-enable interface which is not very ideal

Thoughts, what could be wrong here? Joe ?

I'm testing it on a 3560 running 15.0.1 and Cisco 4507 R-E with 15.1.1.

Thanks.

I believe the line below is causing me not to re-enable the interface

event syslog pattern ".*UPDOWN.*FastEthernet0/4.* changed state to down"

As soon I re-enable it, the EEM sees the syslog and immedeately shuts it down. Any idea how do i fix this?

Look at the chain of syslogs that are generated when no shut an interface.  The first message you get will be:

%LINK-3-UPDOWN: Interface FastEthernet0/4, changed state to down

Maybe you should match on the LINEPROTO message instead:

LINEPROTO-5-UPDOWN: Line protocol on Interface .*, changed state to up down

My swiitch and it is not generating "line protocol down message" I'm testing on a Cisco 4507 and a Cisco 3560

See the logs below

What other pattern I can use?

Switch(config)#int fa0/4

Switch(config-if)#no shu  ** I'm re-enabling the interface manually

Switch(config-if)#end

1d04h: %SYS-5-CONFIG_I: Configured from console by console

1d04h: %LINK-3-UPDOWN: Interface FastEthernet0/4, changed state to down

1d04h: %HA_EM-6-LOG: interface_down: Interface FastEthernet0/4 has gone down

1d04h: %HA_EM-6-LOG: interface_down : DEBUG(cli_lib) : : CTL : cli_open called.

1d04h: %HA_EM-6-LOG: interface_down : DEBUG(cli_lib) : : OUT : Switch>

1d04h: %HA_EM-6-LOG: interface_down : DEBUG(cli_lib) : : IN  : Switch>enable

1d04h: %HA_EM-6-LOG: interface_down : DEBUG(cli_lib) : : OUT : Sch#

1d04h: %HA_EM-6-LOG: interface_down : DEBUG(cli_lib) : : IN  : Switch#conf t

1d04h: %HA_EM-6-LOG: interface_down : DEBUG(cli_lib) : : OUT : Enter configuration commands, one per line.  End with CNTL/Z.

1d04h: %HA_EM-6-LOG: interface_down : DEBUG(cli_lib) : : OUT : Switch(config)#

1d04h: %HA_EM-6-LOG: interface_down : DEBUG(cli_lib) : : IN  : Switch(config)#Interface FastEthernet0/4

1d04h: %HA_EM-6-LOG: interface_down : DEBUG(cli_lib) : : OUT : Switch(config-if)#

1d04h: %HA_EM-6-LOG: interface_down : DEBUG(cli_lib) : : IN  : Switch(config-if)#shut

1d04h: %HA_EM-6-LOG: interface_down : DEBUG(cli_lib) : : OUT : Switch(config-if)#

1d04h: %HA_EM-6-LOG: interface_down: Interface FastEthernet0/4, changed state to administratively down

I saw the LINEPROTO messages in your debug output.  Those messages should be generated when a link drops.  The line protocol should transition from up to down.

Joseph, based on your script and only adding to action 1.8 (1 minute timer), I was able to get the following working on a router:

event manager environment q "

event manager applet interface_down

event syslog pattern ".*UPDOWN.*FastEthernet0/0.* changed state to down"

action 1.0 syslog msg "Interface FastEthernet0/0 has gone down"

action 1.1 cli command "enable"

action 1.2 cli command "conf t"

action 1.3 cli command "Interface FastEthernet0/0"

action 1.4 cli command "shut"

action 1.6 syslog msg "Interface FastEthernet0/0, changed state to administratively down"

action 1.7 cli command "event manager applet interface_up"

action 1.8 cli command "event timer watchdog time 60"

action 1.9 cli command "action 1.0 cli command enable"

action 2.0 cli command "action 2.0 cli command $q config t$q"

action 2.1 cli command "action 3.0 cli command $q interface FastEthernet0/0$q"

action 2.2 cli command "action 4.0 cli command $q no shut$q"

action 2.3 cli command "action 5.0 cli command $q no event manager applet interface_up$q"

action 2.4 cli command "end"

R3(config-if)#int fa0/0

R3(config-if)#shut

R3(config-if)#

*Mar  1 01:50:43.187: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down

*Mar  1 01:50:44.187: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down

*Mar  1 01:50:44.215: %HA_EM-6-LOG: interface_down: Interface FastEthernet0/0 has gone down

*Mar  1 01:50:44.467: %HA_EM-6-LOG: interface_down: Interface FastEthernet0/0, changed state to administratively down

R3(config-if)#

*Mar  1 01:50:44.887: %SYS-5-CONFIG_I: Configured from console by  on vty0 (EEM:interface_down)

R3(config-if)#

*Mar  1 01:51:45.327: %SYS-5-CONFIG_I: Configured from console by vty0

R3(config-if)#

*Mar  1 01:51:47.103: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up

*Mar  1 01:51:48.103: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

R3(config-if)#do sh ip int bri

Interface                  IP-Address      OK? Method Status                Protocol

FastEthernet0/0            unassigned      YES unset  up                    up

FastEthernet0/1            unassigned      YES unset  administratively down down

R3(config-if)#

If you notice the timestamps, 1 minute went by between the time the port went admin down and the time the 2nd part of the script started.

Also, if I try to re-enable the interface before the timer expires, it comes up with no problem.

I will get my hands on a 3560 later today and test there as well.

Thanks!

Nick

In this case, the watchdog and countdown timers would be identical since the policy unconfigures itself when done.  Watchdog is the same as countdown except that watchdog will rearm and rerun whereas countdown will only countdown and run once.

I find tracking interface easier to be used but haven't much luck with Cisco 6500s.

I see this script runs well on Cisco 4507s and 3560, but not on 6500s it just doesn't work, no execution. I have noticed that my 4500s running EEM ver3.2 and 6500 running EEM ver 2.4, could this be barrier?

I see that syslog gets generated but still not action nothing in the debug . Please see below and advise.

Oct 10 13:43:22.672: %LINK-3-UPDOWN: Interface FastEthernet1/27, changed state to down

Oct 10 13:43:22.671: %LINK-SP-3-UPDOWN: Interface FastEthernet1/27, changed state to down

Oct 10 13:43:23.651: %LINEPROTO-SP-5-UPDOWN: Line protocol on Interface FastEthernet1/27, changed state to down

track 1 interface  FastEthernet1/27 line-protocol

event manager session cli username "admin"

event manager applet interface_fa1/27_down

event syslog pattern ".*%TRACKING-5-STATE: 1 interface  FastEthernet1/27 line-protocol Up->Down"

action 1.0 cli command "enable"

action 2.0 cli command "conf t"

action 3.0 cli command "Interface  FastEthernet1/27"

action 4.0 cli command "shut"

action 5.0 syslog priority alerts msg "EEM has shut down  FastEthernet1/27 on device name"

action 6.0 cli command "end"

I don't see you track configuration or the syslog messages.  Is the switch generation the track messages?  I think you need SXH or higher to see those.

Here is my tracking configuration. I'm tracking line-protocl from up to down and line protocol down syslog gets generated.

I'm running 122-33.SXJ3. I have SUP32.

track 1 interface  FastEthernet1/27 line-protocol

event syslog pattern ".*%TRACKING-5-STATE: 1 interface  FastEthernet1/27 line-protocol Up->Down"

In your syslog output above, you do not show that the Up->Down message is being generated.  Is it?  Why don't you use the native "event track" instead of looking at the syslog?  I believe event track is there in SXJ.

OK, I have used the native track command and was able to make tracking applet work, thanks JOe. The only things is not working is syslog in my 6500 config. By using action 5.0 I want to be able to send a priority alert to my Cisco Prime LMS where it can send Sev1 and Sev2 alert via  email. It works in my Cisco 4500, I see a syslog and an alert email but not in the 6500 config. I'm attaching generated syslog and my configuration on 6500 and 4500.

******6500 config***********

event manager applet interface_fa1/27_down

event track 1 state down

action 1.0 cli command "enable"

action 2.0 cli command "conf t"

action 3.0 cli command "Interface fastEthernet 1/27"

action 4.0 cli command "shut"

action 5.0 syslog priority critical msg "EEM has shut down FastEthernet 1/27 on Device_name"

action 6.0 cli command "end"

*****Generated syslog***

Oct 15 13:16:39.675: %LINK-3-UPDOWN: Interface FastEthernet1/27, changed state to down

Oct 15 13:16:40.655: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/27, changed state to down

Oct 15 13:16:40.659: %LINEPROTO-SP-5-UPDOWN: Line protocol on Interface FastEthernet1/27, changed state to down

Oct 15 13:16:42.239: %LINK-5-CHANGED: Interface FastEthernet1/27, changed state to administratively down

Oct 15 13:16:42.239: %LINK-SP-5-CHANGED: Interface FastEthernet1/27, changed state to administratively down

Oct 15 13:16:45.599: %SYS-5-CONFIG_I: Configured from console by admin on vty1 (EEM:interface_fa1/27_down)

***4500 config******

event manager applet interface_gi5/48_down

event syslog pattern ".*%TRACKING-5-STATE: 1 interface Gi5/48 line-protocol Up->Down"

action 1.0 cli command "enable"

action 2.0 cli command "conf t"

action 3.0 cli command "Interface GigabitEthernet5/48"

action 4.0 cli command "shut"

action 5.0 syslog priority alerts msg "EEM has shut down GigabitEthernet5/48 on Device_name" facility "syslog"

action 6.0 cli command "end"

****4500 generated syslog****

Oct 15 2012 03:07:01          TRACKING          5          STATE          3 interface Gi5/48 line-protocol Up->Down

Oct 15 2012 03:07:02          SYS          5          CONFIG_I          Configured from console by admin on vty0 (EEM:interface_gi5/48_down)

Oct 15 2012 03:07:02          syslog          1          LOG          interface_gi6/11_down: EEM has shut down GigabitEthernet5/48 on Device_name