07-15-2015 11:55 AM
Hello All!!
I need to create a EEM script to shutdown both "interface VLAN" and interface giga if certain IP address stops to reply pings....
I did that:
event manager applet SHUT_INT
event ipsla group-name "PING" reaction-type timeout dest-ip-addr 172.26.0.30 maxrun 5
action 1 cli command "enable"
action 2 cli command "conf t"
action 3 cli command "interface vlan 510"
action 4 cli command "shutdown"
action 5 cli command "interface Gi0/20"
action 6 cli command "shutdown"
It seems it doesn't work... Does everybody have any suggestion?
thanks in advance!!!
Solved! Go to Solution.
07-15-2015 08:39 PM
Hello
I just tested the below configuration and it works.
ip sla 11 icmp-echo 4.4.4.4 source-interface GigabitEthernet2/5 ip sla schedule 11 life forever start-time now ip sla reaction-configuration 11 react timeout threshold-type immediate ip sla enable reaction-alerts track 11 ip sla 11 reachability delay down 8 up 10 event manager applet shut_int event ipsla operation-id 11 reaction-type timeout action 1.0 if $_ipsla_condition eq "Occurred" action 1.1 cli command "enable" action 1.2 cli command "conf t" action 1.3 cli command "interface gi1/1" action 1.4 cli command "shut" action 1.5 syslog msg "End of EEM" action 1.6 end
Hope this one resolves your issue.
HTH
Vinit
07-15-2015 12:14 PM
Hi,
Would like to know if you are using any kind of authentication on your router like tacacs or radius. In that case, you might have to specify the username or you might want to specify to skip authentication.
Also, regarding the group name, i dont think you need to put that in double quotes.
event ipsla group-name PING dest-ip-addr 172.26.0.30 reaction-type timeout maxrun 5
Hope this helps.
Vinit
07-15-2015 12:17 PM
Hey Vinit!!
Thanks for your help... indeed we uses Radius authentication... but we also have the local admin account... what do you suggest ?
thanks again!!!
07-15-2015 12:19 PM
You can try to use the below config:
event manager session cli username <tacacs_username> privilege 15
07-15-2015 12:25 PM
But how about the "event manager applet" instance ?
Shall I have 2 event manager instances ? like below ?
event manager applet SHUT_INT
event ipsla group-name "PING" reaction-type timeout dest-ip-addr 172.26.0.30 maxrun 5
event manager session cli username <tacacs_username> privilege 15
action 1 cli command "enable"
action 2 cli command "conf t"
action 3 cli command "interface vlan 510"
action 4 cli command "shutdown"
action 5 cli command "interface Gi0/20"
action 6 cli command "shutdown"
07-15-2015 12:40 PM
event manager session cli username <tacacs_username> privilege 15
This is a global config command. So this is not part of the event manager applet.
07-15-2015 12:39 PM
If it still doesn't work, you can try the below EEM :
ip sla 11 icmp-echo 4.4.4.4 source-interface GigabitEthernet2/5 ip sla schedule 11 life forever start-time now track 1 ip sla 11 reachability delay down 8 up 10 event manager applet test event track 1 state down action 1.0 cli command "enable" action 1.1 cli command "conf t" action 1.2 cli command "interface gi1/1" action 1.3 cli command "shut" action 1.4 syslog msg "End of EEM"
I have tested the above script and it does work.
Hope this helps.
Vinit
07-15-2015 01:24 PM
Hello my friend... I have no "event track"
SW-CORE(config)#event manager applet SHUT
SW-CORE(config-applet)#event ?
application Application specific event
cli CLI event
counter Counter event
identity Identity event
interface Interface event
ioswdsysmon IOS WDSysMon event
ipsla IPSLA Event
mat MAC address table event
neighbor-discovery Neighbor Discovery event
none Manually run policy event
oir OIR event
routing Routing event
rpc Remote Procedure Call event
snmp SNMP event
snmp-notification SNMP Notification Event
snmp-object SNMP object event
syslog Syslog event
tag event tag identifier
timer Timer event
07-15-2015 01:51 PM
In that case, can you try the below config:
ip sla 11 icmp-echo 4.4.4.4 source-interface GigabitEthernet2/5 ip sla schedule 11 life forever start-time now track 1 ip sla 11 reachability delay down 8 up 10 event manager applet test event ipsla operation-id 11 reaction-type timeout action 1.0 cli command "enable" action 1.1 cli command "conf t" action 1.2 cli command "interface gi1/1" action 1.3 cli command "shut" action 1.4 syslog msg "End of EEM" event manager applet test authorization bypass
Please let me know if this works. The operation id 11 is the ip sla problem that we created. If you run show ip sla operation then you can see the return code there and based on that value the EEM should be triggered.
If it still doesn't work, please let me know.
Will try to find another solution.
HTH
Vinit
07-15-2015 02:23 PM
Hello,
Didnt work... ip sla can monitor successfully, tracking is aware of everything as well... bt for some reason the cli is never changed... it looks like the event manager dosent take any action...
I have also did the config below and didnt work as well... didnt work as well...
#################################
ip sla 11
icmp-echo 172.26.0.30 source-ip 193.242.39.203
frequency 10
ip sla schedule 11 life forever start-time now
ip sla reaction-configuration 11 react timeout threshold-type immediate action-type trapAndTrigger
event manager applet SHUT
event ipsla operation-id 11 reaction-type timeout
action 005 if $_ipsla_condition eq "Occurred"
action 010 cli command "enable"
action 015 cli command "configure term"
action 020 cli command "interface GigabitEthernet0/4"
action 025 cli command "shut"
action 030 else
action 035 cli command "enable"
action 040 cli command "configure term"
action 045 cli command "interface GigabitEthernet0/4"
action 050 cli command "no sh"
action 085 end
#################################
07-15-2015 04:23 PM
Could you please share the show version output from the device.
07-16-2015 04:55 AM
Hello
please find below the output requested
SW-CORE-BTF-01#show version
Cisco IOS Software, C3560E Software (C3560E-UNIVERSALK9-M), Version 12.2(55)SE5, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Thu 09-Feb-12 18:32 by prod_rel_team
Image text-base: 0x00003000, data-base: 0x02800000
ROM: Bootstrap program is C3560E boot loader
BOOTLDR: C3560E Boot Loader (C3560X-HBOOT-M) Version 12.2(53r)SE2, RELEASE SOFTWARE (fc1)
SW-CORE-BTF-01 uptime is 6 weeks, 3 days, 13 hours, 26 minutes
System returned to ROM by power-on
System restarted at 19:27:12 GMT Sun May 31 2015
System image file is "flash:/c3560e-universalk9-mz.122-55.SE5/c3560e-universalk9-mz.122-55.SE5.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
License Level: ipservices
License Type: Permanent
Next reload license Level: ipservices
cisco WS-C3560X-24 (PowerPC405) processor (revision A0) with 262144K bytes of memory.
Processor board ID FDO1716RXXX
Last reset from power-on
19 Virtual Ethernet interfaces
1 FastEthernet interface
28 Gigabit Ethernet interfaces
2 Ten Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.
512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 6C:41:6A:25:2D:00
Motherboard assembly number : 73-12554-08
Motherboard serial number : FDO17160XXX
Model revision number : A0
Motherboard revision number : A0
Model number : WS-C3560X-24T-E
Daughterboard assembly number : 800-32786-02
Daughterboard serial number : FDO17151XXX
System serial number : FDO1716RXXX
Top Assembly Part Number : 800-31331-07
Top Assembly Revision Number : B0
Version ID : V04
CLEI Code Number : COMJU00ARD
Hardware Board Revision Number : 0x04
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 30 WS-C3560X-24 12.2(55)SE5 C3560E-UNIVERSALK9-M
Configuration register is 0xF
07-16-2015 05:09 AM
Hello
Could you please check my last response. I shared an EEM script with IP SLA config which worked for me.
Please let me know if that resolves your problem.
ip sla 11 icmp-echo 4.4.4.4 source-interface GigabitEthernet2/5 ip sla schedule 11 life forever start-time now ip sla reaction-configuration 11 react timeout threshold-type immediate ip sla enable reaction-alerts track 11 ip sla 11 reachability delay down 8 up 10 event manager applet shut_int event ipsla operation-id 11 reaction-type timeout action 1.0 if $_ipsla_condition eq "Occurred" action 1.1 cli command "enable" action 1.2 cli command "conf t" action 1.3 cli command "interface gi1/1" action 1.4 cli command "shut" action 1.5 syslog msg "End of EEM" action 1.6 end
02-09-2017 04:23 PM
sorry to intervene: this is very insteresting... can this be applied to an asa devices?
Mod Card Type Model Serial No.
---- -------------------------------------------- ------------------ -----------
1 ASA 5506-X with SW, 8GE Data, 1GE Mgmt, AC ASA5506 JAD2030033S
sfr FirePOWER Services Software Module ASA5506 JAD2030033S
Mod MAC Address Range Hw Version Fw Version Sw Version
---- --------------------------------- ------------ ------------ ---------------
1 843d.c646.666a to 843d.c646.6673 1.1 1.1.8 9.6(1)
sfr 843d.c646.6669 to 843d.c646.6669 N/A N/A 5.4.1-211
Mod SSM Application Name Status SSM Application Version
---- ------------------------------ ---------------- --------------------------
sfr ASA FirePOWER Up 5.4.1-211
Mod Status Data Plane Status Compatibility
---- ------------------ --------------------- -------------
1 Up Sys Not Applicable
sfr Up
07-15-2015 08:39 PM
Hello
I just tested the below configuration and it works.
ip sla 11 icmp-echo 4.4.4.4 source-interface GigabitEthernet2/5 ip sla schedule 11 life forever start-time now ip sla reaction-configuration 11 react timeout threshold-type immediate ip sla enable reaction-alerts track 11 ip sla 11 reachability delay down 8 up 10 event manager applet shut_int event ipsla operation-id 11 reaction-type timeout action 1.0 if $_ipsla_condition eq "Occurred" action 1.1 cli command "enable" action 1.2 cli command "conf t" action 1.3 cli command "interface gi1/1" action 1.4 cli command "shut" action 1.5 syslog msg "End of EEM" action 1.6 end
Hope this one resolves your issue.
HTH
Vinit
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide