Hey Vinit!!

Thanks for your help... indeed we uses Radius authentication... but we also have the local admin account... what do you suggest ?

thanks again!!!

You can try to use the below config:

event manager session cli username <tacacs_username> privilege 15

But how about the "event manager applet" instance ?

Shall I have 2 event manager instances ? like below ?

event manager applet SHUT_INT
 event ipsla group-name "PING" reaction-type timeout dest-ip-addr 172.26.0.30 maxrun 5

event manager session cli username <tacacs_username> privilege 15
 action 1 cli command "enable"
 action 2 cli command "conf t"
 action 3 cli command "interface vlan 510"
 action 4 cli command "shutdown"
 action 5 cli command "interface Gi0/20"
 action 6 cli command "shutdown"

event manager session cli username <tacacs_username> privilege 15

This is a global config command. So this is not part of the event manager applet.

If it still doesn't work, you can try the below EEM :

ip sla 11
 icmp-echo 4.4.4.4 source-interface GigabitEthernet2/5
ip sla schedule 11 life forever start-time now

track 1 ip sla 11 reachability
 delay down 8 up 10

event manager applet test
 event track 1 state down
 action 1.0 cli command "enable"
 action 1.1 cli command "conf t"
 action 1.2 cli command "interface gi1/1"
 action 1.3 cli command "shut"
 action 1.4 syslog msg "End of EEM"

I have tested the above script and it does work.

Hope this helps.

Vinit

Hello my friend... I have no "event track"

SW-CORE(config)#event manager applet SHUT
SW-CORE(config-applet)#event ?
  application         Application specific event
  cli                 CLI event
  counter             Counter event
  identity            Identity event
  interface           Interface event
  ioswdsysmon         IOS WDSysMon event
  ipsla               IPSLA Event
  mat                 MAC address table event
  neighbor-discovery  Neighbor Discovery event
  none                Manually run policy event
  oir                 OIR event
  routing             Routing event
  rpc                 Remote Procedure Call event
  snmp                SNMP event
  snmp-notification   SNMP Notification Event
  snmp-object         SNMP object event
  syslog              Syslog event
  tag                 event tag identifier
  timer               Timer event

In that case, can you try the below config:

ip sla 11
 icmp-echo 4.4.4.4 source-interface GigabitEthernet2/5
ip sla schedule 11 life forever start-time now

track 1 ip sla 11 reachability
 delay down 8 up 10

event manager applet test
 event ipsla operation-id 11 reaction-type timeout
 action 1.0 cli command "enable"
 action 1.1 cli command "conf t"
 action 1.2 cli command "interface gi1/1"
 action 1.3 cli command "shut"
 action 1.4 syslog msg "End of EEM"
event manager applet test authorization bypass

Please let me know if this works. The operation id 11 is the ip sla problem that we created. If you run show ip sla operation then you can see the return code there and based on that value the EEM should be triggered.

If it still doesn't work, please let me know. 

Will try to find another solution.

HTH

Vinit

Hello,

Didnt work... ip sla can monitor successfully, tracking is aware of everything as well... bt for some reason the cli is never changed... it looks like the event manager dosent take any action...

I have also did the config below and didnt work as well... didnt work as well... 

#################################

ip sla 11

icmp-echo 172.26.0.30 source-ip 193.242.39.203
frequency 10

ip sla schedule 11 life forever start-time now
ip sla reaction-configuration 11 react timeout threshold-type immediate action-type trapAndTrigger

event manager applet SHUT
event ipsla operation-id 11 reaction-type timeout
action 005   if $_ipsla_condition eq "Occurred"
action 010 cli command "enable"
action 015 cli command "configure term"
action 020 cli command "interface GigabitEthernet0/4"
action 025 cli command "shut"
action 030 else
action 035 cli command "enable"
action 040 cli command "configure term"
action 045 cli command "interface GigabitEthernet0/4"
action 050 cli command "no sh"
action 085 end

#################################

Could you please share the show version output from the device.

Hello 

please find below the output requested

SW-CORE-BTF-01#show version 
Cisco IOS Software, C3560E Software (C3560E-UNIVERSALK9-M), Version 12.2(55)SE5, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Thu 09-Feb-12 18:32 by prod_rel_team
Image text-base: 0x00003000, data-base: 0x02800000

ROM: Bootstrap program is C3560E boot loader
BOOTLDR: C3560E Boot Loader (C3560X-HBOOT-M) Version 12.2(53r)SE2, RELEASE SOFTWARE (fc1)

SW-CORE-BTF-01 uptime is 6 weeks, 3 days, 13 hours, 26 minutes
System returned to ROM by power-on
System restarted at 19:27:12 GMT Sun May 31 2015
System image file is "flash:/c3560e-universalk9-mz.122-55.SE5/c3560e-universalk9-mz.122-55.SE5.bin"

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

License Level: ipservices
License Type: Permanent
Next reload license Level: ipservices

cisco WS-C3560X-24 (PowerPC405) processor (revision A0) with 262144K bytes of memory.
Processor board ID FDO1716RXXX
Last reset from power-on
19 Virtual Ethernet interfaces
1 FastEthernet interface
28 Gigabit Ethernet interfaces
2 Ten Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address       : 6C:41:6A:25:2D:00
Motherboard assembly number     : 73-12554-08
Motherboard serial number       : FDO17160XXX
Model revision number           : A0
Motherboard revision number     : A0
Model number                    : WS-C3560X-24T-E
Daughterboard assembly number   : 800-32786-02
Daughterboard serial number     : FDO17151XXX
System serial number            : FDO1716RXXX
Top Assembly Part Number        : 800-31331-07
Top Assembly Revision Number    : B0
Version ID                      : V04
CLEI Code Number                : COMJU00ARD
Hardware Board Revision Number  : 0x04

Switch Ports Model              SW Version            SW Image                 
------ ----- -----              ----------            ----------               
*    1 30    WS-C3560X-24       12.2(55)SE5           C3560E-UNIVERSALK9-M     

Configuration register is 0xF

Hello

Could you please check my last response. I shared an EEM script with IP SLA config which worked for me.

Please let me know if that resolves your problem.

ip sla 11
 icmp-echo 4.4.4.4 source-interface GigabitEthernet2/5
ip sla schedule 11 life forever start-time now
ip sla reaction-configuration 11 react timeout threshold-type immediate
ip sla enable reaction-alerts

track 11 ip sla 11 reachability
 delay down 8 up 10

event manager applet shut_int
 event ipsla operation-id 11 reaction-type timeout
 action 1.0 if $_ipsla_condition eq "Occurred"
 action 1.1  cli command "enable"
 action 1.2  cli command "conf t"
 action 1.3  cli command "interface gi1/1"
 action 1.4  cli command "shut"
 action 1.5  syslog msg "End of EEM"
 action 1.6 end

sorry to intervene: this is very insteresting... can this be applied to an asa devices?

Mod Card Type Model Serial No.
---- -------------------------------------------- ------------------ -----------
1 ASA 5506-X with SW, 8GE Data, 1GE Mgmt, AC ASA5506 JAD2030033S
sfr FirePOWER Services Software Module ASA5506 JAD2030033S

Mod MAC Address Range Hw Version Fw Version Sw Version
---- --------------------------------- ------------ ------------ ---------------
1 843d.c646.666a to 843d.c646.6673 1.1 1.1.8 9.6(1)
sfr 843d.c646.6669 to 843d.c646.6669 N/A N/A 5.4.1-211

Mod SSM Application Name Status SSM Application Version
---- ------------------------------ ---------------- --------------------------
sfr ASA FirePOWER Up 5.4.1-211

Mod Status Data Plane Status Compatibility
---- ------------------ --------------------- -------------
1 Up Sys Not Applicable
sfr Up