Dear,

I am trying to configure an EEM applet  in order to shut an interface when an ip sla failed. On this router we use AAA so i have configured an aaa  list to bypass authorization .

!

!

aaa authentication login EEM none

aaa authorization config-commands

aaa authorization exec default if-authenticated

aaa authorization exec EEM none

aaa authorization commands 0 EEM none

aaa authorization commands 1 EEM none

aaa authorization commands 15 EEM none

!

And i use a dedicated line to execute this applet :

line vty 0

authorization commands 1 EEM

authorization commands 15 EEM

authorization exec EEM

login authentication EEM

transport input none

My applet configuration is :

event manager applet SHUTDOWN_LO1

event track 10 state down

action 1.0 syslog msg "Timeout to reach 10.100.1.1"

action 1.1 cli command "enable"

action 1.2 cli command "configure terminal"

action 1.3 cli command "interface loopback1"

action 1.4 cli command "shutdown"

!

My issue is when this applet is executed, it block on the "configure terminal" action :

Jul 26 11:50:33.198: fh_server: fh_io_msg: received msg FH_MSG_EVENT_REQINFO from client 36 pclient 1

Jul 26 11:50:33.198: %HA_EM-6-LOG: SHUTDOWN_LO1: Timeout to reach 10.100.1.1

Jul 26 11:50:33.198: %HA_EM-6-LOG: SHUTDOWN_LO1 : DEBUG(cli_lib) : : CTL : cli_open called.

Jul 26 11:50:33.242: %HA_EM-6-LOG: SHUTDOWN_LO1 : DEBUG(cli_lib) : : OUT :

Jul 26 11:50:33.242: %HA_EM-6-LOG: SHUTDOWN_LO1 : DEBUG(cli_lib) : : OUT : ROUTER>

Jul 26 11:50:33.242: %HA_EM-6-LOG: SHUTDOWN_LO1 : DEBUG(cli_lib) : : IN  :ROUTER>enable

Jul 26 11:50:33.246: cli_history_entry_add: free_hist_list size=0, hist_list size=7

Jul 26 11:50:33.246: eem_no_scan flag set, skipping scan of command_string=check_eem_cli_policy_handler

Jul 26 11:50:33.254: %HA_EM-6-LOG: SHUTDOWN_LO1 : DEBUG(cli_lib) : : OUT :

Jul 26 11:50:33.254: %HA_EM-6-LOG: SHUTDOWN_LO1 : DEBUG(cli_lib) : : OUT :ROUTER#

Jul 26 11:50:33.254: %HA_EM-6-LOG: SHUTDOWN_LO1 : DEBUG(cli_lib) : : IN  : ROUTER#configure terminal

Jul 26 11:50:33.258: cli_history_entry_add: free_hist_list size=0, hist_list size=7

And then i saw that the line vty 0 is used but stuck in idel state

ROUTER#systat

    Line       User       Host(s)              Idle       Location

194 vty 0                idle                 00:00:46  

And on the next execution , i saw that the router try to execute next steps on the previous call for this applet

Jul 26 11:55:18.170: %HA_EM-6-LOG: SHUTDOWN_LO1: Timeout to reach 88.191.97.16

Jul 26 11:55:18.170: %HA_EM-6-LOG: SHUTDOWN_LO1 : DEBUG(cli_lib) : : CTL : cli_open called.

Jul 26 11:55:18.254: %HA_EM-6-LOG: SHUTDOWN_LO1 : DEBUG(cli_lib) : : OUT :

Jul 26 11:55:18.254: %HA_EM-6-LOG: SHUTDOWN_LO1 : DEBUG(cli_lib) : : OUT : ROUTER>

Jul 26 11:55:18.254: %HA_EM-6-LOG: SHUTDOWN_LO1 : DEBUG(cli_lib) : : IN  : ROUTER>enable

Jul 26 11:55:18.254: cli_history_entry_add: free_hist_list size=0, hist_list size=7

Jul 26 11:55:18.254: eem_no_scan flag set, skipping scan of command_string=check_eem_cli_policy_handler

Jul 26 11:55:18.266: %HA_EM-6-LOG: SHUTDOWN_LO1 : DEBUG(cli_lib) : : OUT :

Jul 26 11:55:18.266: %HA_EM-6-LOG: SHUTDOWN_LO1 : DEBUG(cli_lib) : : OUT : ROUTER#

Jul 26 11:55:18.266: %HA_EM-6-LOG: SHUTDOWN_LO1 : DEBUG(cli_lib) : : IN  : ROUTER#configure terminal

Jul 26 11:55:18.482: %HA_EM-6-LOG: SHUTDOWN_LO1 : DEBUG(cli_lib) : : OUT : Command authorization failed.

Jul 26 11:55:18.482: %HA_EM-6-LOG: SHUTDOWN_LO1 : DEBUG(cli_lib) : : OUT :                       ^

Jul 26 11:55:18.482: %HA_EM-6-LOG: SHUTDOWN_LO1 : DEBUG(cli_lib) : : OUT : % Invalid input detected at '^' marker.

Jul 26 11:55:18.482: %HA_EM-6-LOG: SHUTDOWN_LO1 : DEBUG(cli_lib) : : OUT :

Jul 26 11:55:18.482: %HA_EM-6-LOG: SHUTDOWN_LO1 : DEBUG(cli_lib) : : OUT : ROUTER#

Jul 26 11:55:18.482: %HA_EM-6-LOG: SHUTDOWN_LO1 : DEBUG(cli_lib) : : IN  : ROUTER#interface loopback1

Jul 26 11:55:18.498: %HA_EM-6-LOG: SHUTDOWN_LO1 : DEBUG(cli_lib) : : OUT :                        ^

Jul 26 11:55:18.498: %HA_EM-6-LOG: SHUTDOWN_LO1 : DEBUG(cli_lib) : : OUT : % Invalid input detected at '^' marker.

Jul 26 11:55:18.498: %HA_EM-6-LOG: SHUTDOWN_LO1 : DEBUG(cli_lib) : : OUT :

Jul 26 11:55:18.498: %HA_EM-6-LOG: SHUTDOWN_LO1 : DEBUG(cli_lib) : : OUT : ROUTER#

Jul 26 11:55:18.498: %HA_EM-6-LOG: SHUTDOWN_LO1 : DEBUG(cli_lib) : : IN  : ROUTER#shutdown

Jul 26 11:55:18.814: %HA_EM-6-LOG: SHUTDOWN_LO1 : DEBUG(cli_lib) : : OUT : Command authorization failed.

Jul 26 11:55:18.814: %HA_EM-6-LOG: SHUTDOWN_LO1 : DEBUG(cli_lib) : : OUT :                         ^

Jul 26 11:55:18.814: %HA_EM-6-LOG: SHUTDOWN_LO1 : DEBUG(cli_lib) : : OUT : % Invalid input detected at '^' marker.

Jul 26 11:55:18.814: %HA_EM-6-LOG: SHUTDOWN_LO1 : DEBUG(cli_lib) : : OUT :

Jul 26 11:55:18.814: %HA_EM-6-LOG: SHUTDOWN_LO1 : DEBUG(cli_lib) : : OUT : ROUTER#

Jul 26 11:55:18.814: %HA_EM-6-LOG: SHUTDOWN_LO1 : DEBUG(cli_lib) : : IN  : ROUTER#exit

Jul 26 11:55:18.814: %HA_EM-6-LOG: SHUTDOWN_LO1 : DEBUG(cli_lib) : : CTL : cli_close called.

Thanks for any help.