Solved: EEM Script not executing against IPSLA Tracking

venom43212 · ‎06-16-2017

Trying to use the below to remove PBR from SVIs on 4500X, 03.08.04.E, entservices when the IP being tracked fails to respond. Works fine on one 4500X, same mode, license, and version. Trying to run it on another 4500X I just brought up, and the EEM script will not kick in when the tracking fails; still shows the route-maps under the SVIs. The event the EEM applet is looking for shows in the logs too. Opened a case with TAC, but they state they support IPSLA, but not EEM, I don't think it's the EEM though. Don't see anything in the debugs for IPSLA either when testing. Any thoughts? Thanks in advance.

vrf definition BLAH
!
address-family ipv4
exit-address-family
!
ip sla 1
icmp-echo 8.8.8.8 source-ip 192.168.105.1
vrf BLAH
!
track 1 ip sla 1 reachability
delay up 10
!
ip sla schedule 1 life forever start-time now
!
========================================================
interface Vlan100
ip address 192.168.100.1 255.255.254.0
ip policy route-map VLAN100-PBR <-POLICY TO REMOVE/ADD Back
end
!
interface Vlan102
ip address 192.168.102.1 255.255.254.0
ip policy route-map VLAN102-PBR <-POLICY TO REMOVE/ADD Back
end
!
interface Vlan105
vrf forwarding BLAH
ip address 192.168.105.1 255.255.255.252 <- TRACKING SOURCE
end
========================================================

event manager applet DOWN
event syslog pattern "%TRACK-6-STATE: 1 ip sla 1 reachability Up -> Down"
action 1.0 cli command "enable"
action 2.1 cli command "configure terminal"
action 2.2 cli command "interface Vlan100"
action 2.3 cli command "no ip policy route-map VLAN100-PBR"
action 2.4 cli command "interface Vlan102"
action 2.5 cli command "no ip policy route-map VLAN102-PBR"
!
event manager applet UP
event syslog pattern "%TRACK-6-STATE: 1 ip sla 1 reachability Down -> Up"
action 1.0 cli command "enable"
action 2.1 cli command "configure terminal"
action 2.2 cli command "interface Vlan100"
action 2.3 cli command "ip policy route-map VLAN100-PBR"
action 2.4 cli command "interface Vlan102"
action 2.5 cli command "ip policy route-map VLAN102-PBR"
!
========================================================

From log when testing:

*Jun 15 20:29:56.831: %TRACK-6-STATE: 1 ip sla 1 reachability Up -> Down
*Jun 15 20:30:41.828: %TRACK-6-STATE: 1 ip sla 1 reachability Down -> Up

Console logging: level notifications

Monitor logging: level warnings

Buffer logging: level informational

Joe Clarke · ‎06-16-2017

My guess is EEM is working, but perhaps this switch has a AAA policy that is not allowing the CLI commands to run. Check "show event manager history events" to see if the policy is running, and the output of "debug event manager action cli" to see what is going on with the CLI commands.

View solution in original post

Joe Clarke · ‎06-16-2017

My guess is EEM is working, but perhaps this switch has a AAA policy that is not allowing the CLI commands to run. Check "show event manager history events" to see if the policy is running, and the output of "debug event manager action cli" to see what is going on with the CLI commands.

venom43212 · ‎06-16-2017

Thanks, Joe - you rock. That was exactly it.

*Jun 16 10:02:07.548: %HA_EM-6-LOG: INET-Down : DEBUG(cli_lib) : : IN : HOSTNAME>enable
*Jun 16 10:02:07.961: %HA_EM-6-LOG: INET-Down : DEBUG(cli_lib) : : OUT : Command authorization failed

Much appreciated.