Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
294
Views
0
Helpful
2
Replies

Embedded Event Manager for drop duplicate mac address not working

tbkspb
Level 1
Level 1

‎10-24-2023 03:44 AM

Hi all,

I'm making EEM script to drop MAC address duplicate in syslog.

If syslog msg "%IP-4-DUPADDR: Duplicate address  .... " => Drop MAC address by EEM script in my Cisco device.

- Model: WS-C3560X-48
- IOS verion: 15.0(2)SE10a

EEM and CLI command to config:

username admin_drop privilege 15 secret <Password>
event manager session cli username "admin_drop"
event manager applet Drop_MacAddr
event syslog pattern "%IP-4-DUPADDR: Duplicate address*"
action 1 cli command "enable"
action 2 cli command "config t"
action 3 regexp "on Vlan([0-9]+)" "$_syslog_msg" match vlan
action 4 regexp "sourced by ([a-f0-9]+\.[a-f0-9]+\.[a-f0-9]+)" "$_syslog_msg" match mac
action 5 puts "Duplicate MAC Addr: $mac of Vlan$vlan"
action 6 cli command "mac address-table static $mac vlan $vlan drop"
action 7 syslog msg "--> Applied Drop Duplicate MAC Adress: $mac of Vlan$vlan"
action 8 cli command "end"
action 9 cli command "write"

Testing with sending a syslog msg:

Switch_L3#send log %IP-4-DUPADDR: Duplicate address 192.168.123.10 on Vlan555, sourced by 1234.5678.abcd

After that check log but there is problem. This is debug log:

%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : CTL : cli_open called.
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT : <banner motd>
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT : Switch_L3>
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : IN : Switch_L3>enable
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT : Translating "enable"
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT : % Unknown command or computer name, or unable to find computer address
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT : Switch_L3>
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : IN : Switch_L3>config t
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT : ^
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT : % Invalid input detected at '^' marker.
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT :
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT : Switch_L3>
%HA_EM-6-LOG: Drop_MacAddr: Duplicate MAC Addr: 1234.5678.abcd of Vlan555
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : IN : Switch_L3>mac address-table static 1234.5678.abcd vlan 555 drop
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT : ^
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT : % Invalid input detected at '^' marker.
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT :
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT : Switch_L3>
%HA_EM-6-LOG: Drop_MacAddr: --> Applied Drop Duplicate MAC Adress: 1234.5678.abcd of Vlan555
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : IN : Switch_L3>end
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT : Translating "end"
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT : % Unknown command or computer name, or unable to find computer address
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT : Switch_L3>
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : IN : Switch_L3>write
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT : Translating "write"
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT : % Unknown command or computer name, or unable to find computer address
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : OUT : Switch_L3>
%HA_EM-6-LOG: Drop_MacAddr : DEBUG(cli_lib) : : CTL : cli_close called.
tty is now going through its death sequence

It seems username problem (already priv 15 level) and error from command "enable". I tried some other changes but still not work.

Please help me with problem. Thank you so much.

Labels:
0 Helpful
2 Replies 2

marce1000
VIP
VIP

‎10-24-2023 04:39 AM

 

 - You could also try to use a logging discriminator :
              https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/esm/configuration/xe-16-5/esm-xe-16-5-book/reliable-del-filter.html#GUID-87920FBF-24C3-4D50-801F-1E0FAAFE7297

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

tbkspb
Level 1
Level 1
In response to marce1000

‎10-24-2023 06:41 PM

Thanks @marce1000 for your suggestion.

The problem is privilege level to config. Today, I try to change and EEM working now:

Before: privilege exec level 10 enable  (username not working with "enable" commands although already 15 level configured)

After: no privilege exec level 10 enable (working). But all usernames (priv level 0 to 15, can type "enable" to enter mode configuration ~~. May I fix this? 

Thank you.

0 Helpful
Customers Also Viewed These Support Documents