08-17-2010 10:00 AM
Hi All,
Im trying tu use kron funcionality, but I got problem.
My config (just testing one):
kron policy-list test
cli configure terminal
cli interface Loopback 50
cli exit
kron occurrence test in 1 oneshot
policy-list test
and I get this result from debugging, command "conf t" works, but "interface loopback 50" doesnt,
it gives Kron CLI return 2
Dont somebody know, what do I do wrong?
Thanks a lot.
*Aug 17 16:57:47.423: Major 1, Minor 0
*Aug 17 16:57:47.423: Timer Event test
*Aug 17 16:57:47.423: Call parse_cmd 'configure terminal'
*Aug 17 16:57:47.423: Kron CLI return 0
'
**CLI 'configure terminal':
Enter configuration commands, one per line. End with CNTL/Z.'
*Aug 17 16:57:47.423: Major 4, Minor 7
*Aug 17 16:57:47.423: Respond to end of CLI Process
*Aug 17 16:57:47.427: Call parse_cmd 'interface Loopback 50'
*Aug 17 16:57:47.427: Kron CLI return 2
''
*Aug 17 16:57:47.431: Major 4, Minor 7
*Aug 17 16:57:47.431: Respond to end of CLI Process
*Aug 17 16:57:47.431: Call parse_cmd 'exit'
*Aug 17 16:57:47.431: Kron CLI return 0
'
**CLI 'exit':
1861_Test_VoiceGW_1 con0 is now availablePress RETURN to get started.'
*Aug 17 16:57:47.435: Major 4, Minor 7
*Aug 17 16:57:47.435: Respond to end of CLI Process
*Aug 17 16:57:47.435: Forcing Removing Occur test
*Aug 17 16:57:47.435: Removing Occur test
*Aug 17 16:57:47.435: Removing Policy Name 'test'
*Aug 17 16:57:47.435: Finished Removing Occurrence test
Solved! Go to Solution.
08-17-2010 10:35 AM
You cannot do config commands in kron. Kron only works for simple, non-interactive EXEC commands. You could use the Embedded Event Manager for this:
event manager applet add-loopback
event timer countdown time 1
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "interface loopback50"
action 4.0 cli command "end"
08-17-2010 10:35 AM
You cannot do config commands in kron. Kron only works for simple, non-interactive EXEC commands. You could use the Embedded Event Manager for this:
event manager applet add-loopback
event timer countdown time 1
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "interface loopback50"
action 4.0 cli command "end"
08-17-2010 10:56 AM
Thanks a lot, but when script gets to "conf t" command, it gives back
cli_close called
cannot there be a problem with some authorization of command?
Can I solve it with tacacs authorization?
Thanks
08-17-2010 01:13 PM
What version of IOS do you have? What does your device prompt look like?
08-17-2010 03:36 PM
Hi, it is IOS 15.1(1)T, platform Cisco 1861
device prompt is this:
1861_Test_VoiceGW_1#
08-17-2010 11:22 PM
If you are using AAA command authorization, add the following config command:
event manager session cli username USER
Where USER is a username authorized to run all of the CLI commands in your EEM policies.
08-18-2010 07:41 AM
Hi, thanks but my tacacs somehow doesnt want to accept authorization requests (it gives invalid tacacs packet...) even if command "event manager session cli username" is there. But it works because of "if-authenticated" rule in aaa policy, which is second rule after tacacs authentication.
To be honest, I dont understand how router can perform these commands, even if it doesnt ask for any authentication (at least no authentication request is visible in ACS log) It probably uses authentication of user who originaly set timer for action... and because of "if-authenticated" rule it executes commands.
08-18-2010 09:06 AM
EEM doesn't do any authentication. If authorization is configured, it will use that, but you never need passwords for EEM. Authentication is assumed since the policy was configured on the device.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide