Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1113
Views
0
Helpful
1
Replies

Prevent "no" Under a Particular Interface

jasocole09
Level 1
Level 1

‎03-17-2015 03:10 PM

I want to figure out how I can use EEM to prevent all users from running a "no" command on a particular interface.

 

Normally I would right something like:

event manager applet PREVENT-POLICY-MAP-REMOVAL
event cli pattern "no *" sync no skip yes
action 1.0 syslog msg "DO NOT REMOVE A SERVICE POLICIES FROM THIS PORT"

 

 

 

However, this would prevent the command under all configuration modes.  I just want the EEM script to protect a single ethernet port.  Without using AAA authorization (local privileges) or TACACS authorization, how could I do this?

 

Labels:
0 Helpful
1 Reply 1

Dan Frey
Cisco Employee
Cisco Employee

‎03-17-2015 07:12 PM

Try this applet to block "no commands" under the interface.

event manager applet cmd
 event cli pattern "no *" mode "interface" enter
 action 1.0 syslog msg "NO Commands not allowed under interface mode"
 action 2.0 set _exit_status "0"

 

0 Helpful
Customers Also Viewed These Support Documents