Solved: Hi,

CSCO12103188 · ‎02-10-2017

Hi,

Im trying to do some autoconfiguration with my Cisco 1841, using a dhcp/tftp server and EEM applet + tcl script.

DHCP/tftp server part is working but when the router downloads the configuration with EEM configuration, it fails on "cli command" line and times out. I have seen examples where the "authorization bypass" is used after applet declaration but my IOS doesnt seem to support that command, using (C1841-ADVIPSERVICESK9-M), Version 12.4(22)T.

event manager applet staging
event syslog pattern "hostname-confg" maxrun 900
action 001 syslog msg "Starting applet staging"
action 003 cli command "enable"
action 005 cli command "config t"
action 007 cli command "file prompt quiet"
action 009 cli command "end"
action 011 cli command "mkdir flash:scripts"
action 013 cli command "copy tftp://192.168.99.1/script/script.tcl flash:scripts"
action 015 cli command "config t"
action 017 cli command "event manager directory user policy flash:scripts"
action 019 cli command "event manager policy script.tcl"
action 021 cli command "end"
action 023 publish-event sub-system 798 type 1 arg1 "BOOT"
!

The EEM template will write "Starting applet staging" to the log but then it just hangs. If I do a event none applet and run manually, it works.

Could there be something wrong with my line vty config?

username cisco

event manager session cli username "cisco"

line vty 0 4
privilege level 15
login

Thanks

Oscar Bengtsson

Joe Clarke · ‎02-13-2017

The way this applet was designed is to get pushed from TFTP as part of autoinstall. So the device should be booted enough for EEM to work. That said, the original design of this applet was to use a countdown timer with a value of 1 (second). I changed this because I found some switches shipped without the timer ED. So your use of a countdown should be fine.

In terms of debugging, this may be a chicken and the egg problem. So I think you might need a countdown.

View solution in original post

CSCO12103188 · ‎02-10-2017

Found out that if I use a countdown instead of syslog trigger everything works fine.

Maybe the router is not "ready" for EEM-CLI when it firsts see the autoinstall log message and bugs out.

Do you have any other tips? Doesn't feel very safe to use a timer, what if there is a very slow router thats going to use this script and doesn't become "ready"....

Joe Clarke · ‎02-12-2017

Looks like you are using my bootstrap applet example. I'm not sure what you mean by "it hangs," though. If you're able to login before it runs, enable "debug event manager action cli" to see why the CLI commands are not being executed.

If you're truly using this for zero-touch provisioning, then AAA shouldn't be a factor.

CSCO12103188 · ‎02-12-2017

Hi,

What i mean by it hangs is that only the first syslog message is generated (first line in EEM applet). Then nothing happens and "show event manager policy active" says its running.

How can I start a debug during autoinstall? I tried to enable asap but did not generate anything.

Joe Clarke · ‎02-13-2017

The way this applet was designed is to get pushed from TFTP as part of autoinstall. So the device should be booted enough for EEM to work. That said, the original design of this applet was to use a countdown timer with a value of 1 (second). I changed this because I found some switches shipped without the timer ED. So your use of a countdown should be fine.

In terms of debugging, this may be a chicken and the egg problem. So I think you might need a countdown.

CSCO12103188 · ‎02-13-2017

Hi,

I will run with a 30 sec countdown then, should be fine for most models I guess.

Thanks for you help and examples!

Problem with applet and "cli command"