Solved: Still no luck :(After this

CiscoBill101 · ‎10-11-2013

Hi,

Would really appreciate some assistance in what I 'thought' is a simple task

This is what I want to do via TCL / EEM :

1.) Enumerate all interfaces on the switch or just query the running config

2.) Query each interface config

3.) If the interface config doesn't contain the sting 'authentication port-control auto' - send an email with the resulting interface name etc

I'm starting to lose my mind trying to do this

Thanks and regards,

Bill

Joe Clarke · ‎10-13-2013

This applet assumes EEM 3.0. If you're IOS version is less than 12.4(22)T, then go to http://www.marcuscom.com/convert_applet to convert it into an EEM Tcl policy (note: this is not a tclsh script). Then you can register it as an EEM Tcl policy and run it with:

event manager run POLNAME

Where POLNAME is the name of the Tcl file you used.

View solution in original post

Joe Clarke · ‎10-12-2013

Try this:

event manager applet intf-auth

event none

action 001 cli command "enable"

action 002 cli command "show ip int brie"

action 003 set output "$_cli_result"

action 004 set intfs ""

action 005 foreach line "$output" "\n"

action 006 string trim $line

action 007 set line $_string_result

action 008 string length $line

action 009 if $_string_result eq 0

action 010 continue

action 011 end

action 012 regexp "^Interface" "$line"

action 013 if $_regexp_result eq "1"

action 014 continue

action 015 end

action 016 regexp "#" "$line"

action 017 if $_regexp_result eq "1"

action 018 continue

action 019 end

action 020 regexp "^([^[:space:]]+)[[:space:]]" "$line" match intf

action 021 cli command "show run interface $intf"

action 022 regexp "authentication port-control auto" "$_cli_result"

action 023 if $_regexp_result eq "0"

action 024 append intfs " $intf"

action 025 end

action 026 end

action 027 string length "$intfs"

action 028 if $_string_result gt "0"

action 029 mail from "user@example.com" to "user@example.com" server "10.1.1.1" subject "Interfaces missing auth port-control" body "The following interfaces are missing 'auth port-control auto': $intfs"

action 030 end

CiscoBill101 · ‎10-13-2013

I just get 1 error with the above on action 004:

action 004 set intfs ""

Thanks

Joe Clarke · ‎10-13-2013

This applet assumes EEM 3.0. If you're IOS version is less than 12.4(22)T, then go to http://www.marcuscom.com/convert_applet to convert it into an EEM Tcl policy (note: this is not a tclsh script). Then you can register it as an EEM Tcl policy and run it with:

event manager run POLNAME

Where POLNAME is the name of the Tcl file you used.

CiscoBill101 · ‎10-14-2013

Thanks - doesn't seem to run

#show event manager history events detailed

No. Job Id Proc Status Time of Event Event Type Name

1 1 Actv abort Mon Oct14 10:38:36 2013 none applet: intf-auth

argc 0

CiscoBill101 · ‎10-14-2013

It works fine on a switch with 12 interfaces but doesn't on a switch with 48 interfaces.

Could this be a timeout etc ?

Thanks

CiscoBill101 · ‎10-14-2013

Event none maxrun 900 :-)

Thanks for your help Joseph.

Joshuskarki · ‎06-19-2015

Today I tired this config on my Cat3850, stack of 4 but it didn't work. EEM version is 3.20 :(

I received the email from switch ("The following interfaces are missing 'auth port-control auto': Command"), but there's no interfaces which do not have port-control enabled.

Has anybody tried this configure before and worked for you?

Joe Clarke · ‎06-21-2015

You probably need to change action 002 to:

action 002 "show ip int brief | inc Ethernet"

Joshuskarki · ‎06-22-2015

Still no luck :(

After this change, the email has stopped coming as well. The event history shows success though.

9 12 Actv success Mon Jun22 10:59:48 2015 none applet: intf-auth
10 13 Actv success Mon Jun22 11:00:32 2015 none applet: intf-auth

Is there anything that you could think of and make it successful? Sorry, my knowledge is little on EEM.

Thanks!

/j

Joshuskarki · ‎06-22-2015

Still no luck :(

After this change, the email has stopped coming as well. The event history shows success though.

9 12 Actv success Mon Jun22 10:59:48 2015 none applet: intf-auth
10 13 Actv success Mon Jun22 11:00:32 2015 none applet: intf-auth

Is there anything that you could think of and make it successful? Sorry, my knowledge is little on EEM.

Thanks!

/j

Joe Clarke · ‎06-22-2015

Right, it's working now. You said all your interfaces already have "authentication port-control auto" on them, so now that the policy only looks at Ethernet interfaces, you shouldn't see any email. You would need to have at least one Ethernet interface that does not have the config "authentication port-control auto" on it in order to see the email.

Joshuskarki · ‎06-22-2015

I was actually debugging the eem event recently and found:

Jun 22 11:33:24.071 PDT: %HA_EM-6-LOG: intf-auth : DEBUG(cli_lib) : : IN : xx-sw01#enable
Jun 22 11:33:24.289 PDT: %HA_EM-6-LOG: intf-auth : DEBUG(cli_lib) : : OUT : Command authorization failed.

Jun 22 11:33:24.289 PDT: %HA_EM-6-LOG: intf-auth : DEBUG(cli_lib) : : OUT :

After noticing this failure on the debug output, I went ahead and bypassed AAA authorization for the policy. Now I am receiving the email with list of interfaces that do not have a port-control auto enabled :)

Thanks a lot for your help! Your script works amazingly!

/j

jmadore@gmail.com · ‎01-29-2020

This was a great find for me. Its a common problem for staff members to disable authentication and never turn it back on.

Anyhow,

When I execute this, it matches every interface. The only thing I see that might be wrong is I get command authorization failure even with enable.

Debugging: Can't copy paste here sorry.

#show ip int brie | inc Ethernet

Command works

#show run interface GigabitEthernet0/2

Command authorization failed

Thanks all

jmadore@gmail.com · ‎01-29-2020

I sorted it out. The fix was (config)#event manager session cli username USER.

Query all interfaces