ā02-27-2012 11:01 PM
Hello !
There is an Access Server and other devices connected to it via reverse telnet (console cables from access server).
I want to execute TCL command on the Access Server that would run TCL script on the router.
I think the way to achieve this is a TCL script with a send command from the Access Server. The problem is to put that "send" command in the TCL script , because we need to press Ctrl+z at the end (when we want to execute that send command).
Is this possible?
Solved! Go to Solution.
ā03-11-2012 11:39 AM
The error must have changed if you have properly registered the new script. The function "cli_open" is no longer used. However, there was a typo related to the Control+Z. This new script fixes that.
ā03-13-2012 11:52 AM
Ah, that's the problem! It's your menu. You need to remove the menu from at leats the first VTY line. For example, try this:
line vty 0
transport input none
no autocommand menu switch
ā03-14-2012 11:39 AM
EEM doesn't do authentication. It only does authorization. Try configuring:
event manager session cli username cisco
Then see if the policy runs.
ā03-25-2012 10:45 AM
You need to be enabled to run "event manager run". Your menu is at privilege 0, so it cannot run.
ā02-29-2012 01:05 AM
I don't quite understand what you want to do. The send EXEC command will not send a remote command on a TTY line. It sends a message (i.e., data as opposed to code). Is that what you want to do, or do you want to execute a command on a device connected to the comm server?
ā03-02-2012 02:21 AM
I tested this on AccessServer and Switch:
On switch there is tcl script saved into his flash memory:
tclsh
puts [open "flash:default-config.tcl" w+] {
typeahead "\r"
ios_config āhostname TCLRouterā
}
On access server :
AS_2511#send tty 11
Enter message, end with CTRL/Z; abort with CTRL/C:
tclsh default-config.tcl
^Z
Send message? [confirm]
AS_2511#
And on Switch we can see:
Rack1SW1#tclsh default-config.tcl
TCLRouter#
TCLRouter#
So I want to know, how to write tcl script for the send command. I want to put these AccessServer commands into TCL script, and run it without typing "send" command ( I want to use just "alias shortcut" to run this script from the AccessServer )
ā03-02-2012 02:48 PM
Ah, I get it now. You want to send data across a no-exec line to be interpreted on an async-connected device. This is doable, but not with tclsh. You can use EEM Tcl to do this.
Here is a rough EEM Tcl policy that will send the message:
::cisco::eem::event_register_none
namespace import ::cisco::eem::*
namespace import ::cisco::lib::*
array set cli [cli_open]
cli_exec $cli(fd) "enable"
cli_write $cli(fd) "send tty 11\r"
cli_read_pattern $cli(fd) "Enter message"
cli_write $cli(fd) "This is a test\r^Z"
cli_read_pattern $cli(fd) "Send message"
cli_exec $cli(fd) "\r"
cli_close $cli(fd) $cli(tty_id)
That ^Z at the end is produced by doing Control+V then Control+Z.
ā03-07-2012 12:22 PM
Thank you Joseph
Trying to implement this...
I'm not so familar with EEM Tcl :} But I hope I can solve this somehow ...
ā03-07-2012 12:42 PM
Save this file as no_send_msg.tcl and copy it to flash. Configure the following:
event manager directory user policy flash:
event manager policy no_send_msg.tcl
Then, from EXEC mode, run:
event manager run no_send_msg.tcl
ā03-08-2012 01:45 AM
Thank you Joseph for the information.
I got an error after using all the commands.
AccessServer#copy tftp://172.16.83.55/EEM.tcl flash:
AccessServer(config)#event manager directory user policy flash:
AccessServer(config)#event manager policy EEM.tcl
AccessServer#event manager run EEM.tcl
error reading the first prompt: Process Forced Exit
while executing
"cli_open"
invoked from within
"$slave eval $Contents"
(procedure "eval_script" line 7)
invoked from within
"eval_script slave $scriptname"
invoked from within
"if {$security_level == 1} { #untrusted script
interp create -safe slave
interp share {} stdin slave
interp share {} stdout slave
..."
(file "tmpsys:/lib/tcl/base.tcl" line 50)
Tcl policy execute failed: error reading the first prompt: Process Forced Exit
Tcl policy execute failed: error reading the first prompt: Process Forced Exit
Maybe I need to delete that base.tcl script from my Router?
ā03-10-2012 09:23 PM
ā03-11-2012 01:27 AM
With the script above I got exactly same error as without using it.
I just edited EEM.tcl file and uploaded that script to the AccessServer. Did I miss something?
ā03-11-2012 08:51 AM
You need to reregister the script to incorporate the changes:
no event manager policy no_send_msg.tcl
event manager policy no_send_msg.tcl
ā03-11-2012 11:33 AM
Thank you Joseph, but I got the same error again, ( I reregister policy and directory ) IOS thinks that this is an untrusted script?
ā03-11-2012 11:39 AM
ā03-12-2012 03:22 AM
There is an error:
AccessServer#event manager run EEM.tcl
error reading the first prompt: Process Forced Exit
while executing
"my_cli_open"
invoked from within
"$slave eval $Contents"
(procedure "eval_script" line 7)
invoked from within
"eval_script slave $scriptname"
invoked from within
"if {$security_level == 1} { #untrusted script
interp create -safe slave
interp share {} stdin slave
interp share {} stdout slave
..."
(file "tmpsys:/lib/tcl/base.tcl" line 50)
Tcl policy execute failed: error reading the first prompt: Process Forced Exit
Tcl policy execute failed: error reading the first prompt: Process Forced Exit
As you mentioned before, not with "cli_open" but now with "my_cli_open" :/
ā03-12-2012 12:12 PM
Hmmm, I take it your prompt is not "AccessServer". What is your actual device prompt? What is the full hostname of the router (i.e., what is the argument to the "hostname" command)?
ā03-12-2012 12:21 PM
Also, do you have a banner configured? Can you provide the output seen when you enable "debug event manager tcl cli" then trigger your policy?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide