06-20-2014 10:12 AM
Hello experts,
I need assistance to validate the following script:
!
track 100 ip sla 99 reachability
delay down 10 up 60
!
ip sla 99
icmp-echo X.X.X.X source-interface X
frequency 10
ip sla schedule 99 life forever start-time now
!
event manager environment interface_to_shut interface X
event manager applet shut_some_interface
event track 100 state down
action 0 cli command "conf t"
action 1 cli command "$interface_to_shut"
action 2 cli command "shut"
action 3 cli command "end"
action 4 syslog priority errors msg "X.X.X.X unpingable; shutting down $interface_to_shut"
!
The idea is shutdown the interface when the device loses connectivity with the neighbor in order to start the communication with the failover link; also I want to know what are the considerations to use TACACS+ authentication with EEM.
Thanks in advance for the support.
Regards.
Solved! Go to Solution.
06-21-2014 12:33 PM
This will certainly shutdown the interface, but how will it recover? If you shutdown the source interface for your IPSLA collector, then the collector will never come back up, and thus the interface will never recover. This assumes, of course, that interface X is the same throughout.
As for AAA authentication, EEM doesn't do anything with authentication. It does, however, care about authorization. If you are using AAA command authorization, then make sure you configure "event manager session cli username USER" where USER is a username authorized to run all of the CLI commands in your EEM policies.
06-21-2014 12:33 PM
This will certainly shutdown the interface, but how will it recover? If you shutdown the source interface for your IPSLA collector, then the collector will never come back up, and thus the interface will never recover. This assumes, of course, that interface X is the same throughout.
As for AAA authentication, EEM doesn't do anything with authentication. It does, however, care about authorization. If you are using AAA command authorization, then make sure you configure "event manager session cli username USER" where USER is a username authorized to run all of the CLI commands in your EEM policies.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide