Thanks heaps for the quick

nmcnair22 · ‎10-02-2014

I have EEM applets running on a large number of routers in my environment and it works fine everywhere..However I have a handful of routers where it's failing to execute and I have figured out whats causing it but dont understand why the router wont recognize the command (routers are all 881s with 15.2(2)T2). the issue is that the enable command is not recognized..Here is the applet (I created a test version of the original to debug):

event manager applet DOWN_TEST
event none
action 1.0 cli command "enable"
action 1.1 cli command "config t"
action 1.2 cli command "interface Tunnel0"
action 1.3 cli command "tunnel source Dialer0"
action 1.4 cli command "do clear cry isa"
action 1.5 syslog msg "Primary connection is DOWN"

and here is the debug output:

Oct 2 18:55:09.734: %HA_EM-6-LOG: DOWN_TEST : DEBUG(cli_lib) : : OUT : EPL_5386_Los_Angeles_CA>
Oct 2 18:55:09.734: %HA_EM-6-LOG: DOWN_TEST : DEBUG(cli_lib) : : IN : EPL_5386_Los_Angeles_CA>enable
Oct 2 18:55:09.758: %HA_EM-6-LOG: DOWN_TEST : DEBUG(cli_lib) : : OUT : Translating "enable"
Oct 2 18:55:09.758: %HA_EM-6-LOG: DOWN_TEST : DEBUG(cli_lib) : : OUT :
Oct 2 18:55:09.758: %HA_EM-6-LOG: DOWN_TEST : DEBUG(cli_lib) : : OUT : % Bad IP address or host name
Oct 2 18:55:09.758: %HA_EM-6-LOG: DOWN_TEST : DEBUG(cli_lib) : : OUT : % Unknown command or computer name, or unable to find computer address
Oct 2 18:55:09.758: %HA_EM-6-LOG: DOWN_TEST : DEBUG(cli_lib) : : OUT : EPL_5386_Los_Angeles_CA>
Oct 2 18:55:09.758: %HA_EM-6-LOG: DOWN_TEST : DEBUG(cli_lib) : : IN : EPL_5386_Los_Angeles_CA>config t
Oct 2 18:55:09.778: %HA_EM-6-LOG: DOWN_TEST : DEBUG(cli_lib) : : OUT : ^
Oct 2 18:55:09.778: %HA_EM-6-LOG: DOWN_TEST : DEBUG(cli_lib) : : OUT : % Invalid input detected at '^' marker.
Oct 2 18:55:09.778: %HA_EM-6-LOG: DOWN_TEST : DEBUG(cli_lib) : : OUT :
Oct 2 18:55:09.778: %HA_EM-6-LOG: DOWN_TEST : DEBUG(cli_lib) : : OUT : EPL_5386_Los_Angeles_CA>
Oct 2 18:55:09.778: %HA_EM-6-LOG: DOWN_TEST : DEBUG(cli_lib) : : IN : EPL_5386_Los_Angeles_CA>interface Tunnel0
Oct 2 18:55:09.798: %HA_EM-6-LOG: DOWN_TEST : DEBUG(cli_lib) : : OUT : ^
Oct 2 18:55:09.798: %HA_EM-6-LOG: DOWN_TEST : DEBUG(cli_lib) : : OUT : % Invalid input detected at '^' marker.
Oct 2 18:55:09.798: %HA_EM-6-LOG: DOWN_TEST : DEBUG(cli_lib) : : OUT :
Oct 2 18:55:09.798: %HA_EM-6-LOG: DOWN_TEST : DEBUG(cli_lib) : : OUT : EPL_5386_Los_Angeles_CA>
Oct 2 18:55:09.798: %HA_EM-6-LOG: DOWN_TEST : DEBUG(cli_lib) : : IN : EPL_5386_Los_Angeles_CA>tunnel source Dialer0
Oct 2 18:55:09.818: %HA_EM-6-LOG: DOWN_TEST : DEBUG(cli_lib) : : OUT : ^
Oct 2 18:55:09.822: %HA_EM-6-LOG: DOWN_TEST : DEBUG(cli_lib) : : OUT : % Invalid input detected at '^' marker.
Oct 2 18:55:09.822: %HA_EM-6-LOG: DOWN_TEST : DEBUG(cli_lib) : : OUT :
Oct 2 18:55:09.822: %HA_EM-6-LOG: DOWN_TEST : DEBUG(cli_lib) : : OUT : EPL_5386_Los_Angeles_CA>
Oct 2 18:55:09.822: %HA_EM-6-LOG: DOWN_TEST : DEBUG(cli_lib) : : IN : EPL_5386_Los_Angeles_CA>do clear cry isa
Oct 2 18:55:09.842: %HA_EM-6-LOG: DOWN_TEST : DEBUG(cli_lib) : : OUT : ^
Oct 2 18:55:09.842: %HA_EM-6-LOG: DOWN_TEST : DEBUG(cli_lib) : : OUT : % Invalid input detected at '^' marker.
Oct 2 18:55:09.842: %HA_EM-6-LOG: DOWN_TEST : DEBUG(cli_lib) : : OUT :
Oct 2 18:55:09.842: %HA_EM-6-LOG: DOWN_TEST : DEBUG(cli_lib) : : OUT : EPL_5386_Los_Angeles_CA>
Oct 2 18:55:09.842: %HA_EM-6-LOG: DOWN_TEST: Primary connection is DOWN
Oct 2 18:55:09.842: %HA_EM-6-LOG: DOWN_TEST : DEBUG(cli_lib) : : CTL : cli_close called.

So the "enable" command does not seem to be recognized..I have never had this issue before. Anyone know how to resolve this?

Joe Clarke · ‎10-08-2014

Chances are you're getting privilege level 0 when you enter a VTY and you're doing command authorization. Make sure you have configured "event manager session cli username USER" where USER is a username authorized to run all CLI commands.

olaf.debree · ‎11-24-2015

Hi Joe,

I'm hoping you are able to help me?

I am having a similar issue to the above (same device) except that I’m using autoinstall based on your Live 2014 blog so the router config is minimal.

The router autoinstall works fine but the EEM script bombs out with the following error...

*Nov 24 23:14:25.627: %HA_EM-3-FMPD_CLI_CONNECT: Unable to establish CLI session : 'Embedded Event Manager' detected the 'fatal' condition 'timeout error'

Worst yet I am unable to debug due to the autoinstall process and if I replace the event pattern with "none" once the router has booted and exec the script manually I get no issues.

Script is as follows

event manager session cli username "eem"
event manager applet bootstrap
event syslog pattern "base.cfg" maxrun 900
action 001 syslog msg "EEM config script started...."
action 002 cli command "enable"
action 003 cli command "debug event manager action cli"
action 004 cli command "config t"
action 005 cli command "file prompt quiet"
action 006 cli command "end"
action 007 cli command "exit"
action 008 cli command "mkdir flash:policies"
action 009 syslog msg "EEM config script finished...."
!
end

I have tried adding various config to the router

EG: enable password and username with eem username but the issue persists

IOS version is Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 15.2(4)M5

You help would be greatly appreciated

Many thanks

Olaf

Joe Clarke · ‎11-25-2015

I haven't tried this with routers yet. It could be the VTY subsystem hasn't been initialized yet. Try changing the syslog event to a timer event. This is what I used originally, but there was a bug in 15.2E code where the timer ED was missing.

event timer countdown time 5

olaf.debree · ‎11-25-2015

Thanks heaps for the quick feedback Joe and it looks like your correct on the VTY subsys

I added a "wait 30" action and the EEM script is running nicely.

Thanks again!!

The enable command not working in an EEM applet