Clearing NAT Tables using EEM

d.poppleton · ‎08-10-2021

I have this configuration:

event manager applet clear_nat_1
event track 1 state any maxrun 40
action 1.0 wait 35
action 2.0 cli command "enable"
action 3.0 cli command "clear ip nat trans *"
action 4.0 syslog msg "WAN Failover, cleared NAT"

I have the maxrun and wait because we have this:

track 1 ip sla 1 reachability
delay down 30 up 30

The problem is that it isn't actually clearing the NAT. What am I missing?

Georg Pauwen · ‎08-10-2021

Hello,

is the script running at all ? What does the IP SLA do ?

If possible, post the full configuration of your router...

d.poppleton · ‎08-12-2021

The IP SLA tracks the availability of the head end device via ping. The script is running just fine, here are logs:

Aug 6 13:02:45.731 CDT: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.12.252.1 (Tunnel0) is down: holding time expired
Aug 6 13:03:10.824 CDT: %TRACK-6-STATE: 1 ip sla 1 reachability Up -> Down
Aug 6 13:03:23.269 CDT: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.12.252.1 (Tunnel0) is up: new adjacency
Aug 6 13:03:45.872 CDT: %PARSER-5-CFGLOG_LOGGEDCMD: User:unknown user logged command:!exec: enable
Aug 6 2021 13:03:46.188 CDT: %HA_EM-6-LOG: clear_nat_1: WAN Failover, cleared NAT
Aug 6 13:03:55.859 CDT: %TRACK-6-STATE: 1 ip sla 1 reachability Down -> Up
Aug 6 13:04:30.896 CDT: %PARSER-5-CFGLOG_LOGGEDCMD: User:unknown user logged command:!exec: enable
Aug 6 2021 13:04:31.218 CDT: %HA_EM-6-LOG: clear_nat_1: WAN Failover, cleared NAT

Note that it never mentions clearing the NAT, beyond the programmed syslog message.

Georg Pauwen · ‎08-12-2021

Hello,

odd. Can you debug with the below command:

debug event manager action cli

and post the output ?

SAMEHELSAMMAK · ‎10-08-2021

try this

event manager applet clear_nat_1 authorization bypass

event track 1 state any maxrun 40
action 1.0 wait 35
action 2.0 cli command "enable"
action 3.0 cli command "clear ip nat trans *"
action 4.0 syslog msg "WAN Failover, cleared NAT"