EEM script not getting into "enable" mode

manish chandela · ‎11-21-2015

Hi All,

I am having issues running my EEM script. The script is used to edit the prefix-list, based on the packets received at the interface.

When I run the debug, I see that the script is indeed triggered but unable to get into the "enable" mode. Any idea?

002261: Nov 21 22:28:44.972 CST: Name-Value Pair: Name=(tcl) Value=(xos_if_type)
002262: Nov 21 22:28:44.972 CST: Pushing tag <fh_var> on to stack
002263: Nov 21 22:28:44.972 CST: open tag is <fh_var>
002264: Nov 21 22:28:44.972 CST: Popping tag <fh_var> off stack
002265: Nov 21 22:28:44.972 CST: close tag is </fh_var>
002266: Nov 21 22:28:44.972 CST: Name-Value Pair: Name=(pdir) Value=(_if_short)
002267: Nov 21 22:28:44.972 CST: Name-Value Pair: Name=(tcl) Value=(if_short)
002268: Nov 21 22:28:44.972 CST: Pushing tag <fh_var> on to stack
002269: Nov 21 22:28:44.972 CST: open tag is <fh_var>
002270: Nov 21 22:28:44.972 CST: Popping tag <fh_var> off stack
002271: Nov 21 22:28:44.972 CST: close tag is </fh_var>
002272: Nov 21 22:28:44.973 CST: EEM: policy_dir xml builtin: name:_event_type value:71
002273: Nov 21 22:28:44.973 CST: EEM: policy_dir xml builtin: name:_event_type_string value:interface
002274: Nov 21 22:28:44.973 CST: EEM: policy_dir xml builtin: name:_event_severity value:severity-normal
002275: Nov 21 22:28:44.973 CST: EEM: policy_dir xml builtin: name:_interface_name value:GigabitEthernet0/0/5
002276: Nov 21 22:28:44.973 CST: EEM: policy_dir xml builtin: name:_interface_parameter value:receive_rate_pps
002277: Nov 21 22:28:44.973 CST: EEM: policy_dir xml builtin: name:_interface_is_increment value:FALSE
002278: Nov 21 22:28:44.973 CST: EEM: policy_dir xml builtin: name:_interface_value value:1221
002279: Nov 21 22:28:44.973 CST: EEM: policy_dir xml builtin: name:_interface_delta_value value:-7
002280: Nov 21 22:28:44.973 CST: EEM: policy_dir xml builtin: name:_interface_exit_event value:0
002281: Nov 21 22:28:44.973 CST: EEM: policy_dir xml builtin: name:_if_xos_if_handle value:13
002282: Nov 21 22:28:44.973 CST: EEM: policy_dir xml builtin: name:_if_xos_if_type value:6
002283: Nov 21 22:28:44.973 CST: EEM: policy_dir xml builtin: name:_if_short value:Gi0/0/5
002284: Nov 21 22:28:44.973 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : CTL : cli_open called.
002285: Nov 21 22:28:44.975 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT : C
002286: Nov 21 22:28:44.975 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT : ***********************************************************
002287: Nov 21 22:28:44.975 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT : Property
002288: Nov 21 22:28:44.975 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT : Location:
002289: Nov 21 22:28:44.975 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT : Model: Cisco ASR 1002
002290: Nov 21 22:28:44.975 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT : BGP
002291: Nov 21 22:28:44.975 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT : Cisco
002292: Nov 21 22:28:44.975 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT : Ci -
002293: Nov 21 22:28:44.975 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT : Ci
002294: Nov 21 22:28:44.975 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT : ***********************************************************
002295: Nov 21 22:28:44.975 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT :
002296: Nov 21 22:28:44.975 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT : ASR1002-INET>
002297: Nov 21 22:28:44.975 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : IN :ASR1002-INET>enable
002298: Nov 21 22:28:44.976 CST: cli_history_entry_add: free_hist_list size=0, hist_list size=7
002299: Nov 21 22:28:44.976 CST: eem_no_scan flag set, skipping scan of command_string=connect enable
002300: Nov 21 22:28:44.987 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT : Translating "enable"
002301: Nov 21 22:28:44.987 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT :
002302: Nov 21 22:28:44.987 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT : % Bad IP address or host name% Unknown command or computer name, or unable to find computer address
002303: Nov 21 22:28:44.987 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT : ASR1002-INET>
002304: Nov 21 22:28:44.987 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : IN : ASR1002-INET>config t
002305: Nov 21 22:28:44.999 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT : ^
002306: Nov 21 22:28:44.999 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT : % Invalid input detected at '^' marker.
002307: Nov 21 22:28:44.999 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT :
002308: Nov 21 22:28:44.999 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT : ASR1002-INET>
002309: Nov 21 22:28:44.999 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : IN : ASR1002-INET>ip prefix-list allow-public-out seq 5 deny 0.0.0.0/0
002310: Nov 21 22:28:45.111 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT : ^
002311: Nov 21 22:28:45.111 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT : % Invalid input detected at '^' marker.
002312: Nov 21 22:28:45.111 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT :
002313: Nov 21 22:28:45.111 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT : ASR1002-INET>
002314: Nov 21 22:28:45.111 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : IN : ASR1002-INET>no ip prefix-list allow-public-out seq 10 permit x.x.x.0/24
002315: Nov 21 22:28:45.223 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT : no ip prefix-list allow-public-routes-out seq 10 permit x.x.x.0/24
002316: Nov 21 22:28:45.223 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT : ^
002317: Nov 21 22:28:45.223 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT : % Invalid input detected at '^' marker.
002318: Nov 21 22:28:45.223 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT :
002319: Nov 21 22:28:45.223 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT : ASR1002-INET>
002320: Nov 21 22:28:45.223 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : IN : ASR1002-INET>route-map allowed_out permit 10
002321: Nov 21 22:28:45.334 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT : ^
002322: Nov 21 22:28:45.334 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT : % Invalid input detected at '^' marker.
002323: Nov 21 22:28:45.334 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT :
002324: Nov 21 22:28:45.334 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT : ASR1002-INET>
002325: Nov 21 22:28:45.334 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : IN : ASR1002-INET>no set community no-export
002326: Nov 21 22:28:45.446 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT : ^
002327: Nov 21 22:28:45.446 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT : % Invalid input detected at '^' marker.
002328: Nov 21 22:28:45.446 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT :
002329: Nov 21 22:28:45.446 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT : ASR1002-INET>
002330: Nov 21 22:28:45.446 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : IN : ASR1002-INET>end
002331: Nov 21 22:28:45.451 CST: cli_history_entry_add: free_hist_list size=0, hist_list size=7
002332: Nov 21 22:28:45.451 CST: eem_no_scan flag set, skipping scan of command_string=connect end
002333: Nov 21 22:28:45.458 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT : Translating "end"
002334: Nov 21 22:28:45.458 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT :
002335: Nov 21 22:28:45.458 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT : % Bad IP address or host name% Unknown command or computer name, or unable to find computer address
002336: Nov 21 22:28:45.458 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT : ASR1002-INET>
002337: Nov 21 22:28:45.458 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : CTL : cli_close called.
002338: Nov 21 22:28:45.458 CST: fh_server: fh_io_ipc_msg: received msg FH_MSG_CALLBACK_DONE from client 154 pclient 1
002339: Nov 21 22:28:45.458 CST: fh_io_ipc_msg: EEM callback policy DDoS-PPS has ended with normal exit status of 0x0
002340: Nov 21 22:28:45.458 CST: EEM fms_remote_chkpt_add_event_hist(), data_len = 2984, buf_size = 2996
002341: Nov 21 22:28:45.458 CST: EEM: server decrements in use thread: jobid=151 rule id=2 in use thread=0.
002342: Nov 21 22:28:45.458 CST: fh_schedule_callback: fh_schedule_callback: cc=7F269711B368 prev_epc=7F26A243D610; epc=0
002343: Nov 21 22:28:45.458 CST: ter

Any help will be appreciated.

Many thanks

Vinit Jain · ‎11-21-2015

This issue could be due to the privilege level of the user when you are running the EEM script. You might be getting privilege level 0 and performing command authorization. Could you please configure "event manager session cli username <usr>" where usr is the username which is authorized to get into enable mode and run the commands that you are trying to run.

Hope this helps

Regards

Vinit

PS: Please rate useful posts.

Thanks
--Vinit

manish chandela · ‎11-21-2015

Hi Vinit,

I already have that configured and the username has the highest level of access.

event manager session cli username "xxxx"

event manager applet PPS
event interface name GigabitEthernet0/0/5 parameter receive_rate_pps entry-op gt entry-val 100 entry-type value poll-interval 10
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "ip prefix-list allow-public-out seq 5 deny 0.0.0.0/0"
action 4.0 cli command "no ip prefix-list allow-public-routes-out seq 10 permit x.x.x.0/24"
action 5.0 cli command "route-map allowed_out permit 10"
action 6.0 cli command "no set community no-export"
action 7.0 cli command "end"

manish chandela · ‎11-23-2015

Anyone?

Moh Mogh · ‎11-28-2015

Hi,

002297: Nov 21 22:28:44.975 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : IN :ASR1002-INET>enable
002298: Nov 21 22:28:44.976 CST: cli_history_entry_add: free_hist_list size=0, hist_list size=7
002299: Nov 21 22:28:44.976 CST: eem_no_scan flag set, skipping scan of command_string=connect enable
002300: Nov 21 22:28:44.987 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT : Translating "enable"
002301: Nov 21 22:28:44.987 CST: %HA_EM-6-LOG: PPS : DEBUG(cli_lib) : : OUT :

This output means that the cli user defined doesn't have the privillage for "enable" command. Or maybe you have a view configured which is affecting the defined user.

Regards,
Mohammad Moghaddas