Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
915
Views
2
Helpful
16
Replies

EEM Script on Uplink Port

Joy3
Level 1
Level 1

‎02-22-2024 02:31 AM

Hallo,

Running the EEM script below, to overwrite the VLANs on the uplink port does not work remotely. Is the any error that someone can point to? Thanks

event manager applet VLAN_ALLOWED authorization bypass

event none

 action 3.0 cli command "enable"

 action 4.0 cli command "conf t"

 action 5.0 cli command "interface  gi1/1/1"

 action 6.0 cli command "switchport trunk allowed vlan 200-203"

 action 6.1 cli command "exit"

debug event manager action cli

event manager run VLAN_ALLOWED

 

This is the uplink's current config:

interface GigabitEthernet1/1/1
description UPLINK
switchport trunk allowed vlan 110,120,130,140-143,200-203
switchport mode trunk
snmp trap mac-notification change added
service-policy output WAN-EDGE
ip dhcp snooping trust

 

Labels:
16 Replies 16

MHM Cisco World
VIP
VIP
In response to Joy3

‎02-27-2024 10:57 AM

Of this SW is l2 then it send traffic to edge router for intervlan and to access it.

And as @balaji.bandi we  need topolgy need config otherwise we will continue to assumption.

Thanks 

MHM

0 Helpful

Joy3
Level 1
Level 1

‎02-28-2024 07:37 AM

@balaji.bandi and @MHM Cisco World Here is the running config:


version 16.3
no service pad
service timestamps debug datetime msec localtime show-timezone year
service timestamps log datetime msec localtime show-timezone year
service password-encryption
service unsupported-transceiver
no platform punt-keepalive disable-kernel-core
!
hostname SW1
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
logging buffered 50000
enable secret 5 xxx
!
aaa new-model
!
!
!
aaa session-id common
clock timezone CET 1 0
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
switch 1 provision ws-c3850-48p
!
!
!
!
ip routing
!
ip vrf AAA
rd 804:804
route-target export 804:804
route-target import 804:804
!
ip vrf BBB
rd 100:100
route-target export 100:100
route-target import 100:100
!
ip vrf CCC
rd 805:805
route-target export 805:805
route-target import 805:805
!
!
!
no ip domain lookup
!
!
!
ip dhcp snooping vlan 100,251,300
no ip dhcp snooping information option
ip dhcp snooping
login on-failure log
login on-success log
!
!
!
!
!
!
!
vtp mode transparent
udld aggressive

authentication mac-move permit
!
flow record NETFLOW-IN
match flow direction
match interface input
match ipv4 destination address
match ipv4 protocol
match ipv4 source address
match ipv4 tos
match transport destination-port
match transport source-port
collect counter bytes long
collect counter packets long
collect interface output
!
!
flow record NETFLOW-OUT
match flow direction
match interface output
match ipv4 destination address
match ipv4 protocol
match ipv4 source address
match ipv4 tos
match transport destination-port
match transport source-port
collect counter bytes long
collect counter packets long
collect interface input
!
!
!
!
table-map AutoQos-4.0-Trust-Dscp-Table
default copy
!
!
!
!
dot1x system-auth-control
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause security-violation
errdisable recovery cause channel-misconfig
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause sfp-config-mismatch
errdisable recovery cause gbic-invalid
errdisable recovery cause l2ptguard
errdisable recovery cause psecure-violation
errdisable recovery cause port-mode-failure
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause pppoe-ia-rate-limit
errdisable recovery cause mac-limit
errdisable recovery cause vmps
errdisable recovery cause storm-control
errdisable recovery cause inline-power
errdisable recovery cause arp-inspection
errdisable recovery cause link-monitor-failure
errdisable recovery cause oam-remote-failure
errdisable recovery cause loopback
errdisable recovery cause psp
errdisable recovery interval 360
license boot level ipservicesk9
diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree logging
spanning-tree extend system-id
spanning-tree pathcost method long
spanning-tree vlan 1-4094 priority 4096
archive
log config
logging enable
notify syslog contenttype plaintext
hidekeys
!
!
!
redundancy
mode sso
!
!
vlan configuration 899
ip flow monitor NETFLOW-MONITOR-IN input
ip flow monitor NETFLOW-MONITOR-OUT output
!
vlan 100
name INTRANET
!
vlan 251
name VOICE
!
vlan 300
name WLAN
!
vlan 804
name GLT
!
vlan 805
name MGMT
!
vlan 806
name AP-MGMT
!
vlan 897
name TRANSFER-GLT
!
vlan 898
name TRANSFER-MGMT
!
vlan 899
name TRANSFER-INTRANET
lldp run
!
!
!
interface Port-channel11
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
negotiation auto
!
interface range GigabitEthernet1/0/1-48
description XXX
switchport access vlan 100
switchport mode access
switchport voice vlan 251

interface GigabitEthernet1/1/1
description UPLINK-MPLS
switchport trunk allowed vlan 100,251,300,804-806,897-899
switchport mode trunk
snmp trap mac-notification change added
service-policy output WAN-EDGE-4-CLASS
ip dhcp snooping trust
!
!
interface Vlan1
no ip address
shutdown
!
interface Vlan100
ip vrf forwarding xxx
ip address xxx
ip helper-address xxx
ip helper-address xxx
no ip redirects
no ip proxy-arp
!
interface Vlan251
ip vrf forwarding xxx
ip address xxx
ip helper-address xxx
no ip redirects
no ip proxy-arp
!
interface Vlan300
ip vrf forwarding xxx
ip address xxx
ip helper-address xxx
ip helper-address xxx
no ip redirects
no ip proxy-arp
!
interface Vlan804
ip vrf forwarding xxx
ip address xxx
no ip redirects
no ip proxy-arp
!
interface Vlan805
ip vrf forwarding xxx
ip address xxx
ip helper-address xxx
no ip redirects
no ip proxy-arp
!
interface Vlan806
ip vrf forwarding xxx
ip address xxx
ip helper-address xxx
no ip redirects
no ip proxy-arp
!
interface Vlan897
ip vrf forwarding xxx
ip address xxx
no ip redirects
no ip proxy-arp
!
interface Vlan898
ip vrf forwarding xxx
ip address xxx
no ip redirects
no ip proxy-arp
!
interface Vlan899
ip vrf forwarding xxx
ip address xxx
no ip redirects
no ip proxy-arp
!
!
ip ftp source-interface Vlan805
ip ftp username ULM-FTP
ip ftp password 7 xxx
ip route vrf xxx 0.0.0.0 0.0.0.0 XXXX name DEFAULT-ROUTE-GLT-NETZ
ip route vrf xxx0.0.0.0 0.0.0.0 XXXX name DEFAULT-ROUTE-INTRANET
ip route vrf xxx 172.25.0.0 255.255.0.0 XXXX name MGMT-NETZ-TELENET
ip route vrf xxx 172.30.0.0 255.255.0.0 XXXX name MGMT-NETZ-ZNP
ip tacacs source-interface Vlan805
ip ssh source-interface Vlan805
ip ssh version 2

!
!
!
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 25 access-request include
radius-server dead-criteria time 10 tries 3
radius-server deadtime 15
!
!
!
control-plane
service-policy input system-cpp-policy
!
!
!
line con 0
login authentication CONSOLE
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login authentication VTY
transport input ssh
line vty 5 15
access-class SSH-MGMT in vrf-also
exec-timeout 30 0
login authentication VTY
transport input ssh
!
ntp source Vlan805
ntp server vrf xxx
!
mac address-table notification change
mac address-table notification mac-move
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
event manager applet VLAN_ALLOWED authorization bypass
event none
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "interface gi1/1/1"
action 4.0 cli command "switchport trunk allowed vlan 897-899"
action 5.0 cli command "exit"
!

end

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card