Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1313
Views
0
Helpful
4
Replies

EEM Applet Configuration Nexus 5k

Go to solution
Mark_Herbert
Level 1
Level 1

‎10-13-2021 03:19 AM

Morning All,

 

I hoping someone will be able to help with an issue im having with an EEM Applet not triggering, Nexus 5k version 7.3(5)N1(1).
The script will simply reactivate an interface when in error-disabled state.

 


event manager applet Error-Disable-fc2.16
event syslog pattern "Interface fc2/16 is down (Error disabled)"
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "int fc2/16"
action 4.0 cli command "sh"
action 5.0 cli command "no sh"
action 6.0 cli command "end"
action 7.0 syslog priority errors msg "[EEM-Applet] Error-Disabled Recovery fc2/16"
exit

 

The problem is the applet does not trigger and appears to be stopped by some back ground process.

 

debug aaa events:
2021 Oct 13 10:29:47.341218 eem_policy_dir: fu_sdb_publisher_invoke_app_callback:App is not a publisher;Bail-out.
2021 Oct 13 10:29:47.341404 eem_policy_dir: fu_fsm_engine_post_event_processing: mts msg MTS_OPC_EEM_POLICY_ACTION_CONFIG(msg_id 307396592) dropped

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mark_Herbert
Level 1
Level 1
In response to Dawei

‎10-15-2021 01:42 AM

Hi Dawei, Thanks for replying

 

This has been tried previously but doesn't seem to work with fibre-channel interfaces.
Its not clear why these interfaces are being error-disabled, this is being investigated by Cisco TAC and Dell.

 

# sh errdisable recovery
ErrDisable Reason Timer Status
----------------- ------------
link-flap enabled
udld enabled
bpduguard enabled
loopback enabled
psec-violation enabled
failed-port-state enabled
dcbx-error enabled
pause-rate-limit enabled
miscabling enabled

 

# sh errdisable detect
ErrDisable Reason Timer Status
----------------- ------------
link-flap enabled
loopback enabled
miscabling enabled


The script is a temporary solution so the interfaces dont have to be manually recovered.
With regard to the EEM script, we think that AAA is blocking EEM, is it possible to bypass this on a Nexus 5k version 7.3(5)N1(1).

 

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Dawei
Cisco Employee
Cisco Employee

‎10-15-2021 12:19 AM

Why don't you use errordisable recovery?

 

About the Error-Disabled State

 

An interface is in the error-disabled (err-disabled) state when the inteface is enabled administratively (using the no shutdown command) but disabled at runtime by any process. For example, if UDLD detects a unidirectional link, the interface is shut down at runtime. However, because the interface is administratively enabled, the interface status displays as err-disabled. Once an interface goes into the err-disabled state, you must manually reenable it or you can configure an automatic timeout recovery value. The err-disabled detection is enabled by default for all causes. The automatic recovery is not configured by default.

When an interface is in the err-disabled state, use the errdisable detect cause command to find information about the error.

You can configure the automatic err-disabled recovery timeout for a particular err-disabled cause by changing the time variable.

The errdisable recovery cause command provides automatic recovery after 300 seconds. To change the recovery period, use the errdisable recovery interval command to specify the timeout period. You can specify 30 to 65535 seconds.

If you do not enable the err-disabled recovery for the cause, the interface stays in the err-disabled state until you enter the shutdown and no shutdown commands. If the recovery is enabled for a cause, the interface is brought out of the err-disabled state and allowed to retry operation once all the causes have timed out. Use the show interface status err-disabled command to display the reason behind the error.

0 Helpful

Go to solution
Mark_Herbert
Level 1
Level 1
In response to Dawei

‎10-15-2021 01:42 AM

Hi Dawei, Thanks for replying

 

This has been tried previously but doesn't seem to work with fibre-channel interfaces.
Its not clear why these interfaces are being error-disabled, this is being investigated by Cisco TAC and Dell.

 

# sh errdisable recovery
ErrDisable Reason Timer Status
----------------- ------------
link-flap enabled
udld enabled
bpduguard enabled
loopback enabled
psec-violation enabled
failed-port-state enabled
dcbx-error enabled
pause-rate-limit enabled
miscabling enabled

 

# sh errdisable detect
ErrDisable Reason Timer Status
----------------- ------------
link-flap enabled
loopback enabled
miscabling enabled


The script is a temporary solution so the interfaces dont have to be manually recovered.
With regard to the EEM script, we think that AAA is blocking EEM, is it possible to bypass this on a Nexus 5k version 7.3(5)N1(1).

 

0 Helpful

Go to solution
Dawei
Cisco Employee
Cisco Employee
In response to Mark_Herbert

‎10-15-2021 02:07 AM

Hi Mark_Herbert,

 

I tested your script in my lab, it seems that () it was not treated as string, you can try to escape them:


event manager applet Error-Disable-fc2.16
  event syslog pattern "Interface fc2/16 is down \(Error disabled\)" <<<<
  action 1.0 cli command "enable"
  action 2.0 cli command "config t"
  action 3.0 cli command "int fc2/16"
  action 4.0 cli command "sh"
  action 5.0 cli command "no sh"
  action 6.0 cli command "end"
  action 7.0 syslog priority errors msg "[EEM-Applet] Error-Disabled Recovery fc2/16"
exit

0 Helpful

Go to solution
Mark_Herbert
Level 1
Level 1
In response to Dawei

‎10-15-2021 03:09 AM

Hi Dawei,

 

When we enter the line: event syslog pattern "Interface fc2/13 is down (Error disabled)" we get: Configuration accepted successfully. its the same when we escape the () as you suggested.

 

Below is a syslog we receive after applying the script:

 

2021-10-15 10:48:10 Local5.Notice #.#.#.# Oct 15 10:48:10 VM-ISE-02 CISE_RADIUS_Accounting 0016056876 2 0 2021-10-15 10:48:10.279 +01:00 3955943393 3001 NOTICE Radius-Accounting: RADIUS Accounting stop request, ConfigVersionId=5,
Device IP Address= #.#.#.#, RequestLatency=2, NetworkDeviceName=LGI-LSW-03, User-Name=#####, NAS-IP-Address= #.#.#.#, NAS-Port=0, Acct-Status-Type=Stop, Acct-Session-Id=#.#.#.#@pts/0<000>, Acct-Authentic=RADIUS, NAS-Port-Type=Virtual,
cisco-av-pair=accounting:accountinginfo=configure terminal \; event manager applet Err-fc2.13 \; action 7.0 syslog priority errors msg "[EEM-Applet] Error-Disabled Recovery fc2/13" (SUCCESS)<000>,
AcsSessionID=VM-ISE-02/422019672/30651987, SelectedAccessService=Default Network Access, Step=11004, Step=11017, Step=15049, Step=15008, Step=15048, Step=15048, Step=15048, Step=15048, Step=15048, Step=15048, Step=15004, Step=11005, NetworkDeviceGroups=Device Type#All
Device Types#DataCentreKit, NetworkDeviceGroups=Location#All Locations,

 

Cheers

Mark

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents