I have a 2801 running c2801-advipservicesk9-mz.124-24.T2.bin. It has the following configuration:
track 300 list boolean or
event manager applet clear_ipsec_tunnel
event track 300 state down
action 1.0 cli command "enable"
action 2.0 cli command "clear crypto session"
action 3.0 syslog msg "IPSec tunnel has been cleared by clear_ipsec_tunnel applet"
My problem is that after the tracked object number 300 transitions from an up state to a down state, nothing happens. It seems like the applet doesn't work with object tracking. Here's what I see in logs:
Dec 7 21:52:32.236 MCK: %TRACKING-5-STATE: 12 ip sla 12 reachability Up->Down
Dec 7 21:52:37.236 MCK: %TRACKING-5-STATE: 13 ip sla 13 reachability Up->Down
Dec 7 21:52:57.236 MCK: %TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
Dec 7 21:53:07.236 MCK: %TRACKING-5-STATE: 11 ip sla 11 reachability Up->Down
Dec 7 21:53:07.996 MCK: %TRACKING-5-STATE: 300 list boolean or Up->Down
That's it. For some reason, the applet won't execute the CLI commands when the EEM applet is triggered. Am I doing something wrong or I have encountered some bug? Thanks.
Disabling AAA on one line can be done with this:
aaa authentication login noaaa none
aaa authorization exec noaaa none
aaa authorization command 0 noaaa none
aaa authorization commands 1 noaaa none
aaa authorization commands 15 noaaa none
!line vty 0login authentication noaaaauthorization exec noaaaauthorization commands 0 noaaaauthorization commands 1 noaaaauthorization commands 15 noaaatransport input none
Change your event registration line to:
event track 300 state down maxrun 30
It looks like you might have command authorization enabled. Try configuring the following:
event manager session cli username USER
Where USER is a username capable of executing the required CLI commands.