TCL or EEM Script needed

Unanswered Question
Dec 22nd, 2009

Guys, I am not familiar with TCL or EEM yet, but i need a script that will shut down port 7/43 on my 4507.

Basically i have an application that can log in via SSH to my core, and only execute one command from enable mode.

I need that command to shut down the port 7/43

can you help?

thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marcin Zgola Tue, 12/22/2009 - 11:40

I am running 12.2(53)SG1 on my 4507. It support EEM and tcl.

let me know if you need anything more.

Joe Clarke Tue, 12/22/2009 - 11:55

You could use this simple tclsh script:

ios_config "interface 7/43" "shut" "end"

Call this script whatever you want (e.g. shut_int.tcl).  Then execute with:

tclsh flash:/shut_int.tcl
Marcin Zgola Tue, 12/22/2009 - 11:58

how do i do that?? sorry i am totally new to that.

4507#tclsh ???? then what?

thank you

Joe Clarke Tue, 12/22/2009 - 12:02

As I said, you take the contents of the script (the one ios_config line), and stick that line in a file.  That file can be called whatever you want (I chose "shut_int.tcl").  You then copy that file to the switch's flash.  You then execute it with the tclsh line I provided:

Switch#tclsh flash:/shut_int.tcl

That will shutdown the interface desired.

Marcin Zgola Tue, 12/22/2009 - 12:20

Ok here is what i have

i created a file with

ios_config "interface g7/43" "shut" "end"

then i copied to bootflash

after

tclsh bootflash:/portshut.tcl

nothing happens, i even tried

ios_config "config t" "interface g7/43" "shut" "end"

Joe Clarke Tue, 12/22/2009 - 12:26

You must use the line I provided.  Your line will not work.  You must also make sure you are enabled at privilege level 15.  Beyond that, you should see nothing displayed when the script runs.  It should just shutdown interface gi7/43.  That is, if you now do a show run, you should see the "shutdown" command under interface GigabitEthernet7/43.

Marcin Zgola Tue, 12/22/2009 - 12:48

i do have that, and nothing

the only difference is on your script "interface 7/43" where on mine is g7/43

is it possible to debug this script to make sure everything works properly?

Joe Clarke Tue, 12/22/2009 - 12:50

Yes, you'd need gi7/43 to make it work.  No, tclsh scripts cannot be debugged.  Try using an EEM applet instead:

event manager applet shutport

event none

action 1.0 cli command "enable"

action 2.0 cli command "config t"

action 3.0 cli command "int gi7/43"

action 4.0 cli command "shut"

action 5.0 cli command "end"

Then run it with:

Switch#event manager run shutport
Marcin Zgola Tue, 12/22/2009 - 13:06

this is wierd i just tested on the router i have and it works

stupid 4507 wont take both scripts

maybe IOS bug????

Joe Clarke Tue, 12/22/2009 - 13:14

Do you have command authorization enabled on the switch?  If you enable "debug event manager action cli" on the switch, and re-run the policy, what output do you get?

Marcin Zgola Tue, 12/22/2009 - 13:21

this is a problem for event manager i think

i am running tacacs and we do not use enable passwords.

but your tcl script works on my router but not on the 4507.

i got enough of information to troubleshot the problem.

thank you so much for your help.

let me spend some time to see what i can do , and i will write back if i need any more help.

thanks again

Joe Clarke Tue, 12/22/2009 - 13:24

No, EEM requires NO passwords.  If you are using AAA command authorization though, you will need to configure the following:

event manager session cli username USER

Where USER is a username authorized to run the CLI commands in the EEM policy (e.g. your username).

Actions

This Discussion