TCL or EEM Script needed

Unanswered Question
Dec 22nd, 2009
User Badges:

Guys, I am not familiar with TCL or EEM yet, but i need a script that will shut down port 7/43 on my 4507.


Basically i have an application that can log in via SSH to my core, and only execute one command from enable mode.


I need that command to shut down the port 7/43


can you help?


thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Tue, 12/22/2009 - 11:38
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

What version of code is this switch running?

Marcin Zgola Tue, 12/22/2009 - 11:40
User Badges:

I am running 12.2(53)SG1 on my 4507. It support EEM and tcl.


let me know if you need anything more.

Joe Clarke Tue, 12/22/2009 - 11:55
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

You could use this simple tclsh script:


ios_config "interface 7/43" "shut" "end"


Call this script whatever you want (e.g. shut_int.tcl).  Then execute with:


tclsh flash:/shut_int.tcl
Marcin Zgola Tue, 12/22/2009 - 11:58
User Badges:

how do i do that?? sorry i am totally new to that.


4507#tclsh ???? then what?


thank you

Joe Clarke Tue, 12/22/2009 - 12:02
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

As I said, you take the contents of the script (the one ios_config line), and stick that line in a file.  That file can be called whatever you want (I chose "shut_int.tcl").  You then copy that file to the switch's flash.  You then execute it with the tclsh line I provided:


Switch#tclsh flash:/shut_int.tcl


That will shutdown the interface desired.

Marcin Zgola Tue, 12/22/2009 - 12:20
User Badges:

Ok here is what i have


i created a file with


ios_config "interface g7/43" "shut" "end"


then i copied to bootflash


after


tclsh bootflash:/portshut.tcl


nothing happens, i even tried


ios_config "config t" "interface g7/43" "shut" "end"

Joe Clarke Tue, 12/22/2009 - 12:26
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

You must use the line I provided.  Your line will not work.  You must also make sure you are enabled at privilege level 15.  Beyond that, you should see nothing displayed when the script runs.  It should just shutdown interface gi7/43.  That is, if you now do a show run, you should see the "shutdown" command under interface GigabitEthernet7/43.

Marcin Zgola Tue, 12/22/2009 - 12:48
User Badges:

i do have that, and nothing


the only difference is on your script "interface 7/43" where on mine is g7/43


is it possible to debug this script to make sure everything works properly?

Joe Clarke Tue, 12/22/2009 - 12:50
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Yes, you'd need gi7/43 to make it work.  No, tclsh scripts cannot be debugged.  Try using an EEM applet instead:


event manager applet shutport

event none

action 1.0 cli command "enable"

action 2.0 cli command "config t"

action 3.0 cli command "int gi7/43"

action 4.0 cli command "shut"

action 5.0 cli command "end"


Then run it with:


Switch#event manager run shutport
Marcin Zgola Tue, 12/22/2009 - 13:06
User Badges:

this is wierd i just tested on the router i have and it works


stupid 4507 wont take both scripts


maybe IOS bug????

Joe Clarke Tue, 12/22/2009 - 13:14
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Do you have command authorization enabled on the switch?  If you enable "debug event manager action cli" on the switch, and re-run the policy, what output do you get?

Marcin Zgola Tue, 12/22/2009 - 13:21
User Badges:

this is a problem for event manager i think

i am running tacacs and we do not use enable passwords.


but your tcl script works on my router but not on the 4507.


i got enough of information to troubleshot the problem.


thank you so much for your help.


let me spend some time to see what i can do , and i will write back if i need any more help.


thanks again

Joe Clarke Tue, 12/22/2009 - 13:24
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

No, EEM requires NO passwords.  If you are using AAA command authorization though, you will need to configure the following:


event manager session cli username USER


Where USER is a username authorized to run the CLI commands in the EEM policy (e.g. your username).

Actions

This Discussion