06-09-2010 05:47 PM
[Question origionally in "Network Infrastructure"->"WAN, Routing, Switch" forum. Asked to post it in here.]
Hi !
I been running a test script to verfiy EEM on our Cisco 6506 core switches. While the desired results are obtained on our Test 6506 device. Exactly similar config fails to produce desired results on the Production one. The config is as follows:
rtr 10
type echo protocol ipIcmpEcho 7.7.7.7
timeout 1000
frequency 3
request-data-size 32
rtr schedule 10 life forever start-time now
!
event manager applet EEM_Test2_DOWN
event snmp oid 1.3.6.1.4.1.9.9.42.1.2.9.1.6.10 get-type exact entry-op eq entry-val 1 exit-op eq exit-val 2 poll-interval 3
action 1.1 cli command "enable"
action 1.2 cli command "show ip int bri | inc 7.7.7.7"
action 1.3 syslog msg "EEM Test CLI Results: show ip int bri - $_cli_result"
action 1.4 cli command "configure terminal"
action 1.5 cli command "no ip route 6.6.6.0 255.255.255.0 5.5.5.5"
action 1.6 syslog msg "EEM Test CLI Results: no ip route - $_cli_result"
!
event manager applet EEM_Test2_UP
event snmp oid 1.3.6.1.4.1.9.9.42.1.2.9.1.6.10 get-type exact entry-op eq entry-val 2 exit-op eq exit-val 1 poll-interval 3
action 1.1 cli command "enable"
action 1.2 cli command "show ip int bri | inc 7.7.7.7"
action 1.3 syslog msg "EEM Test CLI Results: show ip int bri - $_cli_result"
action 1.4 cli command "configure terminal"
action 1.5 cli command "ip route 6.6.6.0 255.255.255.0 5.5.5.5"
action 1.6 syslog msg "EEM Test CLI Results: ip route - $_cli_result"
!
The IOS running on the two 6506 is:
Test_6506: Version 12.2(18)SXF11, RELEASE SOFTWARE (fc1)
Prod_6506: Version 12.2(18)SXF15, RELEASE SOFTWARE (fc1)
Test 6506 Results:
===============
Test#show logging | inc EEM_Test2_
Jun 9 13:28:59.897: %HA_EM-6-LOG: EEM_Test2_DOWN: EEM Test CLI Results: show ip int bri - Loopback7 7.7.7.7 YES manual administratively down down
Jun 9 13:28:59.921: %HA_EM-6-LOG: EEM_Test2_DOWN: EEM Test CLI Results: no ip route - %No matching route to delete
Test#show ip route | inc 6.6.6.0
Test#show ip int bri | inc 7.7.7.7
Loopback7 7.7.7.7 YES manual administratively down down
After bringing interface Loopbackup7 UP:
Test#show logging | inc EEM_Test2_
Jun 9 13:30:52.843: %HA_EM-6-LOG: EEM_Test2_UP: EEM Test CLI Results: show ip int bri - Loopback7 7.7.7.7 YES manual up up
Jun 9 13:30:52.867: %HA_EM-6-LOG: EEM_Test2_UP: EEM Test CLI Results: ip route -
Test#show ip route | inc 6.6.6.0
S 6.6.6.0 [1/0] via 5.5.5.5
Test#show ip int bri | inc 7.7.7.7
Loopback7 7.7.7.7 YES manual up up
Prod 6506 Results:
==============
PROD#show logging | inc EEM_Test2_
Jun 9 13:55:00.208: %HA_EM-6-LOG: EEM_Test2_DOWN: EEM Test CLI Results: show ip int bri - PROD#
Jun 9 13:55:00.432: %HA_EM-6-LOG: EEM_Test2_DOWN: EEM Test CLI Results: no ip route - ^
PROD#show ip route | inc 6.6.6.0
PROD#show ip int bri | inc 7.7.7.7
Loopback7 7.7.7.7 YES manual administratively down down
After bringing interface Loopbackup7 UP:
PROD#show logging | inc EEM_Test2_
Jun 9 13:57:24.704: %HA_EM-6-LOG: EEM_Test2_UP: EEM Test CLI Results: show ip int bri - PROD#
Jun 9 13:57:24.928: %HA_EM-6-LOG: EEM_Test2_UP: EEM Test CLI Results: ip route - ^
PROD#show ip route | inc 6.6.6.0
PROD#show ip int bri | inc 7.7.7.7
Loopback7 7.7.7.7 YES manual up up
Why don't the "action" statements get executed in the Production 6506. Is this because of version difference i.e. SXF15 on PROD but SXF11 on TEST. There is a "^" sign right below the name of the router in the logs. Does this indicates some error?
Thanks
Regards, Rashid.
Solved! Go to Solution.
06-09-2010 05:55 PM
Without seeing the full config, my guess is that the production switch has AAA command authorization configured, and you need to add:
event manager session cli username USER
Where USER is a username who is authorized to run all of the CLI commands in your EEM policies.
06-09-2010 05:55 PM
Without seeing the full config, my guess is that the production switch has AAA command authorization configured, and you need to add:
event manager session cli username USER
Where USER is a username who is authorized to run all of the CLI commands in your EEM policies.
06-10-2010 07:25 PM
Thanks Joe ! That does the trick. Test system just had Enable password while Prod one authentication is through TACACS.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide