cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1139
Views
10
Helpful
7
Replies

EEM to bring down an interface

ambi
Level 1
Level 1

Does anyone has an EEM script which can bring down the interface when it sees a ospf neighbor failure

thanks

Ambi

7 Replies 7

Joe Clarke
Cisco Employee
Cisco Employee

A simple applet should do the trick:

event manager applet ospf-watch

event syslog pattern "OSPF-5-ADJCHG.* to DOWN"

action 1.0 cli command "enable"

action 2.0 cli command "config t"

action 3.0 cli command "interface gi0/1"

action 4.0 cli command "shut"

action 5.0 cli command "end"

Thanks  Joe .. that worked perfectly fine

However can we do an or operation on the event .. meaning bring down the interface if the ospf is down or goes to Init ??

Ambi

You can adjust the regexp to match other OSPF states:

event syslog pattern "OSPF-5-ADJCHG.* to (INIT|DOWN)"

Can we have 2 event manager applet like below ... it doesnt seem to work though for me

event manager applet ospf-watch-down
event syslog pattern "OSPF-5-ADJCHG.* to (INIT|FULL)"
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "interface fa 1/15"
action 4.0 cli command "shut"
action 5.0 cli command "end"

event manager applet ospf-watch-up
event syslog pattern "OSPF-5-ADJCHG.* to UP"
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "interface fa 1/15"
action 4.0 cli command "no shut"
action 5.0 cli command "end"

Also getting folowing error with just the first applet in the configuration

*Mar  1 00:23:31.347: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.2 on Vlan200 from FULL to INIT, 1-Way.!
*Mar  1 00:23:31.375: %HA_EM-3-FMPD_CLI_CONNECT: Unable to establish CLI session: no tty lines available, minimum of 2 required by EEM
*Mar  1 00:23:31.375: %HA_EM-3-FMPD_ERROR: Error executing applet ospf-watch-down statement

Ambi

Your second policy would have to check for a state transition to FULL:

event manager applet ospf-watch-up
  event syslog pattern "OSPF-5-ADJCHG.* to FULL"

As for the error you're seeing, this is due to you being out of free VTY lines.  EEM requires at least two free lines to run CLI commands.

Thanks for correcting but for some reason EEM doesnt seem to be working

SW1#sh event manager policy registered
No.  Class   Type    Event Type          Trap  Time Registered           Name
1    applet  user    syslog              Off   Fri Mar 1 00:50:56 2002   ospf-watch
pattern {OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.2 on Vlan200 from FULL to INIT, 1-Way}
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "interface FastEthernet1/15"
action 4.0 cli command "shut"
action 5.0 cli command "end"

SW1#

SW1#
SW1#
*Mar  1 00:55:42.575: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.2 on Vlan200 from FULL to INIT, 1-Way
SW1#
SW1#sh use
SW1#sh users
    Line       User       Host(s)              Idle       Location
*  0 con 0                idle                 00:00:00
  98 vty 0                idle                 00:00:14 EEM:ospf-watch

  Interface    User               Mode         Idle     Peer Address

SW1#

Lines ae free but the syslog message didnt trigger the interface shutdown :-(

Ambi

If you are using AAA command authorization, make sure you configure the following:

event manager session cli username USER

Where USER is a user authorized to run all of the CLI commands in your EEM policies.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: