kron cli problem

Answered Question
Aug 17th, 2010
User Badges:

Hi All,

Im trying tu use kron funcionality, but I got problem.

My config (just testing one):


kron policy-list test
cli configure terminal
cli interface Loopback 50
cli exit


kron occurrence test in 1 oneshot
policy-list test


and I get this result from debugging, command "conf t" works, but "interface loopback 50" doesnt,

it gives Kron CLI return 2

Dont somebody know, what do I do wrong?


Thanks a lot.


*Aug 17 16:57:47.423: Major 1, Minor 0
*Aug 17 16:57:47.423: Timer Event test
*Aug 17 16:57:47.423: Call parse_cmd 'configure terminal'
*Aug 17 16:57:47.423: Kron CLI return 0
'
**CLI 'configure terminal':
Enter configuration commands, one per line.  End with CNTL/Z.'
*Aug 17 16:57:47.423: Major 4, Minor 7
*Aug 17 16:57:47.423: Respond to end of CLI Process
*Aug 17 16:57:47.427: Call parse_cmd 'interface Loopback 50'
*Aug 17 16:57:47.427: Kron CLI return 2
''
*Aug 17 16:57:47.431: Major 4, Minor 7
*Aug 17 16:57:47.431: Respond to end of CLI Process
*Aug 17 16:57:47.431: Call parse_cmd 'exit'
*Aug 17 16:57:47.431: Kron CLI return 0
'
**CLI 'exit':
1861_Test_VoiceGW_1 con0 is now availablePress RETURN to get started.'
*Aug 17 16:57:47.435: Major 4, Minor 7
*Aug 17 16:57:47.435: Respond to end of CLI Process
*Aug 17 16:57:47.435: Forcing Removing Occur test
*Aug 17 16:57:47.435: Removing Occur test
*Aug 17 16:57:47.435:     Removing Policy Name 'test'
*Aug 17 16:57:47.435: Finished Removing Occurrence test

Correct Answer by Joe Clarke about 6 years 11 months ago

You cannot do config commands in kron.  Kron only works for simple, non-interactive EXEC commands.  You could use the Embedded Event Manager for this:


event manager applet add-loopback

event timer countdown time 1

action 1.0 cli command "enable"

action 2.0 cli command "config t"

action 3.0 cli command "interface loopback50"

action 4.0 cli command "end"

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Joe Clarke Tue, 08/17/2010 - 10:35
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

You cannot do config commands in kron.  Kron only works for simple, non-interactive EXEC commands.  You could use the Embedded Event Manager for this:


event manager applet add-loopback

event timer countdown time 1

action 1.0 cli command "enable"

action 2.0 cli command "config t"

action 3.0 cli command "interface loopback50"

action 4.0 cli command "end"

tprochazka Tue, 08/17/2010 - 10:56
User Badges:

Thanks a lot, but when script gets to "conf t" command, it gives back


cli_close called


cannot there be a problem with some authorization of command?

Can I solve it with tacacs authorization?


Thanks

Joe Clarke Tue, 08/17/2010 - 13:13
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

What version of IOS do you have?  What does your device prompt look like?

tprochazka Tue, 08/17/2010 - 15:36
User Badges:

Hi, it is IOS 15.1(1)T, platform Cisco 1861


device prompt is this:


1861_Test_VoiceGW_1#

Joe Clarke Tue, 08/17/2010 - 23:22
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

If you are using AAA command authorization, add the following config command:


event manager session cli username USER


Where USER is a username authorized to run all of the CLI commands in your EEM policies.

tprochazka Wed, 08/18/2010 - 07:41
User Badges:

Hi, thanks but my tacacs somehow doesnt want to accept authorization requests (it gives invalid tacacs packet...) even if command "event manager session cli username" is there. But it works because of "if-authenticated" rule in aaa policy, which is second rule after tacacs authentication.


To be honest, I dont understand how router can perform these commands, even if it doesnt ask for any authentication (at least no authentication request is visible in ACS log) It probably uses authentication of user who originaly set timer for action... and because of "if-authenticated" rule it executes commands.

Joe Clarke Wed, 08/18/2010 - 09:06
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

EEM doesn't do any authentication.  If authorization is configured, it will use that, but you never need passwords for EEM.  Authentication is assumed since the policy was configured on the device.

Actions

This Discussion

Related Content