Solved: kron cli problem

tprochazka · ‎08-17-2010

Hi All,

Im trying tu use kron funcionality, but I got problem.

My config (just testing one):

kron policy-list test
cli configure terminal
cli interface Loopback 50
cli exit

kron occurrence test in 1 oneshot
policy-list test

and I get this result from debugging, command "conf t" works, but "interface loopback 50" doesnt,

it gives Kron CLI return 2

Dont somebody know, what do I do wrong?

Thanks a lot.

*Aug 17 16:57:47.423: Major 1, Minor 0
*Aug 17 16:57:47.423: Timer Event test
*Aug 17 16:57:47.423: Call parse_cmd 'configure terminal'
*Aug 17 16:57:47.423: Kron CLI return 0
'
**CLI 'configure terminal':
Enter configuration commands, one per line. End with CNTL/Z.'
*Aug 17 16:57:47.423: Major 4, Minor 7
*Aug 17 16:57:47.423: Respond to end of CLI Process
*Aug 17 16:57:47.427: Call parse_cmd 'interface Loopback 50'
*Aug 17 16:57:47.427: Kron CLI return 2
''
*Aug 17 16:57:47.431: Major 4, Minor 7
*Aug 17 16:57:47.431: Respond to end of CLI Process
*Aug 17 16:57:47.431: Call parse_cmd 'exit'
*Aug 17 16:57:47.431: Kron CLI return 0
'
**CLI 'exit':
1861_Test_VoiceGW_1 con0 is now availablePress RETURN to get started.'
*Aug 17 16:57:47.435: Major 4, Minor 7
*Aug 17 16:57:47.435: Respond to end of CLI Process
*Aug 17 16:57:47.435: Forcing Removing Occur test
*Aug 17 16:57:47.435: Removing Occur test
*Aug 17 16:57:47.435: Removing Policy Name 'test'
*Aug 17 16:57:47.435: Finished Removing Occurrence test

Joe Clarke · ‎08-17-2010

You cannot do config commands in kron. Kron only works for simple, non-interactive EXEC commands. You could use the Embedded Event Manager for this:

event manager applet add-loopback

event timer countdown time 1

action 1.0 cli command "enable"

action 2.0 cli command "config t"

action 3.0 cli command "interface loopback50"

action 4.0 cli command "end"

View solution in original post

Joe Clarke · ‎08-17-2010

You cannot do config commands in kron. Kron only works for simple, non-interactive EXEC commands. You could use the Embedded Event Manager for this:

event manager applet add-loopback

event timer countdown time 1

action 1.0 cli command "enable"

action 2.0 cli command "config t"

action 3.0 cli command "interface loopback50"

action 4.0 cli command "end"

tprochazka · ‎08-17-2010

Thanks a lot, but when script gets to "conf t" command, it gives back

cli_close called

cannot there be a problem with some authorization of command?

Can I solve it with tacacs authorization?

Thanks

Joe Clarke · ‎08-17-2010

What version of IOS do you have? What does your device prompt look like?

tprochazka · ‎08-17-2010

Hi, it is IOS 15.1(1)T, platform Cisco 1861

device prompt is this:

1861_Test_VoiceGW_1#

Joe Clarke · ‎08-17-2010

If you are using AAA command authorization, add the following config command:

event manager session cli username USER

Where USER is a username authorized to run all of the CLI commands in your EEM policies.

tprochazka · ‎08-18-2010

Hi, thanks but my tacacs somehow doesnt want to accept authorization requests (it gives invalid tacacs packet...) even if command "event manager session cli username" is there. But it works because of "if-authenticated" rule in aaa policy, which is second rule after tacacs authentication.

To be honest, I dont understand how router can perform these commands, even if it doesnt ask for any authentication (at least no authentication request is visible in ACS log) It probably uses authentication of user who originaly set timer for action... and because of "if-authenticated" rule it executes commands.

Joe Clarke · ‎08-18-2010

EEM doesn't do any authentication. If authorization is configured, it will use that, but you never need passwords for EEM. Authentication is assumed since the policy was configured on the device.