- Cisco Community
- Technology and Support
- Networking
- Network Management
- EEM % Authorization failed.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
EEM % Authorization failed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2014 01:46 AM
GOOD DAY
I made a eem with a IPSLA however when I force the execution of the same it gives me the message that it can not do configuration due to authorization failure, anyone have any idea what can I do? already tried to put login with eem however it does not accept any command on the router with the script eem
RT#ping 10.200.0.1 source tunn 6000 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.200.0.1, timeout is 2 seconds: Packet sent with a source address of 10.200.0.63 !!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 676/709/824 ms
ip sla 11
icmp-echo 10.200.0.1 source-interface Tunnel6000
ip sla schedule 11 life forever start-time now
track 1 ip sla 11 reachability
delay down 8 up 10
event manager applet PING_FAILED
event track 1 state down
action 1.0 cli command "login"
action 2.0 cli command "tparrilha"
action 3.0 cli command "password"
action 4.0 cli command "enable"
action 5.0 cli command "configure terminal"
action 6.0 cli command "int tunn 6000"
action 7.0 cli command "shut"
action 8.0 cli command "no shut"
action 9.0 cli command "end"
!
end
RT#debug event manager all
All possible Embedded Event Manager debugging has been turned on
RT#ping 10.200.0.1 source tunn 6000
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.200.0.1, timeout is 2 seconds:
Packet sent with a source address of 10.200.0.75
!!!!!
RT-MAPUNDA-HLA#conf t
Enter configuration commands, one per line. End with CNTL/Z.
RT-MAPUNDA-HLA(config)#int tunn 6000
RT-MAPUNDA-HLA(config-if)#shut
RT-MAPUNDA-HLA(config-if)#do termi moni
RT-MAPUNDA-HLA(config-if)#
.Jan 15 09:44:11.340: cli_history_entry_add: free_hist_list size=0, hist_list size=7
.Jan 15 09:44:11.340: check_eem_cli_policy_handler: command_string=do termi moni
.Jan 15 09:44:11.340: check_eem_cli_policy_handler: num_matches = 0, response_code = 1
.Jan 15 09:44:11.564: cli_history_entry_add: free_hist_list size=0, hist_list size=7
.Jan 15 09:44:11.564: check_eem_cli_policy_handler: command_string=terminal monitor
.Jan 15 09:44:11.564: check_eem_cli_policy_handler: num_matches = 0, response_code = 1
RT-MAPUNDA-HLA(config-if)#
.Jan 15 09:44:29: %TRACKING-5-STATE: 1 ip sla 11 reachability Up->Down
.Jan 15 09:44:29.680: fh_track_object_changed: Track notification 1 state down
.Jan 15 09:44:29.680: fh_fd_track_event_match: track ED pubinfo enqueue rc = 0
.Jan 15 09:44:29.680: fh_fd_syslog_event_match: num_matches = 0
.Jan 15 09:44:29.680: fh_fd_data_syslog: num_matches = 0
.Jan 15 09:44:29.680: fh_send_server_sig_hndlr: received a pulse from track on node0/0 with fdid: 6
.Jan 15 09:44:29.680: fh_send_track_fd_msg: msg_type=64
.Jan 15 09:44:29.680: fh_send_track_fd_msg: sval=0
.Jan 15 09:44:29.680: fh_send_server_sig_hndlr: received FH_MSG_EVENT_PUBLISH
.Jan 15 09:44:29.680: EEM: server processes multi events: timewin=1, sync_flag=0, ec_index=0, cmp_occ=1
.Jan 15 09:44:29.680: EEM: ctx=9:(9,1,1)
.Jan 15 09:44:29.680: EEM: server processes multi events: corr_res=1, cur_tcnt=1, cmp_tcnt=1
.Jan 15 09:44:29.680: fh_schedule_callback: fh_schedule_callback: cc=30AA5EC8 prev_epc=0; epc=300341D8
.Jan 15 09:44:29.680: EEM server schedules callbacks: policy_type: 2
.Jan 15 09:44:29.680: EEM server schedules one event: policy_type=applet epc=300341D8.
.Jan 15 09:44:29.680: fh_schedule_a_callback: EEM callback policy PING_FAILED has been scheduled to run. fdid: 6 sn: 10 jobid: 11
.Jan 15 09:44:29.680: fh_io_msg: received FH_MSG_API_INIT; jobid=24, processid=275, client=14, job name=EEM Callback Thread
.Jan 15 09:44:29.680: fh_server: fh_io_msg: received msg FH_MSG_EVENT_REQINFO_MULTI from client 14 pclient 2
.Jan 15 09:44:29.680: Registering tag: <fh_var> id: 1
.Jan 15 09:44:29.680: Pushing tag <fh_publish_event_spec> on to stack
.Jan 15 09:44:29.680: open tag is <fh_publish_event_spec>
.Jan 15 09:44:29.680: Pushing tag <fh_publish_common> on to stack
.Jan 15 09:44:29.680: open tag is <fh_publish_common>
.Jan 15 09:44:29.680: Pushing tag <fh_event_type> on to stack
.Jan 15 09:44:29.680: open tag is <fh_event_type>
.Jan 15 09:44:29.680: Name-Value Pair: Name=(pdir) Value=(_event_type)
.Jan 15 09:44:29.680: Name-Value Pair: Name=(tcl) Value=(event_type)
.Jan 15 09:44:29.680: Pushing tag <fh_var> on to stack
.Jan 15 09:44:29.680: open tag is <fh_var>
.Jan 15 09:44:29.680: Popping tag <fh_var> off stack
.Jan 15 09:44:29.680: close tag is </fh_var>
.Jan 15 09:44:29.680: Popping tag <fh_event_type> off stack
.Jan 15 09:44:29.680: close tag is </fh_event_type>
.Jan 15 09:44:29.680: Pushing tag <fh_event_spec_id> on to stack
.Jan 15 09:44:29.680: open tag is <fh_event_spec_id>
.Jan 15 09:44:29.680: Popping tag <fh_event_spec_id> off stack
.Jan 15 09:44:29.680: close tag is </fh_event_spec_id>
.Jan 15 09:44:29.680: Pushing tag <fh_event_name> on to stack
.Jan 15 09:44:29.680: open tag is <fh_event_name>
.Jan 15 09:44:29.680: Name-Value Pair: Name=(pdir) Value=(_event_type_string)
.Jan 15 09:44:29.680: Name-Value Pair: Name=(tcl) Value=(event_type_string)
.Jan 15 09:44:29.680: Pushing tag <fh_var> on to stack
.Jan 15 09:44:29.680: open tag is <fh_var>
.Jan 15 09:44:29.680: Popping tag <fh_var> off stack
.Jan 15 09:44:29.680: close tag is </fh_var>
.Jan 15 09:44:29.680: Popping tag <fh_event_name> off stack
.Jan 15 09:44:29.680: close tag is </fh_event_name>
.Jan 15 09:44:29.680: Pushing tag <fh_event_severity> on to stack
.Jan 15 09:44:29.680: open tag is <fh_event_severity>
.Jan 15 09:44:29.680: Name-Value Pair: Name=(pdir) Value=(_event_severity)
.Jan 15 09:44:29.680: Name-Value Pair: Name=(tcl) Value=(event_severity)
.Jan 15 09:44:29.680: Pushing tag <fh_var> on to stack
.Jan 15 09:44:29.680: open tag is <fh_var>
.Jan 15 09:44:29.680: Popping tag <fh_var> off stack
.Jan 15 09:44:29.680: close tag is </fh_var>
.Jan 15 09:44:29.680: Popping tag <fh_event_severity> off stack
.Jan 15 09:44:29.680: close tag is </fh_event_severity>
.Jan 15 09:44:29.680: Pushing tag <fh_event_sn> on to stack
.Jan 15 09:44:29.680: open tag is <fh_event_sn>
.Jan 15 09:44:29.680: Popping tag <fh_event_sn> off stack
.Jan 15 09:44:29.680: close tag is </fh_event_sn>
.Jan 15 09:44:29.680: Popping tag <fh_publish_common> off stack
.Jan 15 09:44:29.680: close tag is </fh_publish_common>
.Jan 15 09:44:29.680: Pushing tag <fh_fd_publish_track_spec> on to stack
.Jan 15 09:44:29.680: open tag is <fh_fd_publish_track_spec>
.Jan 15 09:44:29.680: Pushing tag <fh_fd_event_tr_number> on to stack
.Jan 15 09:44:29.680: open tag is <fh_fd_event_tr_number>
.Jan 15 09:44:29.680: Name-Value Pair: Name=(pdir) Value=(_track_number)
.Jan 15 09:44:29.680: Name-Value Pair: Name=(tcl) Value=(track_number)
.Jan 15 09:44:29.680: Pushing tag <fh_var> on to stack
.Jan 15 09:44:29.680: open tag is <fh_var>
.Jan 15 09:44:29.680: Popping tag <fh_var> off stack
.Jan 15 09:44:29.680: close tag is </fh_var>
.Jan 15 09:44:29.680: Popping tag <fh_fd_event_tr_number> off stack
.Jan 15 09:44:29.680: close tag is </fh_fd_event_tr_number>
.Jan 15 09:44:29.680: Pushing tag <fh_fd_event_tr_state> on to stack
.Jan 15 09:44:29.680: open tag is <fh_fd_event_tr_state>
.Jan 15 09:44:29.680: Name-Value Pair: Name=(pdir) Value=(_track_state)
.Jan 15 09:44:29.680: Name-Value Pair: Name=(tcl) Value=(track_state)
.Jan 15 09:44:29.680: Pushing tag <fh_var> on to stack
.Jan 15 09:44:29.680: open tag is <fh_var>
.Jan 15 09:44:29.680: Popping tag <fh_var> off stack
.Jan 15 09:44:29.680: close tag is </fh_var>
.Jan 15 09:44:29.680: Popping tag <fh_fd_event_tr_state> off stack
.Jan 15 09:44:29.680: close tag is </fh_fd_event_tr_state>
.Jan 15 09:44:29.680: Popping tag <fh_fd_publish_track_spec> off stack
.Jan 15 09:44:29.680: close tag is </fh_fd_publish_track_spec>
.Jan 15 09:44:29.680: Popping tag <fh_publish_event_spec> off stack
.Jan 15 09:44:29.680: close tag is </fh_publish_event_spec>
.Jan 15 09:44:29.680: EEM: policy_dir xml builtin: name:_event_type value:211
.Jan 15 09:44:29.680: EEM: policy_dir xml builtin: name:_event_type_string value:track
.Jan 15 09:44:29.680: EEM: policy_dir xml builtin: name:_event_severity value:severity-normal
.Jan 15 09:44:29.680: EEM: policy_dir xml builtin: name:_track_number value:1
RT-MAPUNDA-HLA(config-if)#
.Jan 15 09:44:29.680: EEM: policy_dir xml builtin: name:_track_state value:down
.Jan 15 09:44:29.684: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : CTL : cli_open called.
.Jan 15 09:44:29.684: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT : C
.Jan 15 09:44:29.684: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT : BAI - RT-MAPUNDA-HLA - (Unauthorized use is prohibited)
.Jan 15 09:44:29.684: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT : RT-MAPUNDA-HLA>
.Jan 15 09:44:29.684: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : IN : RT-MAPUNDA-HLA>login
.Jan 15 09:44:32.796: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT : % Authorization failed.
.Jan 15 09:44:32.796: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT :
.Jan 15 09:44:32.796: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT : RT-MAPUNDA-HLA>
.Jan 15 09:44:32.796: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : IN : RT-MAPUNDA-HLA>tparrilha
.Jan 15 09:44:33.308: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT : % Authorization failed.
.Jan 15 09:44:33.308: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT : ^
.Jan 15 09:44:33.308: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT : % Invalid input detected at '^' marker.
.Jan 15 09:44:33.308: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT :
.Jan 15 09:44:33.308: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT : RT-MAPUNDA-HLA>
.Jan 15 09:44:33.308: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : IN : RT-MAPUNDA-HLA>password
.Jan 15 09:44:33.820: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT : % Authorization failed.
.Jan 15 09:44:33.820: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT : ^
.Jan 15 09:44:33.820: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT : % Invalid input detected at '^' marker.
.Jan 15 09:44:33.820: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT :
.Jan 15 09:44:33.820: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT : RT-MAPUNDA-HLA>
.Jan 15 09:44:33.820: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : IN : RT-MAPUNDA-HLA>enable
.Jan 15 09:44:33.824: cli_history_entry_add: free_hist_list size=0, hist_list size=7
.Jan 15 09:44:33.824: eem_no_scan flag set, skipping scan of command_string=check_eem_cli_policy_handler
.Jan 15 09:44:33.832: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT : RT-MAPUNDA-HLA#
.Jan 15 09:44:33.832: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : IN : RT-MAPUNDA-HLA#configure terminal
.Jan 15 09:44:34.344: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT : % Authorization failed.
.Jan 15 09:44:34.344: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT :
.Jan 15 09:44:34.344: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT : RT-MAPUNDA-HLA#
.Jan 15 09:44:34.344: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : IN : RT-MAPUNDA-HLA#int tunn 6000
.Jan 15 09:44:34.356: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT : ^
.Jan 15 09:44:34.356: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT : % Invalid input detected at '^' marker.
.Jan 15 09:44:34.356: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT :
.Jan 15 09:44:34.356: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT : RT-MAPUNDA-HLA#
.Jan 15 09:44:34.356: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : IN : RT-MAPUNDA-HLA#shut
.Jan 15 09:44:34.868: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT : % Authorization failed.
.Jan 15 09:44:34.868: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT : ^
.Jan 15 09:44:34.868: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT : % Invalid input detected at '^' marker.
.Jan 15 09:44:34.868: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT :
.Jan 15 09:44:34.868: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT : RT-MAPUNDA-HLA#
.Jan 15 09:44:34.868: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : IN : RT-MAPUNDA-HLA#no shut
.Jan 15 09:44:34.880: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT : ^
.Jan 15 09:44:34.880: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT : % Invalid input detected at '^' marker.
.Jan 15 09:44:34.880: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT :
.Jan 15 09:44:34.880: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT : RT-MAPUNDA-HLA#
.Jan 15 09:44:34.880: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : IN : RT-MAPUNDA-HLA#end
.Jan 15 09:44:35.392: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT : % Authorization failed.
.Jan 15 09:44:35.392: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT : ^
.Jan 15 09:44:35.392: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT : % Invalid input detected at '^' marker.
.Jan 15 09:44:35.392: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT :
.Jan 15 09:44:35.392: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : OUT : RT-MAPUNDA-HLA#
.Jan 15 09:44:35.392: %HA_EM-6-LOG: PING_FAILED : DEBUG(cli_lib) : : CTL : cli_close called.
.Jan 15 09:44:35.392: fh_server: fh_io_msg: received msg FH_MSG_CALLBACK_DONE from client 14 pclient 2
.Jan 15 09:44:35.392: fh_io_msg: EEM callback policy PING_FAILED has ended with normal exit status of 0x0
.Jan 15 09:44:35.392: EEM fms_remote_chkpt_add_event_hist(), data_len = 2980, buf_size = 2992
.Jan 15 09:44:35.392: EEM: server decrements in use thread: jobid=11 rule id=3 in use thread=0.
.Jan 15 09:44:35.392: fh_schedule_callback: fh_schedule_callback: cc=30AA5EC8 prev_epc=300341D8; epc=0
.Jan 15 09:44:35.392: EEM server schedules callbacks: policy_type: 2
.Jan 15 09:44:35.392: fh_schedule_policy: prev_epc=0x0; epc=0x0
.Jan 15 09:44:35.392: EEM server schedules scripts
.Jan 15 09:44:35.392: fh_server: fh_io_msg: received msg FH_MSG_API_CLOSE from client 14 pclient 2
.Jan 15 09:44:35.392: fh_io_msg: received FH_MSG_API_CLOSE client=14
- Labels:
-
EEM Scripting
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2014 04:31 AM
Do you have AAA configured?
Looks like this could help you out:
https://supportforums.cisco.com/docs/DOC-12757#EEM_and_AAA_Command_Authorization
Daniel Dib
CCIE #37149
Please rate helpful posts.
CCIE #37149
CCDE #20160011
Please rate helpful posts.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2014 06:34 AM
thanks for the help in the document , I found the command that solves my problem :
is this
event manager applet PING_FAILED authorization bypass
but this only works in command line ASR G2 ( 2900)
IN ASR G1 ( 2811 ) the bypass does not exist , can you tell me if you know the command line for this router ?
RT ( config ) # event manager applet PING_FAILED authorization bypass
^
% Invalid input detected at ' ^ ' marker .
RT( config ) # event manager applet PING_FAILED ?
class Specify the class for the applet
Generate an SNMP trap trap When applet is triggered .
RT( config ) # event manager applet PING_FAILED cl
RT( config ) # event manager applet PING_FAILED class ?
The Class A
B Class B
C Class C
D Class D
E Class E
F Class F
G Class G
H Class H
I Class I
J Class J
K Class K
G Class G
M Class M
N Class N
The Class The
P Class P
Q Class Q
R Class R
S Class S
Class T T
Class U U
V Class V
W Class W
X Class X
Class Y Y
Z Class Z
Class default default
RT( config ) # event manager applet PING_FAILED class A?
Generate an SNMP trap trap When applet is triggered .
RT( config ) # event manager applet PING_FAILED class A TR
RT( config ) # event manager applet class PING_FAILED TRAP ?
RT ( config ) # event manager applet class PING_FAILED TRAP ?
RT ( config ) # event manager applet class PING_FAILED TRAP
RT( config- applet ) # ?
Entry Event Manager Applet Configuration Commands :
Add or modify an action statement action
Add or modify event information event
exit Exit from Event Manager applet configuration submode
help Description of the interactive help system
Negate a command or in September its defaults
Enter trigger trigger applet configuration submode
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2014 07:23 AM
Then I think you need to use the other method which was to specify VTY only for EEM and disable authorization on that VTY. It was described in the document as well but I have never tried it.
Daniel Dib
CCIE #37149
Please rate helpful posts.
CCIE #37149
CCDE #20160011
Please rate helpful posts.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-2014 07:24 AM
The document to which Daniel pointed you mentions that authorization bypass was not added until EEM 3.1. It sounds like your ISR is not running new enough code. Your only choice is to configure "event manager session cli username" or use the AAA trick mentioned in the doc to disable authz on the first VTY line.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide