02-13-2016 02:47 AM
Hi,
I have a C4506 running cat4500e-universal.SPA.03.02.05.SG.150-2.SG5.bin.
It dont have AAA configuration. It has the following one:
!
username cisco14 privilege 14 secret cisco14
username cisco5 privilege 5 secret cisco5
!
privilege exec level 10 enable
!
event manager session cli username "cisco14"
event manager applet test
event snmp oid cpmCPUTotal1minRev.1000 get-type exact entry-op ge entry-val "5" poll-interval 5
action 0.0 syslog priority errors msg "High CPU DETECTED $_snmp_oid_val"
action 0.1 cli command "enable"
action 0.2 cli command "term exec prompt timestamp"
action 1.2 cli command "term length 0"
action 1.3 cli command "show process cpu sorted | append bootflash:cpuinfo.txt"
action 1.4 cli command "show process cpu history | append bootflash:cpuinfo.txt"
action 2.1 cli command "show log | append bootflash:cpuinfo.txt"
action 2.2 cli command "term length 24"
!
My problem is that EEM failed at "enable" then the applet won't execute the CLI commands when the EEM applet is triggered:
debug event manager action cli
Feb 13 11:03:55.508 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT :
Feb 13 11:03:55.508 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : CTL : 20+ lines read from cli, debug output truncated
Feb 13 11:03:55.508 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : IN : SWITCH>enable
Feb 13 11:04:04.548 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : Translating "enable"...domain server (255.255.255.255)
Feb 13 11:04:04.548 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : % Unknown command or computer name, or unable to find computer address
Feb 13 11:04:04.548 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : SWITCH>
Feb 13 11:04:04.548 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : IN : SWITCH>term exec prompt timestamp
Feb 13 11:04:04.670 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : SWITCH>
Feb 13 11:04:04.670 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : IN : SWITCH>term length 0
Feb 13 11:04:04.782 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : SWITCH>
Feb 13 11:04:04.782 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : IN : SWITCH>show process cpu sorted | append bootflash:cpuinfo.txt
Feb 13 11:04:04.894 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : ^
Feb 13 11:04:04.894 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : % Invalid input detected at '^' marker.
Feb 13 11:04:04.895 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT :
Feb 13 11:04:04.895 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : SWITCH>
Feb 13 11:04:04.895 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : IN : SWITCH>show process cpu history | append bootflash:cpuinfo.txt
Feb 13 11:04:05.007 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : ^
Feb 13 11:04:05.007 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : % Invalid input detected at '^' marker.
Feb 13 11:04:05.007 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT :
Feb 13 11:04:05.007 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : SWITCH>
Feb 13 11:04:05.007 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : IN : SWITCH>show log | append bootflash:cpuinfo.txt
Feb 13 11:04:05.118 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : ^
Feb 13 11:04:05.118 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : % Invalid input detected at '^' marker.
Feb 13 11:04:05.119 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT :
Feb 13 11:04:05.119 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : SWITCH>
Feb 13 11:04:05.119 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : IN : SWITCH>term length 24
Feb 13 11:04:05.131 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : SWITCH>
Feb 13 11:04:05.131 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : CTL : cli_close called.
Please help me to resolve this problem
Thanks
02-13-2016 06:16 AM
What privilege level do you have on the 4500 when your logged in ? show privilege
It could be that blocking you from using eem , if you have priv 15 it could be something else , but the script looks ok
02-13-2016 07:20 PM
Hi mark malone,
User Access Verification
Username: cisco14
Password:
SWITCH#show pri
SWITCH#show privilege
Current privilege level is 14
SWITCH#enable
Password:
SWITCH#
SWITCH#show privilege
Current privilege level is 15
-----------------------------------------------
I found that when i configured the "privilege exec level 1 enable" command, it is ok:
!
privilege exec level 1 enable
!
But due to my company policy, if i config "privilege exec level 10 enable", what can i config next step ?
---------------------------------------------------------------------------------
Feb 13 11:06:42.790 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : CTL : 20+ lines read from cli, debug output truncated
Feb 13 11:06:42.790 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : IN : SWITCH>enable
Feb 13 11:06:42.792 Hanoi: %PARSER-5-CFGLOG_LOGGEDCMD: User:cisco14 logged command:!exec: enable
Feb 13 11:06:42.803 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : SWITCH#
Feb 13 11:06:42.803 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : IN : SWITCH#term exec prompt timestamp
Feb 13 11:06:42.814 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : SWITCH#
Feb 13 11:06:42.814 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : IN : SWITCH#term length 0
Feb 13 11:06:42.827 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT : SWITCH#
Feb 13 11:06:42.827 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : IN : SWITCH#show process cpu sorted | append bootflash:cpuinfo.txt
Feb 13 11:06:43.317 Hanoi: %HA_EM-6-LOG: test : DEBUG(cli_lib) : : OUT :
02-14-2016 12:15 PM
Hi you could Try set yourself as priv 10 as that's what's allowed to run the enable_____ username yourname secret xxx priv 10 or try in your eem script enable 10
02-14-2016 07:03 PM
Hi,
With "privilege exec level 10 enable"
i set three different cases for the below example, i run manual EEM by the "event manager run test1" command but the result is still not better:
-------------------------------------
username cisco14 privilege 14 secret cisco14
username cisco10 privilege 10 secret cisco10
username cisco5 privilege 5 secret cisco5
event manager session cli username cisco10
event manager applet test1
event none
action 0.1 cli command "enable"
-------------------------------------
username cisco14 privilege 14 secret cisco14
username cisco10 privilege 10 secret cisco10
username cisco5 privilege 5 secret cisco5
event manager session cli username cisco10
event manager applet test1
event none
action 0.1 cli command "enable 10"
----------------------------------------
username cisco14 privilege 14 secret cisco14
username cisco5 privilege 5 secret cisco5
event manager session cli username cisco14
event manager applet test1
event none
action 0.1 cli command "enable 10"
--------------------------------------
Feb 15 09:47:40.685 Hanoi: %HA_EM-6-LOG: test1 : DEBUG(cli_lib) : : CTL : 20+ lines read from cli, debug output truncated
Feb 15 09:47:40.685 Hanoi: %HA_EM-6-LOG: test1 : DEBUG(cli_lib) : : IN : SWITCH>enable 10
Feb 15 09:47:40.896 Hanoi: %HA_EM-6-LOG: test1 : DEBUG(cli_lib) : : OUT : Translating "enable"...domain server (255.255.255.255)
Feb 15 09:47:40.896 Hanoi: %HA_EM-6-LOG: test1 : DEBUG(cli_lib) : : OUT : % Unknown command or computer name, or unable to find computer address
Feb 15 09:47:40.896 Hanoi: %HA_EM-6-LOG: test1 : DEBUG(cli_lib) : : OUT : SWITCH>
Feb 15 09:47:40.896 Hanoi: %HA_EM-6-LOG: test1 : DEBUG(cli_lib) : : CTL : cli_close called.
Feb 15 09:47:40.896 Hanoi: tty is now going through its death sequence
02-16-2016 05:32 PM
Hi mark malone and anyone,
can you give me an advice for this case ?
Thanks,
02-17-2016 03:16 AM
Hi really need to lab this to see whats happening have not had a chance but you can try this in your config
enable password level 10 (password)
privilege exec level 10 enable
02-17-2016 06:28 PM
Hi mark malone,
i tried but it is not better than before.
I think that at the User EXEC Mode of EEM, Switch> is default level 1
if we set "privilege exec level 10 enable" command so EEM can not enter "enable " at the User EXEC Mode of its.
I think we should set the "privilege exec level 1 enable" or " no privilege exec level 10 enable" command
If you finish your lab on this case, please let me know your result.
Thanks,
02-18-2016 12:37 AM
If you get rid of the priv 10 it will work I thought though you had to have there for company policy so I was trying to work out to get around it :) , im still going to lab it over the weekend when im free to see either way as there has to be a way to get it working even with that there.
02-18-2016 01:41 AM
Hi, thank you for your time on this matter.
I will look forward to your result.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide