Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Query all interfaces

Hi,

Would really appreciate some assistance in what I 'thought' is a simple task

This is what I want to do via TCL / EEM :

1.)  Enumerate all interfaces on the switch or just query the running config

2.)  Query each interface config

3.)  If the interface config doesn't contain the sting 'authentication port-control auto' - send an email with the resulting interface name etc

I'm starting to lose my mind trying to do this 

Thanks and regards,

Bill

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Query all interfaces

This applet assumes EEM 3.0.  If you're IOS version is less than 12.4(22)T, then go to http://www.marcuscom.com/convert_applet to convert it into an EEM Tcl policy (note: this is not a tclsh script).  Then you can register it as an EEM Tcl policy and run it with:

event manager run POLNAME

Where POLNAME is the name of the Tcl file you used.

12 REPLIES
Cisco Employee

Query all interfaces

Try this:

event manager applet intf-auth

event none

action 001  cli command "enable"

action 002  cli command "show ip int brie"

action 003  set output "$_cli_result"

action 004  set intfs ""

action 005  foreach line "$output" "\n"

action 006   string trim $line

action 007   set line $_string_result

action 008   string length $line

action 009   if $_string_result eq 0

action 010    continue

action 011   end

action 012   regexp "^Interface" "$line"

action 013   if $_regexp_result eq "1"

action 014    continue

action 015   end

action 016   regexp "#" "$line"

action 017   if $_regexp_result eq "1"

action 018    continue

action 019   end

action 020   regexp "^([^[:space:]]+)[[:space:]]" "$line" match intf

action 021   cli command "show run interface $intf"

action 022   regexp "authentication port-control auto" "$_cli_result"

action 023   if $_regexp_result eq "0"

action 024    append intfs " $intf"

action 025   end

action 026  end

action 027  string length "$intfs"

action 028  if $_string_result gt "0"

action 029   mail from "user@example.com" to "user@example.com" server "10.1.1.1" subject "Interfaces missing auth port-control" body "The following interfaces are missing 'auth port-control auto': $intfs"

action 030  end

New Member

Query all interfaces

I just get 1 error with the above on action 004:

action 004  set intfs ""

Thanks

Cisco Employee

Query all interfaces

This applet assumes EEM 3.0.  If you're IOS version is less than 12.4(22)T, then go to http://www.marcuscom.com/convert_applet to convert it into an EEM Tcl policy (note: this is not a tclsh script).  Then you can register it as an EEM Tcl policy and run it with:

event manager run POLNAME

Where POLNAME is the name of the Tcl file you used.

New Member

Query all interfaces

Thanks - doesn't seem to run

#show event manager history events detailed

No.  Job Id Proc Status   Time of Event            Event Type         Name

1    1      Actv abort    Mon Oct14 10:38:36 2013  none               applet: intf-auth

   argc 0

New Member

Query all interfaces

It works fine on a switch with 12 interfaces but doesn't on a switch with 48 interfaces.

Could this be a timeout etc ?

Thanks

New Member

Query all interfaces

Event none maxrun 900 :-)

Thanks for your help Joseph.

New Member

Today I tired this config on

Today I tired this config on my Cat3850, stack of 4 but it didn't work. EEM version is 3.20 :(

I received the email from switch ("The following interfaces are missing 'auth port-control auto':  Command"), but there's no interfaces which do not have port-control enabled. 

Has anybody tried this configure before and worked for you?

Cisco Employee

You probably need to change

You probably need to change action 002 to:

 

action 002 "show ip int brief | inc Ethernet"

New Member

Still no luck :(After this

Still no luck :(

After this change, the email has stopped coming as well. The event history shows success though. 

9    12     Actv success  Mon Jun22 10:59:48 2015  none               applet: intf-auth
10   13     Actv success  Mon Jun22 11:00:32 2015  none               applet: intf-auth

 

Is there anything that you could think of and make it successful? Sorry, my knowledge is little on EEM. 

Thanks!

/j

 

 

New Member

Still no luck :(After this

Still no luck :(

After this change, the email has stopped coming as well. The event history shows success though. 

9    12     Actv success  Mon Jun22 10:59:48 2015  none               applet: intf-auth
10   13     Actv success  Mon Jun22 11:00:32 2015  none               applet: intf-auth

 

Is there anything that you could think of and make it successful? Sorry, my knowledge is little on EEM. 

Thanks!

/j

 

 

Cisco Employee

Right, it's working now.  You

Right, it's working now.  You said all your interfaces already have "authentication port-control auto" on them, so now that the policy only looks at Ethernet interfaces, you shouldn't see any email.  You would need to have at least one Ethernet interface that does not have the config "authentication port-control auto" on it in order to see the email.

New Member

I was actually debugging the

I was actually debugging the eem event recently and found: 

Jun 22 11:33:24.071 PDT: %HA_EM-6-LOG: intf-auth : DEBUG(cli_lib) : : IN  : xx-sw01#enable
Jun 22 11:33:24.289 PDT: %HA_EM-6-LOG: intf-auth : DEBUG(cli_lib) : : OUT : Command authorization failed.

Jun 22 11:33:24.289 PDT: %HA_EM-6-LOG: intf-auth : DEBUG(cli_lib) : : OUT : 

After noticing this failure on the debug output, I went ahead and bypassed AAA authorization for the policy. Now I am receiving the email with list of interfaces that do not have a port-control auto enabled :) 

Thanks a lot for your help! Your script works amazingly!

/j

 

 

 

 

 

859
Views
5
Helpful
12
Replies
CreatePlease login to create content