09-26-2012 11:15 AM
We occasionally have a tunnel interface that flaps up and down on occasion, and a simple shut/no shut fixes the issue. I saw that EEM scripts can perform actions based upon syslogged events, so we decided to give it a go.
I set up the following script, but when the tunnel goes down, it doesn't shut/no shut.
event manager applet Tunnel5_Down
event syslog pattern "Interface Tunnel5, changed state to down"
action 1.0 cli command "enable"
action 1.1 cli command "configure terminal"
action 1.2 cli command "interface tu5"
action 1.3 cli command "shut"
action 1.4 cli command "no shut"
I'm curious what I might be missing? Also - is there anything to let me know that the router actually attempted to run the applet?
09-26-2012 04:45 PM
What is the exact syslog message that is being generated? Do you have AAA command authorization configured on the device? You can use the command "show event manager history events" to see if the policy is firing.
09-26-2012 07:56 PM
Joe -
The command was extremely helpful. I saw in the history that the applet had fired off 5 times in the past 6 days.
We're matching on the following pattern "interface Tunnel5, changed state to down"
We had a problem where a shut/no shut didn't fix the issue right away, looks like a syslog event wasn't logged again, so when the initial applet fired, it only went once, and not again.
Is there any way to make the applet fire again if a "tunnel up" condition isn't met?
09-27-2012 07:46 AM
Yeah, you can do this by configuring another applet from the initial applet that uses a watchdog timer to periodically bounce the interface. When you see the "up" status, then you can unconfigure the watchdog applet.
However, one thing you should look at first is to make sure AAA is not interfering with your applet execution. Are you using AAA command authorization?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide