Hi Shaun,
What exactly would you like to see?
Rene
Hi Shaun,
What exactly would you like to see?
Rene
As you mentioned that EEM can be very useful in real life examples like hiding a username/password or encrypted the plain text password. Can you show an example where you can hide or encrypt the plain text password in EEM script?
Something like this could do the job:
event manager applet SHOW_RUN_NO_PASSWORD
event cli pattern "show run" sync yes
action 1.0 cli command "enable"
action 2.0 cli command "show run | exclude password"
action 3.0 puts "$_cli_result"
action 4.0 set $_exit_status "0"
Rene
Hi Rene,
Is there any way to configure on layer 3 switches an script to shut down ports and enable ports on a schedule basis.
Hello Alfredo
Yes, it is possible to shutdown and enable specific ports based on time. The following example may shed some light on this:
When using EEM, you must create two applet timer policies, one to “shutdown
” and the other to “no shutdown
”. In the following example, the port will be shutdown every day at midnight, and brought back up every day at 8 am.
event manager applet shutdown_port
event timer cron cron-entry "0 0 * * *"
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "interface FastEthernet1/0/1"
action 4.0 cli command "shut"
action 5.0 cli command "end"
action 6.0 syslog msg "Interface FastEthernet1/0/1 has been shutdown"
event manager applet noshut_port
event timer cron cron-entry "0 8 * * *"
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "interface FastEthernet1/0/1"
action 4.0 cli command "no shut"
action 5.0 cli command "end"
action 6.0 syslog msg "Interface FastEthernet1/0/1 has been restored"
Keep in mind that this will work only if you are running IOS 12.2(40)SE or higher. Also it’s a good idea to have NTP configured on the switch when implementing time based scripts.
I hope this has been helpful!
Laz
Hi Lagapides,
I follow the steps you provided but it doesn’t work. See what I collect.
show clock: 16:19:24.374 PDT Fri Mar 17 2017
Version 12.2(53)SE2
TEST#sh event manager policy registered
No. Class Type Event Type Trap Time Registered Secu Name
1 applet user timer cron Off Fri Mar 17 16:17:07 2017 none shutdown_port
cron entry {18 16 * * *}
maxrun 20.000
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "interface gigabitEthernet 0/3"
action 4.0 cli command "shut"
action 5.0 cli command "end"
action 6.0 syslog msg "Interface FastEthernet1/0/1 has been shutdown"
2 applet user timer cron Off Fri Mar 17 16:17:19 2017 none noshut_port
cron entry {20 16 * * *}
maxrun 20.000
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "interface gigabitEthernet 0/3"
action 4.0 cli command "no shut"
action 5.0 cli command "end"
action 6.0 syslog msg "Interface FastEthernet1/0/1 has been restored"
Please advise
I just tried this in Cisco VIRL and it is working here:
event manager applet shutdown_port
event timer cron cron-entry "57 12 * * *"
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "interface FastEthernet1/0/1"
action 4.0 cli command "shut"
action 5.0 cli command "end"
action 6.0 syslog msg "Interface FastEthernet1/0/1 has been shutdown"
A few minutes later:
R1#
*Jul 6 12:57:00.360: %SYS-5-CONFIG_I: Configured from console by on vty0 (EEM:shutdown_port)
*Jul 6 12:57:00.365: %HA_EM-6-LOG: shutdown_port: Interface FastEthernet1/0/1 has been shutdown
Hello All,
Is there a show command to list all the built-in EEM environment variables, eg. $_cli_result, etc.
Thanks.
Hello Isaac
Take a look at this Cisco command reference:
This command will display the name and value of the EEM environment variables. You can also take a look at this reference for a list of EEM built in environment variables:
I hope this has been helpful!
Laz
Hi,
I’m trying to write a EEM applet atm which will do the following;
At the moment I’ve made an ‘alias’ for step 1, and I’m having trouble with how to auto confirm when the device prompts for input.
Cheers,
Rob
Hello Robert
Before writing up an EEM script is always a good idea to go over the manual implementation of what you want to do. In order to copy the running-config to another file name and reload the device, you must do the following:
R2#copy running-config flash0:
Destination filename [running-config]? test.cfg
2949 bytes copied in 2.445 secs (1206 bytes/sec)
R2#reload
Proceed with reload? [confirm]
In my example above, I copied the running configuration to a file called test.cfg
. So in this case, you would have to issue the first command, then wait for the proper prompt to appear and then put in the correct command. (There is no confirmation there).
In the case of the reload, you will have to wait for the confirm
prompt to appear and then press Enter.
The EEM script would go something like this:
action 010 cli command "copy run flash0:" pattern "running-config"
action 020 cli command "test.cfg" pattern "copied"
action 030 cli command "reload" pattern "confirm"
action 040 cli command ""
After action 10, it confirms “running-config” appears in the prompt before moving to the next command. Similarly, in action 20, “copied” must appear. In 030 “reload” must appear. Finally, after all patterns are matched, the “” indicates that the Enter key should be applied.
It is the pattern
keyword that does the matching. Note that I have not tested the above, and you should confirm that it functions before proceeding.
I hope this has been helpful!
Laz
Hi Laz,
Thanks for that, will have a play with this in my lab and report back!
One thing on this, with action 020, are we able to build a file name based on say device hostname + fixed string label, ie device-name + base.cfg ?
Cheers,
Rob
Hello Robert
It is possible to retrieve information such as the hostname of the device. There are many predefined functions that do these types of functions. Specifically, for what you’re looking for you need to use the following command:
action 01 info type routername
This command will store the hostname of the device in a predefined variable called $_info_routername
. You can then call this variable in subsequent actions like so:
action 02 cli command "$_info_routername-base.cfg"
This command will concatenate the saved hostname with the -base.cfg
suffix.
Many more such built-in variables can be found at this Cisco community post:
Unfortunately, I found that Cisco documentation is either inadequate or non-existent (or at least very hard to find!) when it comes to details about EEM features.
I hope this has been helpful!
Laz
Thanks for that Laz, I had a quick glance at that link before but maybe I should have tried the find feature! I will try to post my draft EEM applet once its closer to the task of me semi-automating my lab! Cheers, Rob
Actually, this command below works alot better than an EEM script imo (as I don’t have to wait for reload the device to load a file)
configure replace flash:router-backup-1 list
From this networklessons article of course!
now back to labbing!
Cheers,
Hello Robert
Great, thanks for sharing that… It’s posts like this that increase the value and usefulness of the forum, as users share their personal experience on what works best for them. Your contributions are much appreciated!
Laz
Happy to help, hopefully will be able to contribute with more tips and tricks! Cheers,
HI Laz,
thanks a lot for your explanation.
I’ve got a question about the time variable.
In my case i would like to copy the cfg to an tftp server but i need to have also the hostname and the time.
event manager applet TFTP-SAVE
event cli pattern "(write|write memory|copy running-config startup-config)" sync no skip no
action 0.0 syslog msg "salvaggio-TFTP"
action 1.0 cli command "enable"
action 2.0 info type routername
action 3.0 cli command "copy running-config tftp://<tftp-server>/2021_$_info_routername.$_event_pub_sec.cfg"
WIth this configuration i will have hostname and seconds output but i need the date instead
copied cfg
i’ve already tried with
action 3.0 cli command "copy running-config tftp://<tftp-server>/2021_$_info_routername.$_event_pub_time.cfg"
but the debug looks like that:
*Sep 24 11:01:46: %HA_EM-6-LOG: TFTP-SAVE : DEBUG(cli_lib) : : OUT : copy running-config tftp://<tftp-server>/2021_test.Sep 24 09:01:46.009.cfg
*Sep 24 11:01:46: %HA_EM-6-LOG: TFTP-SAVE : DEBUG(cli_lib) : : OUT : ^
*Sep 24 11:01:46: %HA_EM-6-LOG: TFTP-SAVE : DEBUG(cli_lib) : : OUT : % Invalid input detected at '^' marker.
Thanks for a feedback
BR
Aronne
Hello Aronne
It looks like the problem comes from the fact that there are spaces in the date portion of the file name. It is strange that the ‘^’ marker is pointing after the first space, but I would have to say that this is most likely the problem. I would suggest taking a look at this Cisco community thread that deals with a very similar configuration issue the EEM:
There you will see various options and configurations that may be helpful. You must however keep in mind that some features, such as those that can manipulate text in order to remove spaces, are supported in EEM 3.0 or higher, so you will have to check your version.
Take a look at the thread and let us know how you get along. If you need more help in the process, you know where to find us!
I hope this has been helpful!
Laz
Hi Laz, thanks a lot for your helpful feedback .
Got another question about EEM.
I have to add a VLAN in TRUNK of multiple Switches. The only thing that helps me to discover which is the “UPLINK” where i have to put in the new VLAN in the Trunk is the description of those link.
Example:
IF G1/0/1
description DA730 - xxxxxxx
Is there a script that allows me to use the “DA” value in the description as trigger for a switchport trunk allowed vlan add command ?
Thanks again for a feedback
Aronne