Fix bugs in EEM action cli implementation

Every now and then, EEM applets fail to recognize a new configuration prompt generated by the router and abort due to timeout (or hang-up forever if you're using IOS release prior to 12.4(15)T). You can use the new pattern keyword of the action cli configuration command to fix the bug.

For example, the DNS view configuration is not recognized by the EEM code, so the following applet fails to complete:

event manager applet Test
 event none
 action 1.0 cli command "enable"
 action 1.1 cli command "configure terminal"
 action 1.2 cli command "ip dns view default"
 action 1.3 cli command "dns forwarder 10.0.0.2"

… as you can test quite easiliy with the EEM CLI debugging (note the highlighted times that indicate the EEM applet timeout) …

Rtr#event man run Test
:13.343: %HA_EM-6-LOG: Test : DEBUG(cli_lib) : : CTL : cli_open called.
:13.451: %HA_EM-6-LOG: Test : DEBUG(cli_lib) : : OUT :
:13.455: %HA_EM-6-LOG: Test : DEBUG(cli_lib) : : OUT : GW-B>
:13.459: %HA_EM-6-LOG: Test : DEBUG(cli_lib) : : IN : GW-B>enable
:13.499: %HA_EM-6-LOG: Test : DEBUG(cli_lib) : : OUT :
:13.499: %HA_EM-6-LOG: Test : DEBUG(cli_lib) : : OUT : GW-B#
:13.499: %HA_EM-6-LOG: Test : DEBUG(cli_lib) : : IN : GW-B#configure terminal
:13.519: %HA_EM-6-LOG: Test : DEBUG(cli_lib) : : OUT :
:13.519: %HA_EM-6-LOG: Test : DEBUG(cli_lib) : : OUT : Enter configuration commands, one per line. End with CNTL/Z.
:13.523: %HA_EM-6-LOG: Test : DEBUG(cli_lib) : : OUT : GW-B(config)#
:13.523: %HA_EM-6-LOG: Test : DEBUG(cli_lib) : : IN : GW-B(config)#ip dns view default
:33.395: %HA_EM-6-LOG: Test : DEBUG(cli_lib) : : OUT :
:33.399: %HA_EM-6-LOG: Test : DEBUG(cli_lib) : : OUT : GW-B(cfg-dns-view)#
:33.403: %HA_EM-6-LOG: Test : DEBUG(cli_lib) : : CTL : cli_close called.

To fix this bug, use the pattern "#" option of the action cli command to tell the EEM applet what prompt to expect:

event manager applet Test
 event none
 action 1.0 cli command "enable"
 action 1.1 cli command "configure terminal"
 action 1.2 cli command "ip dns view default" pattern "#"
 action 1.3 cli command "dns forwarder 10.0.0.2" pattern "#"

3 comments:

  1. This is what I did on our IOS CA server to periodically FTP the crl file to our FTP server:

    event manager applet backup-crl
    event timer watchdog time 86400 maxrun 4294967295
    action 1.0 cli command "enable"
    action 2.0 cli command "copy flash:/iosca.crl ftp://username:[email protected]/" pattern "a.b.c.d"
    action 3.0 cli command "a.b.c.d" pattern "iosca.crl"
    action 4.0 cli command "iosca.crl"
    action 5.0 syslog msg "ftp successful"

    I am using IOS 12.4(15)T3 by the way.
  2. does anyone know if its affected by AAA, i.e. does the "enable" or aaa command auth make any difference? or does EEM bypass these?
  3. AAA affects EEM applets. See other posts in my blog on this topic (search for EEM AAA).
Add comment
Sidebar