Changing configuration with EEM – yes or no?

Daniel left a very relevant comment to my convoluted BGP session shutdown solution:

What I am currently doing is using EEM to watch my tracked objects and then issuing a neighbor shutdown command. Is there a functional reason I would not want to do it that way, and use the method you prescribe?

As always, the answer is “it depends.” In this case, the question to ask yourself is: “do I track configuration changes and react to them?

Changing the router configuration with an EEM applet is no different from changing it through a terminal session. Let’s solve the BGP session shutdown challenge with a simple EEM applet:

event manager applet shutdown_BGP_Session
event track 10 state down
action 1.0 cli command "enable"
action 1.1 cli command "configure terminal"
action 1.2 cli command "router bgp 65100"
action 1.3 cli command "neighbor shutdown"

Every time the applet is run, the router configuration is changed, triggering all sorts of events:

  • The running configuration change time (that you can see with show running) is updated.
  • Configuration commands executed by the EEM applet are written in the configuration log (use the event manager session cli username global configuration command to change the username displayed in the printouts).
A1#show archive log config all
idx sess user@line Logged command
1 0 EEM@vty0 |!exec: enable
2 5 EEM@vty0 |router bgp 65100
3 5 EEM@vty0 | neighbor shutdown
  • Syslog messages are generated if you’ve configured configuration change logging with notify syslog:
%TRACKING-5-STATE: 10 stub   Up->Down
%PARSER-5-CFGLOG_LOGGEDCMD: User:EEM logged command:!exec: enable
%PARSER-5-CFGLOG_LOGGEDCMD: User:EEM logged command:router bgp 65100
%PARSER-5-CFGLOG_LOGGEDCMD: User:EEM logged command:neighbor
  • SNMP traps are generated if you’ve enabled configuration-related traps with the snmp-server enable traps command.

On top of that, the configuration-tracking network management tools (RANCID, SolarWinds ...) might generate configuration changed alerts and you’ll be prompted whether you want to save the changed running configuration the next time you’ll try to reload the router.

Last but definitely not least, if you do save the changed configuration (when the BGP neighbor is disabled), the change made by the EEM applet will be stored in the startup configuration. Not a good idea.

To avoid the problems caused by saves of EEM-changed configurations, always create a third EEM applet that applies the desired configuration after the router reload (in our case, no neighbor shutdown).

Summary: As always, consider all side effects of your solution. On one hand, configuration changes done within an EEM applet trigger all sorts of alerts (if you track configuration changes); on the other hand, the static route-based solution might be too convoluted for your support team (and impossible to troubleshoot at 1AM on Sunday, January 2nd).


  1. Ivan, thanks again for taking the time to give your insight on these issues. Considering everything, for us the EEM option is the best, especially considering the support aspect. Shooting out notification emails at the same time doesn't hurt either.

    Keep up the great work!
  2. hi...great blog..I'm hafiz from Malaysia... Just to get suggestion from you, which is the best method ; using TCL script or CLI?

    Previously i use TCL script to push my show command (using multiple piping) to send the text file to my ftp server every wekk (using kron). But fail to do that.

    Refer this link for the problem i mention above.

    Please advice. Thanks
  3. Hello, I'm wondering if there is a possibility of dynamic configurations with EEM like so that when an interface is disabled it will be switched to another interface?
  4. Sure is. Search my blog and for EEM; you just might find what you're looking for.
  5. Hi Ivan

    My diagram network have alot of branchs and HO , the branchs connect to HO via 2 line leased line of 2 diffirent ISP ,we run ospf for routing , we would like to detect the poor performance of line and so modify cost of this poor performance line for OSPF routing.

    can you give me solution about this ?

    many thanks
  6. Use IP SLA to measure line performance and EEM applet to change OSPF cost. OER/PfR could also be the right tool for the job. BTW, I'm also available for consulting engagements:
  7. Hi Ivan,

    There's another facet to this issue related to whether the has unsaved configuration changes.

    If the configuration is unchanged since the last save, an automated PKI certificate renewal will be automatically saved by the router.

    If there are unsaved configuration changes in the router, then the certificate rollover process will not save the new certificate to NVRAM, putting the certificate at risk (a powerfail will wipe it out).
Add comment