Understanding Cisco EEM by examples Part 2

    kindly before continue reading read Part 1 article Frist:

    https://learningnetwork.cisco.com/docs/DOC-19457

     

    example five :

    lets say we asked to prevent router users from ping 1.1.1.1 ip address and also show msg saying this command is bypassed try again later

     

    event manager applet noping

    event cli pattern "ping 1.1.1.1" sync no skip yes

    action 1.0 syslog msg "commnad is bypassed try again later"

     

    here EEM Instead of looking for a pattern in syslog, this time we’re waiting for a pattern entered onto the CLI. EEM will monitor your Router CLI prompt looking for pattern match this pattern is (ping 1.1.1.1) then will skip it and show you msg you typed before as reason .

     

     

     

    R2#ping 1.1.1.1

     

    R2#

    *Mar  1 00:17:04.739: %HA_EM-6-LOG: noping: commnad is bypassed try again later

    R2#

     

    Note: sync no used to stop running command synchronously and gave us time to use skip command which prevent ping

     

    example six:

    this exampel is a little bit evil , we will disable Config t command

     

     

    event manager applet noconfig

    event cli pattern "configure terminal" sync no skip yes

    action 2.0 cli command "enable"

     

     

    Note: do not save this one it will preventing  you from using config t

     

    example seven :

    lets say we have routre with the following interfaces

    int fas 0/0 30.3.3.3/24

    int fas 0/1 31.3.3.3/24

    configure it so when fa0/0 goes down , fas0/1 must also go down and when it come back , fa0/1 come back up.

     

     

    R1(config)#track 1 interface fastEthernet 0/0 line-protocol

     

    the above line is not related to EEM commands , it just a track command .

     

    event manager applet f00-down

    event track 1 state down

    action 6.0 cli command "enable"

    action 6.1 cli command "config t"

    action 6.2 cli command "int fas 0/1"

    action 6.3 cli command "sh"

    action 6.4 cli command "end"

    end

     

    event manager applet f00-up

    event track 1 state up

    action 6.0 cli command "enable"

    action 6.1 cli command "config t"

    action 6.2 cli command "int fas 0/1"

    action 6.3 cli command "no sh"

    action 6.4 cli command "end"

    end

     

    example eight:

    remeber in Example four we made one of our actions is sending email .

    we can set email id and server as variables:

    router1(config)# event manager environment email_to yasser@yasserauda.com

    router1(config)# event manager environment email_from eem@cisco.com

    router1(config)# event manager environment email_server 1.2.3.4

     

    then in action we type:

    router1(config-applet)# action 2 mail server "$email_server" to "$email_to" from "$email_from" subject "SLA 1 state changed to DOWN" body "Check to see if Webserver is functional."

     

    example nine:

    lets say when loop0 interface goes down , force teh router to bring it up and send syslog msg about that

     

     

    event manager applet WatchLo0

    event syslog pattern "Interface Loopback0.* down" period 1

    action 2.0 cli command "enable"

    action 2.1 cli command "config t"

    action 2.2 cli command "interface lo0"

    action 2.3 cli command "no shutdown"

    action 3.0 syslog msg "Interface Loopback0 was brought up via EEM"

     

    example ten:

    disbale reload command with msg shown to user that this command has been disabled.

     

     

    R2(config)#event manager applet DisableReload

    R2(config-applet)# event cli pattern "reload" sync no skip yes occurs 1

    R2(config-applet)# action 1.0 syslog msg "$_cli_msg has been disabled."

    R2(config-applet)#exit

    R2(config)#exit

    R2#reload

    R2#

    *Mar  1 01:20:45.643: %HA_EM-6-LOG: DisableReload: reload has been disabled.

     

    example eleven:

    Supposed you need to back up your router configuration at a specific time everyday, you can do this automatically using EEM.

    If you are good with Linux you understand Cron command.

     

    event manager environment filename 2900-1-confg

    event manager environment tftploc tftp://192.168.1.101/

     

    event manager applet backupcfg

    event timer cron name job1 cron-entry “34 2 * * 0-6″

    action 1.0 cli command “enable”

    action 2.0 cli command “conf t”

    action 3.0 cli command “file prompt quiet”

    action 4.0 cli command “end”

    action 5.0 cli command “copy start $tftploc$filename”

    action 6.0 cli command “conf t”

    action 7.0 cli command “no file prompt quiet”

     

    The file prompt quiet command is to suppress the questions asked by IOS.

     

    Part 2 completed but i wish you rememebr the following :

     

        event cli pattern: Defines the event criteria to initialize the EEM applet.

        sync:Specifies if the policy should be executed synchronously before the CLI commands executes

        skip: Indicates if the CLI commands should be executed

        occurs: Indicates the number of occurrences before the EEM applet is triggers.

     

    Finally why i made these two articles ?

    because  EEM is not explained in Deatils for CCIE student usually and relay only on Cisco documetion During the CCIE R&S Lab is not enough.

    Still if any one has something to add to this document , you are welcome to enhance it.

    Thanks for NB workbook inspired me with two examples i showed here.

     

    Useful Resources :

    http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_overview.html

    http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_policy_cli.html

     

    Yasser Auda

    Certified Cisco Systems Instructor  CCSI #  34215