Cisco EEM is a very powerful tool for managing and creating events on Cisco platforms. EEM can listen for specific input, react to environmental variables, run schedules, and the list goes on. I’m going to walk through one example of EEM, and then show a few more examples.
Building an EEM applet
EEM applets are built in config mode using he ‘event manager’ configuration. For instance, let’s create a EEM applet called ‘dont_forget”…
router1#config t
Enter configuration commands, one per line. End with CNTL/Z.
router1(config)#event manager applet dont_forget
router1(config-applet)#
This kicks you into applet configuration mode. The first thing you need to do is tell EEM some general information about the applet. This is done with the ‘event’ command…
router1(config-applet)# event cli pattern “^end” sync no skip no
Here we are saying that for this event to execute, we want to match on a pattern we see in the CLI. This particular pattern should be the word ‘end’. Moreover, we include the ^ to tell it that ‘end’ needs to appear at the beginning of the string. Next we set the sync mode with is wither yes or no. No means that the policy actions can be run asynchronously, and yes means that they need to be run in sync (one at a time). The skip command tells the router whether or not to actually run the command when it sees it. In this case, we do want it to still run. Next, we set actions…
router1(config-applet)# action 1 syslog msg “Don’t forget to write your config!”
Here we are telling it to run this particular action when the event is matched. In this case, we are telling the router to display a syslog message. That’s it’s your first EEM configuration! Now, what does this actually do? I have a habit of using the word ‘end’ to leave config mode. That way, I don’t have to type exit multiple times. When I type end, it will kick back a message to me reminding me to write my config. Let’s see it in action…
router1#config t
Enter configuration commands, one per line. End with CNTL/Z.
router1(config)#int fa0/1
router1(config-if)#description Inside
router1(config-if)#end
router1#
Jan 12 01:59:23.787: %SYS-5-CONFIG_I: Configured from console by console
Jan 12 01:59:23.791: %HA_EM-6-LOG: dont_forget: Don’t forget to write your config!
Now, if you are really lazy, we could slightly modify this to…
event manager applet dont_forget
event cli pattern “^end” sync no skip no
action 1 syslog msg “Don’t worry, I’ll do it for you”
action 2 cli command “enable”
action 3 cli command “write memory”
Now let’s see what happens…
router1#config t
Enter configuration commands, one per line. End with CNTL/Z.
router1(config)#int fa0/0
router1(config-if)#description OutsideInterface
router1(config-if)#end
router1#
Jan 12 02:17:10.459: %SYS-5-CONFIG_I: Configured from console by console
Jan 12 02:17:10.463: %HA_EM-6-LOG: dont_forget: Don’t worry, I’ll do it for you
router1#
If you look at the startup config, you’ll see that the configuration has been saved as well…
router1#show start | b FastEthernet0/0
interface FastEthernet0/0
description OutsideInterface
ip address 75.146.45.99 255.255.255.248
ip flow ingress
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
Let’s take a look at a couple other EEM applets…
Use Syslog for tracking
Sort of a poor man’s tracking command. Consider we have dual ISP router’s and we are advertising a 0’s route into the core network from each router. Let’s say that the internet facing interface (fa0/0) fails. This script will read that event in the syslog, and pull the summary route out for us. When the interface returns, it will put it back…
event manager applet monitor_isp_down
event syslog pattern “Line protocol on Interface FastEthernet0/0, changed state to down”
action 1 cli command “enable”
action 2 cli command “config t”
action 3 cli command “no ip route 0.0.0.0 0.0.0.0 null0”
action 4 syslog msg “Primary ISP failed, pulling out 0’s summary on ISP01”
event manager applet monitor_isp_up
event syslog pattern “Line protocol on Interface FastEthernet0/0, changed state to up”
action 1 cli command “enable”
action 2 cli command “config t”
action 3 cli command “ip route 0.0.0.0 0.0.0.0 null0”
action 4 syslog msg “Primary ISP recovered, installing 0’s summary on ISP01”
The result?
<Pull cable>
Jan 12 02:28:51.607: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
Jan 12 02:28:51.751: %HA_EM-6-LOG: monitor_isp_down: Primary ISP failed, pulling out 0’s summary on ISP01
Jan 12 02:28:51.755: %SYS-5-CONFIG_I: Configured from console by vty0
<Restore Cable>
Jan 12 02:29:01.559: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
Jan 12 02:29:02.559: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
Jan 12 02:29:02.711: %HA_EM-6-LOG: monitor_isp_up: Primary ISP recovered, installing 0’s summary on ISP01
Jan 12 02:29:02.711: %SYS-5-CONFIG_I: Configured from console by vty0
Disabling Reloads
Didn’t think of this one myself but it seems to be pretty popular…
event manager applet disable_reload
event cli pattern “reload” sync no skip yes
action 1 syslog msg “Reloads have been disabled.”
The result?
ISP01#reload
ISP01#
Jan 12 02:40:56.307: %HA_EM-6-LOG: disable_reload: Reloads have been disabled.
ISP01#
Bottom Line
I’ve only scratched the surface here. EEM is a very powerful tool that’ you should become familiar with.