Thursday, 28 March 2019

Fixing Configuration After a Reboot Using EEM

Over the years there's been various bugs with IOS XE platforms that result the device in question losing/not applying configuration after a reboot, some examples are DHCP snooping trust, certificates or voice dial-peer configuration. One way to workaround around this is to use the Embedded Event Manager (EEM) to trigger execution of certain commands, or even a TCL script.
The first hurdle is to avoid having to bake credentials in, so that you can get into configuration mode without exposing passwords in clear text. Fortunately since EEM 3.1 you can specifically bypass AAA via adding authorization bypass to the applet. The example below uses this to re-apply some DHCP snooping configuration to 2 interfaces after a reload & puts a message into syslog:

event manager applet DHCP-Snoop-Fix authorization bypass
 event syslog pattern "SYS-5-RESTART"
 action 1.0 cli command "enable"
 action 1.1 cli command "configure terminal"
 action 2.0 cli command "interface range GigabitEthernet1/0/24 , GigabitEthernet2/0/48"
 action 2.1 cli command "ip dhcp snooping trust"
 action 3.0 syslog msg "Reapplied DHCP Snooping Config!"

To test you can use event timer countdown time 10 instead of event syslog pattern "SYS-5-RESTART" to trigger it after 10s, whilst enabling debug event manager action cli to watch the script execute.

Some further reading from Cisco:
Posted by at
Labels: , , , , , , , , ,

1 comment:

  1. Adam Mill10 February 2020 at 05:14

    This comment has been removed by a blog administrator.

    ReplyDelete

Subscribe to: Post Comments (Atom)