EEM Undo Configuration Changes

Posted by
Facebooktwitterredditpinterestlinkedintumblr

Cisco Event Embedded Manager (EEM) can be used to detect and undo configuration changes on a production network like reload, removal of routing process and shutdown of management interfaces.

This EEM applet is used to unshut the loopback2 when shutdown.

event manager session cli username eemadmin
event manager applet NO-SHUT-LOOPBACK 
 event syslog pattern "%LINK-5-CHANGED: Interface Loopback2, changed state to administratively down"
 action 0.0 cli command "enable"
 action 0.1 cli command "config t"
 action 0.2 cli command "int loopback 2"
 action 0.3 cli command "no shut"
 action 0.4 cli command "end"
 action 0.5 cli command "exit"

Verification logs.

R3(config)#int lo 2
R3(config-if)#shut
*Mar  1 00:12:08.183: %LINK-5-CHANGED: Interface Loopback2, changed state to administratively down
R3(config-if)#
*Mar  1 00:12:08.207: %HA_EM-6-LOG: NO-SHUT-LOOPBACK : DEBUG(cli_lib) : : CTL : cli_open called.
*Mar  1 00:12:08.207: %HA_EM-6-LOG: NO-SHUT-LOOPBACK : DEBUG(cli_lib) : : IN  : 
*Mar  1 00:12:08.223: %HA_EM-6-LOG: NO-SHUT-LOOPBACK : DEBUG(cli_lib) : : OUT : 
*Mar  1 00:12:08.227: %HA_EM-6-LOG: NO-SHUT-LOOPBACK : DEBUG(cli_lib) : : OUT : R3>
*Mar  1 00:12:08.227: %HA_EM-6-LOG: NO-SHUT-LOOPBACK : DEBUG(cli_lib) : : OUT : R3>
*Mar  1 00:12:08.231: %HA_EM-6-LOG: NO-SHUT-LOOPBACK : DEBUG(cli_lib) : : OUT : R3>
*Mar  1 00:12:08.235: %HA_EM-6-LOG: NO-SHUT-LOOPBACK : DEBUG(cli_lib) : : IN  : >enable
*Mar  1 00:12:08.251: %HA_EM-6-LOG: NO-SHUT-LOOPBACK : DEBUG(cli_lib) : : OUT : 
*Mar  1 00:12:08.251: %HA_EM-6-LOG: NO-SHUT-LOOPBACK : DEBUG(cli_lib) : : OUT : R3#
*Mar  1 00:12:08.251: %HA_EM-6-LOG: NO-SHUT-LOOPBACK : DEBUG(cli_lib) : : IN  : #config t
*Mar  1 00:12:08.267: %HA_EM-6-LOG: NO-SHUT-LOOPBACK : DEBUG(cli_lib) : : OUT : 
*Mar  1 00:12:08.267: %HA_EM-6-LOG: NO-SHUT-LOOPBACK : DEBUG(cli_lib) : : OUT : Enter configuration commands, one per line.  End with CNTL/Z.
*Mar  1 00:12:08.267: %HA_EM-6-LOG: NO-SHUT-LOOPBACK : DEBUG(cli_lib) : : OUT : R3(config)#
*Mar  1 00:12:08.267: %HA_EM-6-LOG: NO-SHUT-LOOPBACK : DEBUG(cli_lib) : : IN  : #interface loopback2
*Mar  1 00:12:08.287: %HA_EM-6-LOG: NO-SHUT-LOOPBACK : DEBUG(cli_lib) : : OUT : 
*Mar  1 00:12:08.287: %HA_EM-6-LOG: NO-SHUT-LOOPBACK : DEBUG(cli_lib) : : OUT : R3(config-if)#
*Mar  1 00:12:08.287: %HA_EM-6-LOG: NO-SHUT-LOOPBACK : DEBUG(cli_lib) : : IN  : #no shut
*Mar  1 00:12:08.299: %HA_EM-6-LOG: NO-SHUT-LOOPBACK : DEBUG(cli_lib) : : OUT : 
*Mar  1 00:12:08.299: %HA_EM-6-LOG: NO-SHUT-LOOPBACK : DEBUG(cli_lib) : : OUT : R3(config-if)#
*Mar  1 00:12:08.299: %HA_EM-6-LOG: NO-SHUT-LOOPBACK : DEBUG(cli_lib) : : IN  : #end
*Mar  1 00:12:08.311: %SYS-5-CONFIG_I: Configured from console by eemadmin on vty2 (EEM:NO-SHUT-LOOPBACK)
*Mar  1 00:12:08.315: %HA_EM-6-LOG: NO-SHUT-LOOPBACK : DEBUG(cli_lib) : : OUT : 
*Mar  1 00:12:08.315: %HA_EM-6-LOG: NO-SHUT-LOOPBACK : DEBUG(cli_lib) : : OUT : R3#
*Mar  1 00:12:08.315: %HA_EM-6-LOG: NO-SHUT-LOOPBACK : DEBUG(cli_lib) : : IN  : #exit
*Mar  1 00:12:08.331: %HA_EM-6-LOG: NO-SHUT-LOOPBACK : DEBUG(cli_lib) : : OUT : 
*Mar  1 00:12:08.335: %HA_EM-6-LOG: NO-SHUT-LOOPBACK : DEBUG(cli_lib) : : OUT : R3>
*Mar  1 00:12:08.339: %HA_EM-6-LOG: NO-SHUT-LOOPBACK : DEBUG(cli_lib) : : IN  : >exit
*Mar  1 00:12:08.343: %HA_EM-6-LOG: NO-SHUT-LOOPBACK : DEBUG(cli_lib) : : CTL : cli_close called.
*Mar  1 00:12
R3(config-if)#:10.287: %LINK-3-UPDOWN: Interface Loopback2, changed state to up
R3(config-if)#

This EEM applet is used to stop device reload.

event manager applet STOP-RELOAD 
 event cli pattern "reload" sync no skip yes
 action 0.0 syslog msg "Reload aborted! Administrator notified!"

Verification logs.

R3#reload 
*Mar  1 00:29:43.103: %SYS-5-CONFIG_I: Configured from console by tty161
R3#reload 
R3#
*Mar  1 00:29:45.567: %HA_EM-6-LOG: STOP-RELOAD: Reload aborted! Administrator notified!
R3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R3(config)#do reload
R3(config)#
*Mar  1 00:31:03.983: %HA_EM-6-LOG: STOP-RELOAD: Reload aborted! Administrator notified!
R3(config)#

This EEM applet is used to stop removal of RIP routing process.

event manager applet NO-REMOVE-RIP 
 event cli pattern "no router rip" sync no skip yes
 action 0.0 syslog msg "Removal of RIP process aborted! Administrator notified!"

Verification logs.

R3(config)#no router rip
R3(config)#
R3(config)#
R3(config)#
*Mar  1 00:35:21.363: %HA_EM-6-LOG: NO-REMOVE-RIP: Removal of RIP process aborted! Administrator notified!
R3(config)#

Leave a Reply

Your email address will not be published. Required fields are marked *

*