Post

Cisco Embedded Event Manager (EEM)

Posted
By Sena Perdiana 5 min read


What is Cisco EEM?

Cisco Embedded Event Manager (EEM) is a powerful and flexible scripting and automation. It automates actions based on network events, using policies triggered by events like syslog messages or network changes.



Topology

Here’s the topology

x

The XE1 has a default uplink going to XE2, here we’ll use EEM to detect and automate a task where when the link to XE2 is down, we’ll swing the uplink to XE3.



1. Using Syslog Message

This method is pretty straight forward, whenever EEM detects a syslog message of “Interface GigabitEthernet2, changed state to administratively down”, it will execute the script “g2_down”.
So basically, if int g2 is down, it will clear int g2 configuration and put the config on g3.

1
2
3
4
5
6
7
8
9

event manager applet g2_down
 event syslog pattern "Interface GigabitEthernet2, changed state to administratively down"
 action 1.0 syslog priority notifications msg "EEM detects Int G2 is down"
 action 2.0 cli command "enable"
 action 2.1 cli command "config t"
 action 3 cli command "default interface g2"
 action 4 cli command "interface g3"
 action 5 cli command "ip address 98.0.0.1 255.255.255.0"
 action 6 cli command "no shut"
  • action 1.0 will generate a custom syslog with severity 5 with the defined text


And this one for when int g3 is down

1
2
3
4
5
6
7
8
9

event manager applet g3_down
event syslog pattern "Interface GigabitEthernet3, changed state to administratively down"
action 1.0 syslog priority notifications msg "EEM detects Int G3 is down"
action 2.0 cli command "enable"
action 2.1 cli command "config t"
 action 3 cli command "default interface g3"
 action 4 cli command "interface g2"
 action 5 cli command "ip address 98.0.0.1 255.255.255.0"
 action 6 cli command "no shut"

That’s it. Let’s test it.


Testing EEM with Syslog Message

Now when we shutdown the int g2, we can see the EEM:g2_down is executed bringing int g3 up

x

x


If we do the opposite by shutting down the int g3, EEM:g3_down will execute and bringing back the int g2 up

x

x



2. Using IP SLA Tracking

This second method will use IP SLA to do a ping check from XE1 to XE2, if the ping returns timeout, EEM will remove the configuration on int g2 and configure the int g3.

Configuring IP SLA

1
2
3
4
5
6
7
8
9
10
11
12
13

ip sla 1
 icmp-echo 2.2.2.2 source-ip 1.1.1.1
  threshold 1000
  timeout 1000
  frequency 5
ip sla schedule 1 life forever start-time now

ip sla 2
 icmp-echo 3.3.3.3 source-ip 1.1.1.1
  threshold 2000
  timeout 2000
  frequency 5
ip sla schedule 2 life forever start-time now
  • threshold 1000: This line sets a threshold value of 1000 milliseconds for the response time. If the round-trip time for the ICMP echo request exceeds this threshold, the operation will be considered as having failed. In other words, if the response time to a ping request takes longer than 1000 milliseconds, it will trigger an alert or action.
  • timeout 1000: This line sets the timeout value to 1000 milliseconds. If the device doesn’t receive a response to the ICMP echo request within this timeout period, it will also be considered as a failure. If the target doesn’t respond within 1000 milliseconds, it’s treated as if the connection is down.
  • frequency 5: This line sets the frequency of the ICMP echo operations to 5 seconds. This means that the device will send a ping request to the target IP address every 5 seconds as part of this IP SLA operation.


Configuring Track

1
2
3
4
5

track 1 ip sla 1 reachability
 delay down 10
 
track 2 ip sla 2 reachability
 delay down 10
  • ip sla 1 reachability: This line associates the tracking object with an IP SLA operation and specifies that it should monitor the reachability status of this IP SLA operation.
  • delay down 10: This part of the command sets the delay down value to 10 seconds. The “delay down” value represents the amount of time a tracked object must remain in a “down” state before the tracking object itself considers it as “down.”


Configuring EEM

1
2
3
4
5
6
7
8

event manager applet swing_to_g3
 event track 1 state down
 action 1 cli command "enable"
 action 2 cli command "conf t"
 action 3 cli command "default interface g2"
 action 4 cli command "interface g3"
 action 5 cli command "ip address 98.0.0.1 255.255.255.0"
 action 6 cli command "no shut"
  • When track 1 is down, EEM will remove the int g2 configuration and configure int g3


1
2
3
4
5
6
7
8

event manager applet swing_to_g2
 event track 2 state down
 action 1 cli command "enable"
 action 2 cli command "conf t"
 action 3 cli command "default interface g3"
 action 4 cli command "interface g2"
 action 5 cli command "ip address 98.0.0.1 255.255.255.0"
 action 6 cli command "no shut"
  • When track 2 is down, EEM will remove the int g3 configuration and configure int g2


Testing EEM with IP SLA Tracking

Now let’s test it.
Running “show track” shows the status of each track

x


And the interface currently up is the g2

x


Now when we shutdown the XE2, we can see the the EEM syslog stating that track 1 is down and track 2 becomes up, and we can also see the EEM:swing_to_g3 script is being executed.

x


Running “show track” show the detail of the status

x


And we can see the int g2 has no configruation and int g3 has been configured

x


Lastly, if we now shutdown XE3 (while the XE2 is already up), we’ll see EEM:swing_to_g2 script is executed swinging the interface back to g2

x


Networking, Embedded Event Manager (EEM)
This post is licensed under CC BY 4.0 by the author.