Category: Tcl

Testing Embedded Event Manager (EEM) Tcl policies is a convoluted process:

• Source file is usually edited on a general-purpose workstation.
• The file has to be downloaded to router's local storage (EEM does not register non-local policies).
• The new version of the EEM policy has to be registered with EEM with event manager policy configuration command
• After all these steps, the new policy can be tested.

While you can use EEM applet to automate this process, slightly more flexible approach (you can specify the policy name to be replaced) can be implemented with Tcl script:

One of my readers asked an interesting question: „why do the commands executed within a EEM Tcl policy fail with Command authorization fails message?“ The short answer is simple: If you use AAA command authorization (which you can only do if you're using a TACACS+ server), you have to specify the username under which the EEM will execute its CLI commands with the event manager session cli username user configuration command.

During network troubleshooting or proof-of-concept testing, I often change the state of a loopback interface (to insert or remove an IP prefix from the routing protocols) or flap it to test the impact on network stability. The traditional approach to this procedure should be known to everyone:

Before trying to write Tcl procedures to be executed by Cisco IOS tclsh command, read the following articles:

• Running Tcl procedures from IOS command line
• Tclsh command line parameters
• Where does Tcl output go
• Executing IOS commands from Tcl shell
• IOS scripting with Tcl (IOS 12.3T documentation)
• TCL'ing your Cisco router

And last but not least, if you want to store Tcl procedures on your router and don't want to write into the router's Flash memory (I hate that the router prompts me whether I want to erase the flash every time I store something into it), you can store them in NVRAM.

In a previous post, I’ve described how to execute a Tcl file with the tclsh command.

You can do even more than that: you can pass parameters to the executed file. Every word you enter after the file name in the tclsh command line is passed as a parameter to the Tcl code you execute. To get these parameters in Tcl, use Tcl commands similar to the code below:

The Tcl procedures used to execute IOS commands in Embedded Event Manager (cli_open, cli_write …) don’t work when you start Tcl shell from command line interface. To execute IOS commands in this context, use:

• exec command to execute an exec-level command, for example exec “show ip route”
• ios_config mode command to configure the router

If the first parameter of the ios_config command is a global configuration command, you shall omit the second parameter (for example, ios_config “hostname router”). To configure a parameter in one of the sub-configuration modes (for example, interface state), use the first parameter to specify the configuration mode and the second parameter as the actual configuration command (for example, ios_config “interface loop 0” “no shutdown”).

You might have wondered what happens with output produced by Tcl procedures (for example, with the puts command) when you use Tcl in Embedded Event Manager (EEM) or Embedded Syslog Manager (ESM). If the Tcl procedure executes in context of a line (console or virtual terminal), the output is sent straight to the attached line, otherwise it's processed by the logging manager (resulting in a syslog message).

There are two scenarios where Tcl would execute in context of a line: if you start a Tcl procedure with the tclsh command or if it's an EEM policy registered with the event_register_cli with sync parameter set to yes.

Starting in IOS release 12.3(2)T, Tcl shell is accessible from the command line interface with the tclsh command. After entering this command, you get the Router(tcl)# prompt and can enter individual Tcl commands (the help is confusing, though – you get help on exec-mode commands, but none of them work).

Developing Embedded Event Manager (EEM) Tcl policies is "a bit" tedious task. Usually you would edit the source file on an external workstation, then you have to download it into the router (IOS will not read EEM policy from an external source), re-register it with EEM (when you register a policy it gets copied from the source file into system:lib/tcl/eem_registered_scripts directory) and test it. To automate this process, I've written a small EEM applet that does the tedious steps automatically.

Embedded Event Manager is a bit picky about the location of the EEM Tcl policies: although they are loaded into RAM when registered, they have to reside on the router itself. If you have a low-end router with no flash disk (I'm using 2800-series routers) or USB flash and you don't want to mess with your flash: device (to prevent accidental erasure), the only other place left is NVRAM:. Surprisingly, it works.