You are currently viewing Cisco :: EEM Scripts for ISE Low Impact Mode

Cisco :: EEM Scripts for ISE Low Impact Mode

  • Post author:
  • Post category:ISE
  • Post comments:0 Comments
  • Post last modified:06/02/2019
  • Reading time:2 mins read

In this video, we take a look at how EEM scripts can be utilized alongside Low Impact mode to enable ports to fail open.

Below are EEM Scripts that can be reused and modified for your environment.

Note: For single RADIUS Servers use the “%RADIUS-4-RADIUS_DEAD” syslog pattern and for a group of RADIUS servers use the “%RADIUS-3- ALLDEADSERVER” syslog pattern.

If your devices utilize command authorization then you need to ensure that the script can still run in the event of a failure. Enter the following command at the end of each applet to ensure command authorization is bypassed.

authorization bypass

Example:
event manager applet pre-auth-acl-fallback authorization bypass

event manager applet pre-auth-acl-recovery authorization bypass
event manager applet pre-auth-acl-fallback
event syslog pattern "%RADIUS-4-RADIUS_DEAD" maxrun 5
action 1.0 cli command "enable"
action 1.1 cli command "conf t" pattern "CNTL/Z."
action 2.0 cli command "ip access-list extended PRE-AUTH-EEM"
action 3.0 cli command "1 permit ip any any"
action 4.0 cli command "end"

event manager applet pre-auth-acl-recovery
event syslog pattern "%RADIUS-4-RADIUS_ALIVE" maxrun 5
action 1.0 cli command "enable"
action 1.1 cli command "conf t" pattern "CNTL/Z."
action 2.0 cli command "ip access-list extended PRE-AUTH-EEM"
action 3.0 cli command "no 1 permit ip any any"
action 4.0 cli command "end"

EEM Best Practices: https://community.cisco.com/t5/networking-documents/cisco-eem-best-practices/ta-p/3127596

iwiizkiid

Kelvin is a Cyber Security professional with years and experience working with organisations in different verticals, both large and small. He enjoys contributing to the Network Wizkid knowledge base and he also creates technical content. Kelvin enjoys learning new things and often does this by working on achieving new technical certifications. He holds many professional certifications and academically, he has achieved a Bachelors and Master's degree in both Computer Networks and Cyber Security.

Leave a Reply