The EEM schedules
and runs policies on the basis of an event specification that is contained
within the policy itself. When the
policy command is invoked, the EEM examines the policy and
registers it to be run when the specified event occurs. An EEM script is
available to be scheduled by the EEM until the
no form of
this command is entered.
authorization (such as the
command with the
keywords) must be configured before the EEM policies can be registered. The
keywords must be configured for policy registration. See the
AAA Services on
the Cisco IOS XR Softwaremodule of
Cisco IOS XR System Security
Configuration Guide for the Cisco XR 12000 Series Router for more information on AAA
Enter the username
that should execute the script with the
username keyword and argument. This name can be
different from the user who is currently logged in, but the registering user
must have permissions that are a superset of the username
that runs the script. Otherwise, the script will not be
registered, and the command will be rejected. In addition, the username
that runs the script must have access privileges to the
commands issued by the EEM policy being registered.
When a script is
first registered, the configured
for the script is authenticated. If authentication
fails, or if the AAA server is down, the script registration fails.
After the script
is registered, the username is authenticated each time a script is run.
If the AAA server
is down, the username authentication can be read from memory. The
determines the number of seconds this username
authentication is held in memory.
- If the AAA server is down
and the persist-time
has not expired, the username is authenticated from memory, and the script
- If the AAA server is down,
persist-time has expired, user authentication fails, and the
script does not run.
EEM attempts to
contact the AAA server and refresh the username reauthenticate whenever the
refresh-time expires. See the
event manager refresh-time
command for more information.
These values can
be used for the
- The default
is 3600 seconds (1 hour). Enter the
policy command without the
keyword to set the
to 1 hour.
- Enter zero to stop the
username authentication from being cached. If the AAA server is down, the
username is not authenticated and the script does not run.
to stop the username from being marked as invalid. The username authentication
held in the cache will not expire. If the AAA server is down, the username is
authenticated from the cache.
If you enter the
policy command without specifying the
keyword, the EEM first tries to locate the specified
policy file in the system policy directory. If the EEM finds the file in the
system policy directory, it registers the policy as a system policy. If the EEM
does not find the specified policy file in the system policy directory, it
looks in the user policy directory. If the EEM locates the specified file in
the user policy directory, it registers the policy file as a user policy. If
the EEM finds policy files with the same name in both the system policy
directory and the user policy directory, the policy file in the system policy
directory takes precedence, and the policy file is registered as a system