cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1904
Views
0
Helpful
5
Replies

Converting my AutoSmartPort to EEM - Match VLANS on MAC IF/ELSE

nfordhk
Level 1
Level 1

I have the below ASP config. But I'm trying to do much more. I've read through a lot of threads on this community but I still can't seem to get it to work. 

macro auto execute SKYPE_OUI_MATCH  {
 if [[ $LINKUP == YES ]]
  then conf t
  default interface $INTERFACE
  interface $INTERFACE
  macro description $TRIGGER
  switchport access vlan 1523
  switchport mode access
  storm-control broadcast level 1.00
  storm-control action shutdown
  spanning-tree portfast
  spanning-tree bpduguard enable
  exit
 fi
 if [[ $LINKUP == NO ]]
  then conf t
  interface $INTERFACE
  no macro description
  no switchport access vlan 1523
  no switchport mode access
  no storm-control broadcast level 1.00
  no storm-control action shutdown
  no spanning-tree portfast
  no spanning-tree bpduguard enable
  exit
 fi
}

 

 

 

I'm trying to assign VLANs based on mac with IF conditions. This obviously only works for 1 interface. My attempt at getting it to apply to all interfaces hasn't been successful. Bascially here's my goal.

- Assign matching mac events of 0090.8f to vlan 1, assign all other hosts to vlan 10. 

- Then the next step I know would use regular expressions. Let's say we have a 4510 switch. Assign mac matching events of 0090.8f and on Gig1/1/1 - 1/4/48 to vlan 1. If mac matches but on Gig1/7/1 - 1/10/48 assign to vlan 2. Same thing with else. 

 

Any guidance on previous community threads / reference articles / eem cheet sheets would be appreciated! 

event manager environment mac_vlan_event 0090.8f
!
event manager applet detect-mac
 event mat mac-address "^$my_mac_oui"
 action 001 cli command "enable"
 action 002 cli command "config t"
 action 003 cli command "interface GigabitEthernet1/0/1"
 action 004 cli command "switchport mode access"
 action 005 cli command "switchport access vlan 1523"
 action 006 cli command "storm-control broadcast level 1.00"
 action 007 cli command "storm-control action shutdown"
 action 008 cli command "spanning-tree portfast"
 action 009 cli command "spanning-tree bpduguard enable"
 action 010 syslog msg  "applet detect-mac has completed" 

 

5 Replies 5

Cory Anderson
Level 1
Level 1

I would be cautious about this, since the MAC event can't be limited to access ports only.  That said, you can absolutely do this.  Do you have a csv or something like that with MAC/VLAN relationships?  Would it be easier to do MAC authentication bypass with dynamic VLAN assignments by RADIUS?

Why not? Can't I tie it into regular expressions and eliminate my uplink ports? Do you have info how I can even get my EEM script to work for all ports similar to my ASP config? Right now I am specifying an interface. 

My understanding is that the event will trigger, but your action may change depending on your regex.  It looks like your variable is named wrong, but the logic should work.  Here's a rewrite that seems to work:

 

event manager environment my_mac_oui 00:90:8f
!
event manager applet detect-mac
event mat mac-address "^$my_mac_oui"
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "interface GigabitEthernet1/0/1"
action 4.0 cli command "switchport mode access"
action 5.0 cli command "switchport access vlan 1523"
action 6.0 cli command "storm-control broadcast level 1.00"
action 7.0 cli command "storm-control action shutdown"
action 8.0 cli command "spanning-tree portfast"
action 9.0 cli command "spanning-tree bpduguard enable"
action 10.0 syslog msg "applet detect-mac has completed"

If I understand what you're doing correctly, here it is for all interfaces.  This should apply your template config when it learns a mac with the OUI, then back-out those commands when the MAC's are removed from the CAM table.  Is this what you're tying to do?

 

event manager environment my_mac_oui 00:90:8f
!
event manager applet detect-mac
event mat mac-address "^$my_mac_oui"
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "default interface $_mat_intf_name"
action 4.0 cli command "interface $_mat_intf_name"
action 5.0 if $_mat_notification eq "add"
action 7.0 cli command "switchport mode access"
action 8.0 cli command "switchport access vlan 1523"
action 9.0 cli command "storm-control broadcast level 1.00"
action 10.0 cli command "storm-control action shutdown"
action 11.0 cli command "spanning-tree portfast"
action 12.0 cli command "spanning-tree bpduguard enable"
action 13.0 else
action 14.0 cli command "no macro description"
action 15.0 cli command "no switchport access vlan 1523"
action 16.0 cli command "no switchport mode access"
action 17.0 cli command "no storm-control broadcast level 1.00"
action 18.0 cli command "no storm-control action shutdown"
action 19.0 cli command "no spanning-tree portfast"
action 20.0 cli command "no spanning-tree bpduguard enable"
action 21.0 end
action 22.0 syslog msg "applet detect-mac has completed"
action 23.0 cli command "end"

Thanks for the reply! Unfortunately, one command seems to error out. I recall this being my issue hence I was testing with a specific interface. It seems I can't determine this correct syntax.

 

lab-sw1(config-applet)#action 5.0 if $_mat_notification eq "add"
                                               ^
% Invalid input detected at '^' marker.

lab-sw1(config-applet)#action 7.0 cli command "switchport mode access"

And then it seems to paste out of order. 

event manager applet detect-mac
 event mat mac-address ^
 action 1.0  cli command "enable"
 action 10.0 cli command "storm-control action shutdown"
 action 11.0 cli command "spanning-tree portfast"
 action 12.0 cli command "spanning-tree bpduguard enable"
 action 13.0else
 action 14.0 cli command "no macro description"
 action 15.0 cli command "no switchport access vlan 1523"
 action 16.0 cli command "no switchport mode access"
 action 17.0 cli command "no storm-control broadcast level 1.00"
 action 18.0 cli command "no storm-control action shutdown"
 action 19.0 cli command "no spanning-tree portfast"
 action 2.0  cli command "config t"
 action 20.0 cli command "no spanning-tree bpduguard enable"
 action 21.0 end
 action 22.0 syslog msg "applet detect-mac has completed"
 action 23.0 cli command "end"
 action 3.0  cli command "default interface "
 action 4.0  cli command "interface "
 action 7.0  cli command "switchport mode access"
 action 8.0  cli command "switchport access vlan 1523"
 action 9.0  cli command "storm-control broadcast level 1.00"

My switch is running 3.2 EEM.

lab-sw1#              show event manager version 
Embedded Event Manager Version 3.20
Component Versions:
eem: (320_rel3)2.0.1
eem-gold: (v320_rel1)1.0.0
eem-call-home: (v320_rel1)1.0.2

Review Cisco Networking for a $25 gift card