Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9494
Views
5
Helpful
42
Replies

EEM and TcL Script to Disable Inactive Ports

Go to solution
cle.co2004
Level 1
Level 1

‎05-05-2013 06:04 AM

I've browsed around to the other  support strings to make sure I didn't miss anything, but I can't seem to  get this to work.  I have the latest sl_suspend_ports.tcl and  tm_suspend_ports.tcl created by Joseph Clarke from strings that verified they worked as planned.   Here are the commands I issued to register the scripts -

Directory of flash:/policies/

    9  -rwx        3101   May 3 2013 07:58:03 +00:00  sl_suspend_ports.tcl

   10  -rwx        4669   May 3 2013 07:58:44 +00:00  tm_suspend_ports.tcl

conf t

event manager directory user policy flash:/policies

event manager policy sl_suspend_ports.tcl

event manager environment suspend_ports_days 1

event manager environment suspend_ports_config flash:/susp_ports.dat

event manager policy tm_suspend_ports.tcl

#show run | inc event manager environment

event manager environment suspend_ports_days 1

event manager environment suspend_ports_config flash:/susp_ports.dat

It doesn't appear to work though.  Essentially, we have a  need to make sure all computers are always on and all ports not active  for >24 hours to be shutdown and moved to a designated vlan (I added  the 'lappend' statement to the script to specify the additional command of assigning the vlan)

I'm running 12.2(55)SE7 on Catalyst 3560s and 3750s

Is there a way to manually run the script?  Did I miss anything in the configuration?

Thanks for your help!

Chris

Labels:
15359655-tm_suspend_ports.tcl.zip
15359656-sl_suspend_ports.tcl.zip
0 Helpful
42 Replies 42

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to Shawnw4401

‎12-15-2015 07:02 AM

These are EEM Tcl policies and not tclsh scripts.  It looks like you're trying to run them through tclsh when you need to be registering them as EEM policies.

0 Helpful

Go to solution
Shawnw4401
Level 1
Level 1
In response to Joe Clarke

‎12-15-2015 05:19 PM

Okay, I might have misunderstood a little bit there since they are .tcl extensions. In my configurations, I have the following: 

event manager environment suspend_ports_days 1
event manager environment suspend_ports_config flash:/susp_ports.dat
event manager directory user policy "flash:/policies/suspend_ports"
event manager session cli username "STW"
event manager policy sl_suspend_ports.tcl
event manager policy tm_suspend_ports.tcl

While my directories show:


Directory of flash:/policies

Directory of flash:/policies/suspend_ports

9 -rwx 3101 Mar 2 1993 06:11:45 +00:00 sl_suspend_ports.tcl
10 -rwx 4552 Mar 1 1993 12:29:36 +00:00 tm_suspend_ports.tcl

I am not using a radius server quite just yet. Right now I'm just trying to get it to implement on a test switch that just uses a local username/password.  I'm getting no results from the EEM.

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to Shawnw4401

‎12-16-2015 07:57 AM

You've configured it correctly.  If the susp_ports.dat file is not being created and/or the down ports are not being shutdown, I suggest you open a new thread under http://www.cisco.com/go/ciscobeyond for help.  This thread has gotten unwieldy.

0 Helpful

Go to solution
J D
Level 1
Level 1
In response to Joe Clarke

‎02-23-2016 08:10 AM

Joe,

This is what I currently have:

set cli [concat $cli [list "interface $port" "shut" "switchport access vlan XXX" "description Script Generated Shutdown"]]

I am wanting to retain the original description to the port and add the rest of the description "script generated shutdown" to it.  I have tried to use a $description as shown below but get errors:

set cli [concat $cli [list "interface $port" "shut" "switchport access vlan XXX" "description $description Script Generated Shutdown"]]

Thank you for your assistance.

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to J D

‎02-23-2016 08:23 AM

You need to extract the description first.  You can do that from the output of "show int".  For example:

set output [run_cli [list "show int $port | inc Description:"]]

regexp {Description: ([^\r]+)} $output -> description

Then you can use $description

0 Helpful

Go to solution
J D
Level 1
Level 1
In response to Joe Clarke

‎02-23-2016 10:38 AM

Thanks for the information.  I put this into my script and it now only shutdowns that interface only and not the others.  This is how I implemented it.

set cli [list "config t"]

foreach port [array name suspend_ports] {

set output [run cli [list "show int $port switchport | inc Access Mode VLAN"]]

set output [run cli [list "show int $port | inc Description:"]]

if { ! [regexp {Access Mode VLAN: NUM} $output] && ! [regexp {Access Mode VLAN: NUM} $output]  && [regexp {Description: ([^\r]+)} $output -> Description]} {

set cli [concat $cli [list "interface $port" "shut" "switchport access vlan xxx" "Description $Description Script Generated Shutdown"]]

action_syslog msg "Shutting down port $port since it was last used on [clock format $suspend_ports($port)]"

}

I cannot figure out how to get this to work.  Thanks.

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to J D

‎02-23-2016 10:45 AM

Your reusing $output before you process it.  Try this:

set output [run_cli [list "show int $port switchport | inc Access Mode VLAN" "show int $port | inc Description:"]]

Then change your if to:

if { ! [regexp {Access Mode VLAN: NUM} $output] && ! [regexp {Access Mode VLAN: NUM} $output] } {

    regexp {Description: ([^\r]+)} $output -> Description

0 Helpful

Go to solution
J D
Level 1
Level 1
In response to Joe Clarke

‎02-23-2016 11:11 AM

This is what I have now:

set cli [list "config t"]

foreach port [array name suspend_ports] {

set output [run_cli [list "show int $port switchport | inc Access Mode VLAN" "show int $port | inc Description:"]]

if { ! [regexp {Access Mode VLAN: NUM} $output] && ! [regexp {Access Mode VLAN: NUM} $output] } {

regexp {Description: ([^\r]+)} $output -> Description

set cli [concat $cli [list "interface $port" "shut" "switchport access vlan xxx" "Description $Description Script Generated Shutdown"]]

action_syslog msg "Shutting down port $port since it was last used on [clock format $suspend_ports($port)]"

}

When I run this I get the following error:

can't read "Description": no such variable while executing "list "interface $port" shut" "switchport access vlan xxx" "Description $Description Script Generated Shutdown""

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to J D

‎02-23-2016 12:06 PM

Add a conditional for Description:

if { ! [regexp {Description: ([^\r]+)} $output -> Description] } {

    set Description {}

}

0 Helpful

Go to solution
J D
Level 1
Level 1
In response to Joe Clarke

‎02-24-2016 06:35 AM

I still get the same error.

set cli [list "config t"]
 foreach port [array name suspend_ports] {
  set output [run_cli [list "show int $port switchport | inc Access Mode VLAN" "show int $port | inc Description:"]]
   if{!regexp {Description: ([^\r]+)} $output -> Description] } {
    set Description {}
   }
   if { ! [regexp {Access Mode VLAN: NUM} $output] && ! [regexp {Access Mode VLAN: NUM} $output] } {
    set cli [concat $cli [list "interface $port" "shut" "switchport access vlan xxx" "Description $Description Script Generated Shutdown"]]
    action_syslog msg "Shutting down port $port since it was last used on [clock format $suspend_ports($port)]"
   }
}

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to J D

‎02-24-2016 07:06 AM

There is a type here.  Your condition should be:

if{! [regexp {Description: ([^\r]+)} $output -> Description] } {
    set Description {}
   }

0 Helpful

Go to solution
J D
Level 1
Level 1
In response to Joe Clarke

‎02-24-2016 10:22 AM

Thanks for letting me know about the typo.  It still didn't work the way I had it before so this is what I did and now it is working, sort of.  I notice that it does not keep the description that each port had the same.  It over writes it sometimes with the same description over multiple interfaces.  For example:

interface G1/0/1 Description 2000

Interface G1/0/2 Description 4000

After the script runs it puts this:

interface G1/0/1 Description 2000 Script Generated Shutdown

Interface G1/0/2 Description 2000 Script Generated Shutdown

This is how the code looks like now:

set cli [list "config t"]
set Description {}
 foreach port [array name suspend_ports] {
  set output [run_cli [list "show int $port switchport | inc Access Mode VLAN" "show int $port | inc Description:"]]
   if{![regexp {Description: ([^\r]+)} $output -> Description] } {
   }
   if { ! [regexp {Access Mode VLAN: NUM} $output] && ! [regexp {Access Mode VLAN: NUM} $output] } {
    set cli [concat $cli [list "interface $port" "shut" "switchport access vlan xxx" "Description $Description Script Generated Shutdown"]]
    action_syslog msg "Shutting down port $port since it was last used on [clock format $suspend_ports($port)]"
   }
}

0 Helpful

Go to solution
rascal2be
Level 1
Level 1
In response to cle.co2004

‎09-25-2017 02:04 PM

Re: https://supportforums.cisco.com/t5/network-management/eem-and-tcl-script-to-disable-inactive-ports/td-p/2226722

 

I have an issue with tm_suspendports_tcl logging-where the error log is growing to over 10mg and corrupting the ios.  Is there a way to limit the size of the error log file and keeping the a+ append file attribute? 

 

Thank you,

Tom

0 Helpful
Customers Also Viewed These Support Documents