Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1998
Views
5
Helpful
4
Replies

EEM Script to detect a MAC address and then shut port

simon-leigh
Level 1
Level 1

‎02-10-2021 10:03 PM

Hi all

Need some help.

I am new to scripting and I have been asked to create a script that will detect a devices MAC address on a switch and then shut that port down, if the device is moved to another port that port gets shut down again.

the script would need to run every 15 mins or so.

Any pointers as I am a total noob

Labels:
4 Replies 4

TJ-20933766
Spotlight
Spotlight

‎02-10-2021 10:12 PM

Consider using port-security. You can set the port to only allow certain MAC addresses and then either shut down the port in the event someone plugs in a device with an unauthorized MAC address or you can have the port just drop the offending MAC's traffic. The following configuration example only permits a single MAC address on the port and will shut down the port if any other MAC address is found on the port.

interface GigabitEthernet1/0/1
 switchport access vlan 10
 switchport mode access
 switchport port-security
 switchport port-security maximum 1
 switchport port-security violation shutdown
 switchport port-security mac-address 0011.2233.4455
 spanning-tree portfast
0 Helpful

simon-leigh
Level 1
Level 1

‎02-10-2021 11:19 PM

Thanks for that.

I already use port security for a lobby phone, to stop people unplugging and plugging in a different device but i really need to work out how to stop a specific device, or at least search for the OUI of the device type and then kill the port.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎02-11-2021 12:17 AM

If you looking to deploy different switches in the network or only 1 switch? if only switch with the EEM script you can do, if you want to deploy this solution for various switches EEM may not be the right script for you.

 

here is the solution possibility to deploy :

 

1. Only 1 switch EEM may work.

2. More than 1 switch out of the box scripting required to search all the device and shutdown port and intimate administrator to action email or dashboard kind of solution.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

TJ-20933766
Spotlight
Spotlight

‎02-11-2021 05:54 PM

The downside to using an EEM script to run every 15 minutes is that this device will have some time on the network before being discovered and having the port shut down. It sounds as if this would be better suited to use a NAC appliance such as Cisco Identity Services Engine (ISE) which can leverage 802.1x and device profiling as well as dynamically put devices/users into an appropriate VLAN. Any time that device you want to prevent getting into your network connects to a switch, it could be put into a black hole VLAN or just denied access all together. Also consider that it will be more and more difficult moving forward to lock down the network via MAC address since devices are now starting to rotate their MAC addresses when they connect to a network. It seems that this is much more popular on wireless but I can imagine it becoming the norm for wired as well.

0 Helpful
Customers Also Viewed These Support Documents