12-20-2015 04:58 PM
Hello,
I've been trying to get the script provided by Joe Clarke, tm_suspend_ports.tcl and sl_suspend_ports.tcl, to work. I did make an adjustment to the script though to exclude a certain VLAN from being shutdown; however, the script does not seem to be functioning correctly.
#show version
Cisco IOS Software, C3750 Software (C3750-IPBASEK9-M), Version 12.2(55)SE8, RELE ASE SOFTWARE (fc2)
Here's my current problem:
1. The script is running, but the ports are not being shutdown. (On a side note, is there a way to manually run this script for testing purposes?)
#show event manager history event
No. Job Id Proc Status Time of Event Event Type Name
1 1 Actv success Sun Feb28 18:01:26 1993 syslog script: sl_suspend_ports.tcl
2 2 Actv success Sun Feb28 18:01:53 1993 syslog script: sl_suspend_ports.tcl
3 3 Actv success Sun Feb28 18:02:20 1993 syslog script: sl_suspend_ports.tcl
4 4 Actv success Sun Feb28 19:40:17 1993 syslog script: sl_suspend_ports.tcl
5 5 Actv success Sun Feb28 19:40:28 1993 syslog script: sl_suspend_ports.tcl
6 6 Actv success Sat Dec19 08:13:08 2015 syslog script: sl_suspend_ports.tcl
7 7 Actv success Sat Dec19 08:13:14 2015 syslog script: sl_suspend_ports.tcl
8 8 Actv success Sat Dec19 14:53:29 2015 syslog script: sl_suspend_ports.tcl
9 9 Actv success Sat Dec19 14:53:35 2015 syslog script: sl_suspend_ports.tcl
10 10 Actv success Sat Dec19 14:53:47 2015 syslog script: sl_suspend_ports.tcl
11 11 Actv success Sat Dec19 14:53:52 2015 syslog script: sl_suspend_ports.tcl
12 12 Actv success Sat Dec19 14:53:57 2015 syslog script: sl_suspend_ports.tcl
13 13 Actv success Sat Dec19 14:54:02 2015 syslog script: sl_suspend_ports.tcl
14 14 Actv success Sun Dec20 00:00:00 2015 timer cron script: tm_suspend_ports.tcl
15 15 Actv success Sun Dec20 02:03:17 2015 syslog script: sl_suspend_ports.tcl
16 16 Actv success Sun Dec20 02:03:22 2015 syslog script: sl_suspend_ports.tcl
17 17 Actv success Sun Dec20 08:48:40 2015 syslog script: sl_suspend_ports.tcl
18 18 Actv success Sun Dec20 08:48:44 2015 syslog script: sl_suspend_ports.tcl
#show interface status
Port Name Status Vlan Duplex Speed Type
Fa1/0/1 ## MY_LAN ## connected 10 full 100 10/100BaseTX
Fa1/0/2 notconnect 10 full 100 10/100BaseTX
Fa1/0/3 notconnect 10 full 100 10/100BaseTX
Fa1/0/4 notconnect 10 full 100 10/100BaseTX
Fa1/0/5 notconnect 10 full 100 10/100BaseTX
Fa1/0/6 notconnect 10 full 100 10/100BaseTX
Fa1/0/7 notconnect 10 full 100 10/100BaseTX
Fa1/0/8 notconnect 10 full 100 10/100BaseTX
Fa1/0/9 notconnect 10 full 100 10/100BaseTX
Fa1/0/10 notconnect 10 full 100 10/100BaseTX
Fa1/0/11 notconnect 10 full 100 10/100BaseTX
Fa1/0/12 notconnect 10 full 100 10/100BaseTX
Fa1/0/13 ## MY_TEST_LAB ## notconnect 20 full 100 10/100BaseTX
Fa1/0/14 notconnect 20 full 100 10/100BaseTX
Fa1/0/15 notconnect 20 full 100 10/100BaseTX
Fa1/0/16 notconnect 20 full 100 10/100BaseTX
Fa1/0/17 notconnect 20 full 100 10/100BaseTX
Fa1/0/18 notconnect 20 full 100 10/100BaseTX
Fa1/0/19 notconnect 20 full 100 10/100BaseTX
Fa1/0/20 notconnect 20 full 100 10/100BaseTX
Fa1/0/21 notconnect 20 full 100 10/100BaseTX
Fa1/0/22 notconnect 20 full 100 10/100BaseTX
Fa1/0/23 notconnect 20 full 100 10/100BaseTX
Fa1/0/24 ## INTERNET ## connected 10 full 100 10/100BaseTX
Directory of flash:/
2 -rwx 12103244 Feb 28 1993 21:14:49 -06:00 c3750-ipbasek9-mz.122-55.SE8.bin
6 -rwx 7893 Dec 19 2015 22:57:12 -06:00 config.text
5 -rwx 3096 Dec 19 2015 22:57:12 -06:00 multiple-fs
9 -rwx 676 Dec 19 2015 02:14:12 -06:00 vlan.dat
8 -rwx 1937 Dec 19 2015 22:57:12 -06:00 private-config.text
7 drwx 128 Dec 19 2015 14:44:57 -06:00 policies
10 -rwx 651 Dec 20 2015 00:00:01 -06:00 susp_ports.dat
Directory of flash:/policies/
3 -rwx 4589 Dec 20 2015 10:34:53 -06:00 tm_suspend_ports.tcl
4 -rwx 3101 Dec 19 2015 14:44:57 -06:00 sl_suspend_ports.tcl
#show run | include event
event manager environment suspend_ports_days 1
event manager environment suspend_ports_config flash:/susp_ports.dat
event manager directory user policy "flash:/policies/"
event manager session cli username "STW"
event manager policy sl_suspend_ports.tcl
event manager policy tm_suspend_ports.tcl
Solved! Go to Solution.
01-06-2016 08:39 PM
01-07-2016 05:05 AM
Thanks, Joe! It is working correctly now. I did change the cron timer on that script you sent me to check it, but I am going to change it back now and try it again. I do not believe it'll give me any problems.
Thanks again for all of your help!
01-07-2016 12:14 PM
Joe,
One more question. Is there a way to exclude a range of vlans or do I need to keep going VLAN1||VLAN2||VLAN3 etc...
example:
if { ! [regexp {Access Mode VLAN: 10} $output] && ! [regexp {Access Mode VLAN: 11} $output] && ! [regexp {Access Mode VLAN: 12} $output] }
or can I use:
if { ! [regexp {Access Mode VLAN: 10 - 12} $output]}
01-08-2016 08:30 AM
You'll need to keep using the multiple conditionals.
01-09-2016 08:35 AM
Joe, I have another problem that came up. It seems to be ignoring all the vlans just fine, but it seemed to have shutdown my trunk port?
interface FastEthernet1/0/24
description ## WAN ##
switchport access vlan 666
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2,5,10,100
switchport mode trunk
shutdown
01-09-2016 08:42 AM
The script only shuts down ports that are operational down. It does not discriminate between access/trunk. Given that Fa1/0/24 was not in your last susp_ports.dat file, I can only assume it was taken down at some point for over your hold down period, then the script shut it down as it should have.
01-09-2016 08:45 AM
Would I be able to add a syntax if I do not want it to ever shutdown a trunk port?
01-09-2016 08:49 AM
You could add additional logic as you did to ignore VLANs. The output of the show int switchport command will also tell you if the port is configured as a trunk.
01-09-2016 09:04 AM
So, you mean like:
set cli [list "config t"]
foreach port [array name suspend_ports]
{ set output [run_cli [list "show int $port switchport | inc Administrative Mode"]]
if { ! [regexp {Administrative Mode: trunk} $output] }
} else
{
set output [run_cli [list "show int $port switchport | inc Access Mode VLAN"]]
if { ! [regexp {Access Mode VLAN: 20} $output] } {
set cli [concat $cli [list "interface $port" "shut" "switchport access vlan 666"]]
action_syslog msg "Shutting down port $port since it was last used on [clock format $suspend_ports($port)]"
}
}
01-09-2016 09:04 AM
Logically, this should work, but the Tcl syntax is broken with respect to the braces.
01-09-2016 09:35 AM
Do you see anything wrong with braces now? I think I fixed that issue, but I might be overlooking something still.
set cli [list "config t"]
foreach port [array name suspend_ports] {
{
set output [run_cli [list "show int $port switchport | inc Administrative Mode"]]
if { ! [regexp {Administrative Mode: trunk} $output] }
} else {
set output [run_cli [list "show int $port switchport | inc Access Mode VLAN"]]
if { ! [regexp {Access Mode VLAN: 20} $output] } {
set cli [concat $cli [list "interface $port" "shut" "switchport access vlan 666"]]
action_syslog msg "Shutting down port $port since it was last used on [clock format $suspend_ports($port)]"
}
}
}
01-10-2016 08:16 AM
No, it's still not right. What you want is something like:
set cli [list "config t"]
foreach port [array name suspend_ports] {
set output [run_cli [list "show int $port switchport | inc Administrative Mode"]]
if { ! [regexp {Administrative Mode: trunk} $output] } {
set output [run_cli [list "show int $port switchport | inc Access Mode VLAN"]]
if { ! [regexp {Access Mode VLAN: 20} $output] } {
set cli [concat $cli [list "interface $port" "shut" "switchport access vlan 666"]]
action_syslog msg "Shutting down port $port since it was last used on [clock format $suspend_ports($port)]"
}
}
}
01-11-2016 06:38 AM
Thanks, Joe! Everything is working perfect now. I appreciate all the help.
10-22-2021 03:04 AM
Dear all,
i m trying to use theses script without success at this time
i followed differents topics but i have the log below
i m using a radius and i execute the script on
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 10 WS-C3560CG-8PC-S 15.2(2)E10 C3560c405ex-UNIVERSALK9-M
FR-KAY-SR12-S7#sh event manager version
Embedded Event Manager Version 4.00
Component Versions:
eem: (rel9)1.2.19
eem-gold: (rel1)1.0.2
eem-call-home: (rel2)1.0.4
Oct 22 11:42:42 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : CTL : cli_open called.
Oct 22 11:42:42 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : OUT : CC
Oct 22 11:42:42 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : OUT : **********************************************
Oct 22 11:42:42 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : OUT : * *
Oct 22 11:42:42 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : OUT : * ****************** *
Oct 22 11:42:42 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : OUT : * ****************** *
Oct 22 11:42:42 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : OUT : *********************
Oct 22 11:42:42 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : OUT : * Tous acces non autorises sont prohibes *
Oct 22 11:42:42 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : OUT : * *
Oct 22 11:42:42 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : OUT : **********************************************
Oct 22 11:42:42 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : OUT :
Oct 22 11:42:42 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : OUT : FR-KAY-SR12-S7>
Oct 22 11:42:42 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : IN : FR-KAY-SR12-S7>en
Oct 22 11:42:42 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : OUT : % Unknown command or computer name, or unable to find computer address
Oct 22 11:42:42 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : OUT : FR-KAY-SR12-S7>
Oct 22 11:42:42 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : IN : FR-KAY-SR12-S7>show ip interface brief | include Ethernet
Oct 22 11:42:43 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : OUT : show ip interface brief | include Ethernet
Oct 22 11:42:43 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : OUT : ^
Oct 22 11:42:43 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : OUT : % Invalid input detected at '^' marker.
Oct 22 11:42:43 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : OUT :
Oct 22 11:42:43 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_
thanks for your answers
Best regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide