cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

594
Views
0
Helpful
27
Replies
Beginner

EEM/TCL - Disable Inactive Ports

Hello, 

I've been trying to get the script provided by Joe Clarke, tm_suspend_ports.tcl and sl_suspend_ports.tcl, to work. I did make an adjustment to the script though to exclude a certain VLAN from being shutdown; however, the script does not seem to be functioning correctly. 

#show version
Cisco IOS Software, C3750 Software (C3750-IPBASEK9-M), Version 12.2(55)SE8, RELE ASE SOFTWARE (fc2)

Here's my current problem:

1. The script is running, but the ports are not being shutdown. (On a side note, is there a way to manually run this script for testing purposes?)

#show event manager history event
No. Job Id Proc Status Time of Event Event Type Name
1 1 Actv success Sun Feb28 18:01:26 1993 syslog script: sl_suspend_ports.tcl
2 2 Actv success Sun Feb28 18:01:53 1993 syslog script: sl_suspend_ports.tcl
3 3 Actv success Sun Feb28 18:02:20 1993 syslog script: sl_suspend_ports.tcl
4 4 Actv success Sun Feb28 19:40:17 1993 syslog script: sl_suspend_ports.tcl
5 5 Actv success Sun Feb28 19:40:28 1993 syslog script: sl_suspend_ports.tcl
6 6 Actv success Sat Dec19 08:13:08 2015 syslog script: sl_suspend_ports.tcl
7 7 Actv success Sat Dec19 08:13:14 2015 syslog script: sl_suspend_ports.tcl
8 8 Actv success Sat Dec19 14:53:29 2015 syslog script: sl_suspend_ports.tcl
9 9 Actv success Sat Dec19 14:53:35 2015 syslog script: sl_suspend_ports.tcl
10 10 Actv success Sat Dec19 14:53:47 2015 syslog script: sl_suspend_ports.tcl
11 11 Actv success Sat Dec19 14:53:52 2015 syslog script: sl_suspend_ports.tcl
12 12 Actv success Sat Dec19 14:53:57 2015 syslog script: sl_suspend_ports.tcl
13 13 Actv success Sat Dec19 14:54:02 2015 syslog script: sl_suspend_ports.tcl
14 14 Actv success Sun Dec20 00:00:00 2015 timer cron script: tm_suspend_ports.tcl
15 15 Actv success Sun Dec20 02:03:17 2015 syslog script: sl_suspend_ports.tcl
16 16 Actv success Sun Dec20 02:03:22 2015 syslog script: sl_suspend_ports.tcl
17 17 Actv success Sun Dec20 08:48:40 2015 syslog script: sl_suspend_ports.tcl
18 18 Actv success Sun Dec20 08:48:44 2015 syslog script: sl_suspend_ports.tcl

#show interface status
Port Name Status Vlan Duplex Speed Type
Fa1/0/1 ## MY_LAN ## connected 10 full 100 10/100BaseTX
Fa1/0/2 notconnect 10 full 100 10/100BaseTX
Fa1/0/3 notconnect 10 full 100 10/100BaseTX
Fa1/0/4 notconnect 10 full 100 10/100BaseTX
Fa1/0/5 notconnect 10 full 100 10/100BaseTX
Fa1/0/6 notconnect 10 full 100 10/100BaseTX
Fa1/0/7 notconnect 10 full 100 10/100BaseTX
Fa1/0/8 notconnect 10 full 100 10/100BaseTX
Fa1/0/9 notconnect 10 full 100 10/100BaseTX
Fa1/0/10 notconnect 10 full 100 10/100BaseTX
Fa1/0/11 notconnect 10 full 100 10/100BaseTX
Fa1/0/12 notconnect 10 full 100 10/100BaseTX
Fa1/0/13 ## MY_TEST_LAB ## notconnect 20 full 100 10/100BaseTX
Fa1/0/14 notconnect 20 full 100 10/100BaseTX
Fa1/0/15 notconnect 20 full 100 10/100BaseTX
Fa1/0/16 notconnect 20 full 100 10/100BaseTX
Fa1/0/17 notconnect 20 full 100 10/100BaseTX
Fa1/0/18 notconnect 20 full 100 10/100BaseTX
Fa1/0/19 notconnect 20 full 100 10/100BaseTX
Fa1/0/20 notconnect 20 full 100 10/100BaseTX
Fa1/0/21 notconnect 20 full 100 10/100BaseTX
Fa1/0/22 notconnect 20 full 100 10/100BaseTX
Fa1/0/23 notconnect 20 full 100 10/100BaseTX
Fa1/0/24 ## INTERNET ## connected 10 full 100 10/100BaseTX

Directory of flash:/

2 -rwx 12103244 Feb 28 1993 21:14:49 -06:00 c3750-ipbasek9-mz.122-55.SE8.bin
6 -rwx 7893 Dec 19 2015 22:57:12 -06:00 config.text
5 -rwx 3096 Dec 19 2015 22:57:12 -06:00 multiple-fs
9 -rwx 676 Dec 19 2015 02:14:12 -06:00 vlan.dat
8 -rwx 1937 Dec 19 2015 22:57:12 -06:00 private-config.text
7 drwx 128 Dec 19 2015 14:44:57 -06:00 policies
10 -rwx 651 Dec 20 2015 00:00:01 -06:00 susp_ports.dat

Directory of flash:/policies/

3 -rwx 4589 Dec 20 2015 10:34:53 -06:00 tm_suspend_ports.tcl
4 -rwx 3101 Dec 19 2015 14:44:57 -06:00 sl_suspend_ports.tcl

#show run | include event
event manager environment suspend_ports_days 1
event manager environment suspend_ports_config flash:/susp_ports.dat
event manager directory user policy "flash:/policies/"
event manager session cli username "STW"
event manager policy sl_suspend_ports.tcl
event manager policy tm_suspend_ports.tcl

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Cisco Employee

What are the contents of

What are the contents of flash:susp_ports.dat?  Enable "debug event manager tcl cli" and let the timer policy run again.  What output do you get?

Hall of Fame Cisco Employee

I see the problem.  It looks

I see the problem.  It looks like when you modified the script, you added an end within the foreach loop.  Try this version instead.

27 REPLIES 27
Hall of Fame Cisco Employee

What are the contents of

What are the contents of flash:susp_ports.dat?  Enable "debug event manager tcl cli" and let the timer policy run again.  What output do you get?

Beginner

Joe, 

Joe, 

I'll be able to give up that updated information as soon as possible. At the moment, I am on holiday and away from my switch. I'll be able to post all the information you asked for by the 4th of January. 

Beginner

Joe,

Joe,

Here's the output I received:

21 40 Actv success Sat Jan 2 14:14:59 2016 syslog script: sl_suspend_ports.tcl
22 41 Actv success Sat Jan 2 14:16:27 2016 syslog script: sl_suspend_ports.tcl
23 42 Actv success Sat Jan 2 14:18:38 2016 syslog script: sl_suspend_ports.tcl
24 43 Actv success Sat Jan 2 14:19:10 2016 syslog script: sl_suspend_ports.tcl
25 44 Actv success Sat Jan 2 14:24:46 2016 syslog script: sl_suspend_ports.tcl
26 45 Actv success Sat Jan 2 14:41:07 2016 syslog script: sl_suspend_ports.tcl
27 46 Actv success Sat Jan 2 14:53:19 2016 syslog script: sl_suspend_ports.tcl
28 47 Actv success Sat Jan 2 14:53:54 2016 syslog script: sl_suspend_ports.tcl
29 48 Actv success Sat Jan 2 14:54:36 2016 syslog script: sl_suspend_ports.tcl
30 49 Actv success Sat Jan 2 14:54:41 2016 syslog script: sl_suspend_ports.tcl
31 50 Actv success Sat Jan 2 14:57:50 2016 syslog script: sl_suspend_ports.tcl
32 51 Actv success Sat Jan 2 14:58:00 2016 syslog script: sl_suspend_ports.tcl
33 52 Actv success Sat Jan 2 15:34:33 2016 syslog script: sl_suspend_ports.tcl
34 53 Actv success Sat Jan 2 15:34:43 2016 syslog script: sl_suspend_ports.tcl
35 54 Actv success Sat Jan 2 15:49:31 2016 syslog script: sl_suspend_ports.tcl
36 55 Actv success Sat Jan 2 15:50:06 2016 syslog script: sl_suspend_ports.tcl
37 56 Actv success Sat Jan 2 16:18:21 2016 syslog script: sl_suspend_ports.tcl
38 57 Actv success Sat Jan 2 16:18:28 2016 syslog script: sl_suspend_ports.tcl
39 58 Actv success Sat Jan 2 16:32:36 2016 syslog script: sl_suspend_ports.tcl
40 59 Actv success Sat Jan 2 16:32:39 2016 syslog script: sl_suspend_ports.tcl
41 60 Actv success Sat Jan 2 16:33:14 2016 syslog script: sl_suspend_ports.tcl
42 61 Actv success Sat Jan 2 16:45:17 2016 syslog script: sl_suspend_ports.tcl
43 62 Actv success Sat Jan 2 16:45:51 2016 syslog script: sl_suspend_ports.tcl
44 63 Actv success Sat Jan 2 16:51:17 2016 syslog script: sl_suspend_ports.tcl
45 64 Actv success Sat Jan 2 20:08:09 2016 syslog script: sl_suspend_ports.tcl
46 65 Actv success Sat Jan 2 20:22:04 2016 syslog script: sl_suspend_ports.tcl
47 66 Actv success Sat Jan 2 20:22:10 2016 syslog script: sl_suspend_ports.tcl
48 67 Actv success Sat Jan 2 20:36:59 2016 syslog script: sl_suspend_ports.tcl
49 68 Actv success Sat Jan 2 20:40:13 2016 syslog script: sl_suspend_ports.tcl
50 69 Actv success Sat Jan 2 20:40:57 2016 syslog script: sl_suspend_ports.tcl


Fa1/0/1 ## MY_LAN ## connected 10 full 100 10/100BaseTX
Fa1/0/2 notconnect 10 full 100 10/100BaseTX
Fa1/0/3 notconnect 10 full 100 10/100BaseTX
Fa1/0/4 notconnect 10 full 100 10/100BaseTX
Fa1/0/5 notconnect 10 full 100 10/100BaseTX
Fa1/0/6 notconnect 10 full 100 10/100BaseTX
Fa1/0/7 notconnect 10 full 100 10/100BaseTX
Fa1/0/8 notconnect 10 full 100 10/100BaseTX
Fa1/0/9 notconnect 10 full 100 10/100BaseTX
Fa1/0/10 notconnect 10 full 100 10/100BaseTX
Fa1/0/11 notconnect 10 full 100 10/100BaseTX
Fa1/0/12 notconnect 10 full 100 10/100BaseTX
Fa1/0/13 ## MY_TEST_LAB ## notconnect 20 full 100 10/100BaseTX
Fa1/0/14 notconnect 20 full 100 10/100BaseTX
Fa1/0/15 notconnect 20 full 100 10/100BaseTX
Fa1/0/16 notconnect 20 full 100 10/100BaseTX
Fa1/0/17 notconnect 20 full 100 10/100BaseTX
Fa1/0/18 notconnect 20 full 100 10/100BaseTX
Fa1/0/19 notconnect 20 full 100 10/100BaseTX
Fa1/0/20 notconnect 20 full 100 10/100BaseTX
Fa1/0/21 notconnect 20 full 100 10/100BaseTX

Port Name Status Vlan Duplex Speed Type
Fa1/0/22 notconnect 20 full 100 10/100BaseTX
Fa1/0/23 notconnect 20 full 100 10/100BaseTX
Fa1/0/24 ## INTERNET ## connected trunk a-full a-100 10/100BaseTX

Hall of Fame Cisco Employee

This isn't the contents of

This isn't the contents of susp_ports.dat nor the debug output.  Plus, it's not clear from the event history that the cron policy is running.  Do you see it running at midnight?

Beginner

Yes, I saw the script

Yes, I saw the script starting, but I didn't see anything happening. Here's the log of the script perfuming at midnight: 

Hall of Fame Cisco Employee

This is debug from the syslog

This is debug from the syslog policy, not the cron policy.  The cron policy is what actually suspends the ports.  Can you also post the susp_ports.dat file along with the debug showing output from tm_suspend_ports.tcl?

Beginner

I am not sure of what I need

I am not sure of what I need to type in to show this output. Can you assist me in doing so? Do you mean the "Show Kron Schedule"? 

Hall of Fame Cisco Employee

You need to enable "debug

You need to enable "debug event manager tcl cli" then let the tm_suspend_ports.tcl policy run.  By default, this policy runs at midnight.  You can therefore wait for it to run while leaving debug on and grab it from your syslog server, or you can modify the cron entry at the top of the policy to run at a different time, then re-register it and capture the debug when it runs.

Beginner

The debug Event Manager TCL

The debug Event Manager TCL CLI was enabled yesterday before the policy ran its course.  I thought you'd see it in the syslog, but in my syslog that I posted earlier, that was all that it captured. To me, it look like tm_suspend_ports.tcl didn't run as I only saw sl_supsend_ports.tcl.

Switch1#sh debugging
Auto Smart Ports:
Debug Macro Tcl CLI library debugging is on

Embedded Event Manager:
Debug EEM Tcl CLI library debugging is on

Can I modify the cron entry to something like

::cisco::eem::event_register_none

And force the policy to run with

#Event Manager Run tm_suspend_ports.tcl

Hall of Fame Cisco Employee

Yes, that will work, too. 

Yes, that will work, too.  But it doesn't provide insight as to whether or not the cron timer is executing correctly.

Beginner

Here's what came up as the

Here's what came up as the script tried to run earlier:

It does the show event manager policy pending but nothing appears for it, so the script closes.

Hall of Fame Cisco Employee

Again, this is the output

Again, this is the output from the syslog policy.  I need to see the output from the timer policy.  You need both of them registered in order for this solution to work, and it is the timer policy that actually suspends/shuts down the ports.

Beginner

Sorry, Joe, my test switch

Sorry, Joe, I had issues with my switch/pc talking with each other. I had tried to delete and re-register the policy. My firewall was blocking the connection and took me a little while to figure that out. I was able to get the policy back on now. I'll let it run and try to post the cron policy tomorrow.

Beginner

Joe,

Joe,

As I came home today, I caught the script running. It seemed to have worked, for one port (Fa1/0/4), but the rest seemed to have an error. 

Port Name Status Vlan Duplex Speed Type
Fa1/0/1 ## My_LAN ## connected 10 full 100 10/100BaseTX
Fa1/0/2 connected 10 full 100 10/100BaseTX
Fa1/0/3 notconnect 10 full 100 10/100BaseTX
Fa1/0/4 disabled 666 full 100 10/100BaseTX
Fa1/0/5 ## TEST ## notconnect 20 full 100 10/100BaseTX
Fa1/0/6 ## TEST ## notconnect 20 full 100 10/100BaseTX
Fa1/0/7 ## TEST ## notconnect 20 full 100 10/100BaseTX
Fa1/0/8 ## TEST ## notconnect 20 full 100 10/100BaseTX
Fa1/0/9 ## TEST ## notconnect 10 full 100 10/100BaseTX
Fa1/0/10 ## TEST ## notconnect 10 full 100 10/100BaseTX
Fa1/0/11 ## TEST ## notconnect 10 full 100 10/100BaseTX
Fa1/0/12 ## TEST ## notconnect 10 full 100 10/100BaseTX
Fa1/0/13 notconnect 10 full 100 10/100BaseTX
Fa1/0/14 notconnect 10 full 100 10/100BaseTX
Fa1/0/15 notconnect 10 full 100 10/100BaseTX
Fa1/0/16 notconnect 10 full 100 10/100BaseTX
Fa1/0/17 notconnect 10 full 100 10/100BaseTX
Fa1/0/18 notconnect 10 full 100 10/100BaseTX

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards