cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2323
Views
5
Helpful
28
Replies
Shawnw4401
Beginner

EEM/TCL - Disable Inactive Ports

Hello, 

I've been trying to get the script provided by Joe Clarke, tm_suspend_ports.tcl and sl_suspend_ports.tcl, to work. I did make an adjustment to the script though to exclude a certain VLAN from being shutdown; however, the script does not seem to be functioning correctly. 

#show version
Cisco IOS Software, C3750 Software (C3750-IPBASEK9-M), Version 12.2(55)SE8, RELE ASE SOFTWARE (fc2)

Here's my current problem:

1. The script is running, but the ports are not being shutdown. (On a side note, is there a way to manually run this script for testing purposes?)

#show event manager history event
No. Job Id Proc Status Time of Event Event Type Name
1 1 Actv success Sun Feb28 18:01:26 1993 syslog script: sl_suspend_ports.tcl
2 2 Actv success Sun Feb28 18:01:53 1993 syslog script: sl_suspend_ports.tcl
3 3 Actv success Sun Feb28 18:02:20 1993 syslog script: sl_suspend_ports.tcl
4 4 Actv success Sun Feb28 19:40:17 1993 syslog script: sl_suspend_ports.tcl
5 5 Actv success Sun Feb28 19:40:28 1993 syslog script: sl_suspend_ports.tcl
6 6 Actv success Sat Dec19 08:13:08 2015 syslog script: sl_suspend_ports.tcl
7 7 Actv success Sat Dec19 08:13:14 2015 syslog script: sl_suspend_ports.tcl
8 8 Actv success Sat Dec19 14:53:29 2015 syslog script: sl_suspend_ports.tcl
9 9 Actv success Sat Dec19 14:53:35 2015 syslog script: sl_suspend_ports.tcl
10 10 Actv success Sat Dec19 14:53:47 2015 syslog script: sl_suspend_ports.tcl
11 11 Actv success Sat Dec19 14:53:52 2015 syslog script: sl_suspend_ports.tcl
12 12 Actv success Sat Dec19 14:53:57 2015 syslog script: sl_suspend_ports.tcl
13 13 Actv success Sat Dec19 14:54:02 2015 syslog script: sl_suspend_ports.tcl
14 14 Actv success Sun Dec20 00:00:00 2015 timer cron script: tm_suspend_ports.tcl
15 15 Actv success Sun Dec20 02:03:17 2015 syslog script: sl_suspend_ports.tcl
16 16 Actv success Sun Dec20 02:03:22 2015 syslog script: sl_suspend_ports.tcl
17 17 Actv success Sun Dec20 08:48:40 2015 syslog script: sl_suspend_ports.tcl
18 18 Actv success Sun Dec20 08:48:44 2015 syslog script: sl_suspend_ports.tcl

#show interface status
Port Name Status Vlan Duplex Speed Type
Fa1/0/1 ## MY_LAN ## connected 10 full 100 10/100BaseTX
Fa1/0/2 notconnect 10 full 100 10/100BaseTX
Fa1/0/3 notconnect 10 full 100 10/100BaseTX
Fa1/0/4 notconnect 10 full 100 10/100BaseTX
Fa1/0/5 notconnect 10 full 100 10/100BaseTX
Fa1/0/6 notconnect 10 full 100 10/100BaseTX
Fa1/0/7 notconnect 10 full 100 10/100BaseTX
Fa1/0/8 notconnect 10 full 100 10/100BaseTX
Fa1/0/9 notconnect 10 full 100 10/100BaseTX
Fa1/0/10 notconnect 10 full 100 10/100BaseTX
Fa1/0/11 notconnect 10 full 100 10/100BaseTX
Fa1/0/12 notconnect 10 full 100 10/100BaseTX
Fa1/0/13 ## MY_TEST_LAB ## notconnect 20 full 100 10/100BaseTX
Fa1/0/14 notconnect 20 full 100 10/100BaseTX
Fa1/0/15 notconnect 20 full 100 10/100BaseTX
Fa1/0/16 notconnect 20 full 100 10/100BaseTX
Fa1/0/17 notconnect 20 full 100 10/100BaseTX
Fa1/0/18 notconnect 20 full 100 10/100BaseTX
Fa1/0/19 notconnect 20 full 100 10/100BaseTX
Fa1/0/20 notconnect 20 full 100 10/100BaseTX
Fa1/0/21 notconnect 20 full 100 10/100BaseTX
Fa1/0/22 notconnect 20 full 100 10/100BaseTX
Fa1/0/23 notconnect 20 full 100 10/100BaseTX
Fa1/0/24 ## INTERNET ## connected 10 full 100 10/100BaseTX

Directory of flash:/

2 -rwx 12103244 Feb 28 1993 21:14:49 -06:00 c3750-ipbasek9-mz.122-55.SE8.bin
6 -rwx 7893 Dec 19 2015 22:57:12 -06:00 config.text
5 -rwx 3096 Dec 19 2015 22:57:12 -06:00 multiple-fs
9 -rwx 676 Dec 19 2015 02:14:12 -06:00 vlan.dat
8 -rwx 1937 Dec 19 2015 22:57:12 -06:00 private-config.text
7 drwx 128 Dec 19 2015 14:44:57 -06:00 policies
10 -rwx 651 Dec 20 2015 00:00:01 -06:00 susp_ports.dat

Directory of flash:/policies/

3 -rwx 4589 Dec 20 2015 10:34:53 -06:00 tm_suspend_ports.tcl
4 -rwx 3101 Dec 19 2015 14:44:57 -06:00 sl_suspend_ports.tcl

#show run | include event
event manager environment suspend_ports_days 1
event manager environment suspend_ports_config flash:/susp_ports.dat
event manager directory user policy "flash:/policies/"
event manager session cli username "STW"
event manager policy sl_suspend_ports.tcl
event manager policy tm_suspend_ports.tcl

28 REPLIES 28
Joe Clarke
Hall of Fame Cisco Employee

I see the problem.  It looks like when you modified the script, you added an end within the foreach loop.  Try this version instead.

View solution in original post

Thanks, Joe! It is working correctly now. I did change the cron timer on that script you sent me to check it, but I am going to change it back now and try it again. I do not believe it'll give me any problems. 

Thanks again for all of your help!

Joe,

One more question. Is there a way to exclude a range of vlans or do I need to keep going VLAN1||VLAN2||VLAN3 etc...

example:

if { ! [regexp {Access Mode VLAN: 10} $output] && ! [regexp {Access Mode VLAN: 11} $output] && ! [regexp {Access Mode VLAN: 12} $output] }

or can I use:

if { ! [regexp {Access Mode VLAN: 10 - 12} $output]}
Joe Clarke
Hall of Fame Cisco Employee

You'll need to keep using the multiple conditionals.

Joe, I have another problem that came up. It seems to be ignoring all the vlans just fine, but it seemed to have shutdown my trunk port?

interface FastEthernet1/0/24
description ## WAN ##
switchport access vlan 666
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2,5,10,100
switchport mode trunk
shutdown

Joe Clarke
Hall of Fame Cisco Employee

The script only shuts down ports that are operational down.  It does not discriminate between access/trunk.  Given that Fa1/0/24 was not in your last susp_ports.dat file, I can only assume it was taken down at some point for over your hold down period, then the script shut it down as it should have.

Would I be able to add a syntax if I do not want it to ever shutdown a trunk port?

Joe Clarke
Hall of Fame Cisco Employee

You could add additional logic as you did to ignore VLANs.  The output of the show int switchport command will also tell you if the port is configured as a trunk.

So, you mean like: 

set cli [list "config t"]
foreach port [array name suspend_ports]
{ set output [run_cli [list "show int $port switchport | inc Administrative Mode"]]
if { ! [regexp {Administrative Mode: trunk} $output] }
} else
{
set output [run_cli [list "show int $port switchport | inc Access Mode VLAN"]]
if { ! [regexp {Access Mode VLAN: 20} $output] } {
set cli [concat $cli [list "interface $port" "shut" "switchport access vlan 666"]]
action_syslog msg "Shutting down port $port since it was last used on [clock format $suspend_ports($port)]"
}
}

Joe Clarke
Hall of Fame Cisco Employee

Logically, this should work, but the Tcl syntax is broken with respect to the braces.

Do you see anything wrong with braces now? I think I fixed that issue, but I might be overlooking something still.

set cli [list "config t"]
foreach port [array name suspend_ports] {
{
set output [run_cli [list "show int $port switchport | inc Administrative Mode"]]
if { ! [regexp {Administrative Mode: trunk} $output] }
} else {
set output [run_cli [list "show int $port switchport | inc Access Mode VLAN"]]
if { ! [regexp {Access Mode VLAN: 20} $output] } {
set cli [concat $cli [list "interface $port" "shut" "switchport access vlan 666"]]
action_syslog msg "Shutting down port $port since it was last used on [clock format $suspend_ports($port)]"
}
}
}
Joe Clarke
Hall of Fame Cisco Employee

No, it's still not right.  What you want is something like:

set cli [list "config t"]
foreach port [array name suspend_ports] {
set output [run_cli [list "show int $port switchport | inc Administrative Mode"]]
if { ! [regexp {Administrative Mode: trunk} $output] } {
set output [run_cli [list "show int $port switchport | inc Access Mode VLAN"]]
if { ! [regexp {Access Mode VLAN: 20} $output] } {
set cli [concat $cli [list "interface $port" "shut" "switchport access vlan 666"]]
action_syslog msg "Shutting down port $port since it was last used on [clock format $suspend_ports($port)]"
}
}
}

Thanks, Joe! Everything is working perfect now. I appreciate all the help.

MarcAndreSIRAMIS
Beginner

Dear all,

 

i m trying to use theses script without success at this time

i followed differents topics but i have the log below

i m using a radius and i execute the script on 

Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 10 WS-C3560CG-8PC-S 15.2(2)E10 C3560c405ex-UNIVERSALK9-M

 

FR-KAY-SR12-S7#sh event manager version
Embedded Event Manager Version 4.00
Component Versions:
eem: (rel9)1.2.19
eem-gold: (rel1)1.0.2
eem-call-home: (rel2)1.0.4

 

Oct 22 11:42:42 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : CTL : cli_open called.
Oct 22 11:42:42 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : OUT : CC
Oct 22 11:42:42 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : OUT : **********************************************
Oct 22 11:42:42 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : OUT : * *
Oct 22 11:42:42 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : OUT : * ****************** *
Oct 22 11:42:42 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : OUT : * ****************** *
Oct 22 11:42:42 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : OUT : *********************
Oct 22 11:42:42 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : OUT : * Tous acces non autorises sont prohibes *
Oct 22 11:42:42 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : OUT : * *
Oct 22 11:42:42 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : OUT : **********************************************
Oct 22 11:42:42 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : OUT :
Oct 22 11:42:42 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : OUT : FR-KAY-SR12-S7>
Oct 22 11:42:42 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : IN : FR-KAY-SR12-S7>en
Oct 22 11:42:42 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : OUT : % Unknown command or computer name, or unable to find computer address

Oct 22 11:42:42 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : OUT : FR-KAY-SR12-S7>
Oct 22 11:42:42 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : IN : FR-KAY-SR12-S7>show ip interface brief | include Ethernet
Oct 22 11:42:43 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : OUT : show ip interface brief | include Ethernet
Oct 22 11:42:43 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : OUT : ^
Oct 22 11:42:43 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : OUT : % Invalid input detected at '^' marker.
Oct 22 11:42:43 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_lib) : OUT :
Oct 22 11:42:43 UTC+2: %HA_EM-6-LOG: tm_suspend_ports.tcl : DEBUG(cli_

 

thanks for your answers

 

Best regards