Solved: EEM/Tcl script for changing vlan on ports on link down/reboot - read list of ports from a file?

Tommy Vindvik · ‎01-23-2015

Hi everybody!

I'm working with a regional public health-care provider in Norway, and we have a total of around ~42k access ports in our different campus networks. Access network consists of 3560/3750/3750-X/3850 and 4500 on different HW and SW levels.

Sometimes we se the need to change the vlan on a LOT of ports to get the clients over in another network for one reason or another. To minimize impact for the DHCP-attached clients, I'm looking for some way of doing this on port down event and preferably also on reboot (not all wireing-closets have UPS).

I have not learned to "speak" Tcl yet, and I understand that the file handling in EEM applets is very basic even in EEM v4.

So I'm looking for a script that:

Reads interface ID and new vlan ID from a file we can upload to flash
Changes the vlan id (switchport access vlan XX) to YY AND possibly the voice vlan on interface down event
Bonus points for running trough any remaining interfaces on reload
Tracks the changes to a logfile
One mail after all interfaces in list are completed
Triple bonus point for a scipt compatible with older EEM-versions (due to the different HW and SW levels in network).

The interface list input file could be constructed anyway needed, but maybe something like this:

Interface<tab>New vlan ID<tab>New Voice vlan   <- Not needed in actual file
FastEthernet1/0/43<tab>100
Gi2/0/38<tab>110
Gi1/43<tab>120<tab>300

And the logfile could be something like:

Interface Fa1/0/43 changed on interface down from vlan id XX to YY dd.mm.yyyy hh:mm:ss
Interface Gi1/43 changed on reload from vlan id XX to YY AND voice vlan ZZ dd.mm.yyyy hh:mm:ss

Soooo.....have anyone made/seen such a script, or something like it that could be adapted? Or do anyone Tcl-fluid people feel like helping me out? :) I can't quite imagine that we are the only one seeing the need for such a script?

Keeping the faith in the community :)

Tommy V

(Edit: Added voice vlan)

Regards, Tommy V

Dan Frey · ‎01-24-2015

OK thats what I thought but wanted to make sure. Attached is a policy that meets all your bullet points except for the last one. Not sure what hardware or EEM version would not support the attachment.

There needs to be a prepositioned file on flash that will be used to read in the "interface datavlan voicevlan". If a port transitions from up -> down that will trigger the policy or on reboot the policy will read in the entire file on flash and provision all the ports.

My prepositioned file on flash.

Switch_2#more flash:vlan
FastEthernet0/18 101 301
FastEthernet0/19 101
FastEthernet0/20 100
FastEthernet0/21 101
FastEthernet0/22 102
FastEthernet0/24 104

Tested on

Cisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(55)SE1, RELEASE SOFTWARE (fc1)

Log messages to console and also written to a log file on flash on reboot.

00:01:02: %HA_EM-6-LOG: vlanmap.tcl: Interface FastEthernet0/18 changed on reload from vlan id 1 to 101 and voicevlan none changed to 301 00:01:01.723 UTC Mon Mar 1 1993
00:01:03: %HA_EM-6-LOG: vlanmap.tcl: Interface FastEthernet0/19 changed on reload from vlan id 1 to 101 00:01:01.723 UTC Mon Mar 1 1993
00:01:04: %HA_EM-6-LOG: vlanmap.tcl: Interface FastEthernet0/20 changed on reload from vlan id 1 to 100 00:01:01.723 UTC Mon Mar 1 1993
00:01:04: %HA_EM-6-LOG: vlanmap.tcl: Interface FastEthernet0/21 changed on reload from vlan id 1 to 101 00:01:01.723 UTC Mon Mar 1 1993
00:01:05: %HA_EM-6-LOG: vlanmap.tcl: Interface FastEthernet0/22 changed on reload from vlan id 1 to 102 00:01:01.723 UTC Mon Mar 1 1993
00:01:06: %HA_EM-6-LOG: vlanmap.tcl: Interface FastEthernet0/24 changed on reload from vlan id 1 to 104 00:01:01.723 UTC Mon Mar 1 1993

View solution in original post

Dan Frey · ‎01-23-2015

Can you explain further on this bullet point? What does running through remaining interfaces mean?

Bonus points for running trough any remaining interfaces on reload

Tommy Vindvik · ‎01-23-2015

If (when) switch reboots, check file and change vlan on all remaining interfaces.

Regards, Tommy V

Dan Frey · ‎01-24-2015

OK thats what I thought but wanted to make sure. Attached is a policy that meets all your bullet points except for the last one. Not sure what hardware or EEM version would not support the attachment.

There needs to be a prepositioned file on flash that will be used to read in the "interface datavlan voicevlan". If a port transitions from up -> down that will trigger the policy or on reboot the policy will read in the entire file on flash and provision all the ports.

My prepositioned file on flash.

Switch_2#more flash:vlan
FastEthernet0/18 101 301
FastEthernet0/19 101
FastEthernet0/20 100
FastEthernet0/21 101
FastEthernet0/22 102
FastEthernet0/24 104

Tested on

Cisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(55)SE1, RELEASE SOFTWARE (fc1)

Log messages to console and also written to a log file on flash on reboot.

00:01:02: %HA_EM-6-LOG: vlanmap.tcl: Interface FastEthernet0/18 changed on reload from vlan id 1 to 101 and voicevlan none changed to 301 00:01:01.723 UTC Mon Mar 1 1993
00:01:03: %HA_EM-6-LOG: vlanmap.tcl: Interface FastEthernet0/19 changed on reload from vlan id 1 to 101 00:01:01.723 UTC Mon Mar 1 1993
00:01:04: %HA_EM-6-LOG: vlanmap.tcl: Interface FastEthernet0/20 changed on reload from vlan id 1 to 100 00:01:01.723 UTC Mon Mar 1 1993
00:01:04: %HA_EM-6-LOG: vlanmap.tcl: Interface FastEthernet0/21 changed on reload from vlan id 1 to 101 00:01:01.723 UTC Mon Mar 1 1993
00:01:05: %HA_EM-6-LOG: vlanmap.tcl: Interface FastEthernet0/22 changed on reload from vlan id 1 to 102 00:01:01.723 UTC Mon Mar 1 1993
00:01:06: %HA_EM-6-LOG: vlanmap.tcl: Interface FastEthernet0/24 changed on reload from vlan id 1 to 104 00:01:01.723 UTC Mon Mar 1 1993

Tommy Vindvik · ‎01-26-2015

Daniel,

I'm impressed! :) That was a swift response :)

I will test this in my lab and on a few switches in my network :)

A few questions after just browsing the code however, just trying to understand Tlc better:

Any reason you use the syslog event instead of the ::cisco::eem::event_register_interface to match/find interfaces transitioning to down? Personal preference, or some other reason?
Any way to make the script more "self contained"? Seems like I have to set a few environment variables "outside" the script? Could these be set inside the script instead?
Again, not fluid in Tlc, but it might seem like it sends mail for each interface changed? Or am I misreading the code?

Regards

Tommy V

Regards, Tommy V

Dan Frey · ‎01-26-2015

Its my personal preference to use the syslog ED. I use the syslog detector often and have the regexp built for it as well so it was just a copy/paste for this EEM policy. If all of the environment variables remain static across your network then there is no reason to do this in the CLI and the variables can be addressed in the tcl file.

Add these variables in the tcl file after:

namespace import ::cisco::eem::*

namespace import ::cisco::lib::*

set write_filename "your file name"

set read_filename "your file name"

ect... set rest of the variables here ....

When syslog detects a single interface going up -> down it will generate an email, syslog, update the logfile. If you have multiple interfaces going down at once you will get an email, syslog, update logfile per interface. When the device is reloaded it will aggregate all the actions into a single email, generate multiple syslogs, and update the logfile.

Dan

Tommy Vindvik · ‎01-26-2015

Good to know I was reading the code correctly, even with close to none Tcl-experience :)

And I can see the use for mailing on every interface changed, but my goal was to log/syslog these and send a mail only when all interfaces in file was changed/completed.

I don't want several hundred mails during such a change.process, if anything goes wrong I could log onto the switch and check the logfile (or check the syslog) - but I do want to know when everything is completed :)

Regards,

Tommy V

Regards, Tommy V

bhisham Sharma · ‎11-18-2015

Hi All,

I am new to TCL scripting and seeking your help for below requirement

I have to change vlans in training rooms twice in a day (Morning & in evening at particular time frame) and this is hitting me badly as sometime I get late and getting unnecessary escalations. Can someone suggest me if TCL script/Kron can be used and vlans can be changed automatically at particular time frame. If a script can be loaded in tftp and there I can change vlan IDs in any time and when training time start just it triggers and all vlans should be changed!!

Is it possible? I think by EEM its possible but EEM is not supported.

Dan Frey · ‎11-18-2015

Please start a new thread for your question.

bhisham Sharma · ‎11-18-2015

I have already started a new thread!!

Thanks!