remotely disable a port on switch given an IP address

ravi.malghan · ‎07-20-2006

Hi: I want to remotely disable the switch port an IP address is connected. Does any cisco product provide an API to do this? In other words I want to run a script from a remote machine that will connect to cisco product (using some API) that can instruct a switch (that the product has discovered) to disable a port.

Thanks

Ravi

miheg · ‎07-20-2006

That is not possible.

You first need to make the relation between the IP and the mac address .

Then you may use SNMP to find a port where this mac address connects.

Then you may use SNMP to shut the port

rdanevich · ‎07-20-2006

With CiscoWorks, in "Campus Manager" you can run "User Tracking", enter the IP address, this will tell you which port and which switch the IP address is connected to. Then you'd have to remote into the switch and dis-able the port.

Another option you might try is "port-security" & "sticky port" configurations on the switch, these options will automatically disable the port when the access port sees a mac-address that shouldn't be there.

A third option that you may want to investigate is the Cisco MARS solution. You can set thresholds on the port that will automatically dis-able the port when the threshold is reached, such as a PC that is infected with a virus that is infecting the rest of the network.

Is this what you were asking? Does this help?

zerozerotito · ‎07-20-2006

Enable SNMP on the Switch then define SNMP communities... And then use SolarWinds to control Cisco Device...

Or you can write a script which use snmp protocol...