10-05-2010 07:17 PM
I have downloaded these 2 Tcl scripts from this previous discussion and from the sounds of it it's exactly what I've been looking for. But the problem is I'm new to EEM and have no idea how to go about putting these on the switches themselves. I've searched for configuration guides but to no prevail. Any help is greatly appreciated. Here's the link to previous discussion:
https://supportforums.cisco.com/thread/164684.pdf;jsessionid=EEEEE143342DAAB34706D608D5C4C920.node0
10-15-2010 06:03 PM
10-15-2010 06:13 PM
Forgive me but what is the ED line?
10-15-2010 06:21 PM
I just tried to load event man pol tm_suspend_ports.tcl configuration and it spit out this error:
error: tag statement required when using multiple events: policy tm_suspend_ports.tcl
JOSHUA M. PEAVY, SSgt, USAF
CONFIGURATION MANAGEMENT
10-15-2010 06:33 PM
You need to comment out the timer line so that only the event_register_none line is active. The first line should be:
::cisco::eem::event_register_none maxrun 600
10-15-2010 06:51 PM
You have no idea how much work you just saved me. I'm posting the scipt that worked so you can double over it if you don't mind to execute at 00:00 every night. Now if i change the amount of seconds in half would it essentially go off twice a day. Also, if I modify the script to put it in a vlan would it look something like this:
set cli [list "config t"]
foreach port [array name suspend_ports] {
set cli [concat $cli [list "interface $port" "shut" "switchp access vlan 187"]]
10-15-2010 10:55 PM
This version will run at midnight. If you need it to run more often than that you will need to adjust the cron entry in the event registration line. You can change the second 0 to 0,12 to run at midnight and noon every day.
Yes, your change will configure a new access VLAN on the switchports that are shutdown.
10-15-2010 11:06 PM
Thank you very much. You are well deserving of the Hall of Fame status.
03-13-2012 03:09 PM
Joseph - will this procedure work for 4500 and 6500 series switches? I know they do not log port up/down events by default.
Thanks
03-13-2012 03:29 PM
Yes, it will if you enable logging for port event statuses. You need to report the link up events to EEM so it can record the last time the port is used.
03-13-2012 06:47 PM
So would enabling the logging overutilize resources on the switch? My thought is to use this as an automated security solution. I want to use this and other scripts to create a policy that will assigned ports that have not been up in more than 2 weeks to a parking VLAN. Then when a specific MAC, or MACs, is detected on the port it is then reassigned a standard access port configuration appropriate for that particular switch.
Thanks.
03-13-2012 10:00 PM
Nope, no resource limit. The reason people typically turn this off is to avoid the noise one would get in an NMS when users enter and leave the network. As long as you are good with filtering these out from your fault management system, then it is fine to leave these messages on.
03-14-2012 07:14 AM
Thanks Joseph!
03-14-2012 03:16 PM
Joseph,
I believe I have this configured to move the switchport to a parking VLAN. What scripting would I need to add to tm_suspend_ports8.tcl to send an e-mail, or an SNMP trap, with the ports that were moved?
If you haven't gathered I know just enough about scripting to be dangerous!
Thanks for all your help
03-15-2012 07:59 AM
Please start a new thread for your specific use case. Thanks.
06-18-2012 01:57 AM
Hi,
I have tried the same scripts and seem to experience the same results as mentioned above that it shows the ports are shutting down but it does not disable the ports. Please assist with this as I'm not clued up with TCL scipting as well.
Thanks.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: