We are looking for an easy way for our security department to shut end user interfaces (mostly fa, some gi). previously we've done this with home-grown scripts and I've been asked if LMS could do this easily.
so ideally, the security department would have to select the "shut interface" job, select the device, and tell it what port to shut. I'd rather create a template that only works on end user switches (3750-g-e-x, 2950,3560 etc. NOT 6500, blade switches, routers, etc.)
From what I've tried, I could only hard set (int fa1/0/1 ->shut) the interface in the job. is there a way I could create a basic shut template that prompts the user what port to shut (or put on a black-hole vlan)?
Or, is there another way to do this aside from a netconfig job?
*various credentials (already created different credential sets so this is OK)
*security department should not have permission to shut trunks
*we would like to restrict access to the security team from the rest of LMS
*lms 3.2 patched up to date
*switches running snmp2 RO only
*lms could telnet/ssh to devices
*dev stage of deploying snmpv3
*local authorization (non-ACS), TACACS authentication with local fallback
I have been working on this exact issue on another thread: https://supportforums.cisco.com/message/3200456#3200456 . I also have LMS and haven't found a way to do this through ciscoworks but I am currently trying to the the EEM route. The script I am trying to run monitors ports that show not connected due to users turning off their machines, unplugging their machines etc and shuts down after a period of time that you prefer. The guy I'm working with is very helpful, I don't know if this is a route you wan't to take but it might be worth taking a look at.
Do you use Cisco DNA Center? Have you used and are you willing to provide your feedback in using the Cisco DNA Center help and documentation?
If so, we’d like you to complete the survey linked below. Your feedback will help provide more effective and easi...
Listen: https://smarturl.it/CCRS9E18Follow us: https://twitter.com/CiscoChampion Reaching the height of your career is no simple feat. It often requires a combination of pursuing the right education, building the right professional network and being ...
In a typical production SD-WAN deployment, we would probably have many remote sites connected via many different Internet connections to a centralized data center or a regional hub. In most regions in the world, Internet providers will always use some typ...