I was involved with a network migration that made me look at using the power of EEM, below is a solution for anyone who may find themselves in a similar situation.
I was tasked to upgrade a legacy access layer of a network which was still consisting of unmanaged switches (flat network) to a Cisco solution which consisted of 3850's (Core/Distribution Layer) and 2960X for the access layer with dedicated subnets for each specific service operating on the network.
The challenge was the access layer as there were multiple devices such as printers, access control and other devices on the network with static IP's. Therefore we would need to determine on which ports they are connected to so we can migrate them over to the new structured VLAN's that was designed for each service. Since the device are connected to unmanaged switches, there was no way to verify this on the switch port level and it was also not practical to physically trace the cable from the end device to the switch port. There was also a very large amount of end device so to try and track them once they were on the Cisco access layer would result in a large amount of effort and time.
The other problem was that we did not have Cisco ISE to utilise the MAB functionality so ports can be dynamically assigned VLAN's based on the end device MAC address.
Using EEM we would create a script to create a description on the switch ports so we can identify the type of devices. In order to get the correct MAC addresses, we requested the system admins who support the end device to provide a list of the device with their static IP's.
Since the Cisco core was already active and we had an SVI that was in the same subnet as the legacy network, we could pull the IP's and associated MAC addresses from the ARP table.
This gave us clarity on what the OUI addresses were for the end devices. In this solution we had to break the devices up in the following classes:
In our situation, we would do the port configuration in a two-step approach, first replace unmanaged switches with Cisco 2960X's and identify the ports by applying a description. The second step would be to change the switch port VLAN configuration once system admin confirmed they changed the end device's IP address.
Once all the ports were identified we knew which ports still need to stay on the legacy VLAN, while the remainder can be configured as per the new design, it was easy to coordinate with the support teams onsite when they were migrating the end devices to the new IP subnets. We could also modify the scripts to automatically apply the VLAN configuration should a new device connect to the switch or if someone moves the cable to a different port.
There are of course other solutions out there such as SmartPort and ISE, however, if you don't have these options to your disposal, EEM is an extremely powerful tool that can give you the same results.
good day. ISR 4351/K9 IOS 16.09.04 i need to make "ip nat inside source static" for range 5100-5200 tcp ports. i have find code, like next: ip access-list extended 190permit tcp host 192.168.0.10 range 5100 5200 any!route-map MAP_RST permit 10m...
I just bought myself a 7206VXR for my home lab. This is replacing a typical home router, but I'm curious about the NAT configuration Say the interface that connects to the ISP is x.x.x.xThe interface that connects to the house is 192.x.x.x ...
I'm using version 16.3.7 of the C3650.increase the logging buffer size to 16000 andIf you increase the logging buffer level to informational, the size goes back to 4096.Are there any setting criteria that I do not know?