Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1642
Views
11
Helpful
2
Comments

Suspend Inactive Ports

Joe Clarke
Cisco Employee
Cisco Employee

on ‎01-05-2014 02:06 PM

Here are two EEM Tcl policies that work in concert to track ports that are operationally down for a given period of time.  If they are down long enough, then the ports are administratively shutdown (or placed in a quarantine VLAN if said VLAN is defined) to prevent unknown or untracked use of them.  Each policy uses some EEM environment variables.  For the timer policy:

# This policy runs at a configured time, then checks to see if inactive ports
# have been inactive for a configured amount of time.  If so, then the ports
# will be shutdown.
#
# This policy uses the following environment variables:
#
# suspend_ports_days        : Number of days before a port is suspended.
#
# suspend_ports_config      : Path to configuration file.
#
# suspend_quarantine_vlan   : (optional) VLAN number into which ports will be moved
#                             instead of being shutdown.  If not defined, ports will be
#                             shutdown.
#

And for the syslog policy:

# This policy listens for link up syslog messages, and removes the port from
# the list of down ports.
#
# This policy uses the following environment variables:
#
# suspend_ports_config      : Path to configuration file.
#
Labels:
15373407-sl_suspend_ports.tcl.zip
15373408-tm_suspend_ports.tcl.zip
15373429-tm_suspend_ports.tcl.zip
Comments
Nisterio
Level 1
Level 1
‎05-22-2019 01:47 PM

Five Year Later, I have discovered the "ancient script" ....  Great work thanks

bforonda
Level 1
Level 1
‎04-11-2025 05:41 PM

Aloha @Joe Clarke,

Switch Information: Cisco 9200L, 17.12.4

Update: Other's have mentioned similar error since upgrading to either 17.9.6 or 17.12.4. I did downgrade to 17.9.5 on a test switch and the error went away.

Do you happen to know what might be triggering the error below? From my troubleshooting, it seems the SL script isn't removing the port after it's been reconnected. In this case, the port is GigabitEthernet1/0/5.

Any idea why it might be unable to read arr_einfo(msg)? For testing purposes, I'm manually flapping the ports to trigger the event.

Apr 11 2025 14:31:39.924 HST: %HA_EM-6-LOG: sl_suspend_ports.tcl: can't read "arr_einfo(msg)": no such element in array
Apr 11 2025 14:31:39.924 HST: %HA_EM-6-LOG: sl_suspend_ports.tcl: while executing
Apr 11 2025 14:31:39.924 HST: %HA_EM-6-LOG: sl_suspend_ports.tcl: "regexp {Interface ([^,]+), changed state to up} $arr_einfo(msg) -> iface"
Apr 11 2025 14:31:39.924 HST: %HA_EM-6-LOG: sl_suspend_ports.tcl: invoked from within
Apr 11 2025 14:31:39.924 HST: %HA_EM-6-LOG: sl_suspend_ports.tcl: "$slave eval $Contents"
Apr 11 2025 14:31:39.924 HST: %HA_EM-6-LOG: sl_suspend_ports.tcl: (procedure "eval_script" line 7)
Apr 11 2025 14:31:39.924 HST: %HA_EM-6-LOG: sl_suspend_ports.tcl: invoked from within
Apr 11 2025 14:31:39.924 HST: %HA_EM-6-LOG: sl_suspend_ports.tcl: "eval_script slave $scriptname"
Apr 11 2025 14:31:39.924 HST: %HA_EM-6-LOG: sl_suspend_ports.tcl: invoked from within
Apr 11 2025 14:31:39.924 HST: %HA_EM-6-LOG: sl_suspend_ports.tcl: "if {$security_level == 1} { #untrusted script
Apr 11 2025 14:31:39.924 HST: %HA_EM-6-LOG: sl_suspend_ports.tcl: interp create -safe slave
Apr 11 2025 14:31:39.924 HST: %HA_EM-6-LOG: sl_suspend_ports.tcl: interp share {} stdin slave
Apr 11 2025 14:31:39.924 HST: %HA_EM-6-LOG: sl_suspend_ports.tcl: interp share {} stdout slave
Apr 11 2025 14:31:39.924 HST: %HA_EM-6-LOG: sl_suspend_ports.tcl: ..."
Apr 11 2025 14:31:39.924 HST: %HA_EM-6-LOG: sl_suspend_ports.tcl: (file "tmpsys:/lib/tcl/base.tcl" line 50)
Apr 11 2025 14:31:39.924 HST: %HA_EM-6-LOG: sl_suspend_ports.tcl: Tcl policy execute failed:
Apr 11 2025 14:31:39.924 HST: %HA_EM-6-LOG: sl_suspend_ports.tcl: can't read "arr_einfo(msg)": no such element in array

9 98 Actv success Fri Apr11 14:31:39 2025 syslog script: sl_suspend_ports.tcl
10 99 Actv success Fri Apr11 14:32:08 2025 syslog script: sl_suspend_ports.tcl
more flash:susp_ports.dat
GigabitEthernet1/0/12 1717844400 GigabitEthernet1/1/2 1717585200 GigabitEthernet1/0/3 1717585200 GigabitEthernet1/1/3 1717585200 GigabitEthernet1/0/4 1717585200 GigabitEthernet1/0/5 1739012400 GigabitEthernet1/1/4 1717585200 GigabitEthernet1/0/14 1717585200 GigabitEthernet1/0/16 1717585200 GigabitEthernet1/0/17 1717585200 GigabitEthernet1/0/9 1744369200 GigabitEthernet1/0/18 1717585200 GigabitEthernet1/0/19 1717585200 GigabitEthernet1/0/20 1717585200 GigabitEthernet1/0/21 1717585200 GigabitEthernet1/0/22 1717585200 GigabitEthernet1/0/23 1717585200 GigabitEthernet1/0/24 1717585200 GigabitEthernet1/0/10 171758520
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents