Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
717
Views
0
Helpful
7
Replies

Make a router not do anything for some time.

kaustubhagarwal
Level 1
Level 1

‎02-20-2020 09:01 AM

Hello,

 

I want to make the router not do anything(even if there are packets in the buffer) for some time(predetermined) after matching on a particular packet(on destination mac address). Is there a delay command which I can use in this case to make the router not do anything for sometime. I did think about QOS, but I only want this functionality at the end router so giving QOS wouldn't matter.

 

 

Labels:
0 Helpful
7 Replies 7

Georg Pauwen
VIP
VIP

‎02-20-2020 10:11 AM

Hello,

 

you could use an EEM script that implements e.g. a MAC access list whenever the specific MAC address shows up on the router, and have that access list be active and then removed after a specified amount of time.

 

Can you give an example on where the MAC destination address appears on your router ?

0 Helpful

kaustubhagarwal
Level 1
Level 1
In response to Georg Pauwen

‎02-21-2020 02:19 AM

Thank you very much for your answer @Georg Pauwen .

 

I want to use this functionality multiple times. The frames with that particular mac address will appear for more than 1k times a day at the router. I want to stop transmission of other frames as I am afraid it will interfere with the transmission of this particular frame.

0 Helpful

paul driver
VIP
VIP

‎02-20-2020 11:02 AM

Hello

@kaustubhagarwal wrote:

Hello,

 

I want to make the router not do anything(even if there are packets in the buffer) for some time(predetermined) after matching on a particular packet(on destination mac address). Is there a delay command which I can use in this case to make the router not do anything for sometime. I did think about QOS, but I only want this functionality at the end router so giving QOS wouldn't matter.

 

I would say the best option would to have time based access-list to perform your desired timed access, be it daily weekly , monthly etc..
example:
time-range no-traffic
periodic daily 10:00 to 13:00

ip access-list extended no-rtr-traffic
permit ip x.x.x.x y.y.y.y any time-range no-traffic

int x/x
ip access-group no-rtr-traffic


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

kaustubhagarwal
Level 1
Level 1
In response to paul driver

‎02-21-2020 02:24 AM

Thank you for your answer @paul driver 

 

I am sorry to ask this as I am a complete amateur in this field. Can this work multiple times like(1k times a day?). Also I want to stop transmission only for some time(in msec max.) What happens to the other packets in the queue? Do they get dropped? I don't want to drop the packets, just want the queue to build up in the meantime and start transmission after that predetermined time.

 

 

0 Helpful

Georg Pauwen
VIP
VIP
In response to kaustubhagarwal

‎02-21-2020 02:29 AM

Hello,

 

is the MAC address you want to block in the ARP table all the time, or do you want some sort of dynamic action taken whenever the MAC address does show up (at unpredictable times) ?

0 Helpful

kaustubhagarwal
Level 1
Level 1
In response to Georg Pauwen

‎02-21-2020 02:36 AM

@Georg Pauwen 

 

dynamic action

0 Helpful

Georg Pauwen
VIP
VIP
In response to kaustubhagarwal

‎02-21-2020 05:09 AM

Hello,

 

below is what I have come up with. Basically, a MAC address is tied to an IP address, so you need to find out which IP address belongs to the MAC address you are trying to block. In the example below, the first EEM script scans the ARP table for the MAC address every 30 seconds. If it is found, the IP address that belongs to that MAC address is matched, an ACL is installed, and a syslog message is generated. That syslog message triggers the second EEM script, which, after a delay (that is the amount of time you want the access list to be active, 30 minutes in miliseconds in the example), removes the ACL.

 

I am not sure if this creates a loop, you would need to test what happens to the ARP table when the access list is active and you issue a 'clear arp', to make sure the MAC address is not there anymore...

 

ip access-list extended BLOCK_MAC_ACL
deny ip host 10.10.10.1 any
permit ip any any
!
event manager applet BLOCK_MAC
event timer watchdog time 30
action 1.0 cli command "enable"
action 2.0 cli command "show arp | inc 0c19.f557.ea04"
action 3.0 regexp "10.10.10.1" $_cli_result
action 4.0 if $_regexp_result eq 1
action 5.0 cli command "conf t"
action 6.0 cli command "interface GigabitEthernet0/4"
action 7.0 cli command "ip access-group BLOCK_MAC_ACL in"
action 8.0 cli command "exit"

action 8.1 cli command "end"
action 9.0 syslog msg "BLOCK_MAC_ACL has been triggered"

action 9.1 cli command "clear arp"
action 9.2 end
!
event manager applet UNBLOCK_MAC
event syslog pattern "BLOCK_MAC_ACL has been triggered"
trigger delay 1800000
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "interface GigabitEthernet0/4"
action 4.0 cli command "no ip access-group BLOCK_MAC_ACL in"
action 5.0 cli command "exit"
action 6.0 end

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card