cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
825
Views
0
Helpful
2
Replies

EEM Script Port-Security Maximum MAC

tmbenne
Level 1
Level 1

I am completely new to EEM scripting. I was curious if anyone can provide an example script that would change the maximum mac-addresses allowed on a switchport to 2 when a Cisco phone is discovered on that port via CDP. It would also be helpful if the script would add the switchport voice vlan command as well.

 

Thanks in advance!

2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

Good example you can see here : Tweak as per the requirement (try only test environment, use script only you understand - this script only for reference).

 

 

event manager applet DETECT_CDP_PHONE
event neighbor-discovery interface regexp .*GigabitEthernet.* cdp add
action 10 puts "CDP Device Type $_nd_cdp_platform detected on Interface $_nd_local_intf_name"
action 20 set result "0"
action 20.1 string equal length 13 "Phone decription*" "$_nd_cdp_platform"
action 20.2 if $_string_result eq 1
action 20.3 set result "1"
action 20.4 end
action 30.1 string equal length 13 "Phone Description*" "$_nd_cdp_platform"
action 30.2 if $_string_result eq 1
action 30.3 set result "1"
action 30.4 end
action 40 if $result eq 1
action 40.1 cli command "enable"
action 40.2 cli command "conf t"
action 40.3 cli command "interface $_nd_local_intf_name"
action 40.4 cli command "YOUR COMMAND"
action 40.5 cli command "YOUR COMMAND"
action 40.6 cli command "YOUR COMMAND"
action 40.7 cli command "YOUR COMMAND"
action 40.8 cli command "description $_nd_cdp_entry_name via EEM_CDP - $_nd_cdp_platform"
action 50 puts "Configured Interface $_nd_short_local_intf_name for PHONE $_nd_cdp_entry_name"
action 60 else
action 70 puts "CDP Neighbor not recognized as PHONE. Doing nothing."
action 99 end

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hello,

 

I have an archived shell policy which in essence does what Balaji has posted. I tweaked it a bit to adapt it to an EEM script. It applies to Cisco IP Phones and also conferencing devices. It also configures anything Ethernet including Fast/Giga/Ten etc...

 

The voice vlan in action 4.5 needs to reflect your own, 20 is just an example.

 

event manager applet CDP_PHONE_DISCOVERY
event neighbor-discovery interface regexp .*Ethernet.* cdp add
action 1 puts "CDP Device Type $_nd_cdp_platform detected on Interface $_nd_local_intf_name"
action 2 set result "0"
action 2.1 string equal length 14 "Cisco IP Phone" "$_nd_cdp_platform"
action 2.2 if $_string_result eq 1
action 2.3 set result "1"
action 2.4 end
action 3.1 string equal length 14 "Cisco IP Confe*" "$_nd_cdp_platform"
action 3.2 if $_string_result eq 1
action 3.3 set result "1"
action 3.4 end
action 4 if $result eq 1
action 4.1 cli command "enable"
action 4.2 cli command "conf t"
action 4.3 cli command "interface $_nd_local_intf_name"
action 4.4 cli command "switchport port-security maximum 2"
action 4.5 cli command "switchport voice vlan 20"
action 5 puts "Configured Interface $_nd_short_local_intf_name for Cisco IP Phone $_nd_cdp_entry_name $_nd_cdp_platform"
action 6 else
action 7 puts "CDP Neighbor not recognized as Cisco IP Phone or conferencing device."
action 8 end