Re: Timed automatic shutdown of a port?

andrewjinks · ‎06-13-2019

We have to reserve space in a conference room for about a week that is shared by others not on the team. The ports available in that room can only be used by the people occupying that space from our team, so we'd like to restrict those ports to those users during the time they will be using the room. Therefore, I'm looking for a way to shut those switch ports down at a certain time - when they are scheduled to be finished for the day. The tricky-er part of this is scheduling them to come up at a certain time, if that's possible - when they are scheduled to start in the morning. If that has to be done manually then it may be a moot point to have them shut down automatically, also, since we may not be available in the morning to enable the ports manually. I'm looking at port security options but I'm not sure how to properly achieve this goal. Any suggestions? Perhaps a time-based ACL? Is this possible?

Georg Pauwen · ‎06-13-2019

Hello,

you could use an EEM script with a cron timer. In the example below, the port would be shut each day at 4PM, and unshut at 8AM:

event manager applet SHUT_PORT
event timer cron cron-entry "0 16 * * *"
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "interface FastEthernet0/0""
action 4.0 cli command "shut"
!
event manager applet UNSHUT_PORT
event timer cron cron-entry "0 8 * * *"
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "interface FastEthernet0/0""
action 4.0 cli command "no shut"

luis_cordova · ‎06-13-2019

Hi @andrewjinks ,

I leave this link to try with Time-based ACL:

https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html#timebasedtimerange

Regards