I've looked around on the Cisco support forums for EEM scripts that can help me automatically configure switch ports for Cisco Access Points by utilizing CDP neighbours and found various forums where this is discussed however I didn't see a complete end to end illustration of how the script will look like as a whole. By going through the forums, I've built up a script to do exactly that, a big shout out should go to @Joe Clarke for his contributions in the forums with EEM!
In this illustration, I've deployed this EEM script on a Cisco 2960X switch, also ensure you are running the latest IOS software that will support all the EEM features.
I've required the EEM script to do the following automated tasks:
Assign descriptions to Access Points and trunk links to neighbouring switches.
Configure switch ports to the correct VLAN when Access Point connects to it.
Undo access point configuration and reconfigure the port for normal end clients if the port is down for more than 2 minutes.
The last mentioned task is just in case someone moves the AP's network cable several times across the switch, which will result in multiple ports still stuck on the VLAN configuration for the AP and therefore providing end client the incorrect VLAN.
EEM Script for CDP Port Configuration
event manager applet auto-update-port-description authorization bypass description "Auto-update port-description based on CDP neighbor info" event neighbor-discovery interface regexp .*GigabitEthernet[1-9]/[0-9]/[0-9]+$ cdp add action 0.0 comment "Event line regexp: Deside which interface to auto-update description on" action 1.0 comment "Verify CDP neighbor to be Switch or Router" action 1.1 regexp "(Switch|Router|AIR)" "$_nd_cdp_capabilities_string" action 1.2 if $_regexp_result eq "1" action 2.0 comment "Trim domain name" action 2.1 regexp "^([^\.]+)" "$_nd_cdp_entry_name" match host action 3.0 comment "Convert long interface name to short" action 3.1 string first "Ethernet" "$_nd_port_id" action 3.2 if $_string_result eq "7" action 3.21 string replace "$_nd_port_id" 0 14 "Gi" action 3.3 elseif $_string_result eq 10 action 3.31 string replace "$_nd_port_id" 0 17 "Te" action 3.4 elseif $_string_result eq 4 action 3.41 string replace "$_nd_port_id" 0 11 "Fa" action 3.5 end action 3.6 set int "$_string_result" action 4.0 comment "Check old description if any, and do no change if same host:int" action 4.1 cli command "enable" action 4.11 cli command "config t" action 4.2 cli command "do show interface $_nd_local_intf_name | incl Description:" action 4.21 set olddesc "<none>" action 4.22 set olddesc_sub1 "<none>" action 4.23 regexp "Description: ([a-zA-Z0-9:/\-]*)([a-zA-Z0-9:/\-\ ]*)" "$_cli_result" olddesc olddesc_sub1 action 4.24 if $olddesc_sub1 eq "$host:$int" action 4.25 syslog msg "EEM script did NOT change desciption on $_nd_local_intf_name, since remote host and interface is unchanged" action 4.26 exit 10 action 4.27 end action 4.3 cli command "interface $_nd_local_intf_name" action 4.4 cli command "description LINK TO: $host:$int" action 4.5 cli command "do write" action 4.6 syslog msg "EEM script updated description on $_nd_local_intf_name from $olddesc to Description: $host:$int and saved config" action 5.0 end action 6.0 exit
I have being reading about OFDMA & MU-MIMO:
MU-MIMO -> An AP can talk to more than one device at the same time
OFDMA -> An AP can divide a channel in different chunks to talk with multiple devices at a time (with less ...
I'm having trouble getting an L2 ACL to work on the Cat9800 on XE 16.11.1cI have a WLAN policy profile called nm-test-policy with a specific layer2/datalink acl defined in the running config: wireless profile policy nm-test-policyaaa-overrideautoqos ...
Hi All I have been working on existing WLC 2500 with a single individual interface with a handful wlan Ids.The interface is the management 192.168.120.0/25 192.168.121.10 the management interfaceI wanted to create an additional ID that would be dishi...
Hello All. i have 3 AP's cisco aironet 1815i (A, B, C) A is the controller.A and B working perfectly i can get an ip from dhcp and i can access my Network and the internet either,but the problem is with C i can access it with SSH connection and...
Hi all, I managed to block specific machines from connecting to my ssid by blocking their mac addresses on my 3504 WLC via "security->AAA->Disabld CLients->Manual Disable" I also manage to verify the logs via CLI using "client debug mac...