cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

EEM Scripts to Enable/Disable the RLAN Ports on APs Connected to a Cisco Catalyst 9800 Series WLC

1253
Views
10
Helpful
0
Comments

Overview

On the Cisco Catalyst 9800 Series WLC, enabling/disabling the remote LAN (RLAN) ports on APs requires going into the configuration for each AP and manually enabling/disabling the ports. However, as the number of APs that need to have their RLAN ports periodically enabled or disabled increases, the manual process no longer becomes feasible. In order to solve this problem, the process can be automated. One such automation method is to use the Cisco Embedded Event Manager (EEM) built into IOS XE. With the EEM applets, the 9800 will automatically go through all the APs joined to it, and enable/disable the RLAN ports on only the APs that support RLAN.

This guide will cover the following:

  • How to create a CSV file with a list of all the APs joined to the 9800
  • Verifying the CSV file will work with the EEM applets
  • Breakdown of the enabling and disabling EEM applets 

 

Configuration 

Create a CSV File With a List of All the APs Joined to the 9800

For the EEM applets to work, a CSV file with the names of all the APs connected to the 9800 will need to be created. There are multiple methods to get the CSV file, but this guide will cover how to create the file via download from the 9800 WebUI.

To do so, open up a web browser and go to WebUI of the 9800: https://<IP of 9800>/webui/  

Navigate to Monitoring > Wireless > AP Statistics. In the General tab, click on the Excel icon at the top of the table to download the list of all the APs. 

 

RLAN_EEM_01.png

In the Export to Excel popup, select Export All Pages to download the list of all the APs and click Yes. Save the file as an XLSX file.

RLAN_EEM_02.png

Open the file in Excel and delete all the columns except for AP Name.

RLAN_EEM_04.png

Now, delete the first row containing the header, leaving only the AP names.

RLAN_EEM_05.png

To allow the CSV to correctly load and behave as expected in the applet:

  1. Create a new page in the workbook.
  2. Copy all the AP names to the new page.
  3. Delete the original Access Points page.

RLAN_EEM_06.png

Save the new file as a CSV file.

RLAN_EEM_07.png

Now, copy the CSV file to the 9800.

Verifying the CSV File Will Work with the EEM Applets

To ensure that the CSV file used will work correctly, we will be using an EEM applet that will read the CSV file and output the names of the first 10 APs in the listed. If the output is correct, then the CSV file will work with the enabling and disabling applets.

The verification applet is shown below.

event manager applet verify_AP_List_file
 event none
 action 0.0 comment Starting Script: Loading the AP List file and saving it to the AP_LIST Variable
 action 0.1 syslog msg "Enabling Ports on AP"
 action 0.2 file open output_file bootflash:verify_AP_List_file.txt w+
 action 0.3 cli command "enable"
 action 0.4 file puts output_file "Enabling Ports on AP"

 action 1.0 comment Load the CSV file and store it in AP_LIST
 action 1.1 file open list_file bootflash:AP_List_Fixed.csv r
 action 1.2 file read list_file AP_LIST

 action 2.0 comment Iterate through the entire list of APs
 action 2.0.1 se i "0"
 action 2.1 foreach AP "$AP_LIST" "\n"

 action 2.1.1 if $i gt 10
 action 2.1.1.2 break
 action 2.1.1.3 end

 action 2.1.2 file puts output_file "AP $AP should be on a single line"
 action 2.1.3 increment i
 action 2.1.4 end

 action 3.0 comment Close the Files
 action 3.1 file close list_file
 action 3.2 file close output_file

  • Actions 0.0 - 0.4: Opens the file where the outputs will be written to. If the file does not exist, the file will be created. Each time the applet is run, the file will be emptied, so only the outputs from the most recent applet execution will show.
  • Actions 1.0 - 1.2: Loads the CSV file and stores the file contents in the AP_LIST variable.
  • Actions 2.0 - 2.1.4: Iterates over the entire list of APs
    • Action 2.1: The foreach action will iterate over AP_LIST using "\n" as the delimiter.
    • Action 2.1.2: Outputs the AP name as part of a sentence "AP AP_Name should be on a single line".
  • Actions 3.0 - 3.2: Closes the opened files.

The output should match the example below. If it matches, the CSV file is verified to work with the enabling and disabling applets.

WLC#more bootflash:verify_AP_List_file.txt
Enabling Ports on AP
AP AP006C.BCBA.06D8 should be on a single line
AP AP00A2.891C.1678 should be on a single line
AP AP3890.A584.A660 should be on a single line
AP justloo_AP_Bedroom should be on a single line

If the output is like the example below where the characters "o;?" appear in the name of the first AP, the CSV file will need to be opened in a text editor, such as Sublime Text. Create a new CSV file within the text editor and copy the contents of the original CSV file to the new file. Rerun the verification applet and ensure the output is correct.

WLC#more bootflash:verify_AP_List_file.txt
Enabling Ports on AP
AP o;?AP006C.BCBA.06D8 should be on a single line
AP AP00A2.891C.1678 should be on a single line
AP AP3890.A584.A660 should be on a single line
AP justloo_AP_Bedroom should be on a single line

If the output shows the output sentence spanning multiple lines after the AP name, this indicates an issue with the delimiter used in the foreach action in action 2.1. There may be an extra return character added to the end of each AP name, resulting in the incorrect output. To solve this, change the delimiter from "\n" to "\r\n".  Rerun the verification applet and ensure the output is correct.

WLC#more bootflash:verify_AP_List_file.txt
Enabling Ports on AP
AP o;?AP006C.BCBA.06D8
should be on a single line
AP AP00A2.891C.1678
should be on a single line
AP AP3890.A584.A660
should be on a single line
AP justloo_AP_Bedroom should be on a single line

If the output of the verification applet is correct, the CSV file will work with the enabling and disabling applets.

 

Breakdown of the Enabling and Disabling EEM Applets

The EEM applets for the enabling and disabling of RLAN ports are shown below. The 2 applets are virtually identical except for the comments and syslog messages will say "enabling" or "disabling" based on the applet used.

Enabling Applet:

event manager applet enable_LAN_Ports
event none

action 0.0 comment Starting Script: Loading the AP List file and saving it to the AP_LIST Variable
action 0.1 syslog msg "Enabling Ports on AP"
action 0.2 cli command "enable"

action 1.0 comment Load the CSV file and store it in AP_LIST
action 1.1 file open list_file bootflash:AP_List_Fixed.csv r
action 1.2 file read list_file AP_LIST

action 2.0 comment Iterate through the entire list of APs and enable the ports only on the supported RLAN APs
action 2.0.1 foreach AP "$AP_LIST" "\n"
action 2.0.1.1 comment These will be used to check if the AP is one of the supported models. If supports_RLAN is set to 1 the ports will be enabled.
action 2.0.1.2 set supports_RLAN 0

action 2.1 comment Get the model of the current AP
action 2.1.1 cli command "show ap name $AP config general | inc AP Model"
action 2.2 comment Checks to see if the AP model is one of the models that supports RLAN. 

action 2.2.1 regexp "1810W" "$_cli_result"
action 2.2.1.1 if $_regexp_result eq 1

action 2.2.1.2 set supports_RLAN 1
action 2.2.1.3 end

action 2.2.2 regexp "OEAP1810" "$_cli_result"
action 2.2.2.1 if $_regexp_result eq 1
action 2.2.2.2 set supports_RLAN 1
action 2.2.2.3 end

action 2.2.3 regexp "1815T" "$_cli_result"
action 2.2.3.1 if $_regexp_result eq 1
action 2.2.3.2 set supports_RLAN 1
action 2.2.3.3 end

action 2.2.4 regexp "1815W" "$_cli_result"
action 2.2.4.1 if $_regexp_result eq 1
action 2.2.4.2 set supports_RLAN 1
action 2.2.4.3 end

action 2.2.5 regexp "702W" "$_cli_result"
action 2.2.5.1 if $_regexp_result eq 1
action 2.2.5.2 set supports_RLAN 1
action 2.2.5.3 end

action 2.3 comment Checks if supports_RLAN was set to 1. If not, the AP will be skipped.
action 2.3.1 if $supports_RLAN ne 1
action 2.3.2 continue
action 2.3.3 end

action 2.4 comment AP supports RLAN so the ports will be enabled.

action 2.4.1 comment Enable Port 1
action 2.4.1.1 cli command "ap name $AP lan port-id 1 enable"
action 2.4.1.2 syslog msg "Enabled Port 1 on $AP"

action 2.4.2 comment Enable Port 2
action 2.4.2.1 cli command "ap name $AP lan port-id 2 enable"
action 2.4.2.2 syslog msg "Enabled Port 2 on $AP"

action 2.4.3 comment Disable Port 3
action 2.4.3.1 cli command "ap name $AP lan port-id 3 enable"
action 2.4.3.2 syslog msg "Enabled Port 3 on $AP"

action 2.5 end

action 3.0 comment Close the Files
action 3.1 file close list_file

 

Disabling Applet:

event manager applet disable_LAN_Ports
event none
action 0.0 comment Starting Script: Loading the AP List file and saving it to the AP_LIST Variable
action 0.1 syslog msg "Disabling Ports on AP"
action 0.2 cli command "enable"

action 1.0 comment Load the CSV file and store it in AP_LIST
action 1.1 file open list_file bootflash:AP_List_Fixed.csv r
action 1.2 file read list_file AP_LIST

action 2.0 comment Iterate through the entire list of APs and disable the ports only on the supported RLAN APs
action 2.0.1 foreach AP "$AP_LIST" "\n"
action 2.0.1.1 comment These will be used to check if the AP is one of the supported models. If supports_RLAN is set to 1 the ports will be disabled.
action 2.0.1.2 set supports_RLAN 0

action 2.1 comment Get the model of the current AP
action 2.1.1 cli command "show ap name $AP config general | inc AP Model"
action 2.2 comment Checks to see if the AP model is one of the models that supports RLAN.
action 2.2.1 regexp "1810W" "$_cli_result"
action 2.2.1.1 if $_regexp_result eq 1
action 2.2.1.2 set supports_RLAN 1
action 2.2.1.3 end

action 2.2.2 regexp "OEAP1810" "$_cli_result"
action 2.2.2.1 if $_regexp_result eq 1
action 2.2.2.2 set supports_RLAN 1
action 2.2.2.3 end

action 2.2.3 regexp "1815T" "$_cli_result"
action 2.2.3.1 if $_regexp_result eq 1
action 2.2.3.2 set supports_RLAN 1
action 2.2.3.3 end

action 2.2.4 regexp "1815W" "$_cli_result"
action 2.2.4.1 if $_regexp_result eq 1
action 2.2.4.2 set supports_RLAN 1
action 2.2.4.3 end

action 2.2.5 regexp "702W" "$_cli_result"
action 2.2.5.1 if $_regexp_result eq 1
action 2.2.5.2 set supports_RLAN 1
action 2.2.5.3 end

action 2.3 comment Checks if supports_RLAN was set to 1. If not, the AP will be skipped.
action 2.3.1 if $supports_RLAN ne 1
action 2.3.2 continue
action 2.3.3 end

action 2.4 comment AP supports RLAN so the ports will be disabled.

action 2.4.1 comment Disable Port 1
action 2.4.1.1 cli command "ap name $AP lan port-id 1 disable"
action 2.4.1.2 syslog msg "Disabled Port 1 on $AP"

action 2.4.2 comment Disable Port 2
action 2.4.2.1 cli command "ap name $AP lan port-id 2 disable"
action 2.4.2.2 syslog msg "Disabled Port 2 on $AP"

action 2.4.3 comment Disable Port 3
action 2.4.3.1 cli command "ap name $AP lan port-id 3 disable"
action 2.4.3.2 syslog msg "Disabled Port 3 on $AP"

action 2.5 end
action 3.0 comment Close the File
action 3.1 file close list_file

Applet Breakdown:

  • event none: Currently the applet is set to trigger manually. If it needs to be run periodically, this can be changed to fit the deployment.
  • Actions 0.0 - 0.2: Logs a message to indicating the start of the applet and allows the applet to run in global exec mode.
  • Actions 1.0 - 1.2: Loads the CSV file and stores the file contents in the AP_LIST variable.
  • Actions 2.0 - 2.8: Iterates over the entire list of APs and will only change the status of the ports if the AP supports RLAN.
    • Action 2.0.1: The foreach action will iterate over AP_LIST using "\n" as the delimiter.
      • Action 2.0.1.2: Sets the supports_RLAN variable to 0. This will change to 1 only if the current AP supports RLAN.
    • Action 2.1: The model of the current AP is retrieved and stored in the EEM variable $_cli_result.
    • Actions 2.2 - 2.2.5.4: Checks if the AP model is one that supports RLAN (https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-3/config-guide/b_wl_17_3_cg/m_configuring_remote_lans.html) If the current AP supports RLAN, the supports_RLAN variable will be set to 1.
      • If only specific AP models are used at the site, the actions that check for the AP models can either be deleted or added.
    • Actions 2.3 - 2.3.4: If the supports_RLAN variable was not changed to 1 the current AP will be skipped and the applet will continue iterating through the remaining APs.
    • Actions 2.4 - 2.4.4.3: By this point, the AP is verified to be one of the models that support RLAN. The applet will then either enable or disable all 3 LAN ports on the APs, depending on the applet used.
      • If only certain ports need to be enabled or disabled at a time, the actions for the required ports can be deleted or added.
      • The applet will log the current AP and which port was enabled/disabled to syslog.
  • Actions 3.0 - 3.2: Closes the opened files.

 

Monitoring the Applet

The applet will log the current AP and which port was enabled and disabled. This can be seen within syslog and will appear like the example below.

Mar 5 18:02:27.280: %HA_EM-6-LOG: enable_LAN_Port: Enabling Ports on AP
Mar 5 18:02:27.717: %HA_EM-6-LOG: enable_LAN_Port: Enabled Port 1 on AP006C.BCBA.06D8
Mar 5 18:02:27.827: %HA_EM-6-LOG: enable_LAN_Port: Enabled Port 2 on AP006C.BCBA.06D8
Mar 5 18:02:27.938: %HA_EM-6-LOG: enable_LAN_Port: Enabled Port 3 on AP006C.BCBA.06D8
Mar 5 18:02:28.259: %HA_EM-6-LOG: enable_LAN_Port: Enabled Port 1 on AP00A2.891C.1678
Mar 5 18:02:28.370: %HA_EM-6-LOG: enable_LAN_Port: Enabled Port 2 on AP00A2.891C.1678
Mar 5 18:02:28.481: %HA_EM-6-LOG: enable_LAN_Port: Enabled Port 3 on AP00A2.891C.1678
Content for Community-Ad