Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2893
Views
3
Helpful
30
Replies

EEM Script to shutdown multiple ports

Go to solution
swapsakker
Level 1
Level 1

‎03-16-2023 05:35 AM - edited ‎03-16-2023 06:16 AM

Im trying to make a script to find connected ports in vlan 1 and reset them. It should run when in IP SLA is trickert.

But can't get it to work and im not quiet the programmer.

Here what I have:

event manager applet SHUTDOWN
event timer countdown time 10
action 101 cli command "enable"
action 102 wait 10
action 103 syslog msg "-- Checking for VLAN 1 Ports --"
action 104 cli command "show interfaces status vlan 1 | exclude notconnect|trunk"
action 105 set ports $_cli_result
action 106 syslog msg "-- Shutting Down VLAN 1 Ports --"
action 110 foreach port "$ports" "\n"
action 111 cli command "enable"
action 112 cli command "config t"
action 113 cli command "interface $port"
action 114 cli command "shutdown"
action 115 cli command "end"
action 121 cli command "enable"
action 122 cli command "config t"
action 123 cli command "interface $port"
action 124 cli command "no shutdown"
action 125 cli command "end"
action 126 end

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Dan Frey
Cisco Employee
Cisco Employee

‎03-16-2023 11:41 AM

Add regexp and removed some redundancy and it is working on my 3750X.   You will need to update the show command (my 3750 did not recognize it) and the event type.   

event manager applet SHUTDOWN
 event none maxrun 30
 action 101 cli command "enable"
 action 103 syslog msg "-- Checking for VLAN 1 Ports --"
 action 104 cli command "show interfaces status | exclude notconnect|trunk|Type"
 action 106 syslog msg "-- Shutting Down VLAN 1 Ports --"
 action 107 foreach line "$_cli_result" "\n"
 action 108  regexp "(^[a-zA-Z0-9\/]+)" "$line" match port
 action 109  cli command "config t"
 action 115  if $_regexp_result eq 1
 action 120   puts "port = $port"
 action 140   cli command "interface $port"
 action 150   cli command "shutdown"
 action 160   cli command "wait 4"
 action 170   cli command "no shutdown"
 action 180  end
 action 190 end

 

C3750X-G#event manager run SHUTDOWN
port = Gi1/0/20
port = Gi1/0/25
port = C3750X

*Mar 29 02:22:18.785: %HA_EM-6-LOG: SHUTDOWN: -- Checking for VLAN 1 Ports --
*Mar 29 02:22:18.953: %HA_EM-6-LOG: SHUTDOWN: -- Shutting Down VLAN 1 Ports --
C3750X-G#
*Mar 29 02:22:21.117: %SYS-5-CONFIG_I: Configured from console by vty1
*Mar 29 02:22:21.402: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/20, changed state to down
*Mar 29 02:22:22.233: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/25, changed state to down
*Mar 29 02:22:23.264: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/25, changed state to down
*Mar 29 02:22:23.533: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/20, changed state to up
*Mar 29 02:22:25.554: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/25, changed state to up
*Mar 29 02:22:26.561: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/25, changed state to up

 

 

 

View solution in original post

30 Replies 30

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-16-2023 05:49 AM

some times i see some challanges  on EEM Script like the one you looking.

i would use out of the box Python script for this kind of task (Hope this is one time).

you can use example :

from netmiko import ConnectHandler
from textfsm import TextFSM
from netmiko.ssh_exception import NetMikoTimeoutException
from paramiko.ssh_exception import SSHException
from netmiko.ssh_exception import AuthenticationException

with open ('devices.txt') as routers:
for IP in routers:
Router = {
'device_type': 'cisco_ios',
'ip' : IP,
'username': 'user',
'password': 'passwprd'
}

try:
net_connect = ConnectHandler(**Router)
except (NetMikoTimeoutException):
print ('Timeout to device' + IP)
continue


netconnect = ConnectHandler(**Router)
print('-'*79)
output = netconnect.send_command('show int status',use_textfsm=True)
for i in output:
if i["vlan"] == "1" and i["status"] == "connected":
config_set = ['interface ' + i["port"], 'shutdown']
x = netconnect.send_config_set(config_set)
print(output)
print()
print('-'*79)

netconnect.disconnect()

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
swapsakker
Level 1
Level 1
In response to balaji.bandi

‎03-16-2023 06:16 AM

Thanks, but has to run on the switch.
Just changed a bit in my post.

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to swapsakker

‎03-16-2023 07:08 AM

No that should run out of the box.

is this one time you looking to run ?  or always run on the switch ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
swapsakker
Level 1
Level 1
In response to balaji.bandi

‎03-16-2023 07:10 AM

It should run everytime the switch has lost connection to 2 ip's and one of the comes back up

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to swapsakker

‎03-16-2023 08:44 AM 

It should run everytime the switch has lost connection to 2 ip's and one of the comes back up

Can you elaboprate more ? not that i have understood this ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
swapsakker
Level 1
Level 1
In response to balaji.bandi

‎03-16-2023 08:48 AM

The switch should monitor two ip's (Radius servers).
When both is down and just one comes back up, ist should find connected access ports in vlan 1, shotdown the ports and then no shut them again.

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to swapsakker

‎03-16-2023 10:10 AM 

Im trying to make a script to find connected ports in vlan 1 and reset them. It should run when in IP SLA is trickert.

I was just reading your Orginal post, looks like the one before now changed, so based on SLA track and message you like to shutdown all the ports belong to VLAN1 ? and you want bring them up when ?

can you post full Logs of SLA track messages and config bit ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
swapsakker
Level 1
Level 1
In response to balaji.bandi

‎03-16-2023 10:19 AM

The ip sla is working, but in the future I would perfer a complete EEM scripte for to ip monitor also.

track 1 ip sla 1 reachability
track 2 ip sla 2 reachability
track 3 list boolean and
object 1
object 2
delay down 60
exit
!
ip sla 1
icmp-echo 10.1.1.11 source-interface vlan 65
frequency 10
exit
ip sla schedule 1 life forever start-time now
!
ip sla 2
icmp-echo 10.1.1.12 source-interface vlan 65
frequency 10
exit
ip sla schedule 2 life forever start-time now
!
event manager applet RADIUS-MONITOR
event syslog pattern "%TRACK-6-STATE: 3 list boolean and Down -> Up"
action 101 cli command "enable"
action 102 wait 10
action 104 cli command "show interfaces status vlan 1 | exclude notconnect|trunk"
action 105 set ports $_cli_result
action 110 foreach port "$ports" "\n"
action 111 cli command "enable"
action 112 cli command "config t"
action 113 cli command "interface $port"
action 114 cli command "shutdown"
action 115 cli command "end"
action 116 wait 5
action 120 foreach port in $ports
action 121 cli command "enable"
action 122 cli command "config t"
action 123 cli command "interface $port"
action 124 cli command "no shutdown"
action 125 cli command "end"
action 126 end

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to swapsakker

‎03-16-2023 10:26 AM

by the way what device and IOS code of the device running ?

Are you sure you looking to shutdown all the ports belong to VLAN 1 ? ( what is the reason)

Generally we only shutdown WAN ports - shut and not shut, Looks like different use case i am seeing here ?

can you post the output of the below :

show interfaces status vlan 1 | exclude notconnect|trunk

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
swapsakker
Level 1
Level 1
In response to balaji.bandi

‎03-16-2023 10:31 AM

Primary on 9000K switches

#show interfaces status vlan 1 | exclude notconnect|trunk

Port Name Status Vlan Duplex Speed Type
Gi1/0/24 connected 1 a-full a-100 10/100/1000BaseTX

The use case is, when radius connection is lost, some devices switch back to default vlan 1, and do not reauthenticate when radius is back up. So they need a shut and no shut.

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to swapsakker

‎03-16-2023 11:13 AM - edited ‎03-16-2023 11:22 AM

Thank you for Clarification - That is not a good practice, why not have multiple radius servers ? for the best practive -

Now i know your use case, let me see your EEM script and suggest what best - mean time have a look below thread  (tweak the EEM based on your requirement)  - let test that script also and let you know the outcome.

https://community.cisco.com/t5/networking-knowledge-base/automatically-set-port-descriptions/ta-p/3119769/page/5/show-comments/true

Other Note : what IOX XE running on Cat 9K (what model) - If this is Cat 9300 - you can host Docker and run Pyhon script.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
swapsakker
Level 1
Level 1
In response to balaji.bandi

‎03-16-2023 11:19 AM - edited ‎03-16-2023 11:23 AM

We have multiple radius serveers, but sometimes we have to update ios or location has power outage or connection problems.

It will be used for 9300, 9200 and 9200cx.

And thanks for your time

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎03-16-2023 10:17 AM

event syslog pattern "%LINK-3-UPDOWN: Interface GiXXXXXXXXX y/y, changed state to down" 
all your line is action, you must detect the LINK down then apply action. 

0 Helpful

Go to solution
Dan Frey
Cisco Employee
Cisco Employee

‎03-16-2023 11:41 AM

Add regexp and removed some redundancy and it is working on my 3750X.   You will need to update the show command (my 3750 did not recognize it) and the event type.   

event manager applet SHUTDOWN
 event none maxrun 30
 action 101 cli command "enable"
 action 103 syslog msg "-- Checking for VLAN 1 Ports --"
 action 104 cli command "show interfaces status | exclude notconnect|trunk|Type"
 action 106 syslog msg "-- Shutting Down VLAN 1 Ports --"
 action 107 foreach line "$_cli_result" "\n"
 action 108  regexp "(^[a-zA-Z0-9\/]+)" "$line" match port
 action 109  cli command "config t"
 action 115  if $_regexp_result eq 1
 action 120   puts "port = $port"
 action 140   cli command "interface $port"
 action 150   cli command "shutdown"
 action 160   cli command "wait 4"
 action 170   cli command "no shutdown"
 action 180  end
 action 190 end

 

C3750X-G#event manager run SHUTDOWN
port = Gi1/0/20
port = Gi1/0/25
port = C3750X

*Mar 29 02:22:18.785: %HA_EM-6-LOG: SHUTDOWN: -- Checking for VLAN 1 Ports --
*Mar 29 02:22:18.953: %HA_EM-6-LOG: SHUTDOWN: -- Shutting Down VLAN 1 Ports --
C3750X-G#
*Mar 29 02:22:21.117: %SYS-5-CONFIG_I: Configured from console by vty1
*Mar 29 02:22:21.402: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/20, changed state to down
*Mar 29 02:22:22.233: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/25, changed state to down
*Mar 29 02:22:23.264: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/25, changed state to down
*Mar 29 02:22:23.533: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/20, changed state to up
*Mar 29 02:22:25.554: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/25, changed state to up
*Mar 29 02:22:26.561: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/25, changed state to up

 

 

 

Customers Also Viewed These Support Documents