time based port shutdown

Unanswered Question
Apr 7th, 2008

Hi,

Customer wants to use 2 independent networks termiated on one common switch and wants to use the networks based on time. We can have time based ACL but customer wants to have time based port shutdown and no shutdown to get more security.

Please, let me know if this can be done using 3750 or Cisco LMS 2.5 or 2.6.1. If it is then please provide me configuration example for the same.

Thanks and regards,

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cisco_lad2004 Mon, 04/07/2008 - 05:17

To the best of my knowledge this cannot be done, unless you use scripts to make this change.

An IOS way to do this , is as you wrote "time based ACL" (with a policy map).

HTH

Sam

evsrajatgupta Mon, 04/07/2008 - 06:08

Time Based ACL with Dany all on both "in " and "out" direction can do the work but do remember that the traffic generated by the device itself (like routing update) will not be stopped.

cisco_lad2004 Mon, 04/07/2008 - 08:14

ACL on its own might not provide for this requirement , but a QOS service policy match ACL would.

IP local policy route map would take care of local generated traffic.

HTH

anyways, the requirement has excluded ACL altogether.

Sam

Joe Clarke Mon, 04/07/2008 - 08:47

Regardless of IOS version on the switch, this can be done with LMS. You can schedule periodic Netconfig jobs to shut and no shut the port in question. to do this, go to RME > Config Mgmt > Netconfig > Netconfig Jobs, and create a new job. Chose the 3750 in question, and the Adhoc task. Add an instance of the Adhoc task with something like:

interface FastEthernet1/0/1

shut

Then schedule the job to run whenever the shutdown operation needs to run. Repeat the same procedure with the Adhoc commands:

interface FastEthernet1/0/1

no shut

And schedule that job to run whenever the no shut operation needs to be performed.

If, however, you're running IOS 12.2(40)SE or higher on this switch, you can make use of the Embedded Event Manager to do what you want. When using EEM, you'll want to create two applet timer policies. Something like this should work. The port will be shutdown every day at midnight, and brought back up every day at 8 am.

event manager applet shutdown_port

event timer cron cron-entry "0 0 * * *"

action 1.0 cli command "enable"

action 2.0 cli command "config t"

action 3.0 cli command "interface FastEthernet1/0/1"

action 4.0 cli command "shut"

action 5.0 cli command "end"

action 6.0 syslog msg "Interface FastEthernet1/0/1 has been shutdown"

event manager applet noshut_port

event timer cron cron-entry "0 8 * * *"

action 1.0 cli command "enable"

action 2.0 cli command "config t"

action 3.0 cli command "interface FastEthernet1/0/1"

action 4.0 cli command "no shut"

action 5.0 cli command "end"

action 6.0 syslog msg "Interface FastEthernet1/0/1 has been restored"

In order for these applets to work correctly, you will need NTP configured on this switch.

Actions

This Discussion