04-07-2008 03:34 AM - edited 03-03-2019 09:26 PM
Hi,
Customer wants to use 2 independent networks termiated on one common switch and wants to use the networks based on time. We can have time based ACL but customer wants to have time based port shutdown and no shutdown to get more security.
Please, let me know if this can be done using 3750 or Cisco LMS 2.5 or 2.6.1. If it is then please provide me configuration example for the same.
Thanks and regards,
04-07-2008 05:17 AM
To the best of my knowledge this cannot be done, unless you use scripts to make this change.
An IOS way to do this , is as you wrote "time based ACL" (with a policy map).
HTH
Sam
04-07-2008 06:08 AM
Time Based ACL with Dany all on both "in " and "out" direction can do the work but do remember that the traffic generated by the device itself (like routing update) will not be stopped.
04-07-2008 08:14 AM
ACL on its own might not provide for this requirement , but a QOS service policy match ACL would.
IP local policy route map would take care of local generated traffic.
HTH
anyways, the requirement has excluded ACL altogether.
Sam
04-07-2008 06:02 AM
If you have a 3750 "Metro" switch, you can use EEM supported under 12.2(40)SE
http://www.cisco.com/en/US/products/ps6815/products_ios_protocol_group_home.html
HTH,
__
Edison.
04-07-2008 08:47 AM
Regardless of IOS version on the switch, this can be done with LMS. You can schedule periodic Netconfig jobs to shut and no shut the port in question. to do this, go to RME > Config Mgmt > Netconfig > Netconfig Jobs, and create a new job. Chose the 3750 in question, and the Adhoc task. Add an instance of the Adhoc task with something like:
interface FastEthernet1/0/1
shut
Then schedule the job to run whenever the shutdown operation needs to run. Repeat the same procedure with the Adhoc commands:
interface FastEthernet1/0/1
no shut
And schedule that job to run whenever the no shut operation needs to be performed.
If, however, you're running IOS 12.2(40)SE or higher on this switch, you can make use of the Embedded Event Manager to do what you want. When using EEM, you'll want to create two applet timer policies. Something like this should work. The port will be shutdown every day at midnight, and brought back up every day at 8 am.
event manager applet shutdown_port
event timer cron cron-entry "0 0 * * *"
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "interface FastEthernet1/0/1"
action 4.0 cli command "shut"
action 5.0 cli command "end"
action 6.0 syslog msg "Interface FastEthernet1/0/1 has been shutdown"
event manager applet noshut_port
event timer cron cron-entry "0 8 * * *"
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "interface FastEthernet1/0/1"
action 4.0 cli command "no shut"
action 5.0 cli command "end"
action 6.0 syslog msg "Interface FastEthernet1/0/1 has been restored"
In order for these applets to work correctly, you will need NTP configured on this switch.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide