Shut down ports not in use for a specified time frame

Unanswered Question
Aug 25th, 2009

Is there a way to configure a switch (3550, 3560,3750) to disable a switch port if it has not been used for a specified time period such as weeks or months. Say you want the switch to disable switch ports that have been "abandoned". Is this possibe?

Thanks,

Brandon

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
Joe Clarke Tue, 08/25/2009 - 10:48

This is possible using the Embedded Event Manager. With EEM, you can track when a port was last used, then dump this information to a file. Anytime a port comes up, you can clear the entry for the port from the file. If a port doesn't come up for a specific time, then it can be administratively shutdown. EEM is available for Desktop switches in 12.2(40)SE and higher. More on EEM can be found at http://www.cisco.com/en/US/docs/ios/12_4t/netmgmt/configuration/guide/t_eemt.html . Some example scripts can be found at http://www.cisco.com/go/ciscobeyond/ .

If you need help building the required policies (I think it would take at least two), let me know.

jbrenesj Tue, 08/25/2009 - 12:57

Another idea that has worked for me...

Do a time-range and apply it to a deny all ACL that will be applied to the interface you wan't to disable for a period of time. Something like this:

time-range test

periodic weekend 0:01 to 23:59

!

access-list 105 deny ip any any time-range test

access-list 105 permit ip any any

!

int fa0/8

ip access-group 105 in

Joe Clarke Tue, 08/25/2009 - 13:10

This will shutdown ports at specific times, but I think the original idea was to detect unused ports over a period of time, then shut those ports down indefinitely. But I may be wrong.

Leo Laohoo Tue, 08/25/2009 - 14:37

Hi Joe,

This info helps alot (+5).

Do you know where I can source the TCL to "With EEM, you can track when a port was last used, then dump this information to a file."?

Thanks!

Joe Clarke Tue, 08/25/2009 - 19:28

I don't know any code which already does this, but the attached two EEM Tcl policies should do the trick. They require two EEM environment variables to be set:

event manager environment suspend_ports_days DAYS

event manager environment suspend_ports_config CONFIG

Where DAYS is the number of days before a down port will be considered inactive, and CONFIG is a path to a file on flash. For example:

event manager environment suspend_ports_days 30

event manager environment suspend_ports_config flash:/susp_ports.dat

The config file will be created by the EEM policies.

The timer policy will run every day at 00:00, and handle shutting down inactive ports. The syslog policy will detect link up messages, and remove those ports from the list of down ports.

Clifton Fourie Fri, 05/11/2012 - 06:40

HI Joe,

I'm not that clued up on the EEM tcl scripting. I did try a few thing but with no luck.

How do I apply the two scripts you added as I tried using the Cisco manual but with errors on the scripts.

Your assistance would be highly appreciated.

Regards     

Clifton

Leo Laohoo Tue, 08/25/2009 - 21:04

Hi Joe,

Thanks for that (+5). How about a TCL to tell when the last time the ports was used?

Do you know what platforms support EEM?

Joe Clarke Tue, 08/25/2009 - 23:43

A combination of the two scripts should do what you want. That is, run the periodic script to track when a port is down, then the syslog script to mark when the port comes back up. The periodic could optionally send emails or syslogs to indicate how long a port has been idle (or in use). If you need more specific help on this, start a new thread in the Network Management forum.

Actions

This Discussion