cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
12049
Views
20
Helpful
9
Replies

Shut down ports not in use for a specified time frame

mbroberson1
Level 3
Level 3

Is there a way to configure a switch (3550, 3560,3750) to disable a switch port if it has not been used for a specified time period such as weeks or months. Say you want the switch to disable switch ports that have been "abandoned". Is this possibe?

Thanks,

Brandon

9 Replies 9

Joe Clarke
Cisco Employee
Cisco Employee

This is possible using the Embedded Event Manager. With EEM, you can track when a port was last used, then dump this information to a file. Anytime a port comes up, you can clear the entry for the port from the file. If a port doesn't come up for a specific time, then it can be administratively shutdown. EEM is available for Desktop switches in 12.2(40)SE and higher. More on EEM can be found at http://www.cisco.com/en/US/docs/ios/12_4t/netmgmt/configuration/guide/t_eemt.html . Some example scripts can be found at http://www.cisco.com/go/ciscobeyond/ .

If you need help building the required policies (I think it would take at least two), let me know.

jbrenesj
Level 3
Level 3

Another idea that has worked for me...

Do a time-range and apply it to a deny all ACL that will be applied to the interface you wan't to disable for a period of time. Something like this:

time-range test

periodic weekend 0:01 to 23:59

!

access-list 105 deny ip any any time-range test

access-list 105 permit ip any any

!

int fa0/8

ip access-group 105 in

This will shutdown ports at specific times, but I think the original idea was to detect unused ports over a period of time, then shut those ports down indefinitely. But I may be wrong.

Leo Laohoo
Hall of Fame
Hall of Fame

Hi Joe,

This info helps alot (+5).

Do you know where I can source the TCL to "With EEM, you can track when a port was last used, then dump this information to a file."?

Thanks!

I don't know any code which already does this, but the attached two EEM Tcl policies should do the trick. They require two EEM environment variables to be set:

event manager environment suspend_ports_days DAYS

event manager environment suspend_ports_config CONFIG

Where DAYS is the number of days before a down port will be considered inactive, and CONFIG is a path to a file on flash. For example:

event manager environment suspend_ports_days 30

event manager environment suspend_ports_config flash:/susp_ports.dat

The config file will be created by the EEM policies.

The timer policy will run every day at 00:00, and handle shutting down inactive ports. The syslog policy will detect link up messages, and remove those ports from the list of down ports.

HI Joe,

I'm not that clued up on the EEM tcl scripting. I did try a few thing but with no luck.

How do I apply the two scripts you added as I tried using the Cisco manual but with errors on the scripts.

Your assistance would be highly appreciated.

Regards     

Clifton

Leo Laohoo
Hall of Fame
Hall of Fame

Hi Joe,

Thanks for that (+5). How about a TCL to tell when the last time the ports was used?

Do you know what platforms support EEM?

A combination of the two scripts should do what you want. That is, run the periodic script to track when a port is down, then the syslog script to mark when the port comes back up. The periodic could optionally send emails or syslogs to indicate how long a port has been idle (or in use). If you need more specific help on this, start a new thread in the Network Management forum.

Hello,

 

I am trying to implement the last script posted in the thread.  Unfortunately, when I paste the script into the tclsh of a 3850, the switch returns multiple errors.  For example:

3850eft-mgig-01(tcl)#if { ![info exists suspend_ports_days] } {

+>    set result "ERROR: Policy cannot be run: variable suspend_ports_days has not been set"

+>    error $result $errorInfo

+>}

can't read "errorInfo": no such variable

 

The majority of the errors are of the "no such variable" type, but there is another, as follows:

3850eft-mgig-01(tcl)#set result [run_cli [list "show ip interface brief | include Ethernet"]]

invalid command name "cli_open"                       ^

% Invalid input detected at '^' marker.

 

I'm guessing the error is on my side, but it would be helpful if you could point me in the right direction.  

 

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: