Shut down Port / Vlan / 3560

Answered Question
Dec 29th, 2009

I need to shut down access to the network for a specific time frame.  I would like to do this to a remote switch.  As an example;  Vlan 220 or ports gig 0/1, 0/3-7 and gig 0/9 or if need be the entire switch from ; 1830 - 0100 hours 31 Dec 09.  I am using Putty and SSH.

Thanks

Pat

I have this problem too.
0 votes
Correct Answer by Joe Clarke about 6 years 11 months ago

The examples as written will shutdown the layer 3 VLAN 220 interface on the local switch only.  If those switches are not routing that VLAN, and you want to shutdown the layer 2 VLAN, then replace the interface command with:

"vlan 220"

This, of course, assumes these switches are in VTP transparent mode.  However, if there are other commands you want to run, you can modify the applets accordingly.  Essentially, you can run any CLI commands within an applet that you would normally run manually.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Joe Clarke Tue, 12/29/2009 - 08:58

What version of code is running on the switch in question?  It sounds like a local EEM solution would be best here.

Joe Clarke Tue, 12/29/2009 - 11:21

You could accomplish what you want using two EEM applet policies.  For example, if you configure the following in your switch's config, then interface Vlan 220 will go down at 1830 on 12/31, and come back up at 0100 on 1/1:

event manager applet shutdown-vlan

event timer cron cron-entry "30 18 31 12 *"

action 1.0 cli command "enable"

action 2.0 cli command "config t"

action 3.0 cli command "int vlan220"

action 4.0 cli command "shut"

action 5.0 cli command "end"

event manager applet noshut-vlan

event timer cron cron-entry "0 1 1 1 *"

action 1.0 cli command "enable"

action 2.0 cli command "config t"

action 3.0 cli command "int vlan220"

action 4.0 cli command "no shut"

action 5.0 cli command "end"

You could adapt these examples to shutdown additional ports as required.

CiscoPatMcNamara_2 Tue, 12/29/2009 - 11:41

J,

It appears that these commands can only be run on the Router, in my case 6509, Cisco IOS Software, s72033_rp Software (s72033_rp-ADVIPSERVICESK9_WAN-M), Version 12.2(33)SXH3, RELEASE SOFTWARE (fc1).

I only want to shut down vlan 220 on two remote switches only for the specific time.  Will your provided code shut down the Vlan in the entire network or only the two specific switches, 000.000.000.001 and 000.000.000.002, I need the vlan to stay up on all the other switches.

Thanks

Pat

event manager applet shutdown-vlan
event timer cron cron-entry "30 18 31 12 *"
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "int vlan220"
action 4.0 cli command "shut"
action 5.0 cli command "end"

event manager applet noshut-vlan
event timer cron cron-entry "0 1 1 1 *"
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "int vlan220"
action 4.0 cli command "no shut"
action 5.0 cli command "end"

Correct Answer
Joe Clarke Tue, 12/29/2009 - 11:48

The examples as written will shutdown the layer 3 VLAN 220 interface on the local switch only.  If those switches are not routing that VLAN, and you want to shutdown the layer 2 VLAN, then replace the interface command with:

"vlan 220"

This, of course, assumes these switches are in VTP transparent mode.  However, if there are other commands you want to run, you can modify the applets accordingly.  Essentially, you can run any CLI commands within an applet that you would normally run manually.

CiscoPatMcNamara_2 Tue, 12/29/2009 - 12:25

J,

Is there a particular book you could recommend that a novice could get to assist in the understanding and use of EEM?

Thanks

Pat

yjdabear Wed, 12/30/2009 - 08:56

IDEEM from http://www.nidussoft.com/ is a commercial IDE for EEM: "...syntax checking, event and action wizards, policy management, compatibility verification, event simulation and Tcl policy debugging." It would seem to be a nice aid to EEM novices.

Joe Clarke Wed, 12/30/2009 - 10:33

I've used IDEEM, and if you want to get into Tcl scripting, it's greate for coming up to speed quickly.  However, if you just want to stick with applets, it may be overkill.  I'd say try it out to see if you like it, but they pulled their demo version a while back.

Actions

This Discussion