12-29-2009 08:42 AM
I need to shut down access to the network for a specific time frame. I would like to do this to a remote switch. As an example; Vlan 220 or ports gig 0/1, 0/3-7 and gig 0/9 or if need be the entire switch from ; 1830 - 0100 hours 31 Dec 09. I am using Putty and SSH.
Thanks
Pat
Solved! Go to Solution.
12-29-2009 11:48 AM
The examples as written will shutdown the layer 3 VLAN 220 interface on the local switch only. If those switches are not routing that VLAN, and you want to shutdown the layer 2 VLAN, then replace the interface command with:
"vlan 220"
This, of course, assumes these switches are in VTP transparent mode. However, if there are other commands you want to run, you can modify the applets accordingly. Essentially, you can run any CLI commands within an applet that you would normally run manually.
12-29-2009 08:58 AM
What version of code is running on the switch in question? It sounds like a local EEM solution would be best here.
12-29-2009 10:30 AM
Ver 12.2(50)SE3, I am not familar with EEM.
12-29-2009 11:21 AM
You could accomplish what you want using two EEM applet policies. For example, if you configure the following in your switch's config, then interface Vlan 220 will go down at 1830 on 12/31, and come back up at 0100 on 1/1:
event manager applet shutdown-vlan
event timer cron cron-entry "30 18 31 12 *"
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "int vlan220"
action 4.0 cli command "shut"
action 5.0 cli command "end"
event manager applet noshut-vlan
event timer cron cron-entry "0 1 1 1 *"
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "int vlan220"
action 4.0 cli command "no shut"
action 5.0 cli command "end"
You could adapt these examples to shutdown additional ports as required.
12-29-2009 11:41 AM
J,
It appears that these commands can only be run on the Router, in my case 6509, Cisco IOS Software, s72033_rp Software (s72033_rp-ADVIPSERVICESK9_WAN-M), Version 12.2(33)SXH3, RELEASE SOFTWARE (fc1).
I only want to shut down vlan 220 on two remote switches only for the specific time. Will your provided code shut down the Vlan in the entire network or only the two specific switches, 000.000.000.001 and 000.000.000.002, I need the vlan to stay up on all the other switches.
Thanks
Pat
event manager applet shutdown-vlan
event timer cron cron-entry "30 18 31 12 *"
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "int vlan220"
action 4.0 cli command "shut"
action 5.0 cli command "end"
event manager applet noshut-vlan
event timer cron cron-entry "0 1 1 1 *"
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "int vlan220"
action 4.0 cli command "no shut"
action 5.0 cli command "end"
12-29-2009 11:48 AM
The examples as written will shutdown the layer 3 VLAN 220 interface on the local switch only. If those switches are not routing that VLAN, and you want to shutdown the layer 2 VLAN, then replace the interface command with:
"vlan 220"
This, of course, assumes these switches are in VTP transparent mode. However, if there are other commands you want to run, you can modify the applets accordingly. Essentially, you can run any CLI commands within an applet that you would normally run manually.
12-29-2009 12:20 PM
J,
Once again THANK YOU.......
Pat
12-29-2009 12:25 PM
J,
Is there a particular book you could recommend that a novice could get to assist in the understanding and use of EEM?
Thanks
Pat
12-29-2009 12:27 PM
Not yet. The best place for information now is the Cisco.com docs:
12-30-2009 08:56 AM
IDEEM from http://www.nidussoft.com/ is a commercial IDE for EEM: "...syntax checking, event and action wizards, policy management, compatibility verification, event simulation and Tcl policy debugging." It would seem to be a nice aid to EEM novices.
12-30-2009 10:33 AM
I've used IDEEM, and if you want to get into Tcl scripting, it's greate for coming up to speed quickly. However, if you just want to stick with applets, it may be overkill. I'd say try it out to see if you like it, but they pulled their demo version a while back.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: