TcL Script to shut down port on a time schedule

Answered Question
Aug 16th, 2016
User Badges:
  • Blue, 1500 points or more

Is there a way to have a TcL script shut and no shut ports on a schedule? for example; shut down the ports at 7:00am and no shut the port at 3:30pm?


Thanks,

Mike

Correct Answer by Joe Clarke about 8 months 1 week ago

You'll need this:

puts [open "flash:shut_ports.tcl" w] {set ports [lindex $argv 0]
ios_config "int $ports" "shut" "end"
}
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (5 ratings)
Loading.
burleyman Tue, 08/16/2016 - 07:11
User Badges:
  • Blue, 1500 points or more

Here is what I was going to try that I found.

event manager applet shutdown-IntGi1-1

 event timer cron cron-entry "0 7 * * *"

 action 1.0 cli command "enable"

 action 2.0 cli command "config t"

 action 3.0 cli command "interface gi1/1"

 action 4.0 cli command "shut"

 action 5.0 cli command "end"

event manager applet no-shut-IntGi1-1

 event timer cron cron-entry "0 1530 * * *"

 action 1.0 cli command "enable"

 action 2.0 cli command "config t"

 action 3.0 cli command "interface gi1/1"

 action 4.0 cli command "no shut"

 action 5.0 cli command "end"


Would this work?


Mike


burleyman Tue, 08/16/2016 - 08:07
User Badges:
  • Blue, 1500 points or more

Yes, that is where I found this.

I got mixed up on TcL and EEM, sorry very new to both of these.


I have a 2960-x that I need to shut some ports down between 7:00am and 3:30pm can this be done on this switch with either TcL or EEM?


Mike

Joe Clarke Tue, 08/16/2016 - 08:10
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

The 2960-X does not support full EEM.  Have a look at the "kron" commands.  This will allow you to schedule these same commands without Tcl.

burleyman Tue, 08/16/2016 - 08:46
User Badges:
  • Blue, 1500 points or more

Here is what I am going to test now.

kron policy-list policy_IntShut
cli config t
cli interface Gi1/0/1
cli shut
exit

kron policy-list policy_IntNoShut
cli config t
cli interface Gi1/0/1
cli no shut
exit


kron occurrence policy_IntShut at 16:00 tue recurring
no policy-list policy_IntShut
exit

kron occurrence policy_IntNoShut at 18:30 tue recurring
no policy-list policy_IntNoShut
exit


burleyman Tue, 08/16/2016 - 10:12
User Badges:
  • Blue, 1500 points or more

Sorry I had no in the above post. This is what I was entering.


kron policy-list policy_IntShut
cli config t
cli interface Gi1/0/1
cli shut
exit

kron policy-list policy_IntNoShut
cli config t
cli interface Gi1/0/1
cli no shut
exit


kron occurrence policy_IntShut at 16:00 tue recurring
policy-list policy_IntShut
exit

kron occurrence policy_IntNoShut at 18:30 tue recurring
policy-list policy_IntNoShut
exit

burleyman Tue, 08/16/2016 - 10:31
User Badges:
  • Blue, 1500 points or more

Just tested and it does not work, am I missing something?

Joe Clarke Tue, 08/16/2016 - 10:39
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

I haven't used kron in a while, and I got used to the NX-OS scheduler.  Kron doesn't work with config commands.  You'll need to use a kron with a Tcl script.  Your Tcl scripts should have:

ios_config "int gi1/0/1" "shut" "end"

===

ios_config "int gi1/0/1" "no shut" "end"


Then you can schedule the script to run with the "tclsh flash:/path/to/script" CLI command.

burleyman Tue, 08/16/2016 - 11:59
User Badges:
  • Blue, 1500 points or more

Ok I will see if I can figure it out. I have never programmed TcL but I will give it a go.


Mike

burleyman Tue, 08/16/2016 - 13:21
User Badges:
  • Blue, 1500 points or more

Switch#tclsh
Switch(tcl)#puts [open "flash:shut_port.tcl" w+] "set ports [lindex argv 0] \n ios_config "int $ports" "shut" "end"
Switch(tcl)#exit
Switch#wr mem

Than to call the script at a certain time configura this.

kron policy-list policy_IntShut
tclsh flash:shut_port.tcl "Gi1/0/1"


Does this look right?

Correct Answer
Joe Clarke Tue, 08/16/2016 - 14:22
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

You'll need this:

puts [open "flash:shut_ports.tcl" w] {set ports [lindex $argv 0]
ios_config "int $ports" "shut" "end"
}
burleyman Wed, 08/17/2016 - 03:58
User Badges:
  • Blue, 1500 points or more

Thank you. I will give it a go.


Mike

burleyman Wed, 08/17/2016 - 05:24
User Badges:
  • Blue, 1500 points or more

It worked swimmingly, thank you for your help. I do have a some questions....

I understand the puts [open "flash:shut_ports.tcl" w] puts the file to flash but what does the "w" do?

Also what does the line set ports [lindex $argv 0] mean?

lindex means?

$argv 0 means?


the line ios_config "int $ports" "shut" "end" I think I get, this lets it know this is an ios configuration and the $ports is the port that is called out in the line cli tclsh flash:shut_ports.tcl "Gi1/0/1"


Now for the kron occurrence part, is there an easy way to schedule this say Monday through Friday with out creating a separate kron occurrence for each day?


Again thank you for your help.


Here is my end configuration.

!This will create a TcL script and save it to flash
!and it will shut down port Gi1/0/1 at 11:30 every Wednesday
!
tclsh
puts [open "flash:shut_ports.tcl" w] {
set ports [lindex $argv 0]
ios_config "int $ports" "shut" "end"
}
tclquit
config t

kron policy-list policy_IntShut
cli tclsh flash:shut_ports.tcl "Gi1/0/1"

kron occurrence policy_IntShut at 11:30 Wed recurring
policy-list policy_IntShut

exit
exit
wr mem
**************************************************
!This will create a TcL script and save it to flash
!and it will no shut the port Gi1/0/1 at 11:32 every Wednesday
!
tclsh
puts [open "flash:No_shut_ports.tcl" w] {
set ports [lindex $argv 0]
ios_config "int $ports" "no shut" "end"
}
tclquit
config t

kron policy-list policy_IntNoShut
cli tclsh flash:No_shut_ports.tcl "Gi1/0/1"

kron occurrence policy_IntNoShut at 11:32 Wed recurring
policy-list policy_IntNoShut

exit
exit
wr mem


Joe Clarke Wed, 08/17/2016 - 07:41
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

The 'w' means open the file for writing and create a new file if it doesn't exist.

The lindex command pulls out an element from a list (element 0 in this case).

$argv is the argument vector passed to the script at execution time.

To schedule every day at a specific time, use:

occurrence NAME at 11:32 recurring

Just don't specify a day.

burleyman Fri, 08/19/2016 - 05:53
User Badges:
  • Blue, 1500 points or more

Thanks for your help.


Mike

Joe Clarke Thu, 01/19/2017 - 17:48
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

You can create a list of ports and iterate through it.  For example, using the applet example here, you can do something like:

set ports "Gi0/1 Gi0/2 Gi0/3"

foreach port $ports

 cli command "int $port"

 cli command "shut"

end

alimpervizi Fri, 01/20/2017 - 07:19
User Badges:

Joe,


Is the example that you provided for a switch that has EEM support?


I have 2960-S and 2960-X and it doesn't have EEM support.


I am trying to make the following to work, but is is not working. What need to be changed?


Thanks


tclsh
puts [open "flash:shutdown_ports.tcl" w] {set ports [lindex $argv 0]
ios_config "int range $ports" "shut" "end"
}
tclquit
config t
kron policy-list policy_ShutdownPorts
cli tclsh flash:shutdown_ports.tcl "Gi1/0/1 - 18"
exit
kron occurrence policy_ShutdownPorts at 23:30 recurring
policy-list policy_ShutdownPorts

____________________________________________________________________

tclsh
puts [open "flash:No_shutdown_ports.tcl" w] {set ports [lindex $argv 0]
ios_config "int range $ports" "no shut" "end"
}
no
tclquit
config t
kron policy-list policy_NOShutdownPorts
cli tclsh flash:No_shutdown_ports.tcl "Gi1/0/1 - 18"
exit
kron occurrence policy_NOShutdownPorts at 23:31 recurring
policy-list policy_NOShutdownPorts

Joe Clarke Sun, 01/22/2017 - 11:32
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

The code looks fine to me, but tclsh doesn't work well with AAA.  If you have AAA command authz on this switch, it may not work as the user running the script isn't authorized to run the commands.

That said, since you really didn't provide any details as to what "doesn't work" means, it could be that the switch's clock is not what you think it is, or there is some other issue preventing the ports from being manipulated as a range.

Leo Laohoo Thu, 03/02/2017 - 15:54
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

2960-X and it doesn't have EEM support.

Starting with 15.2(4)E, 2960X/XR will support EEM. 

Read THIS.

Actions

This Discussion