pull disconnected interfaces with last input higher than 10week on a switch with EEM script

Unanswered Question
Mar 6th, 2017
User Badges:

hello Guys,

I need your help please,

I am asked to secure our LAN by pulling all disconnected users interfaces with a last input higher than 10weeks in first step and shut them down LATER

Is that possible with EEM script to browse interfaces on a switch and pull the ones concerted  then send the result to a file on the flash :

otherwise, Is there any other way please .

I never worked with EEM so far

Thanks for helping me.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
hi.sadiki Thu, 03/09/2017 - 08:18
User Badges:

Hello Joe,

thanks  for your help,

I have basic skills and i coudn't enter the script.

i did 

event manager environment test::cisco::eem::event_register_syslog pattern "LINEPROTO-5-UPDOWN" maxrun 600

But its always taking only the last line i entered.

How can i enter the script please ?


Thanks again for helping me

Joe Clarke Sun, 03/19/2017 - 06:51
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Since you care about last data on an interface, you don't need the syslog policy that matches on interfaces coming up.  Instead you could do everything you need with the timer policy.  I'm attaching the original here for you.

Attachment: 
hi.sadiki Wed, 03/22/2017 - 07:33
User Badges:

Hello Joseph,

I tryed to follow what you showed me.

- I created a  "policies" directory on flash and copy the script tm_suspend_ports.txt to it.

- Register the script using the following commands

(config)#event manager directory user policy flash:/policies

(config)#event manager policy tm_suspend_ports.tcl

Is that all it need, or is there any other steps ?

How can I enter the number of days which after the ports will go down  please ?

I  thank you

Joe Clarke Wed, 03/22/2017 - 07:51
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

This is all that's needed to register this policy as-is.  But you will need to make changes to add support for your specific use case of looking at last packet input.  The code as it stands now looks for ports that are operational down.  You'll need to add the code that looks at the "show interface" output to see when the last input was.

To set the number of days, configure:

event manager environment suspend_ports_days NUM_DAYS

hi.sadiki Thu, 03/23/2017 - 13:14
User Badges:

hello Joe,

On forums, i saw that some people said that I need my switch to be connected to tacacs, otherwise it won't work.

I am doing my tests on a isolated switch that works with a local username.

Would it be a problem you think ?

Joe Clarke Fri, 03/24/2017 - 11:15
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Not at all. It will work better since you do not need the roundtrip to the AAA server.

hi.sadiki Tue, 04/04/2017 - 01:54
User Badges:

Hello Joe,

I tryed and tryed. but it seems that i am missin on something.

Could we togheter at my configuration ?


Attachment: 
Joe Clarke Tue, 04/04/2017 - 08:20
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

The config looks okay for the original behavior of the scripts.  The timer policy should run every night at midnight provided your clock is properly synced (but you're not running NTP, so that is likely not the case).  You'll need to look at your logging output to see if there are errors, plus you'll need to configure an authoritative clock source.

Actions

This Discussion