Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

shutting interfaces with LMS3.2

Hi,

We are looking for an easy way for our security department to shut end user interfaces (mostly fa, some gi).  previously we've done this with home-grown scripts and I've been asked if LMS could do this easily.

so ideally, the security department would have to select the "shut interface" job, select the device, and tell it what port to shut.  I'd rather create a template that only works on end user switches (3750-g-e-x, 2950,3560 etc.  NOT 6500, blade switches, routers, etc.)

From what I've tried, I could only hard set (int fa1/0/1 ->shut) the interface in the job.  is there a way I could create a basic shut template that prompts the user what port to shut (or put on a black-hole vlan)?

Or, is there another way to do this aside from a netconfig job?

==requirements==

*various credentials (already created different credential sets so this is OK)

*security department should not have permission to shut trunks

*we would like to restrict access to the security team from the rest of LMS

==system/network configuration==

*lms 3.2 patched up to date

*switches running snmp2 RO only

*lms could telnet/ssh to devices

*dev stage of deploying snmpv3

*local authorization (non-ACS), TACACS authentication with local fallback

Thanks much in advance!

Everyone's tags (3)
2 REPLIES
New Member

Re: shutting interfaces with LMS3.2

I've tried VLAN port assignment, but get an SNMP operation error.  I'm assuming

it needs RW access which we don't have enabled.

would that be resolved if we were to migrate to SNMPv3 with writable permission?

New Member

Re: shutting interfaces with LMS3.2

I have been working on this exact issue on another thread: https://supportforums.cisco.com/message/3200456#3200456 . I also have LMS and haven't found a way to do this through ciscoworks but I am currently trying to the the EEM route. The script I am trying to run monitors ports that show not connected due to users turning off their machines, unplugging their machines etc and shuts down after a period of time that you prefer. The guy I'm working with is very helpful, I don't know if this is a route you wan't to take but it might be worth taking a look at.

284
Views
0
Helpful
2
Replies