Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

time based port shutdown

Hi,

Customer wants to use 2 independent networks termiated on one common switch and wants to use the networks based on time. We can have time based ACL but customer wants to have time based port shutdown and no shutdown to get more security.

Please, let me know if this can be done using 3750 or Cisco LMS 2.5 or 2.6.1. If it is then please provide me configuration example for the same.

Thanks and regards,

5 REPLIES

Re: time based port shutdown

To the best of my knowledge this cannot be done, unless you use scripts to make this change.

An IOS way to do this , is as you wrote "time based ACL" (with a policy map).

HTH

Sam

New Member

Re: time based port shutdown

Time Based ACL with Dany all on both "in " and "out" direction can do the work but do remember that the traffic generated by the device itself (like routing update) will not be stopped.

Re: time based port shutdown

ACL on its own might not provide for this requirement , but a QOS service policy match ACL would.

IP local policy route map would take care of local generated traffic.

HTH

anyways, the requirement has excluded ACL altogether.

Sam

Hall of Fame Super Bronze

Re: time based port shutdown

If you have a 3750 "Metro" switch, you can use EEM supported under 12.2(40)SE

http://www.cisco.com/en/US/products/ps6815/products_ios_protocol_group_home.html

HTH,

__

Edison.

Cisco Employee

Re: time based port shutdown

Regardless of IOS version on the switch, this can be done with LMS. You can schedule periodic Netconfig jobs to shut and no shut the port in question. to do this, go to RME > Config Mgmt > Netconfig > Netconfig Jobs, and create a new job. Chose the 3750 in question, and the Adhoc task. Add an instance of the Adhoc task with something like:

interface FastEthernet1/0/1

shut

Then schedule the job to run whenever the shutdown operation needs to run. Repeat the same procedure with the Adhoc commands:

interface FastEthernet1/0/1

no shut

And schedule that job to run whenever the no shut operation needs to be performed.

If, however, you're running IOS 12.2(40)SE or higher on this switch, you can make use of the Embedded Event Manager to do what you want. When using EEM, you'll want to create two applet timer policies. Something like this should work. The port will be shutdown every day at midnight, and brought back up every day at 8 am.

event manager applet shutdown_port

event timer cron cron-entry "0 0 * * *"

action 1.0 cli command "enable"

action 2.0 cli command "config t"

action 3.0 cli command "interface FastEthernet1/0/1"

action 4.0 cli command "shut"

action 5.0 cli command "end"

action 6.0 syslog msg "Interface FastEthernet1/0/1 has been shutdown"

event manager applet noshut_port

event timer cron cron-entry "0 8 * * *"

action 1.0 cli command "enable"

action 2.0 cli command "config t"

action 3.0 cli command "interface FastEthernet1/0/1"

action 4.0 cli command "no shut"

action 5.0 cli command "end"

action 6.0 syslog msg "Interface FastEthernet1/0/1 has been restored"

In order for these applets to work correctly, you will need NTP configured on this switch.

4564
Views
0
Helpful
5
Replies