Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
17583
Views
10
Helpful
5
Replies

time based port shutdown

jachowda
Level 1
Level 1

‎04-07-2008 03:34 AM - edited ‎03-03-2019 09:26 PM

Hi,

Customer wants to use 2 independent networks termiated on one common switch and wants to use the networks based on time. We can have time based ACL but customer wants to have time based port shutdown and no shutdown to get more security.

Please, let me know if this can be done using 3750 or Cisco LMS 2.5 or 2.6.1. If it is then please provide me configuration example for the same.

Thanks and regards,

2 people had this problem
Labels:
0 Helpful
5 Replies 5

cisco_lad2004
Level 5
Level 5

‎04-07-2008 05:17 AM

To the best of my knowledge this cannot be done, unless you use scripts to make this change.

An IOS way to do this , is as you wrote "time based ACL" (with a policy map).

HTH

Sam

0 Helpful

evsrajatgupta
Level 1
Level 1
In response to cisco_lad2004

‎04-07-2008 06:08 AM

Time Based ACL with Dany all on both "in " and "out" direction can do the work but do remember that the traffic generated by the device itself (like routing update) will not be stopped.

0 Helpful

cisco_lad2004
Level 5
Level 5
In response to evsrajatgupta

‎04-07-2008 08:14 AM

ACL on its own might not provide for this requirement , but a QOS service policy match ACL would.

IP local policy route map would take care of local generated traffic.

HTH

anyways, the requirement has excluded ACL altogether.

Sam

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame

‎04-07-2008 06:02 AM

If you have a 3750 "Metro" switch, you can use EEM supported under 12.2(40)SE

http://www.cisco.com/en/US/products/ps6815/products_ios_protocol_group_home.html

HTH,

__

Edison.

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee

‎04-07-2008 08:47 AM

Regardless of IOS version on the switch, this can be done with LMS. You can schedule periodic Netconfig jobs to shut and no shut the port in question. to do this, go to RME > Config Mgmt > Netconfig > Netconfig Jobs, and create a new job. Chose the 3750 in question, and the Adhoc task. Add an instance of the Adhoc task with something like:

interface FastEthernet1/0/1

shut

Then schedule the job to run whenever the shutdown operation needs to run. Repeat the same procedure with the Adhoc commands:

interface FastEthernet1/0/1

no shut

And schedule that job to run whenever the no shut operation needs to be performed.

If, however, you're running IOS 12.2(40)SE or higher on this switch, you can make use of the Embedded Event Manager to do what you want. When using EEM, you'll want to create two applet timer policies. Something like this should work. The port will be shutdown every day at midnight, and brought back up every day at 8 am.

event manager applet shutdown_port

event timer cron cron-entry "0 0 * * *"

action 1.0 cli command "enable"

action 2.0 cli command "config t"

action 3.0 cli command "interface FastEthernet1/0/1"

action 4.0 cli command "shut"

action 5.0 cli command "end"

action 6.0 syslog msg "Interface FastEthernet1/0/1 has been shutdown"

event manager applet noshut_port

event timer cron cron-entry "0 8 * * *"

action 1.0 cli command "enable"

action 2.0 cli command "config t"

action 3.0 cli command "interface FastEthernet1/0/1"

action 4.0 cli command "no shut"

action 5.0 cli command "end"

action 6.0 syslog msg "Interface FastEthernet1/0/1 has been restored"

In order for these applets to work correctly, you will need NTP configured on this switch.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card