Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
184
Views
2
Helpful
4
Replies

Script for Switches Cisco

ConcentrixIT
Level 1
Level 1

‎04-17-2024 03:46 PM

Hello Community,

I am looking a script for switches cisco for block interfaces with APs connected , the reason is because we receive daily port changes and sometimes the engineers change the vlan Wi-Fi by another and the Wi-Fi environment is affected by those changes. the objective of the script if it detects special character *AP* not allow configs or changes and refuse it and the engineer know that port cannot be changed.

 

Thanks 

Labels:
0 Helpful
4 Replies 4

Leo Laohoo
Hall of Fame
Hall of Fame

‎04-17-2024 04:11 PM

We have an EEM script that changes the description of the interfaces.  The EEM script determines if the device is a Cisco AP.  If it is an AP, it changes the description of the interface.  If it is not an AP, it leaves the description alone. 

0 Helpful

ConcentrixIT
Level 1
Level 1
In response to Leo Laohoo

‎04-17-2024 04:29 PM

this is a example interface 

 

!
interface GigabitEthernet1/0/5
description Link_to_AP
switchport access vlan 92
switchport mode access
end

the objetive if any engineer apply a script for block for refuse the changes , let me know ..!

 

 

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to ConcentrixIT

‎04-17-2024 04:33 PM - edited ‎04-17-2024 04:37 PM

As far as I am aware, this is not possible. The logic is absolutely "wild".  Think about it.  Anyone can assign ports to any VLAN but no one can change the port VLAN assignment if said port is already in VLAN 92.

The issue is not the implementation.  The problem lies in the governance.  

If there is no proper Change Management process in place, no amount of automation is going to fix this.  If an "engineer" blindly changed the configuration without checking and someone has approved the Change Control, it is not the fault of lack of automation or scripting.  It lies in the governance and Change Control.

Start with labelling the interface description accurately.  

paul driver
VIP
VIP

‎04-18-2024 12:47 AM

Hello
Sounds like you dont have any change control whatsoever on your network, as such network changes are made on the fly without are proper consideration of the affects it may incurr.

I suggest you apply some central authentication/authorisation/accounting (aaa) to manged network access/monitor and record any changes made by the engineers.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card