[c-nsp] switchport trunk allowed vlan

[Tim Durack]

On Sat, Oct 30, 2010 at 5:16 PM, Arie Vayner (avayner)
<avayner at cisco.com> wrote:
> Tim,
>
> Can you please explain a bit better what you would like to achieve?

Sure. The following command format is relatively safe:

   switchport trunk allowed vlan <add/remove/all/except/none> <range>

However, if one forgets to include the <add/remove/all/except/none>
keyword, the command defaults to replace:

   switchport trunk allowed vlan <range>

This isn't usually the desired result.

I would like to disable the use of: "switchport trunk allowed vlan
<range>", and replace it with a custom EEM command like: "switchport
trunk allowed vlan range <range>". This would correct a dangerous IOS
syntax.

I don't know if this is really possible, but it could be an
interesting exercise in demonstrating the power of EEM :-)

> Also, which IOS version please?

C6K, Sup720, 12.2(33)SXI3

> Tnx
> Arie
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Tim Durack
> Sent: Friday, October 22, 2010 19:22
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] switchport trunk allowed vlan
>
> Anyone know what an EEM policy would look like to allow:
>
> rtr-1(config-if)#switchport trunk allowed vlan ?
>  add     add VLANs to the current list
>  all     all VLANs
>  except  all VLANs except the following
>  none    no VLANs
>  remove  remove VLANs from the current list
>
> But deny:
>
> rtr-1(config-if)#switchport trunk allowed vlan ?
>  WORD    VLAN IDs of the allowed VLANs when this port is in trunking
> mode
>
> I know I can create an alias for adding/removing, but I would like to
> see if I can disable the more dangerous form of this command ;-|
>
> --
> Tim:>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



-- 
Tim:>