[c-nsp] switchport trunk allowed vlan

Keegan Holley keegan.holley at sungard.com
Sun Oct 31 11:39:44 EDT 2010


If you are simply trying to disable a command have you thought about doing
so in tacacs?  It sounds like it would be simpler and it also has the
benefit of being centralized so you won't need to configure it on each
individual router.


On Sun, Oct 31, 2010 at 5:11 AM, Arie Vayner (avayner) <avayner at cisco.com>wrote:

> Tim,
>
> It seems that some of the basic functions we need for this in EEM are not
> yet on SXI... Unfortunately, it does not have the latest EEM code yet.
> I guess it would be possible with TCL, but I can't give you a quick example
> for this right now...
>
> I suggest you try http://forums.cisco.com/eforum/servlet/EEM?page=main
> Maybe you can find a good example to start with...
>
> I will try to spend some time on this later if I can...
>
>
> Arie
>
>
>
> -----Original Message-----
> From: Tim Durack [mailto:tdurack at gmail.com]
> Sent: Saturday, October 30, 2010 23:34
> To: Arie Vayner (avayner)
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] switchport trunk allowed vlan
>
> On Sat, Oct 30, 2010 at 5:16 PM, Arie Vayner (avayner)
> <avayner at cisco.com> wrote:
> > Tim,
> >
> > Can you please explain a bit better what you would like to achieve?
>
> Sure. The following command format is relatively safe:
>
>   switchport trunk allowed vlan <add/remove/all/except/none> <range>
>
> However, if one forgets to include the <add/remove/all/except/none>
> keyword, the command defaults to replace:
>
>   switchport trunk allowed vlan <range>
>
> This isn't usually the desired result.
>
> I would like to disable the use of: "switchport trunk allowed vlan
> <range>", and replace it with a custom EEM command like: "switchport
> trunk allowed vlan range <range>". This would correct a dangerous IOS
> syntax.
>
> I don't know if this is really possible, but it could be an
> interesting exercise in demonstrating the power of EEM :-)
>
> > Also, which IOS version please?
>
> C6K, Sup720, 12.2(33)SXI3
>
> > Tnx
> > Arie
> >
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net
> > [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Tim Durack
> > Sent: Friday, October 22, 2010 19:22
> > To: cisco-nsp at puck.nether.net
> > Subject: [c-nsp] switchport trunk allowed vlan
> >
> > Anyone know what an EEM policy would look like to allow:
> >
> > rtr-1(config-if)#switchport trunk allowed vlan ?
> >  add     add VLANs to the current list
> >  all     all VLANs
> >  except  all VLANs except the following
> >  none    no VLANs
> >  remove  remove VLANs from the current list
> >
> > But deny:
> >
> > rtr-1(config-if)#switchport trunk allowed vlan ?
> >  WORD    VLAN IDs of the allowed VLANs when this port is in trunking
> > mode
> >
> > I know I can create an alias for adding/removing, but I would like to
> > see if I can disable the more dangerous form of this command ;-|
> >
> > --
> > Tim:>
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>
>
>
> --
> Tim:>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>


More information about the cisco-nsp mailing list