4

This may be a stupid question, but I'm normally not a network admin, but circumstances have me there. I'm trying to disable down ports on a switch, but have a boatload of them, I'd like to configure them as disabled, and with the guest vlan(in case they need to be enabled). I realize i can do this manually, but there are quite a few switches I'd like to do this on, and anywhere between 5-15 ports per switch.

Basically is there a way to automate the disabling of switch ports that are down(not plugged into anything).

Alternatively is there something I am missing? I find it hard to believe that all of the world's network engineers are stuck doing similar tasks by hand every time. If a major network change happens (as is my case) it seems like that would be a lot of monotonous wasted time disabling random ports.

Steve Butler
  • 1,016
  • 9
  • 19
  • `I find it hard to believe that all of the world's network engineers are stuck doing similar tasks by hand every time` - All the worlds network engineers probably aren't doing this, because they're not worried about it. Why are you doing it? – joeqwerty Mar 23 '15 at 18:14
  • 1
    I have a lot of clients that moved buildings, and would like to just disable the ports if they're unused. Granted it's a one time sort of thing, and i've already written a script that creates the manual commands for me, but it seems silly that there isnt a better way. – Steve Butler Mar 23 '15 at 18:19
  • IMO, you're inventing work for yourself. If you need this level of security, go in your server closet and disconnect the cables for the unused ports. There is no reason to spend hours/days writing custom automation programs for <5 minutes of cabling work. – jlehtinen Mar 23 '15 at 19:07
  • 1
    Considering there are several switches at several sites. That 5 minutes easily turns into an hour or more of driving, recabling, etc. At some point there will be more people moving into the now vacant offices, and would take 20s to just re-enable with the right vlans. – Steve Butler Mar 23 '15 at 19:15
  • 1
    Also, FWIW, it took me about 15 minutes to write a script to find all of the down ports and generate the switch commands to disable them. so 15m < 1+hr. – Steve Butler Mar 23 '15 at 19:25
  • 2
    Steve, if your last comment means you found out how to do it, would you consider answering your own question with that info? Now you have me curious. – Todd Wilcox Mar 23 '15 at 19:29
  • 1
    It's a quick and dirty hack at best. Probably not useful for more than my purposes, i polled SNMP for the list of ports that are currently enabled, but down, then wrote a little parser that would create the "interface XX disable; vlan untagged 123 XX; vlan tagged 234 XX" where XX is the port number. The OID for port status is 1.3.6.1.2.1.2.2.1.8 on procurves. – Steve Butler Mar 23 '15 at 19:38
  • @SteveButler fair enough! sounds to me like you have already created a better solution than any that will get suggested here. – jlehtinen Mar 23 '15 at 20:12

1 Answers1

1

Basically if port is down/disabled by command disable on HP switch if you plug anything that port will be still down until you manually enable it by using command enable.

So there is no automatic way of enabling port if you plug something to it, there is a way of disabling all down ports by a script as you mentioned before but not other way round.

Few ways of managing ports in that situation as you don't have to disable ports:

  • have all ports assigned to blank vlan so even if someone plug something there it wont work.
  • have procedures of who have access to the switches
  • use scripts to disable ports which are down
  • use .1x authentication - this is best you can have but its complex to setup, its automatically give/deny access to the network

You can also use Pro Curve manager but not sure if have that kind of functionality, we have one in use but old version and use only for config backup and to analyze traffic.

longneck
  • 22,793
  • 4
  • 50
  • 84
tr53
  • 111
  • 3