Cisco 2960 Switch Automatic Timed Shut No Shut On Port

Hello and thanks in advance for the help.  

We have new Cisco 2960 Switches throughout our location.  We have set up our ports to pull a sticky mac and then shut themselves down when another mac uses that port. This works great except for with our Wireless Access Points (Linksys WAP54G).  We have to turn port security off on these so that, for example, my MAC for my laptop doesn't get stickied to one WAP, because then it won't let me connect when I go to another WAP.

So, our solution was to turn port security off on the port the WAP is plugged into.  Instead we'd like to have these ports on or off based on our hours of operation.  This is especially important for the WAPs that we have outside.  We don't want 1. someone trying to hack our wireless during off-hours or 2. someone just unplugging our WAP and plugging in their laptop instead.

So, what we are needing to know is if there is a way to shut a specific port down and then turn it back on based on a schedule.  If not within the Cisco switch, is there third party software that does this?  So when our location closes down at 8:30pm, the port shuts itself off -- no wireless and nothing can be plugged into the port.  At 7:00am the next day, it turns itself back on.  

Furthermore, if someone does try to plug something into that port other than our WAP, I'd like it to be logged and I want to be alerted via email.

Please help.  Thanks.
FH_JGoodwinAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

atlas_shudderedSr. Network EngineerCommented:
I know that you can't schedule port availability in any fashion other than direct config shut or no shut.
As to a software that would enable this, the nearest that I can think of that will give you this ability is to implement NAC and then handle logon timing through your NOS (e.g. logon allowed times in AD).
0
that1guy15Commented:
Check this post out.

Basically you can setup SNMP (write permission) on the swithces and then create a perl script to send SNMP calls to the switch to disable then re-enable the port.

http://www.experts-exchange.com/Networking/Network_Management/Network_Operations/Q_23437740.html
0
FH_JGoodwinAuthor Commented:
What do you guys think about using an EEM solution?  I am gonna lab it up here at the office and see what kind of commands I can get.   Another solution may be to put the WAP in its own VLAN and use a ACL timer to deny IP any any on that specific VLAN.  Your thoughts?  Again thanks for our help!!
0
FH_JGoodwinAuthor Commented:
Nope EEm is only supported on routers and Layer 3 switches it seems.  So maybe the VLAN solution would be worth a Shot.  
0
that1guy15Commented:
Oh yeah! the 2960 does support timed ACLs did not know that.

This might be your best/simplest bet.

here is a link to configure them

http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_37_se/configuration/guide/swacl.html#wp1285739
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Hardware

From novice to tech pro — start learning today.