Introduction
Sometimes the ISP Provider PE Routers only monitor the WAN Interface of the Customer CE Router and not the inside LAN subnet. In that case, if the LAN interface goes down , there is no way the ISP knows about the LAN link failure and keeps on sending the inbound traffic towards the same CE Router. This drops the traffic and hence loss of Business to customer. Cisco’s Embedded Event Manager (EEM) feature will help us to solve this condition by using event tracking and management functionality directly on the Cisco IOS device, rather than on an external device.
Example Scenario: EEM
Below is one scenario where EEM (Embedded Event Manager) shuts the WAN Interface when the LAN interface goes down.
HSRP is running on the LAN Interface of both R3 (Primary Internet CE) and R2 (Secondary Internet CE).
In 1st Diagram, the LAN traffic sourced from LAN Network 1.1.1.1/24 takes the HSRP Master (Active -> 192.168.123.3) path from R3 (Primary CE Router) towards ISP. The ISP seeing that R3 WAN Interface (Fa0/1) is up, sends the return traffic via the same path.
Now , we will perform EEM configuration on R3 to shut the WAN Interface (Fa0/1) when the LAN Interface (Fa0/0) goes down .
Below is the configuration –
event syslog pattern “Interface FastEthernet0/0.* down” period 1
action 1.0 syslog msg “Interface Fa0/0 DOWN”
action 2.0 cli command “enable”
action 3.0 cli command “config t”
action 4.0 cli command “interface FastEthernet0/1”
action 5.0 cli command “shut”
action 6.0 syslog msg “Interface Fa0/1 Down”
action 7.0 cli command “end”
action 8.0 cli command “exit”
Note – In the configuration , the EEM matches the syslog message pattern of “Interface FastEthernet0/0.* down” and then triggers the configuration to shut WAN Interface Fa0/1.
Let’s see what happens when LAN interface (Fa0/0) of R3 (Primary CE) goes down –
In the 2nd Diagram, we see that on shutting the Fa0/0 of R3, EEM automatically forces R3 WAN Interface (Fa0/1) to be shut.PE router seeing the R3 WAN Interface down redirects the traffic towards secondary link. Additionally LAN Interface of Secondary Router R2 becomes the HSRP master and starts forwarding the traffic via secondary Link.
The output is as below –
R3(config)#int fa0/0
R3(config-if)#shut
R3(config-if)#
*Mar 1 02:21:11.419: %HSRP-6-STATECHANGE: FastEthernet0/0 Grp 1 state Active -> Init
*Mar 1 02:21:13.427: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down
R3(config-if)#
*Mar 1 02:21:13.459: %HA_EM-6-LOG: SHUTWAN: Interface Fa0/0 DOWN
*Mar 1 02:21:13.767: %HA_EM-6-LOG: SHUTWAN: Interface Fa0/1 Down
*Mar 1 02:21:13.779: %SYS-5-CONFIG_I: Configured from console by on vty0
*Mar 1 02:21:14.427: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
*Mar 1 02:21:14.459: %HA_EM-6-LOG: SHUTWAN: Interface Fa0/0 DOWN
*Mar 1 02:21:14.835: %HA_EM-6-LOG: SHUTWAN: Interface Fa0/1 Down
*Mar 1 02:21:14.843: %SYS-5-CONFIG_I: Configured from console by on vty0
*Mar 1 02:21:15.747: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down
*Mar 1 02:21:16.747: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
R3(config-if)#
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.123.3 YES manual administratively down down
FastEthernet0/1 192.168.34.3 YES manual administratively down down
R3(config-if)#
As we see above, EEM forces the WAN interface to be shut when LAN Interfaces goes down.
Now we need to configure EEM to unshut the WAN interface (Fa0/1) when LAN interface (Fa0/0) comes up.
The configuration is below –
event syslog pattern “Interface FastEthernet0/0.* up” period 1
action 1.0 syslog msg “Interface Fa0/0 up”
action 2.0 cli command “enable”
action 3.0 cli command “config t”
action 4.0 cli command “interface FastEthernet0/1”
action 5.0 cli command “no shut”
action 6.0 syslog msg “Interface Fa0/1 UP”
action 7.0 cli command “end”
action 8.0 cli command “exit”
Note – In the configuration , the EEM matches the syslog message pattern of “Interface FastEthernet0/0.* up” and then triggers the configuration to “no shut” WAN Interface Fa0/1.
Lets see what happens when LAN interface (Fa0/0) of R3 (Primary CE) comes up again –
As the LAN Interface Fa0/0 of R3 comes up , EEM script unshuts the WAN Interface (fa0/1) of R3. Henceforth traffic to and fro takes the primary path for Internet as per above diagram.
R3(config-if)#no shut
R3(config-if)#
*Mar 1 02:49:18.951: %HSRP-6-STATECHANGE: FastEthernet0/0 Grp 1 state Listen -> Active
*Mar 1 02:49:18.971: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar 1 02:49:19.019: %HA_EM-6-LOG: UNSHUTWAN: Interface Fa0/0 up
*Mar 1 02:49:19.671: %HA_EM-6-LOG: UNSHUTWAN: Interface Fa0/1 UP
R3(config-if)#
*Mar 1 02:49:19.691: %SYS-5-CONFIG_I: Configured from console by on vty0
*Mar 1 02:49:19.971: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
*Mar 1 02:49:20.007: %HA_EM-6-LOG: UNSHUTWAN: Interface Fa0/0 up
*Mar 1 02:49:20.195: %HA_EM-6-LOG: UNSHUTWAN: Interface Fa0/1 UP
R3(config-if)#
*Mar 1 02:49:20.195: %SYS-5-CONFIG_I: Configured from console by on vty0
R3(config-if)#
*Mar 1 02:49:21.303: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
*Mar 1 02:49:22.303: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.123.3 YES manual up up
FastEthernet0/1 192.168.34.3 YES manual up up
Caveat – EEM configuration may result in loss of management access to Internet Router R3 since both the LAN and WAN interface go down with no 3rd interface to access the device.
Continue Reading:
Meaning of line vty 0 4 in configuration of Cisco Router or Switch
Cisco ASA Static NAT Example- Static NAT Configuration on Cisco ASA Firewall
