Cisco router EEM configuration to shut WAN when LAN down

Sometimes the ISP Provider PE Routers only monitor the WAN Interface of the Customer CE Router and not the inside LAN subnet. In that case,if the LAN interface goes down , there is no way the ISP knows about the LAN link failure and keeps on sending the inbound traffic towards the same CE Router. This drops the traffic and hence loss of Business to customer.Cisco’s Embedded Event Manager (EEM) feature will help us to solve this condition by using event tracking and management functionality directly on the Cisco IOS device, rather than on an external device.

Below is one scenario where EEM (Embedded Event Manager) shuts the WAN Interface when the LAN interface goes down. HSRP is running on the LAN Interface of both R3 (Primary Internet CE) and R2 (Secondary Internet CE).

In 1^st Diagram, the LAN traffic sourced from LAN Network 1.1.1.1/24 takes the HSRP Master (Active -> 192.168.123.3) path from R3 (Primary CE Router) towards ISP. The ISP seeing that R3 WAN Interface (Fa0/1) is up, sends the return traffic via the same path.

Now , we will perform EEM configuration on R3 to shut the WAN Interface (Fa0/1) when the LAN Interface (Fa0/0) goes down . Below is the configuration –

event manager applet SHUTWANrouter
event syslog pattern “Interface FastEthernet0/0.* down” period 1
action 1.0 syslog msg “Interface Fa0/0 DOWN”
action 2.0 cli command “enable”
action 3.0 cli command “config t”
action 4.0 cli command “interface FastEthernet0/1”
action 5.0 cli command “shut”
action 6.0 syslog msg “Interface Fa0/1 Down”
action 7.0 cli command “end”
action 8.0 cli command “exit”

Note – In the configuration , the EEM matches the syslog message pattern of “Interface FastEthernet0/0.* down” and then triggers the configuration to shut WAN Interface Fa0/1.
Lets see what happens when LAN interface (Fa0/0) of R3 (Primary CE) goes down –

cisco-router-eem-configuration-to-shut-wan-when-lan-down

In the 2^nd Diagram, we see that on shutting the Fa0/0 of R3, EEM automatically forces R3 WAN Interface (Fa0/1) to be shut.PE router seeing the R3 WAN Interface down redirects the traffic towards secondary link. Additionally LAN Interface of Secondary Router R2 becomes the HSRP master and starts forwarding the traffic via secondary Link.
The output is as below –

R3(config)#
R3(config)#int fa0/0
R3(config-if)#shut
R3(config-if)#
*Mar 1 02:21:11.419: %HSRP-6-STATECHANGE: FastEthernet0/0 Grp 1 state Active -> Init
*Mar 1 02:21:13.427: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down
R3(config-if)#
*Mar 1 02:21:13.459: %HA_EM-6-LOG: SHUTWAN: Interface Fa0/0 DOWN
*Mar 1 02:21:13.767: %HA_EM-6-LOG: SHUTWAN: Interface Fa0/1 Down
*Mar 1 02:21:13.779: %SYS-5-CONFIG_I: Configured from console by on vty0
*Mar 1 02:21:14.427: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
*Mar 1 02:21:14.459: %HA_EM-6-LOG: SHUTWAN: Interface Fa0/0 DOWN
*Mar 1 02:21:14.835: %HA_EM-6-LOG: SHUTWAN: Interface Fa0/1 Down
*Mar 1 02:21:14.843: %SYS-5-CONFIG_I: Configured from console by on vty0
*Mar 1 02:21:15.747: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down
*Mar 1 02:21:16.747: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
R3(config-if)#

R3(config-if)#do sh ip int brie
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.123.3 YES manual administratively down down
FastEthernet0/1 192.168.34.3 YES manual administratively down down
R3(config-if)#

As we see above, EEM forces the WAN interface to be shut when LAN Interfaces goes down.
Now we need to configure EEM to unshut the WAN interface (Fa0/1) when LAN interface (Fa0/0) comes up.The configuration is below –

event manager applet UNSHUTWAN
event syslog pattern “Interface FastEthernet0/0.* up” period 1
action 1.0 syslog msg “Interface Fa0/0 up”
action 2.0 cli command “enable”
action 3.0 cli command “config t”
action 4.0 cli command “interface FastEthernet0/1”
action 5.0 cli command “no shut”
action 6.0 syslog msg “Interface Fa0/1 UP”
action 7.0 cli command “end”
action 8.0 cli command “exit”

Note – In the configuration , the EEM matches the syslog message pattern of “Interface FastEthernet0/0.* up” and then triggers the configuration to “no shut” WAN Interface Fa0/1.
Lets see what happens when LAN interface (Fa0/0) of R3 (Primary CE) comes up again –

As the LAN Interface Fa0/0 of R3 comes up , EEM script unshuts the WAN Interface (fa0/1) of R3. Henceforth traffic to and fro takes the primary path for Internet as per above diagram.

R3(config)#int fa0/0
R3(config-if)#no shut
R3(config-if)#
*Mar 1 02:49:18.951: %HSRP-6-STATECHANGE: FastEthernet0/0 Grp 1 state Listen -> Active
*Mar 1 02:49:18.971: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar 1 02:49:19.019: %HA_EM-6-LOG: UNSHUTWAN: Interface Fa0/0 up
*Mar 1 02:49:19.671: %HA_EM-6-LOG: UNSHUTWAN: Interface Fa0/1 UP
R3(config-if)#
*Mar 1 02:49:19.691: %SYS-5-CONFIG_I: Configured from console by on vty0
*Mar 1 02:49:19.971: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
*Mar 1 02:49:20.007: %HA_EM-6-LOG: UNSHUTWAN: Interface Fa0/0 up
*Mar 1 02:49:20.195: %HA_EM-6-LOG: UNSHUTWAN: Interface Fa0/1 UP
R3(config-if)#
*Mar 1 02:49:20.195: %SYS-5-CONFIG_I: Configured from console by on vty0
R3(config-if)#
*Mar 1 02:49:21.303: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
*Mar 1 02:49:22.303: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up

R3(config-if)#do sh ip int brie
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.123.3 YES manual up up
FastEthernet0/1 192.168.34.3 YES manual up up

Caveat – EEM configuration may result in loss of management access to Internet Router R3 since both the LAN and WAN interface go down with no 3^rd interface to access the device.

Please follow and like us: