Excluding interface form bridge-group on a Cisco Router

When you have several interfaces in one bridge group and want to exclude interface which is used to access the remote device, doing this manually can end with losing the ability to access device and also users of this router will lose the ability to use the network services.

In such a situation Cisco event manager can help. Assume that we have such configuration:

bridge irb

!

bridge 2 protocol ieee
bridge 2 route ip

!

interface GigabitEthernet1
 description ===WAN===
 no ip address
 bridge-group 2
 no shut

!

interface BVI2
 description === WAN ===
 ip address 10.10.10.204 255.255.255.0

! 

our default gateway is 10.10.10.26

We need following:

On Cisco router:

ip sla 1
 icmp-echo 10.10.10.26 source-ip 10.10.10.204
 threshold 1000
 timeout 1500
 frequency 3
ip sla schedule 1 life forever start-time now
track 10 ip sla 1 reachability
 delay down 10 up 60
event manager applet reconfigure_interface
 event track 10 state down
 action 0    cli command "enable"
 action 1    cli command "configure terminal"
 action 2    cli command "no int BVI 2"
 action 3    cli command "interface GigabitEthernet1"
 action 4    cli command "no bridge-group 2"
 action 5    cli command "ip address 10.10.10.204 255.255.255.0"
 action 6    cli command "exit"
 action 7    cli command "no event manager applet reconfigure_interface"
 action 8    cli command "no track 10"
 action 9.1 cli command "no ip sla 1"
 action 9.2 cli command "end"

On default gateway:

we deny icmp from 10.10.10.204

When ping is disabled, track senses this via ip sla and in the end event manager executes commands for us.

That is it ...

PS:
1) if something goes wrong you can re-enable ping and ask somebody on the remote side to restart Cisco. This will load old configuration.
2) after accessing Cisco execute write command to save changes