Excluding interface form bridge-group on a Cisco Router
When you have several interfaces in one bridge group and want to exclude interface which is used to access the remote device, doing this manually can end with losing the ability to access device and also users of this router will lose the ability to use the network services.
In such a situation Cisco event manager can help. Assume that we have such configuration:
bridge irb
!
bridge 2 protocol ieee
bridge 2 route ip
bridge 2 route ip
!
interface GigabitEthernet1
description ===WAN===
no ip address
bridge-group 2
no shut
description ===WAN===
no ip address
bridge-group 2
no shut
!
interface BVI2
description === WAN ===
ip address 10.10.10.204 255.255.255.0
description === WAN ===
ip address 10.10.10.204 255.255.255.0
!
our default gateway is 10.10.10.26
We need following:
On Cisco router:
ip sla 1
icmp-echo 10.10.10.26 source-ip 10.10.10.204
threshold 1000
timeout 1500
frequency 3
ip sla schedule 1 life forever start-time now
track 10 ip sla 1 reachability
delay down 10 up 60
event manager applet reconfigure_interface
event track 10 state down
action 0 cli command "enable"
action 1 cli command "configure terminal"
action 2 cli command "no int BVI 2"
action 3 cli command "interface GigabitEthernet1"
action 4 cli command "no bridge-group 2"
action 5 cli command "ip address 10.10.10.204 255.255.255.0"
action 6 cli command "exit"
action 7 cli command "no event manager applet reconfigure_interface"
action 8 cli command "no track 10"
action 9.1 cli command "no ip sla 1"
action 9.2 cli command "end"
icmp-echo 10.10.10.26 source-ip 10.10.10.204
threshold 1000
timeout 1500
frequency 3
ip sla schedule 1 life forever start-time now
track 10 ip sla 1 reachability
delay down 10 up 60
event manager applet reconfigure_interface
event track 10 state down
action 0 cli command "enable"
action 1 cli command "configure terminal"
action 2 cli command "no int BVI 2"
action 3 cli command "interface GigabitEthernet1"
action 4 cli command "no bridge-group 2"
action 5 cli command "ip address 10.10.10.204 255.255.255.0"
action 6 cli command "exit"
action 7 cli command "no event manager applet reconfigure_interface"
action 8 cli command "no track 10"
action 9.1 cli command "no ip sla 1"
action 9.2 cli command "end"
On default gateway:
we deny icmp from 10.10.10.204
When ping is disabled, track senses this via ip sla and in the end event manager executes commands for us.
That is it ...
PS:
1) if something goes wrong you can re-enable ping and ask somebody on the remote side to restart Cisco. This will load old configuration.
2) after accessing Cisco execute write command to save changes
PS:
1) if something goes wrong you can re-enable ping and ask somebody on the remote side to restart Cisco. This will load old configuration.
2) after accessing Cisco execute write command to save changes
No comments:
Post a Comment