Previously, I had been faced with a problem with DMVPN; how to make it easy to switch between DHCP and static IP addresses for spokes that often change Internet providers?
In this scenario, I have dedicated interfaces, fa0/0 to use for static IP address assignment, and fa0/1 for DHCP. Whenever, fa0/1 obtains a DHCP address, it cleans up the static routes, changes the tunnel source to fa0/1, and ensures the static route to the DMVPN hub, 172.31.84.67, is present. Whenever, fa0/1 looses its link (including at boot time), the applet will cleanup the static routes, and change the tunnel source to fa0/0. Someone with access to the spoke router will still have to assign the static IP to fa0/0 and add a route to the DMVPN hub, 172.31.84.67, to their gateway to gain connectivity, but that should be easier for the novice.
The applet can be used for other swapping the source interfaces of other types of tunnels but usually you would be able to use a loopback interface for this; in the case of DMVPN, however, the spoke router often cannot have the ISP create a route for the loopback's IP address destined to the spoke router.
This applet works similarly to the BACKUP-TO-USB applet, in that it looks for a pattern in logging to execute. The applet, however, does not need to parse any command output; this makes it a very easy script to write. Finally, it outputs what the script has done onto the console. This output also shows up in "show log" so long as "logging buffered informational" has been turned on.
In this scenario, I have dedicated interfaces, fa0/0 to use for static IP address assignment, and fa0/1 for DHCP. Whenever, fa0/1 obtains a DHCP address, it cleans up the static routes, changes the tunnel source to fa0/1, and ensures the static route to the DMVPN hub, 172.31.84.67, is present. Whenever, fa0/1 looses its link (including at boot time), the applet will cleanup the static routes, and change the tunnel source to fa0/0. Someone with access to the spoke router will still have to assign the static IP to fa0/0 and add a route to the DMVPN hub, 172.31.84.67, to their gateway to gain connectivity, but that should be easier for the novice.
The applet can be used for other swapping the source interfaces of other types of tunnels but usually you would be able to use a loopback interface for this; in the case of DMVPN, however, the spoke router often cannot have the ISP create a route for the loopback's IP address destined to the spoke router.
!Tested with a Cisco 1841 running 15.1T Advanced Enterprise Services.
event manager applet DHCP_CONFIG
event syslog pattern "DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0/1 assigned DHCP address"
action 1.0010 cli command "enable"
action 1.0020 cli command "configure terminal"
action 1.0030 cli command "no ip route 0.0.0.0 0.0.0.0"
action 1.0040 cli command "no ip route 172.31.84.67 255.255.255.255"
action 1.0050 cli command "ip route 172.31.84.67 255.255.255.255 dhcp"
action 1.0060 cli command "interface Tunnel 1"
action 1.0070 cli command "tunnel source FastEthernet0/1"
action 1.0080 cli command "end"
action 1.0090 puts "TUNNEL SOURCE HAS BEEN SET TO FA0/1 FOR DHCP"
action 1.0100 exit
event manager applet STATIC_CONFIG
event syslog pattern "LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down"
action 1.0010 cli command "enable"
action 1.0020 cli command "configure terminal"
action 1.0030 cli command "no ip route 0.0.0.0 0.0.0.0"
action 1.0040 cli command "no ip route 172.31.84.67 255.255.255.255 dhcp"
action 1.0060 cli command "interface Tunnel 1"
action 1.0070 cli command "tunnel source FastEthernet0/0"
action 1.0080 cli command "end"
action 1.0090 puts "TUNNEL SOURCE HAS BEEN SET TO FA0/0 FOR STATIC"
action 1.0100 exit
event manager applet DHCP_CONFIG
event syslog pattern "DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0/1 assigned DHCP address"
action 1.0010 cli command "enable"
action 1.0020 cli command "configure terminal"
action 1.0030 cli command "no ip route 0.0.0.0 0.0.0.0"
action 1.0040 cli command "no ip route 172.31.84.67 255.255.255.255"
action 1.0050 cli command "ip route 172.31.84.67 255.255.255.255 dhcp"
action 1.0060 cli command "interface Tunnel 1"
action 1.0070 cli command "tunnel source FastEthernet0/1"
action 1.0080 cli command "end"
action 1.0090 puts "TUNNEL SOURCE HAS BEEN SET TO FA0/1 FOR DHCP"
action 1.0100 exit
event manager applet STATIC_CONFIG
event syslog pattern "LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down"
action 1.0010 cli command "enable"
action 1.0020 cli command "configure terminal"
action 1.0030 cli command "no ip route 0.0.0.0 0.0.0.0"
action 1.0040 cli command "no ip route 172.31.84.67 255.255.255.255 dhcp"
action 1.0060 cli command "interface Tunnel 1"
action 1.0070 cli command "tunnel source FastEthernet0/0"
action 1.0080 cli command "end"
action 1.0090 puts "TUNNEL SOURCE HAS BEEN SET TO FA0/0 FOR STATIC"
action 1.0100 exit
This applet works similarly to the BACKUP-TO-USB applet, in that it looks for a pattern in logging to execute. The applet, however, does not need to parse any command output; this makes it a very easy script to write. Finally, it outputs what the script has done onto the console. This output also shows up in "show log" so long as "logging buffered informational" has been turned on.
No comments:
Post a Comment