Disable the wireless interface during the night

A friend has recently asked me for a solution that would disable the wireless interface on his SOHO router during the night. Two simple EEM applets later we had it working; I've also added a third applet to ensure the interface does not remain disabled after a router reload.

13 comments:

  1. Now only if we could do that for an access point.

    ReplyDelete
  2. It could be done on Access point if its PoE-powered. Shut and no shut the port will do the trick.

    ReplyDelete
  3. It's also possible without EEM applets:

    time-range wireless-enabled
    periodic daily 06:00 to 22:00
    access-list 101 permit ip any any time-range wireless-enabled
    access-list 101 deny ip any any
    interface dot11radio0
    ip access-group 101 in

    ReplyDelete
  4. While applying an access-list has it's advantages, it's not the same as shutting down an interface. There are always different scenarios for every unique situation and having the ability to physically shut off a wireless interface on an access point based on time of day could be useful.

    ReplyDelete
  5. This EEM stuff is neat. Is it possible to trigger an EEM applet whenever the WAN Ethernet interface gets a new DHCP lease, or when the DHCP-assigned default gateway changes?

    ReplyDelete
  6. @Jordan: it could be done, if nothing else, you could write a Tcl policy with hooked on a periodic timer event. The Tcl policy would then inspect DHCP state and act as needed.

    There might be some other solution for your problem, but I need to understand the problem first.

    ReplyDelete
  7. We have a router with two Ethernet WAN interfaces connecting us to two ISPs. One of the WAN connections is slower, but more reliable and provides us with static addresses; the other is much faster (cable modem), but only has a single IP address assigned by DHCP. So to make the most of both, we use route maps to push the majority of traffic that originates inside our network over the cable modem (through overloaded dynamic NAT) while reserving the other WAN for incoming traffic addressed to our static IPs (via static NAT to specific inside hosts).

    Since the cable modem ISP is the default route for most traffic, we wanted the ability to fall back to the other WAN link if the cable modem network should go down. To address this, we track the DHCP-assigned route with "ip dhcp client route track" and we also use an SLA with RTR to monitor that link by ensuring we can ping that router. If we can't get packets through the cable modem link, the SLA setup takes the cable modem route out of circulation and all traffic get shunted over the other WAN link (again with overloaded dynamic NAT).

    The cable modem ISP is pretty good about renewing leases, such that this router has been able to keep the same "dynamic" IP address for the past 4 years. This is fortunate, because the IOS doesn't seem to have a way to set the SLA to ping a DHCP-assigned gateway address and so we've had to statically configure the ISP's default gateway's IP address in our SLA config.

    It all works very well, even though statically-configuring the router's IP in the SLA is less-than-ideal. Here's where the problem comes in, though:

    Recently, the ISP renumbered their network, and assigned us a new IP address by DHCP. This of course caused the SLA stuff to break until we went in and changed the SLA config to ping the ISP's router's new address. Every time the ISP changes their network in the future, we'll have to do this again.

    While this might be something that only comes up every year or two, it could also turn out to happen a lot more often (for example, if the ISP changes their policies on long-lived DHCP leases). So, my hope is to use IOS' EEM capabilities to automate the process of noticing that the DHCP-assigned default gateway has changed and then automatically update the SLA when that happens.

    Any thoughts on whether this would be possible?

    Thanks!

    ReplyDelete
  8. @Jordan: Great explanation, thanks. I'll try to figure out something.

    ReplyDelete
  9. slightly OT for this IOS blog, but as David asked in the second response:-
    For cheap/plastic/non-industrial Access Points the easiest solution is a mains-plug-in-the-socket timeswitch, either rotary "peg-type" or digital. Don't forget summer/daylight changes or if less critical allow an extra couple of hours either way.
    More complex but scriptable is to switch the DC power lead to the Access Point via a suitable relay, maybe fed from a LPT port (and a Molex or Berg power conn for relay power: look for transistor relay-driver circuits on net) Linux+lptswitch will do it on an old 486, so its SSH-able and tcl-able, or you can simply script it locally. If the cheap access point is near (5-10metres) some server boxes with LPT ports this is easier than a headless-but-huge 1998 desktop on a shelf running ssh :)
    POE is really the way to do it for non-IOS devices IMHelectronicO
    (Gord as anon)

    ReplyDelete
  10. There are also "power control" devices on the market. You can telnet/HTTP to such a device and turn the power off or on (or trigger a power-off of controlled length to power-cycle a box).

    ReplyDelete
  11. Back to Jordan's question. I believe it is possible. You didn't mention what device/IOS/EEM version you are running but you should be able to look for this syslog message

    %DHCP-6-ADDRESS_ASSIGN: Interface Ethernet0/0 assigned DHCP address 10.10.1.2, mask 255.255.255.0, hostname R2

    Upon receiving this message you could compare it to the previous address and if it changes update your SLA configuration.

    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.