Building network automation solutions

9 module online course

Start now!


  1. Heh, that's pretty clever.
  2. Now only if we could do that for an access point.
  3. that's very cool.
  4. It could be done on Access point if its PoE-powered. Shut and no shut the port will do the trick.
  5. It's also possible without EEM applets:

    time-range wireless-enabled
    periodic daily 06:00 to 22:00
    access-list 101 permit ip any any time-range wireless-enabled
    access-list 101 deny ip any any
    interface dot11radio0
    ip access-group 101 in
  6. While applying an access-list has it's advantages, it's not the same as shutting down an interface. There are always different scenarios for every unique situation and having the ability to physically shut off a wireless interface on an access point based on time of day could be useful.
  7. This EEM stuff is neat. Is it possible to trigger an EEM applet whenever the WAN Ethernet interface gets a new DHCP lease, or when the DHCP-assigned default gateway changes?
  8. @Jordan: it could be done, if nothing else, you could write a Tcl policy with hooked on a periodic timer event. The Tcl policy would then inspect DHCP state and act as needed.

    There might be some other solution for your problem, but I need to understand the problem first.
  9. We have a router with two Ethernet WAN interfaces connecting us to two ISPs. One of the WAN connections is slower, but more reliable and provides us with static addresses; the other is much faster (cable modem), but only has a single IP address assigned by DHCP. So to make the most of both, we use route maps to push the majority of traffic that originates inside our network over the cable modem (through overloaded dynamic NAT) while reserving the other WAN for incoming traffic addressed to our static IPs (via static NAT to specific inside hosts).

    Since the cable modem ISP is the default route for most traffic, we wanted the ability to fall back to the other WAN link if the cable modem network should go down. To address this, we track the DHCP-assigned route with "ip dhcp client route track" and we also use an SLA with RTR to monitor that link by ensuring we can ping that router. If we can't get packets through the cable modem link, the SLA setup takes the cable modem route out of circulation and all traffic get shunted over the other WAN link (again with overloaded dynamic NAT).

    The cable modem ISP is pretty good about renewing leases, such that this router has been able to keep the same "dynamic" IP address for the past 4 years. This is fortunate, because the IOS doesn't seem to have a way to set the SLA to ping a DHCP-assigned gateway address and so we've had to statically configure the ISP's default gateway's IP address in our SLA config.

    It all works very well, even though statically-configuring the router's IP in the SLA is less-than-ideal. Here's where the problem comes in, though:

    Recently, the ISP renumbered their network, and assigned us a new IP address by DHCP. This of course caused the SLA stuff to break until we went in and changed the SLA config to ping the ISP's router's new address. Every time the ISP changes their network in the future, we'll have to do this again.

    While this might be something that only comes up every year or two, it could also turn out to happen a lot more often (for example, if the ISP changes their policies on long-lived DHCP leases). So, my hope is to use IOS' EEM capabilities to automate the process of noticing that the DHCP-assigned default gateway has changed and then automatically update the SLA when that happens.

    Any thoughts on whether this would be possible?

  10. @Jordan: Great explanation, thanks. I'll try to figure out something.
  11. slightly OT for this IOS blog, but as David asked in the second response:-
    For cheap/plastic/non-industrial Access Points the easiest solution is a mains-plug-in-the-socket timeswitch, either rotary "peg-type" or digital. Don't forget summer/daylight changes or if less critical allow an extra couple of hours either way.
    More complex but scriptable is to switch the DC power lead to the Access Point via a suitable relay, maybe fed from a LPT port (and a Molex or Berg power conn for relay power: look for transistor relay-driver circuits on net) Linux+lptswitch will do it on an old 486, so its SSH-able and tcl-able, or you can simply script it locally. If the cheap access point is near (5-10metres) some server boxes with LPT ports this is easier than a headless-but-huge 1998 desktop on a shelf running ssh :)
    POE is really the way to do it for non-IOS devices IMHelectronicO
    (Gord as anon)
  12. There are also "power control" devices on the market. You can telnet/HTTP to such a device and turn the power off or on (or trigger a power-off of controlled length to power-cycle a box).
  13. Back to Jordan's question. I believe it is possible. You didn't mention what device/IOS/EEM version you are running but you should be able to look for this syslog message

    %DHCP-6-ADDRESS_ASSIGN: Interface Ethernet0/0 assigned DHCP address, mask, hostname R2

    Upon receiving this message you could compare it to the previous address and if it changes update your SLA configuration.
Add comment