Redundancy should be built into every network so that in case of a failure, the network remains online. An outage is the last thing that we want to deal with. One of our engineers was recently working on an EEM script that would fail a crypto map over to a cellular interface in case of an internet outage. This allows all users to stay online and keep connectivity back to the data center.
I am not including the static routing that needs to be in place for this work. You have to have a set of backup routes as well. This can be completed easily using a different administrative distance.
The below example will add a crypto map onto a cellular interface and remove it from an ISP interface. When the tracking comes back online, it switches it back. The preliminary testing looks great and we wanted to share it. Map in italics needs to be modified as well as interface changes. Enjoy!
Create EEM script to apply and remove crypto maps
event manager applet CryptoMapFailover
event track 4 state down
action 0.1 syslog msg "Policy triggered; “ISP” Down"
action 1.0 cli command "enable"
action 1.1 cli command "config t"
action 1.2 cli command "int cellular0/1/0"
action 1.3 cli command "crypto map map"
action 1.4 cli command "int gigabitethernet0/0/1"
action 1.5 cli command "no crypto map map"
event manager applet CryptoMapRecover
event track 4 state up
action 0.1 syslog msg "Policy triggered; “ISP” Up"
action 1.0 cli command "enable"
action 1.1 cli command "config t"
action 1.2 cli command "int cellular0/1/0"
action 1.3 cli command "no crypto map map"
action 1.4 cli command "int gigabitethernet0/0/1"
action 1.5 cli command "crypto map map"
Please rate helpful posts!