Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3329
Views
0
Helpful
5
Replies

Router reload OR shut/noshut when L2TP tunnel goes down?

Go to solution
j_friedrich
Level 1
Level 1

‎11-03-2014 09:48 AM

Hi,

 

     I have been struggling to find/create an EEM script solution to this problem.  Basically, we are using a 3825 router to connect to a 3rd party VPN service.  The tunnel will go down once in a while.  I have yet to find a solution to maybe do a shut/noshut to bring the tunnel back online.  Of course, a router reload will do it.  However, I have to do it manually.  Here are some details:

 

show l2tp

L2TP Tunnel and Session Information Total tunnels 1 sessions 1

LocTunID   RemTunID   Remote Name   State  Remote Address  Sessn L2TP Class/
                                                           Count VPDN Group
1520       1829       vpn-si1.relia est    xxx.xxx.xxx.xxx   1     l2tp_default_cl

LocID      RemID      TunID      Username, Intf/      State  Last Chg Uniq ID
                                 Vcid, Circuit
7          1          1520       1, Vp1               est    23:32:59 1

 

So, this is the tunnel status when up.  It's using virtual-ppp using L2TPv2.

Here is the sample EEM script for a router reload, which does not work as the virtual-ppp interface does not go down.  Instead, with "show l2tp", it goes to no sessions instead of being "established".  Here you go:

 

event manager applet Virtual-PPP1-DOWN
 event syslog pattern "%LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-PPP1, changed state to down"
 action 1.0 syslog msg "The Virtual-PPP1 Interface is down"
 action 1.1 cli command "enable"
 action 1.2 cli command "reload in 5" pattern "confirm"
 action 1.3 cli command ""

 

Ideas?

 

Thanks for everyone's time.

 

Jason

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Dan Frey
Cisco Employee
Cisco Employee
In response to j_friedrich

‎11-03-2014 03:53 PM

The destination IP in IPSLA will need to be an IP address reachable through the l2tp tunnel.

There are three components to the solution: 

1. IPSLA to generate ICMP traffic to the remote end

2. Track command that tracks the reachability of the ICMP traffic.

3.  EEM applet that is triggered when the ICMP echos fail.

!!!!START

ip sla 1
 icmp-echo 192.168.0.125 source-interface Vlan1
 frequency 15
ip sla schedule 1 life forever start-time now

 

track 1 ip sla 1 reachability

 

event manager applet PING
 event syslog pattern "TRACK-6-STATE: 1 ip sla 1 reachability Up -> Down"
 action 010 cli command "enable"
 action 020 cli command "conf t"
 action 030 cli command "int loop 1"
 action 040 cli command "shut"
 action 050 wait 3
 action 060 cli command "no shut"

!!!!END

!Verify

! Shutdown my wan interface will cause ICMP echo to fail to remote end.

C819-4G(config)#int cell 0
C819-4G(config-if)#sh
C819-4G(config-if)#
%LINK-5-CHANGED: Interface Cellular0, changed state to administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Cellular0, changed state to down
C819-4G(config-if)#

! This is the syslog message that will trigger EEM.
%TRACK-6-STATE: 1 ip sla 1 reachability Up -> Down

! I do not have a tunnel network built so I shut and no shut a loopback interface in EEM.
%LINK-5-CHANGED: Interface Loopback1, changed state to administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to down
%LINK-3-UPDOWN: Interface Loopback1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to up

 

 

View solution in original post

0 Helpful
5 Replies 5

Go to solution
j_friedrich
Level 1
Level 1

‎11-03-2014 10:04 AM

Hi,

     I just wanted to add the results of "debug l2tp all".  Here is the sample when the l2tpv2 tunnel is up:

*Nov  3 21:25:36.064: L2TP tnl   01005:000005F0: I HELLO, flg TLS, ver 2, len 20
*Nov  3 21:25:36.064: L2TP tnl   01005:000005F0:
*Nov  3 21:25:36.064: L2TP tnl   01005:000005F0: O ZLB ACK to vpn-si1.reliablehosting.com tnl 1829
*Nov  3 21:25:36.064: L2TP tnl   01005:000005F0:

So, is there anything script-wise that can monitor this?

 

Thanks.

 

0 Helpful

Go to solution
Dan Frey
Cisco Employee
Cisco Employee

‎11-03-2014 10:06 AM

So there is no syslog message indicating the tunnel has gone down?   The only way to determine this is to execute show l2tp? 

A potential solution is to run IPSLA inside the tunnel and when the SLA goes down use that as an event to shut and no shut the tunnel interface to bring it back up.

0 Helpful

Go to solution
j_friedrich
Level 1
Level 1
In response to Dan Frey

‎11-03-2014 02:29 PM

Hi,

 

     Yes, i've done a "show l2tp" and the result is: %No active L2TP tunnels.  However, for whatever reason, it doesn't trigger as I've also included that in an EEM script as a test.  Same thing to reboot as the previous script I posted, which I don't want.  Maybe you can give an example of what your describing, as my experience with IPSLA is limited.

 

Thanks for the response.

Jason

0 Helpful

Go to solution
Dan Frey
Cisco Employee
Cisco Employee
In response to j_friedrich

‎11-03-2014 03:53 PM

The destination IP in IPSLA will need to be an IP address reachable through the l2tp tunnel.

There are three components to the solution: 

1. IPSLA to generate ICMP traffic to the remote end

2. Track command that tracks the reachability of the ICMP traffic.

3.  EEM applet that is triggered when the ICMP echos fail.

!!!!START

ip sla 1
 icmp-echo 192.168.0.125 source-interface Vlan1
 frequency 15
ip sla schedule 1 life forever start-time now

 

track 1 ip sla 1 reachability

 

event manager applet PING
 event syslog pattern "TRACK-6-STATE: 1 ip sla 1 reachability Up -> Down"
 action 010 cli command "enable"
 action 020 cli command "conf t"
 action 030 cli command "int loop 1"
 action 040 cli command "shut"
 action 050 wait 3
 action 060 cli command "no shut"

!!!!END

!Verify

! Shutdown my wan interface will cause ICMP echo to fail to remote end.

C819-4G(config)#int cell 0
C819-4G(config-if)#sh
C819-4G(config-if)#
%LINK-5-CHANGED: Interface Cellular0, changed state to administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Cellular0, changed state to down
C819-4G(config-if)#

! This is the syslog message that will trigger EEM.
%TRACK-6-STATE: 1 ip sla 1 reachability Up -> Down

! I do not have a tunnel network built so I shut and no shut a loopback interface in EEM.
%LINK-5-CHANGED: Interface Loopback1, changed state to administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to down
%LINK-3-UPDOWN: Interface Loopback1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to up

 

 

0 Helpful

Go to solution
j_friedrich
Level 1
Level 1
In response to Dan Frey

‎11-04-2014 02:33 PM

Hi,

 

     Thanks for the great post.  I obviously modified it a bit to do a shut/no shut on the WAN interface and the Virtual-PPP interface and gave it a timeout of 5 minutes.  I looked into doing a vpdn flush, but, that for whatever reason that wouldn't bring the L2TP connection back up.  So, I figured a WAN and Virtual-PPP shut/noshut would do the trick.  We'll see when it goes down, it usually is days and the cisco debug logs on the l2tp tell me nothing ;).  Can't complain about the awesome hardware-accelerated l2tp speed.

 

Thanks again.

 

Jason

 

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card