The Problem

There are cases where you need the IOS XE Guestshell to have a separate IPv4 address.
A recent example for that is enrolling the router to the Webex cloud as a managed gateway.

The Solution

In the following steps I will show you how to configure the Azure VM for your virtualized router to make this work.

Step 1 - Configure Azure

There are many ways you can configure things on Azure, I’m going to show the steps on the web portal.

First of all select the networking adapter that has access to the Internet, in this case my VM only has one (corresponding to GigabitEthernet1 on the router).

From there go to “IP configurations” and “Add” a new configuration.

Add new IP configuration

Fill out the details selecting a name (anything you like), allocation strategy (dynamic is fine) and associate a public IP address. Create a new public IP address if needed.

Make sure to pick “Standard” as SKU.

Details of new IP configuration

Once completed, your IP configurations should look similar to what you see in this screenshot:

Resulting IP configurations for the VM

At this point, move back to the router CLI to complete the configuration.

Step 2 - Configure IOS XE

The configuration required on the router is relatively straightforward.

First of all the VirtualPortGroup interface doesn’t need an IP address, so we configure it like this:

interface VirtualPortGroup0
 ip unnumbered GigabitEthernet1

The next item required is a static route to the private IP (in the screenshots it is shown as 10.0.0.7):

ip route <Secondary-GS-private-IP> 255.255.255.255 VirtualPortGroup0

and finally the guestshell application configuration. Again, the correct private IP addresses have to replaced in the snippet below. As an example, referring to the screenshots, these would be:

  • Primary-VM-private-IP: 10.0.0.6
  • Secondary-GS-private-IP: 10.0.0.7
app-hosting appid guestshell
 app-vnic gateway0 virtualportgroup 0 guest-interface 0
  guest-ipaddress <Secondary-GS-private-IP> netmask 255.255.255.0
 app-default-gateway <Primary-VM-private-IP> guest-interface 0
 name-server0 1.1.1.1

At this point you are ready to enable the Guestshell and you should see that it’s reaching the Internet with the secondary Public IPv4 address.

Conclusion

Let me know if you have comments, and don’t forget adding IPv4 address SKUs will increase the Azure monthly bill, so please take all necessary costs into account.

Thanks for visiting the blog, see you next time!