EIGRP Config
Hi,
I am facing a problem to configure EIGRP in Cisco 1841 Routers. Only directly connected network are announce between two routers. But I need the 10.30.1.0/24 route info in R2 router. Does it possible or not?
Here the EIGRP config
R1 config
router eigrp 11
network 10.30.13.0 0.0.0.255
network 10.30.1.0 0.0.0.255
network 10.10.10.4 0.0.0.3
network 10.10.10.0 0.0.0.3
no auto-summery
R2 config
router eigrp 11
network 10.11.28.0 0.0.0.255
network 10.10.10.4 0.0.0.3
no auto-summery
Please see the attachment for more details. Let me know if you have any question.
Regards,
Mamun
The network statement under your eigrp config does not tell the router to advertise that network. So you have
router eigrp 11
network 10.30.1.0 0.0.0.255
but the network statement under EIGRP tells the router which interfaces to run EIGRP on. And R1 does not have an interface in that network, because it is behind firewall.
So, how does R1 know how to get to 10.30.1.0/24 network ? Do you have a static route on R1 such as
ip route 10.30.1.0 255.255.255.0 <10.10.10.x> where .x is the firewall interface IP address on the 10.10.10.x network ?
If so do the following
1) remove the network statement from your eigrp config - it's not doing anything
router eigrp 11
no network 10.30.1.0 0.0.0.255
2) If you are using a static under your eigrp config
router eigrp 11
redistribute static
If you are not using a static route on R1 let me know what are you using on R1.
Jon
Similar Messages
-
Hi all,
Please see the below snippet of the EIGRP config from one of my routers.
router eigrp 1
network 1.1.1.24 0.0.0.0
network 10.10.200.0 0.0.0.255
network 10.10.201.0 0.0.0.255
network 172.18.24.0 0.0.0.255
network 172.18.124.0 0.0.0.255
redistribute static route-map STATIC-TO-EIGRP
passive-interface default
no passive-interface Tunnel0
no passive-interface Tunnel1
As you notice I am redistributing a static route-map.
If I add the eigrp stub redistributed command, it causes my router's inside IP to become unreachable even though I can still reach the router via the tunnel IP. Reason I want to add redistibuted to EIGRP is for the obvious reason that I want to advertise the static route-map. Will this work or is the redistributed keyword intended for something totally different?
TanksOk so I discovered the reason for the above issue and am posting an answer here for future reference.
If you add eigrp stub alone, it automatically appends connected summary keywords which means it advertises the connected and summary routes and ignores all others. However if you specify eigrp stub redistributed alone as I was doing, the connected and summary routes get ignored therefore dropping the connect to the inside IP address.
Cheerios! -
It appears EIGRP only sends the classic-scale-metrics while operating in non-named configuration mode (E.G. router eigrp # ) AND Always sends the wide-metric format while operating in Named Configuration mode (E.G. router eigrp ROCKS) regardless of the 15.2 IOS version.
When my router is running in Named config mode, sh eigrp protocols reveals K6=0,
when I remove the Named config and use the legacy router eigrp # config mode, the same sh eigrp protocols does not list the K6=0 value (only K1 - K5).
The reason I ask is the Cisco white paper (EIGRP Wide Metrics) dated Nov 2012, states if a legacy EIGRP peer is interfacing with a new EIGRP peer, the new EIGRP peer will send both formats. - Is this doc outdated by a newer doc?
Thanks
FrankUpdate- The original title should be referred to as EIGRP Virtual-Instance (that does support the legacy 32-bit metric and just might also support the 64-bit wide metrics; depending on your configuration).
Viewing the show command (Show command 1) based on EXAMPLE CONFIG 1 below, it's clear the K6 value is not used; only the K1 - K5 values.
If address-family vrf was implemented, as shown in EXAMPLE 2, it's clear the new wide-metric is in effect.
The question still remains, how does an EIGRP peer configured to recognize link speeds greater than 10Gbps interact with EIGRP peers that are not operating in 64-bit mode? What do the configurations look like for each of the peers?
ANYONE know?
Thanks
Frank
EXAMPLE CONFIG 1:
router eigrp TEN-GIG
address-family ipv4 unicast autonomous-system 200
topology base
exit-af-topology
network 192.168.1.1 0.0.0.255
exit-address-family
service-family ipv4 autonomous-system 200
sf-interface GigabitEthernet0/1
authentication mode md5
authentication key-chain MD5-PASS
exit-sf-interface
topology base
exit-sf-topology
exit-service-family
SHOW COMMAND 1:
R40#sh eigrp protocols
EIGRP-IPv4 VR(TEN-GIG) Address-Family Protocol for AS(200)
Metric weight K1=1, K2=0, K3=1, K4=0, K5=0
NSF-aware route hold timer is 240
Router-ID: 10.74.10.5
Topology : 0 (base)
Active Timer: 3 min
Distance: internal 90 external 170
Maximum path: 4
Maximum hopcount 100
Maximum metric variance 1
Total Prefix Count: 6
Total Redist Count: 0
EIGRP-SFv4 VR(TEN-GIG) Service-Family Protocol for AS(200)
Metric weight K1=1, K2=0, K3=1, K4=0, K5=0
NSF-aware route hold timer is 240
Router-ID: 10.74.10.5
Topology : 0 (base)
Active Timer: 3 min
Distance: internal 90 external 170
Maximum path: 1
Maximum hopcount 100
Maximum metric variance 1
Total Prefix Count: 0
Total Redist Count: 0
EXAMPLE 2:
R-64-bit#sh ip eigrp vrf DMZ topology 192.168.1.0 255.255.255.0
EIGRP-IPv4 VR(DMZ) Topology Entry for AS(200)/ID(10.74.10.5)
Topology(base) TID(0) VRF(DMZ)
EIGRP-IPv4(200): Topology base(0) entry for 192.168.1.0/24
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 1310720, RIB is 10240
Descriptor Blocks:
192.168.1.1 (GigabitEthernet0/1), from 192.168.1.2, Send flag is 0x0
Composite metric is (1310720/65536), route is Internal
Vector metric:
Minimum bandwidth is 1000000 Kbit
Total delay is 10000000 picoseconds
Reliability is 0/255
Load is 1/255
Minimum MTU is 1500
Hop count is 1 -
Failover routing design help Needed
Hello.
We are looking to have a setup like this:
User PCs
|
|
|
3750x
(stack - ip base)
Servers---------------3750x ---------------- 3750x---------------- Servers
(stack - (stack -
ip services) ip services)
| |
| |
| |
| |
Router Router
| |
| |
| |
ISP1 ISP2
We would like to have routing (and vLans) done on the switches, and have internet failover from ISP1 to ISP2 if ISP1 fails, and go back to ISP1 when it comes back up. Trunks between all switches. We also would like to have all devices on the same vLAN if possible.
What is the best approach to do this?
(Note that left and right sides [in brown and green font] are in separate site locations, and that user end [in red font] switches only have ip base, which limits eigrp functionality.)
We tried following this, but doesn't fit our site exactly:
http://www.geekmungus.co.uk/cisco-and-networking/failoverinternetconnectionusingipslatrackingandeigrproutingforinter-sitelinks
(Also ran into issue where switch in the middle would have two routes to internet - so possible issue with priority routes)
Thanks in advanceThe servers in SiteB (3750_2) are just replicated copies of the servers in SiteA (3750_1). However, there always needs to be an active connection between SiteA and SiteB. Only time that the UserSite(3750_3) needs to access servers in SiteB is when SiteA is completely down.
However, if the servers in SiteA (3750_1) can still be reached through via site SiteB (3750_2) when the direct connection between the UserSite(3750_3) and SiteA (3750_1) is down, that route should also be available (if possible).
The above is good news because it means we can route optimally for both internet and client to server traffic. STP is blocking one of the links from 3750_3, the one to 3750_2.
A couple of questions from the configurations you posted -
1) on 3750_3 you said in a previous post the clients use the vlan 10 interface IP on 3750_3 as their default gateway. But there are no default routes in the routing table on 3750_3 so how does internet work at the moment ?
In fact there are no default routes on any of the stacks. Is internet not working at the moment because i can't see how it can be.
What is weird is that you have static default routes configured on each 3750 IP Services stack but they are not even showing up in the routing tables on that stack ?
2) the 192.168.50.32/29 and 192.168.50.40/29 networks. They don't seem to be doing anything ? I think they were meant to be for the uplinks from 3750_3 but they haven't been used for this.
3) the IP services stack connections to the routers. Do you know what IP subnet is used for this. It looks like it is vlan 10 again but can you confirm ie. what are the routers LAN interface IP addresses ?
So if you can answer the above we can probably start with reconfiguration. There is going to be quite a lot. You can however do some prepatory work without affecting anything -
1) pick a new subnet for the client vlan and create the scope on your DHCP servers. If you use both DHCP servers then split the scope in half between DHCP servers
2) pick a new vlan number for use for the clients
3) assuming the router's LAN interfaces are in vlan 10 i will need 4 x /30 subnets for all four uplinks ie. 2 from 3750_3 and 2 for each IP Services stack to router connection. You can just give me a class C if you want and i will break it down
4) we only want the new client vlan on 3750_3. If 3750_3 is in VTP client mode then it will not work once we change to L3 uplinks so we need to change the VTP mode to VTP transparent on the 3750_3. Once you have done this we can then create the new client subnet and the L3 vlan interface for the client subnet + ip helper-addresses and this still won't affect your current setup.
All of the above can be done with no downtime although if you change to VTP transparent do this out of hours just in case there is an impact. There shouldn't be but it is worth being safe.
Next are the changes that will require downtime. I appreciate it is three separate sites but because you are changing the uplinks it needs to be done all at once. Basically we need to -
1) on all clients release the current IP address. Then have them shutdown.
2) modify EIGRP config for new client vlan and remove all the other stuff as it is not needed
3) reconfigure all uplinks to be L3 on switch stacks and then check the routing tables to make sure there is a route for vlan 10.
3) allocate all ports for clients into the new client vlan
4) bring clients back up and they should then get new IPs from the DHCP server
5) remove any unnecessary configuration from 3750_3
6) reconfigure 3750_1 and 3750_2 connections to their routers
7) modify EIGRP configuration on both IP Services stacks
8) modify IP SLA configuration on 3750_1. Note there is no point in tracking on 3750_2 because only when ISP1 fails do you want to use ISP2 and if ISP2 fails while ISP1 is down there is nothing to fail back to.
9) modify EIGRP config on the routers
that's a brief outline of what needs doing so you can see it is a fair bit and will need careful planning. As far as the default route goes there are two options and i'm still thinking it all through -
1) have both routers generate a defaut route and apply a delay on the 3750_3 to 3750_2 uplink so 3750_1 is preferred. The advantage of this is that 3750_3 has both routes so if the uplink to 3750_1 it can immediately switch to 3750_2. The delay would also apply to vlan 10 as well so traffic would go to 3750_1 which is what you want.
2) have only 3750_1 generate a default route and only if ISP1 fails does ISP2 then generate a default route. The advantage of this is that you would not need to tweak the delay to get ti right but if ISP1 fails there will be a delay before 3750_2 realises the default route has gone and generates it's own.
So it's a tradeoff. I'll have another look at the configs etc. and decide which is best.
It is a fairly large redesign but at the moment the configurations are quite confusing because there is a lot of extra stuff which isn't doing anything as far as i can see. I am happy to provide configs and explanations as to what you should see and also happy to be around when you implement it ie. e-mail or if you can't e-mail (no internet access ) then on the phone. You would just need to let me know when you needed me and i'll make sure i am available (no charge obviously).
If you could answer the above questions and let me know how you want to proceed then we can take it from there.
Jon -
If I include this statement on my eigrp config, would it just say to all other routers, anything you dont know about , route to the network specified in ip default network, is this a bit like a default route ?
thanksso would this basically forward any unknown traffic to the network I have specified, so if it neighbour is say 172.19.1.1/16 and I use the ip default network 172.19.0.0 0.0.255.255 command, will it forward the traffic to that other router ?
-
Having an issue adding network to eigrp
I'm doing a class project using a network simulator and am asked to: Design and implement an network for company RoutersCourseMatters. The names of the department names at this company are Faculty, Staff, and Students. For security reasons, each department must be isolated from each other's broadcast domain on the network. The Faculty have 50 end devices that need to be connected to the network. Staff has 26 end devices and the Students have 100 end devices. The network spaced provided by the ISP is 192.168.0.0/24. The dynamic protocol used for this network must be for Cisco-only equipment. Test each department network with just one end device and ensure full connectivity across the entire network
So we have our network topology setup for the class project(see picture attached). We are using one router for faculty+staff. Faculty has ip/mask of 192.168.0.1/26 and staff is: 192.168.0.65/27. we have a seperate router for students which the IP subnet for students is 192.168.0.150/25. The routers are directly connected and are using ips 192.168.0.98/29 & 192.168.0.100/29 so since the two routers are directly connected on the same subnet they have no issue pinging each other. The problem is pinging hosts from a subnet to hosts on a different subnet. When I try and add ANY 192.168.0.* subnet to eigrp it instead adds 192.168.16.* network. For instance on the faculty/student router if i do a 'router eigrp 1' command followed by 'network 192.168.0.0 0.0.0.63' it shows network 192.168.16.0 has been added to eigrp under show run. here is show run command:
faculty/staff Con0 is now available
Press RETURN to get started!
faculty/staff>en
faculty/staff#show run
Building configuration...
Current configuration : 874 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname faculty/staff
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
ip subnet-zero
interface FastEthernet0/0
description blank
ip address 192.168.0.65 255.255.255.224
no ip directed-broadcast
interface FastEthernet0/1
description link to switch
ip address 192.168.0.1 255.255.255.192
no ip directed-broadcast
interface Serial0/0/0
ip address 192.168.20.2 255.255.255.0
no ip directed-broadcast
clockrate 2000000
interface Serial0/0/1
no ip address
no ip directed-broadcast
shutdown
clockrate 2000000
interface Serial0/1/0
no ip address
no ip directed-broadcast
shutdown
clockrate 2000000
interface Serial0/1/1
ip address 192.168.0.98 255.255.255.248
no ip directed-broadcast
router eigrp 1
network 0.0.0.0
network 192.168.1.1 0.0.0.0
network 192.168.16.0
network 192.168.20.0
no auto-summary
ip classless
no ip http server
no ip http secure-server
control-plane
line con 0
line aux 0
line vty 0 4
login
line vty 5 1180
login
scheduler allocate 20000 1000
end
faculty/staff#config t
Enter configuration commands, one per line. End with CNTL/Z
faculty/staff(config)#router eigrp 1
faculty/staff(config-router)#network 192.168.0.0 0.0.0.63
faculty/staff(config-router)#exit
faculty/staff(config)#exit
faculty/staff#show run
Building configuration...
Current configuration : 874 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname faculty/staff
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
ip subnet-zero
interface FastEthernet0/0
description blank
ip address 192.168.0.65 255.255.255.224
no ip directed-broadcast
interface FastEthernet0/1
description link to switch
ip address 192.168.0.1 255.255.255.192
no ip directed-broadcast
interface Serial0/0/0
ip address 192.168.20.2 255.255.255.0
no ip directed-broadcast
clockrate 2000000
interface Serial0/0/1
no ip address
no ip directed-broadcast
shutdown
clockrate 2000000
interface Serial0/1/0
no ip address
no ip directed-broadcast
shutdown
clockrate 2000000
interface Serial0/1/1
ip address 192.168.0.98 255.255.255.248
no ip directed-broadcast
router eigrp 1
network 0.0.0.0
network 192.168.1.1 0.0.0.0
network 192.168.16.0
network 192.168.20.0
no auto-summary
ip classless
no ip http server
no ip http secure-server
--More--
project.jpg
Reply Reply to Main Discussion
Cody Robinson
Cody Robinson
2:36pm
Here is 'show ip eigrp topology' on staff/faculty router:
faculty/staff Con0 is now available
Press RETURN to get started!
faculty/staff>en
faculty/staff#show ip interface
FastEthernet0/0 is up, line protocol is up
Internet address is 192.168.0.65/27
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1514 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is disabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
FastEthernet0/1 is up, line protocol is up
Internet address is 192.168.0.1/26
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1514 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is disabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
Serial0/0/0 is down, line protocol is down
Internet address is 192.168.20.2/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1514 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is disabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
Serial0/0/1 is administratively down, line protocol is down
Internet protocol processing disabled
Serial0/1/0 is administratively down, line protocol is down
Internet protocol processing disabled
Serial0/1/1 is up, line protocol is up
Internet address is 192.168.0.98/29
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1514 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is disabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
faculty/staff#show ip eigrp ?
<1-65535> Autonomous System
accounting IP-EIGRP Accounting
interfaces IP-EIGRP interfaces
neighbors IP-EIGRP neighbors
topology IP-EIGRP Topology Table
traffic IP-EIGRP Traffic Statistics
vrf Select a VPN Routing/Forwarding instance
faculty/staff#show ip eigrp topology
IP-EIGRP Topology Table for AS(1)/ID(192.168.20.2)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 192.168.0.0/26, 1 successors, FD is 2172416
via Connected, FastEthernet0/1
P 192.168.0.64/27, 1 successors, FD is 2172416
via Connected, FastEthernet0/0
P 192.168.0.96/29, 1 successors, FD is 2172416
via Connected, Serial0/1/1
faculty/staff#
Cody Robinson
Cody Robinson
2:37pm
Here is show run on students router:
Students Con0 is now available
Press RETURN to get started!
Students>sh run
^
% Invalid input detected at '^' marker.
Students>en
Students#sh run
Building configuration...
Current configuration : 874 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Students
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
ip subnet-zero
interface FastEthernet0/0
no ip address
no ip directed-broadcast
shutdown
interface FastEthernet0/1
description link to switch
ip address 192.168.0.150 255.255.255.128
no ip directed-broadcast
interface Serial0/0/0
ip address 192.168.10.1 255.255.255.0
no ip directed-broadcast
clockrate 2000000
interface Serial0/0/1
no ip address
no ip directed-broadcast
shutdown
clockrate 2000000
interface Serial0/1/0
no ip address
no ip directed-broadcast
shutdown
clockrate 2000000
interface Serial0/1/1
ip address 192.168.0.100 255.255.255.248
no ip directed-broadcast
clockrate 2000000
router eigrp 1
network 0.0.0.0
network 192.168.1.1 0.0.0.0
network 192.168.10.0
ip classless
no ip http server
no ip http secure-server
control-plane
line con 0
line aux 0
line vty 0 4
login
line vty 5 1180
login
scheduler allocate 20000 1000
end
Students#Hello lolwar,
From your setup and description you provided I see some mismatch in IP subneting you calculated.
For instance in your diagram you have networks 192.168.0.0/26 (FACULTY), 192.168.0.64/27 (STAFF), 192.168.0.96/29 (point-to-point link between routers) and 192.168.0.128/25 (STUDENTS).
First, you're wasting IP addresses, because you have unused space between point-to-point link and STUDENTS subnet. It's a good practice, when calculating subnets first calculate the biggest, subnet, then smaller one until the smallest one (usually some point-to-point cross-connects). For more about this see this guide.
Now, the issue I see as the most important is, that you have in your diagram networks as I mentioned above, but into your EIGRP process you're adding completely different subnets (192.168.16.x, 192.168.20.x,...).
I entered following:
STUDENT ROUTER =------------>
router eigrp 1
network 192.168.0.96 0.0.0.7
network 192.168.0.128 0.0.0.127
FACULTY/STAFF ROUTER =------------->
router eigrp 1
network 192.168.0.0 0.0.0.63
network 192.168.0.64 0.0.0.31
network 192.168.0.96 0.0.0.7
And all works just fine, computer's are able to ping each other. Also although it's not necessary, it's good to includes network wildcard mask into the "network" command under EIGRP (or OSPF) configuration.
I hope this will help you (please rate if this is the case. Thanks.) -
How to change AD of specific routes in EIGRP NX-OS 6.2
Hi,
I need some help in converting following IOS config to NX-OS
router eigrp 10
distance 18 10.16.0.16 0.0.0.7 bgp_acl <-----
distance 18 10.16.0.24 0.0.0.7 distance_18 <-----
no auto-summary
ip access-list standard distance_18
permit 10.1.1.1
permit 10.14.52.0
permit 10.13.52.0
permit 10.106.1.1
ip access-list standard bgp_acl
permit 10.1.1.1
permit 10.106.1.1
how do I change administrative distance of specific routes in NX-OS learned from sources specified in distance command?
In NX-OS I see that distance command changes AD globally for all internal and external routes.
Thank youThis is what I have finalized. first I tried with 2 prefix-list to match for routes but route-map has limitation and you can't use 2 address type prefix-lists.
router eigrp 10
address-family ipv4 unicast
table-map vpls-route-AD
route-map vpls-route-AD permit 10
match ip route-source prefix-list vpls-route-source
match ip address prefix-list vpls-route
set distance 18
ip prefix-list vpls-route-source seq 5 permit 10.16.0.16/29
ip prefix-list vpls-route-source seq 10 permit 10.16.0.24/29
ip prefix-list vpls-route seq 15 permit 10.13.52.0/24
ip prefix-list vpls-route seq 20 permit 10.14.52.0/24
ip prefix-list vpls-route seq 25 permit 10.1.1.1/32
ip prefix-list vpls-route seq 30 permit 10.106.1.1/32 -
Metrics when redistributing a static default route into EIGRP?
I saw a network working with EIGRP and resdistributing a static default route into it. I did not find the "default metrics" to redistribute into EIGRP but the static default route works and is redistributed. My understanding was that everytime you redistribute into EIGRP you needed to specify the metrics. How come this network is working? Can someone explain or point to a cisco document what explains it?
Sample of the config:
router eigrp 1
redistribute static
no autosummary
network Y.Y.Y.Y
ip route 0.0.0.0 0.0.0.0 X.X.X.X
Thank you,It's just one of those specific things about EIGRP and IOS, maybe a design choice. If they do use the interface as the seed metric then that would help explain why it's that way.
Weirdly if you are using EIGRP VRF address family configuration on IOS and you redistribute statics you do need a metric.
And I believe NXOS running on Nexus switches also needs a metric defined.
Just one of those things you have to remember but it would be good if it was consistent.
Jon -
Nexus 6004 EIGRP Relationship between the two switches
Hi All,
I will try to explain this as best as I can. In our current TEST LAB we have a Pair of Cisco ASA5585x running in Active/Passive mode. We use a VRF transit to connect the 10 GB interface to a Pair of Cisco Nexus 6004 (L3) switches running vPC between them. Downstream we also have a pair of Cisco 9372 switches (L2) also running vPC between the two.
As of right now we have EIGRP neighbor relationship formed between the two N6K's and the ASA.
ASA
ciscoasa# sh eigrp neighbors
EIGRP-IPv4 neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 172.16.230.9 Te0/8.451 12 01:30:25 1 200 0 52
0 172.16.230.10 Te0/8.451 12 01:30:25 1 200 0 48
The ASA formed relationship with both N6K's
SWITCH1
Nexus6-1# sh ip eigrp neighbors vrf inside
IP-EIGRP neighbors for process 100 VRF Inside
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 172.16.8.3 Vlan680 11 01:28:28 1 50 0 45
1 172.16.230.10 Vlan451 13 01:28:28 1 50 0 46
2 172.16.230.11 Vlan451 10 01:28:00 4 50 0 13
Nexus6-1#
SWITCH2
Nexus6-2# sh ip eigrp neighbors vrf Inside
IP-EIGRP neighbors for process 100 VRF Inside
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
2 172.16.8.2 Vlan680 14 01:30:11 23 138 0 48
0 172.16.230.9 Vlan451 13 01:30:11 480 2880 0 50
1 172.16.230.11 Vlan451 13 01:29:48 1598 5000 0 13
Nexus6-2#
Both Nexus Switches formed EIGRP neighbors using the vPC Peer-Link. There is enough documentation out there that strongly suggest not to use vPC Peer-Links for EIGRP anything.
We do have additional interfaces available on the 6K's that we can use as a cross connect for EIGRP. What we are having trouble understanding how we can force EIGRP traffic over those ports?
Here is a complete Switch config:
Switch1
Nexus6-1# sh run
feature telnet
cfs eth distribute
feature eigrp
feature interface-vlan
feature lacp
feature vpc
feature lldp
vlan 1
vlan 451
name P2P_VRF_SVI
vlan 652
name Management
vlan 680
name Inside
vrf context Inside
vrf context management
ip route 0.0.0.0/0 172.16.52.1
vrf context peer-keepalive
vpc domain 99
role priority 1
peer-keepalive destination 10.200.50.2 source 10.200.50.1 vrf peer-keepalive
delay restore 120
interface Vlan1
interface Vlan451
description Inside p2p to ASA
no shutdown
vrf member Inside
ip address 172.16.230.9/29
ip router eigrp 100
no ip passive-interface eigrp 100
interface Vlan651
interface Vlan680
description Inside Network
no shutdown
vrf member Inside
ip address 172.16.8.2/22
ip router eigrp 100
interface port-channel99
switchport mode trunk
spanning-tree port type network
vpc peer-link
interface port-channel102
switchport mode trunk
vpc 102
interface Ethernet1/1
description vPC Peer Link 1.1
switchport mode trunk
speed auto
channel-group 99
interface Ethernet1/6
interface Ethernet1/7
description vPC Peer Link 1.7 to Nexus 9372 PRI
switchport mode trunk
speed auto
channel-group 102 mode active
interface Ethernet1/8
interface Ethernet1/9
interface Ethernet2/1
description vPC Peer Link 2.1
switchport mode trunk
speed auto
channel-group 99
interface Ethernet2/2
interface Ethernet2/7
description vPC Peer Link 2.1 to Nexus SEC
switchport mode trunk
speed auto
channel-group 102 mode active
interface Ethernet2/8
interface Ethernet8/1
description keep-alive peer-link to ALNSWI02
no switchport
vrf member peer-keepalive
ip address 10.200.50.1/30
interface Ethernet8/2
description Uplink to ASA
switchport mode trunk
interface Ethernet8/3
interface mgmt0
vrf member management
ip address 172.16.52.3/23
line console
line vty
boot kickstart bootflash:/n6000-uk9-kickstart.7.0.1.N1.1.bin
boot system bootflash:/n6000-uk9.7.0.1.N1.1.bin
router eigrp 100
passive-interface default
default-information originate
vrf Inside
autonomous-system 100
default-information originate
poap transit
Nexus6-1#
Nexus6-1# sh ip eigrp neighbors vrf inside
IP-EIGRP neighbors for process 100 VRF Inside
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 172.16.8.3 Vlan680 11 01:28:28 1 50 0 45
1 172.16.230.10 Vlan451 13 01:28:28 1 50 0 46
2 172.16.230.11 Vlan451 10 01:28:00 4 50 0 13
Nexus6-1#
Nexus6-1# sh ip eigrp topology vrf Inside
IP-EIGRP Topology Table for AS(100)/ID(172.16.8.2) VRF Inside
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 172.16.8.0/22, 1 successors, FD is 2816
via Connected, Vlan680
P 172.16.230.8/29, 1 successors, FD is 2816
via Connected, Vlan451
Nexus6-1# sh vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 99
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 1
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
vPC Peer-link status
id Port Status Active vlans
1 Po99 up 1,451,652,680
vPC status
id Port Status Consistency Reason Active vlans
102 Po102 up success success 1,451,652,6
80
Nexus6-1# sh spanning-tree
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address 1005.caf5.88ff
Cost 2
Port 4197 (port-channel102)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 8c60.4f2d.2ffc
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po99 Desg FWD 1 128.4194 (vPC peer-link) Network P2p
Po102 Root FWD 1 128.4197 (vPC) P2p
Eth8/2 Desg FWD 2 128.1026 P2p
Eth8/3 Desg FWD 2 128.1027 P2p
VLAN0451
Spanning tree enabled protocol rstp
Root ID Priority 33219
Address 8c60.4f2d.2ffc
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 33219 (priority 32768 sys-id-ext 451)
Address 8c60.4f2d.2ffc
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po99 Desg FWD 1 128.4194 (vPC peer-link) Network P2p
Po102 Desg FWD 1 128.4197 (vPC) P2p
Eth8/2 Desg FWD 2 128.1026 P2p
VLAN0652
Spanning tree enabled protocol rstp
Root ID Priority 33420
Address 1005.caf5.88ff
Cost 2
Port 4197 (port-channel102)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 33420 (priority 32768 sys-id-ext 652)
Address 8c60.4f2d.2ffc
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po99 Desg FWD 1 128.4194 (vPC peer-link) Network P2p
Po102 Root FWD 1 128.4197 (vPC) P2p
Eth8/2 Desg FWD 2 128.1026 P2p
VLAN0680
Spanning tree enabled protocol rstp
Root ID Priority 33448
Address 1005.caf5.88ff
Cost 2
Port 4197 (port-channel102)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 33448 (priority 32768 sys-id-ext 680)
Address 8c60.4f2d.2ffc
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po99 Desg FWD 1 128.4194 (vPC peer-link) Network P2p
Po102 Root FWD 1 128.4197 (vPC) P2p
Eth8/2 Desg FWD 2 128.1026 P2p
Nexus6-1#
Switch2
Nexus6-2# sh run
!Command: show running-config
!Time: Sat Feb 12 19:02:44 2011
version 7.0(1)N1(1)
hostname Nexus6-2
feature telnet
cfs eth distribute
feature eigrp
feature interface-vlan
feature lacp
feature vpc
feature lldp
vlan 1
vlan 451
name P2P_VRF_SVI
vlan 652
name Management
vlan 680
name Inside
vrf context Inside
vrf context P2P_Inside_VRF
vrf context management
ip route 0.0.0.0/0 172.16.52.1
vrf context peer-keepalive
vpc domain 99
role priority 2
peer-keepalive destination 10.200.50.1 source 10.200.50.2 vrf peer-keepalive
delay restore 120
interface Vlan1
interface Vlan451
description Inside p2p to ASA
no shutdown
vrf member Inside
ip address 172.16.230.10/29
ip router eigrp 100
no ip passive-interface eigrp 100
interface Vlan680
description Inside Network
no shutdown
vrf member Inside
ip address 172.16.8.3/22
ip router eigrp 100
interface port-channel99
switchport mode trunk
spanning-tree port type network
vpc peer-link
interface port-channel102
switchport mode trunk
vpc 102
interface Ethernet1/1
description vPC Peer Link 1.1
switchport mode trunk
speed auto
channel-group 99
interface Ethernet1/2
interface Ethernet1/6
interface Ethernet1/7
description vPC Link 1.7 to Nexus 9372 SEC
switchport mode trunk
speed auto
channel-group 102 mode active
interface Ethernet1/8
interface Ethernet1/12
interface Ethernet2/1
description vPC Peer Link 2.1
switchport mode trunk
speed auto
channel-group 99
interface Ethernet2/2
interface Ethernet2/6
interface Ethernet2/7
description vPC Link 2.1 to Nexus PRI
switchport mode trunk
speed auto
channel-group 102 mode active
interface Ethernet2/8
interface Ethernet2/12
interface Ethernet8/1
description keep-alive peer-link to ALNSWI01
no switchport
vrf member peer-keepalive
ip address 10.200.50.2/30
interface Ethernet8/2
description Uplink to ASA
switchport mode trunk
switchport trunk allowed vlan 1,451,652,680
interface Ethernet8/3
interface Ethernet8/20
interface mgmt0
vrf member management
ip address 172.16.52.4/23
line console
line vty
boot kickstart bootflash:/n6000-uk9-kickstart.7.0.1.N1.1.bin
boot system bootflash:/n6000-uk9.7.0.1.N1.1.bin
router eigrp 100
vrf Inside
autonomous-system 100
default-information originate
poap transit
logging logfile messages 6
Nexus6-2#
Nexus6-2#
Nexus6-2# sh ip eigrp neighbors vrf Inside
IP-EIGRP neighbors for process 100 VRF Inside
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
2 172.16.8.2 Vlan680 14 01:30:11 23 138 0 48
0 172.16.230.9 Vlan451 13 01:30:11 480 2880 0 50
1 172.16.230.11 Vlan451 13 01:29:48 1598 5000 0 13
Nexus6-2#
Nexus6-2# sh ip eigrp topology vrf Inside
IP-EIGRP Topology Table for AS(100)/ID(172.16.8.3) VRF Inside
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 172.16.8.0/22, 1 successors, FD is 2816
via Connected, Vlan680
P 172.16.230.8/29, 1 successors, FD is 2816
via Connected, Vlan451
Nexus6-2#
Nexus6-2#
Nexus6-2# sh vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 99
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : secondary
Number of vPCs configured : 1
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
vPC Peer-link status
id Port Status Active vlans
1 Po99 up 1,451,652,680
vPC status
id Port Status Consistency Reason Active vlans
102 Po102 up success success 1,451,652,6
80
Nexus6-2#
Nexus6-2#
Nexus6-2# sh spanning-tree
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address 1005.caf5.88ff
Cost 3
Port 4194 (port-channel99)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 8c60.4f2d.777c
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po99 Root FWD 1 128.4194 (vPC peer-link) Network P2p
Po102 Root FWD 1 128.4197 (vPC) P2p
Eth8/2 Desg FWD 2 128.1026 P2p
Eth8/3 Desg FWD 2 128.1027 P2p
VLAN0451
Spanning tree enabled protocol rstp
Root ID Priority 33219
Address 8cJon,
Are you ready for the mass confusion?
when Looking at the ASA EIGRP neighbors output here is what I see.
ASA# sh eigrp neighbors
EIGRP-IPv4 neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
3 172.16.230.1 Te0/8.450 13 16:45:14 1 200 0 64
2 172.16.230.2 Te0/8.450 11 16:45:14 1 200 0 84
1 172.16.230.10 Te0/8.451 11 16:45:20 1 200 0 178
0 172.16.230.9 Te0/8.451 13 16:45:20 1 200 0 148
For simplicity sake lets just concetrate on Interface TenGigabit0/8.451 which is the SVI on the Nexus switch that is VLAN451
From the Nexus Switch 6004 that is directly connected to the ASA here is what I see
SWI01# sh ip eigrp neighbors vrf Inside
IP-EIGRP neighbors for process 100 VRF Inside
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 172.16.8.3 Vlan680 10 17:04:30 54 324 0 177
1 172.16.230.10 Vlan451 11 16:59:10 819 4914 0 178
2 172.16.230.11 Vlan451 14 16:53:48 24 144 0 20
The Inside VRF that is tied to both SVI's on the Switch vlans 451 and 680 is in EIGRP 100 on the switch
SWI01# sh run int vlan 451
interface Vlan451
description Inside p2p to ASA
no shutdown
vrf member Inside
ip address 172.16.230.9/29
ip router eigrp 100
no ip passive-interface eigrp 100
SWI01# sh run int vlan 680
interface Vlan680
description Inside Network
no shutdown
vrf member Inside
ip address 172.16.8.2/22
ip router eigrp 100
hsrp 1
authentication text test
preempt
priority 250
ip 172.16.8.1
so you with me so far?
If you are you have noticed that on the ASA neighbors the ASA sees 172.16.230.11 as a neighbor which is the Secondary Nexus SW. That is becauise they all share the same subnet.
172.16.230.8/29
Brakedown:
PRI Nexus 6004 - 172.16.230.9
SEC NEXUS 6004 - 172.16.230.10
PRI ASA 5585x - 172.16.230.11
SEC ASA 5585x - 172.16.230.12
Because the ASA EIGRP network is a /29 it learns the Secondary Nexus via the Primary Nexus.
I am not sure that the link we created between the two Nexus Switches is doing anything but consuming ports right now.
SWI01# sh run int ethernet 8/9
interface Ethernet8/9
description EIGRP PORT to Secondary Nexus
switchport mode trunk
switchport trunk allowed vlan 450-451
SWI02# sh run int ethernet 8/9
interface Ethernet8/9
description EIGRP PORT to Primary Nexus
switchport mode trunk
switchport trunk allowed vlan 450-451
So the SVI's that go up to the ASA for inspection are 450 and 451. The network SVI's are 600 and 680 all of them live on the switch, and 680, and 600 are extended over the peer links down to the 9372's.
I think that we are breaking the golden rule of vPC BUT.. I am not 100% sure. Some of the documents read that we should not be allowing network vlans over peer links, but then how do you extend the vlans down to the leaf switch?
This is giving me nightmares at the moment…
does this make sense? -
Unequal Load Balancing with EIGRP over 4 Wireless networks
We are trying to load-balance on 4 interfaces that have unequal bandwidths. The setup looks like this
8 Computers -> Empty Config Switch -> 3560 Router\Switch -> 4x Wireless Radios on different frequencies - networks -> 3560 Router\Switch->Empty Config Switch -> 8 Computers
We have EIGRP setup and the bandwidths defined, and the routes are showing proper share counts, but once we start adding traffic to the network, they all jump on one of the links. The config and everything looks right, its just not working. I have tried switching to different cef algorithms. Removed the vlans . I made them equal cost and they did the same thing. Its like EIGRP does not want to load balance.
When i did this config with static routes or as OSPF, it actually load balanced them, but I'm stuck with a 1:1 share ratio. If i could control the ratio, then that would be an acceptable solution.
Any ideas on what could be causing this?
Code:
Routing entry for 192.168.104.0/24
Known via "eigrp 10", distance 90, metric 13312, type internal
Redistributing via eigrp 10
Last update from 192.168.2.4 on Vlan2, 00:04:25 ago
Routing Descriptor Blocks:
* 192.168.9.4, from 192.168.9.4, 00:04:25 ago, via Vlan9
Route metric is 51712, traffic share count is 31
Total delay is 20 microseconds, minimum bandwidth is 50000 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 1
192.168.5.4, from 192.168.5.4, 00:04:25 ago, via Vlan5
Route metric is 13312, traffic share count is 120
Total delay is 20 microseconds, minimum bandwidth is 200000 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 1
192.168.3.4, from 192.168.3.4, 00:04:25 ago, via Vlan3
Route metric is 26112, traffic share count is 61
Total delay is 20 microseconds, minimum bandwidth is 100000 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 1
192.168.2.4, from 192.168.2.4, 00:04:25 ago, via Vlan2
Route metric is 13312, traffic share count is 120
Total delay is 20 microseconds, minimum bandwidth is 200000 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 1
3560_Switch_1#show int Fa 0/1 | inc packets/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
3560_Switch_1#show int Fa 0/2 | inc packets/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
3560_Switch_1#show int Fa 0/3 | inc packets/sec
5 minute input rate 17111000 bits/sec, 2545 packets/sec
5 minute output rate 13872000 bits/sec, 2251 packets/sec
3560_Switch_1#show int Fa 0/4 | inc packets/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
3560_Switch_1#show ip cef exact-route 192.168.101.57 192.168.104.57
192.168.101.57 -> 192.168.104.57 => IP adj out of Vlan5, addr 192.168.5.4
Here is the config.
Code:
ip cef load-sharing algorithm universal 00123456
interface FastEthernet0/1
switchport access vlan 2
bandwidth 200000
delay 1
spanning-tree portfast
interface FastEthernet0/2
switchport access vlan 3
bandwidth 200000
delay 1
spanning-tree portfast
interface FastEthernet0/3
switchport access vlan 5
bandwidth 200000
delay 1
spanning-tree portfast
interface FastEthernet0/4
switchport access vlan 9
bandwidth 200000
delay 1
spanning-tree portfast
interface GigabitEthernet0/1
description USER PORT
switchport access vlan 100
spanning-tree portfast
interface Vlan2
bandwidth 200000
ip address 192.168.2.1 255.255.255.0
delay 1
interface Vlan3
bandwidth 100000
ip address 192.168.3.1 255.255.255.0
delay 1
interface Vlan5
bandwidth 200000
ip address 192.168.5.1 255.255.255.0
delay 1
interface Vlan9
bandwidth 50000
ip address 192.168.9.1 255.255.255.0
delay 1
interface Vlan100
description User Data
ip address 192.168.101.1 255.255.255.0
router eigrp 10
maximum-paths 8
variance 15
network 192.168.2.0
network 192.168.3.0
network 192.168.5.0
network 192.168.9.0
network 192.168.101.0Yup, that was the first cef algorithm I had tried. ip cef load-sharing algorithm include-ports source destination
I tried all of the different types.
Also, I was sending data trough iperf from 4 computers + 1 comp steaming video on one network to 5 computers on another network. In any case of source or destination, it should have switched over. The odds of it all going on Vlan 5 is ~ 0.6% Restarting the router sometimes places it all on a different vlan, but in any case its all or nothing. -
Hi,
I have main router CISCO 3825 VO4 and main switch C3560 48P
and you will see here the running configuration in the router
Plz can any one tell me his opinion in this scenario
and if you can give me any concepts or ideas to improve it
show run
Building configuration...
version 12.4
service config
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime
service password-encryption
service compress-config
hostname mainRouter
boot-start-marker
boot system flash c3825-advsecurityk9-mz.124-22.T.bin
boot-end-marker
security authentication failure rate 3 log
security passwords min-length 6
logging message-counter syslog
no logging buffered
enable secret 5 ##############
aaa new-model
aaa authentication login TEMP group tacacs+ local enable
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ local
aaa authorization commands 1 default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa accounting exec default
action-type start-stop
group tacacs+
aaa accounting commands 1 default
action-type start-stop
group tacacs+
aaa accounting commands 15 default
action-type start-stop
group tacacs+
aaa accounting system default
action-type start-stop
group tacacs+
aaa session-id common
dot11 syslog
no ip source-route
ip cef
no ip bootp server
no ip domain lookup
ip domain name mydomain.com
ip name-server (IP of Internet Server)
multilink bundle-name authenticated
crypto pki trustpoint TP-self-signed-#########
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-#########
revocation-check none
rsakeypair TP-self-signed-#########
crypto pki certificate chain TP-self-signed-##########
certificate self-signed 01
30820248 308201B1 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32343035 39353035 3533301E 170D3039 30323039 31303036
34315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
ets….
archive
log config
logging enable
hidekeys
crypto isakmp policy 10
encr aes
authentication pre-share
crypto isakmp key ############# address (Location2) no-xauth
crypto ipsec transform-set AES ah-sha-hmac esp-aes 256
crypto ipsec profile Main-location-to-location2-GRE-IPSec
set transform-set AES
ip tcp synwait-time 10
ip telnet source-interface GigabitEthernet0/1.8
ip ssh source-interface Tunnel0
ip ssh logging events
ip ssh version 2
ip scp server enable
interface Loopback0
ip address 10.0.0.254 255.255.255.248
interface Tunnel0
description - GRE/IPSec Tunnel to location2
ip address 10.0.0.15 255.255.255.252
tunnel source (Main-location-IP)
tunnel destination (location2-IP)
interface GigabitEthernet0/0
description - fibre link to My ISP
no ip address
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip virtual-reassembly
duplex auto
speed auto
media-type rj45
no mop enabled
interface GigabitEthernet0/0.444
description - MPLS VLAN 444
encapsulation dot1Q 444
ip address (Real IP 1)
ip flow ingress
ip virtual-reassembly
no cdp enable
interface GigabitEthernet0/0.461
description - VPN VLAN 461
encapsulation dot1Q 461
ip address (Real IP 2)
interface GigabitEthernet0/1
description - Main Router to main Switch
no ip address
ip nbar protocol-discovery
ip virtual-reassembly
duplex auto
speed auto
media-type rj45
interface GigabitEthernet0/1.8
encapsulation dot1Q 8
ip address (Real IP)
interface GigabitEthernet0/1.10
encapsulation dot1Q 10
ip address 10.0.0.12 255.255.255.252
interface Group-Async0
physical-layer async
no ip address
encapsulation slip
no group-range
router eigrp 1
redistribute ospf 1 metric 1 1 1 1 1 route-map OSPF2EIGRP
passive-interface GigabitEthernet0/0.444
passive-interface GigabitEthernet0/1.8
network 10.0.0.14 0.0.0.3
auto-summary
router ospf 1
router-id 10.0.0.254
log-adjacency-changes
redistribute eigrp 1 metric 10 subnets route-map EIGRP2OSPF
redistribute bgp 64917 metric 10 subnets route-map BGP2OSPF
network 10.0.0.12 0.0.0.0 area 1
router bgp 64917
no synchronization
bgp log-neighbor-changes
redistribute ospf 1 route-map OSPF2BGP
neighbor (Real IP) remote-as 65000
no auto-summary
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 (IP of ISP)
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip tacacs source-interface Tunnel0
ip access-list standard Group1
permit (Some IPs)
deny any
ip access-list standard Group2
permit (Some IPs)
deny any
ip access-list standard Group3
permit (Some IPs)
deny any log
ip access-list standard Group4
permit (Some IPs)
deny any log
logging trap debugging
logging facility local4
logging source-interface Tunnel0
route-map BGP2OSPF permit 10
match ip address Group1
route-map OSPF2BGP permit 10
match ip address Group3
route-map OSPF2EIGRP permit 10
match ip address Group3
route-map EIGRP2OSPF permit 10
match ip address Group2
tacacs-server host (tacacs-Server-IP) key 7 ###############
control-plane
line con 0
login authentication TEMP
transport output telnet
line aux 0
login authentication TEMP
transport output telnet
line vty 0 4
access-class Group4 in
login authentication TEMP
transport input telnet ssh
line vty 5 15
access-class Group4 in
login authentication TEMP
transport input telnet ssh
scheduler allocate 20000 1000
endHi Ecommerce Developer,
Thanks again for your prompt response.
Please find below my answers to your questions:
1 Have you first imported SCA files in Track and then deploy it on your Dev System?
A)Yes, we imported the SCAs first, deployed in the track to the dev system then
2 Have your developer has any open activity on their Local NWDS?
I am checking that with the developers. Incase they are some, they will delete it asap. Also, when they are trying to release any open activity, theya re getting that xcm error as reported earlier. So, they are deleting the same.
A) After deleting should i check in all the 3 standard components again to the Dev track {not to the consolidation track?}?
3 I think you have imported SCA files in your eCommerce Developer track and then your developer sync. their code through NWDS and overright their changes and when they deploy it on Their Local or on Development Server Developer lost some of their customization. Is it right?
A) Yes, absolutely right after the developers synced, they lost lots of customzing things and were able to see a mixed
4 As you have written developer can see their code, where they can see their code on Local NWDS or in DTR Version History?
A) They can see there code on there local NWDS system.
5 Look and feel changed on Developer's local system and Development box or only on Developer Box?
A) As I said, after the developers synced, they are able to see mixed hybrid webshop. This hybrid webshop has most of the custom code but the look and feel, the graphics, the images and all are missing.
Also, one strange thing which we have noticed is.
We had an old ear fille. When we deploy that ear file directly via sdm, the crm webshop on the dev box works fine.
But when release the same activity from nwds and then deploy via NWDI to the same crm webshop on the dev box, i get the run time error? Why is this happening?
Thanks again for your feedback.
Eagerly awaiting your response.
Regards,
Rajeet
+41 76 525 0440 -
Import EIGRP default route only with network command
Hi,
Does anyone know why I can only import the default route learned by EIGRP (from a CE router) in the VPNV4 table with the command ?network 0.0.0.0? under the address family? Is this the correct behavior?
router bgp 100
address-family ipv4 vrf red
redistribute eigrp 200
no synchronization
network 0.0.0.0
exit-address-family
PE9(config-router-af)#do show ip route vrf red 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
Known via "eigrp 200", distance 90, metric 547840, candidate default path, type internal
Redistributing via bgp 100, eigrp 200
Last update from 91.91.91.1 on FastEthernet0/0.91, 00:04:11 ago
Routing Descriptor Blocks:
* 91.91.91.1, from 91.91.91.1, 00:04:11 ago, via FastEthernet0/0.91
Route metric is 547840, traffic share count is 1
Total delay is 20400 microseconds, minimum bandwidth is 100000 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 4
PE9(config-router-af)#do show ip bgp vpnv4 vrf red 0.0.0.0
% Network not in table
PE9(config-router-af)#
PE9(config-router-af)#network 0.0.0.0
PE9(config-router-af)#
PE9(config-router-af)#do show ip bgp vpnv4 vrf red 0.0.0.0
BGP routing table entry for 91:91:0.0.0.0/0, version 1068
Paths: (1 available, best #1, table red)
Flag: 0x820
Advertised to update-groups:
2
Local
91.91.91.1 (via red) from 0.0.0.0 (9.9.9.9)
Origin IGP, metric 547840, localpref 100, weight 32768, valid, sourced, local, best
Extended Community: RT:118:118 Cost:pre-bestpath:128:547840
0x8800:32768:0 0x8801:200:522240 0x8802:65284:25600 0x8803:65281:1500
mpls labels in/out 28/nolabel
PE9(config-router-af)#
Thanks,
MarceloHi Marcelo,
Yes this is normal, a default route unlike any other routes is not redistributed between routing protocols by default, in the case of BGP you have 2 options, either use a network command and make sure that the route is in the routing table (via EIGRP in your case), or use redistribute + default-information originate, you can test this by removing the network command and adding the default-information originate under the address family.
HTH,
Mohammed Mahmoud. -
EIGRP in a NBMA hub and spoke configuration ?
Hi,
Is there a way to configure EIGRP for a Frame Relay NBMA network using a hub and spoke topology ?
I'm curious that I cannot find any config examples for this, whereas with OSPF in this environment there are plenty of examples.
I'm wondering if EIGRP being a distance-vector protocol this shouldn't be attempted.
PS: I've been at this all day and have only managed to get EIGRP to work in one cofiguration and that was using physical interfaces on all routers and switching off split horizon at the hub router. I used frame-relay map statements with broadcast enabled also.
Any pointers would be appreciated.
Cheers,
Phil.hi phil,,,
here is the configuration for the HUB router
! hostname ABC
interface Ethernet1
ip address 192.168.2.1 255.255.255.0
interface Serial0
no ip address
encapsulation frame relay
no ip mroute cache
interface Serial0.1 multipoint
ip address 192.168.1.1 255.255.255.0
no ip split horizon eigrp 2001 Split Horizons disabled
bandwidth 112 Bandwidth set to the sum of the remote PVCs
frame relay map ip 192.168.1.5 110 broadcast
frame relay map ip 192.168.1.6 130 broadcast
router eigrp 2001 EIGRP routing process
network 192.168.1.0 Networks running EIGRP
you can have appropriate IP addressing as per your design...
you can have some easy configuration at spoke side with compere to HUB router....
regards
Devang -
EIGRP vs BGP route path selection scenario
I am looking for a routing solution to the following scenario. It is a fairly simple design.
I have two WAN connections between sites A and B. One is a 20 Meg Metro Ethernet Circuit running EIGRP. The other is a 10 Meg MPLS running BGP. What do I need to do in my configuration to make sure that the 20 Meg connection is the chosen path based off the fact that it has better speed and bandwidth? It appears to me that the MPLS is the preferred path even though it is slower.
See attached Diagram:
Site A Config
interface GigabitEthernet1/0/12
description PADC COX P2P 20 Meg
no switchport
bandwidth 20480
ip address 172.20.1.1 255.255.255.252
interface GigabitEthernet2/0/2
description LEVEL 3 MPLS
no switchport
bandwidth 10240
ip address 172.22.0.2 255.255.255.252
router eigrp 1
network 10.0.1.0 0.0.0.255
network 172.20.1.0 0.0.0.3
network 192.168.76.8 0.0.0.3
redistribute bgp 65003 metric 100 1 255 1 1500 route-map MPLS_NETWORKS
redistribute static route-map DEFAULT_ROUTE
router bgp 65003
bgp log-neighbor-changes
redistribute static
redistribute eigrp 1
neighbor 172.22.0.1 remote-as 1
default-information originate
Site B Config
interface GigabitEthernet0/1
description COX Communications 10 Meg to Venyu
bandwidth 20480
ip address 172.20.1.2 255.255.255.252
duplex auto
speed auto
service-policy output VOIP
interface GigabitEthernet0/2
description Level 3 MPLS
bandwidth 10240
ip address 172.22.1.2 255.255.255.252
duplex full
speed 100
router eigrp 1
network 10.3.1.0 0.0.0.31
network 10.52.1.0 0.0.0.255
network 10.76.6.0 0.0.0.255
network 172.20.1.0 0.0.0.3
network 192.168.63.64 0.0.0.63
network 192.168.76.249 0.0.0.0
passive-interface default
no passive-interface GigabitEthernet0/0
no passive-interface GigabitEthernet0/1
router bgp 65003
bgp log-neighbor-changes
network 10.3.1.0 mask 255.255.255.224
network 10.52.1.0 mask 255.255.255.0
network 10.76.6.0 mask 255.255.255.0
network 192.168.76.249 mask 255.255.255.255
neighbor 172.22.1.1 remote-as 1If each router is receiving advertisements for the same networks/subnet masks from both BGP and EIGRP it will always choose the BGP routes because they have a lower AD ie. 20 vs EIGRP 90.
Doesn't matter what the bandwidth is.
If you want to prefer the 20Mbps links then there are a number of options -
1) if you can summarise each sites subnets then advertise the summary via BGP and the more specific via EIGRP. More specific will be chosen even before AD is taken into account.
2) change the AD of either BGP or EIGRP so EIGRP ends up with the lower AD
3) run BGP on both links although you would still need to manipulate the attributes to make sure the link you want is used.
Jon -
Passive-interface default on eigrp
When using the passive-interface default on a router, to advertise networks you have to use the no passive-interface Vlan20, for example, what happens to the following network statements, are they ignored? For example, I have the following config:
router eigrp 1
passive-interface default
no passive-interface vlan 1
no passive-interface vlan 2
no passive-interface vlan 3
no passive-interface vlan 4
network 10.0.0.0
network 172.0.0.0
no auto-summary
Will I still advertise the networks defined over the vlan interfaces?
Just curious.Hi Mason,
There is some historical reasoning here. Until IOS release 12.0(4)T, you could not specify a wildcard mask when configuring the 'network' statement for EIGRP. In fact, the 'network' statement would only accept classful (i.e. major) networks at that time. So the ability to add a wildcard mask has been a relatively recent invention.
However, there is absolutely no problem with using a '0.0.0.0' wildcard in order to limit the network statement to a single IP address. From a convenience perspective, though, people tend to use a wildcard mask that reflects the actual subnet mask used on the interface. Either way is perfectly acceptable.
Now, if you are using a protocol such as OSPF, the wildcard mask becomes a bit more significant. The following link describes why that is so:
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009405a.shtml
Hope that helps - pls do rate the post if it does.
Paresh
Maybe you are looking for
-
Customer master data using LSMW std batch input
Hello all, i m using LSMW method to create customer master records in the SAP system. we need to cover all the fields for addresses. Following are my doubts : 1. some address fields are gettng truncated while loading customer master using std batch i
-
I updated to Itunes 10.5 this morning. Then I downloaded some new apps and podcasts. Now when I try to sync my Ipad 2. It gives me a message that says my ipad cannot be synced. I do not have the privelege to make the changes. WHAT GIVES? It was w
-
This is a vent. Please excuse me for it. I am in Australia. I have a LEGAL copy of LightRoom v1.4.1, I also installed the Beta of v2. When the release version of v2 was announced, I downloaded it and installed it. I have a problem with metadata creat
-
Create a folder with date and time
hey yall. i'm working on a program to assign files to a created directory. for the sake of organization, i want to create a folder that is the date and time it was created. (ie c:\\new\\02-Jun-2008\\file.txt) i know i'm missing something. here's the
-
Preview opens when Syncing iPhone
Preview keeps opening every time i connect my iPhone 4s running iOS 7.0.4 to my iMac running 10.9.1 Mavricks. See screenshot. Its rather annoying, how to get this to stop happening? I just started recently, I can't remmember what I did if anything to