EIGRP neighbor problem

Hi,
My router is showing all the routes but cant some of the vlans and routes until and unless i give following command.
clear ip eigrp neighbors
After giving this command it manually clears neighbor table and then makes new adjacency.
What can be the possible problem?

Hi,
I am afraid we need more precise information - currently, your question is very general. Ideally, this sequence of outputs would be very helpful:
The transcript of an experiment in the router's "bad" state, showing the exact issue you would like to get solved, such as pings getting lost, a route pointing to a bad next hop, or a show ip route X.X.X.X output proving that the path to the destination is missing. In your case, there is a hint about a routing problem but your explanation is not clear: you say that you see all routes but you "cant some of the vlans and routes" - cannot what?
The show command outputs in the router's "bad" state related to the mechanism that should have provided the correct information to the router but ultimately failed to do so. In your case, I understand there is a possible problem with EIGRP. In that case, we would need to see the output of show ip eigrp neighbor and show ip eigrp neighbor topology X.X.X.X where X.X.X.X is the destination you have troubles reaching.
After you get the router to the "good state", provide again the information from Steps 1 and 2 above.
Thank you!
Best regards,
Peter

Similar Messages

DMVPN Question on NHRP and EIGRP neighbor relations

First of all thank you for your answer, in a DMVPN network, running EIGRP over GRE, will a spoke consider another spoke an EIGRP neighbor? or will it just consider the hub to be an EIGRP neighbor when it comes to sending/receiving eigrp queries/updates? given that in dmvpn setup one spoke can establish a direct tunnel with another spoke.

If you are running EIGRP, under EIGRP type in
no split-horizon eigrp ; where x is the as #.
Also, if your dmvpn routers have default routes ie 0.0.0.0/0 pointing to the ISP on all routers that is ok. IF you have specific static routes for DMVPN hub public on DMVPN spoke router, you would also need to add a static route for the other dmvpn spoke public address on your first dmvpn spoke and vice versa. Hope this helps.

Cisco 3270 MAR WGB and EIGRP Neighbors

I'm setting up a lab environment where I want to have a 3270 MAR connect to a 1524 MESH AP on the 4.9 Public Safety frequency and form an EIGRP neighbor relationship and perform routing. So far, I can get the MAR associated to the 1524, which is connected to a 2106 running 4.1.192.22M. I have configured the 4.9 Radio on the MAR as a workgroup bridge and infrastructure-client. The radio interface is up, and it is associated. I have defined EIGRP neighbors, the AS numbers and K values match. I can't figure out why the EIGRP neighbor relationship won't come up? I've also configured the MAR as a stub network. I had this working in my lab several months ago, but restoring the configs on each of the devices doesn't result in neighbor formation. Attached is some config info and show commands.
3560_8Port_PoE ---- 2106 ---- 1524_AP )))) (((( ----- 3270_4.9Radio_WGB ---- 3270_MAR
Regards,
Scott

Update -
Here's an output from back in January when I had it working:
3270_MAR#
*Mar 2 21:41:15.656: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 90: Neighbor 192.168.1.1 (Vlan1) is up: new adjacency <-----------------------LOOK HERE
THIS MEANS THAT THE TWO ROUTERS EXCHANGED 'HELLOS' AND BECAME BUDDIES, SHARING THEIR ROUTING TABLES
3270_MAR#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.1.1 to network 0.0.0.0
C 192.168.4.0/24 is directly connected, Vlan4
C 192.168.5.0/24 is directly connected, Vlan5
D 192.168.6.0/24 [90/28416] via 192.168.1.1, 00:01:31, Vlan1 <----------------------------- This route was updated using EIGRP
C 192.168.7.0/24 is directly connected, FastEthernet0/0
C 192.168.1.0/24 is directly connected, Vlan1
D 192.168.3.0/24 [90/28416] via 192.168.1.1, 00:01:31, Vlan1
S* 0.0.0.0/0 [1/0] via 192.168.1.1
3270_MAR#

No EIGRP neighbor on Layer 3 port

After "switchport" was removed on the 6509 Gig 1/1 port, I then assign an IP address to it as well as the other end of the cable which is an 2821 router to use it as a Layer 3 ports. I can Ping across the interfaces but they can't establish EIGRP neighbor. Any ideas what I am doing wrong?

Thanks for quick responds from you and EdisonOrtiz that point me to the right direction .
I had a bad mask in EIGRP statement, things are looking great now.

EIGRP Table problem

i have 2 routers 1-Cisco 1700 with ip address 10.0.0.10/16 connected to 2nd routher Cisco 2851 (10.0.0.9/16)
on the other port of 2851 i have another netwotk 10.1.101.0/24 and on the other port of 1700 i have 172.22.22.0/30
i used eigrp 100 on both of them i used no auto-summary
but i can not see 172.22.22.0 network in 2851 routing table
also i can not see 10.1.101.0 on 1700
i attached both configs for 1700 and 2851
appreciated if somebody can help me
thanks

Soheil
The problem is easy to fix. On the 1700 you have a single network statement under router eigrp 100 which makes the seial interface active in EIGRP but there is no network statement which includes the FastEthernet. If you will add to the configuration under router eigrp:
network 10.1.0.0 0.0.255.255
then the router should become neighbors and exchange routes.
If you want to verify this before you fix it you could do show ip eigrp interface on the 1700 and see that only the serial interface is there. After you add the second network statement then both interfaces should be there.
Also I note that on the 1700 you did show startup-config. This shows what is in the config in NVRAM and can be out of sync with what is actually running the router. It would be better to use the output of show running-config in doing troubleshooting since that does show exactly what is running the router.
HTH
Rick

EIGRP-IPv4 problem

I Keep Getting this Error on Router 1 and 3 ?? "DUAL-6-NBRINFO: EIGRP-IPv4 blocked: not on common subnet" Any Ideas ? I am still able to ping though all routers and pc's?
Router 1 config
hostname R1
boot-start-marker
boot-end-marker
no aaa new-model
no ipv6 cef
ip auth-proxy max-login-attempts 5
ip admission max-login-attempts 5
no ip domain lookup
ip cef
multilink bundle-name authenticated
crypto pki token default removal timeout 0
license udi pid CISCO1941/K9 sn FTX1722805X
license boot module c1900 technology-package securityk9_npe
redundancy
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
interface Serial0/0/0
ip address 10.1.1.1 255.255.255.252
clock rate 64000
interface Serial0/0/1
no ip address
shutdown
router eigrp 99
network 10.1.1.0 0.0.0.3
network 192.168.1.0
ip forward-protocol nd
no ip http server
no ip http secure-server
control-plane
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input all
scheduler allocate 20000 1000
end
Router 2 config
hostname R2
boot-start-marker
boot-end-marker
no aaa new-model
no ipv6 cef
ip auth-proxy max-login-attempts 5
ip admission max-login-attempts 5
no ip domain lookup
ip cef
multilink bundle-name authenticated
crypto pki token default removal timeout 0
license udi pid CISCO1941/K9 sn FTX1722806F
license boot module c1900 technology-package securityk9_npe
redundancy
interface Loopback0
ip address 192.168.2.1 255.255.255.0
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
interface Serial0/0/0
ip address 10.1.1.2 255.255.255.252
interface Serial0/0/1
ip address 10.2.2.2 255.255.255.252
clock rate 64000
router eigrp 99
network 10.1.1.0 0.0.0.3
network 10.2.2.0 0.0.0.3
network 192.168.2.0
ip forward-protocol nd
no ip http server
no ip http secure-server
control-plane
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input all
scheduler allocate 20000 1000
end
Router 3 config
boot-start-marker
boot-end-marker
no aaa new-model
no ipv6 cef
ip auth-proxy max-login-attempts 5
ip admission max-login-attempts 5
no ip domain lookup
ip cef
multilink bundle-name authenticated
crypto pki token default removal timeout 0
license udi pid CISCO1941/K9 sn FTX17228066
license boot module c1900 technology-package securityk9_npe
redundancy
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
interface GigabitEthernet0/1
ip address 192.168.3.1 255.255.255.0
duplex auto
speed auto
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
interface Serial0/0/1
ip address 10.2.2.1 255.255.255.252
router eigrp 99
network 10.2.2.0 0.0.0.3
network 192.168.3.0
ip forward-protocol nd
no ip http server
no ip http secure-server
control-plane
line con 0
logging synchronous
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input all
scheduler allocate 20000 1000
end

Please provide information about how the routers are connected. The output of show cdp neighbor from each router would be helpful. Without knowing that we can only make assumptions and that is not the optimum way to solve problems.
The configs suggest that R1 should be connected to Serial0/0/0 of R2. My guess at this point is that R1 is actually connected to Serial0/0/1.
HTH
Rick

Problems with running EIGRP as PE-CE routing protocol 2

Dear all,
I am facing with the exact problem as a previous user of running EIGRP as the PE-CE routing protocol for a MPLS VPN customer, but in different hardware. The PE router is a 7609-S RSP720-3CXL-GE running IOS 12.2(33)SRC3.
(When I have 33 prefixes or more in the VRF table on the PE, and I try to advertise this network to the CE router (by redistributing BGP into EIGRP), the EIGRP process begins to flap.
I can't advertise prefix more that 32 subnets at a time why?????
The very weird part here, is that when I do debug ip eigrp on the PE and the CE, I can see that the PE router is sending the routes to the CE, but on the CE I can see nothing.)
In my case there is 16 prefixes. When redistributing BGP into EIGRP on allready adjasent EIGRP neighbors everything works perfect, until some side clears it then it begans flaping. On PE router debug is show "retry limit exceeded" ,on CE "Interface Goodbye received"
If solution will be same what software should I use?
Thanks,
George Shiukashvili

George,
Let me ask a few questions:
What is the link layer technology that interconnects the PE and CE that are currently experiencing these issues?
Are there any devices inside the PE-CE path that could at least possibly (and randomly) block multicasts and/or large packets?
Is it possible to modify the EIGRP configuration both on PE and CE to manual neighbor definition using the neighbor commands? This would force all EIGRP comunication between the PE and CE to run as unicast, possibly avoiding some issues with multicast packet delivery.
Is it possible for you to post some show commands from both the PE and CE? I would be interested in seeing the show ip interface, show interfaces, show running-config interface regarding the particular interfaces on PE and CE that connect to each other, and also, I would like to see the EIGRP configuration on both devices.
I agree with the assessment of Mahesh - the preliminary information we have suggest that either the PE packets are not arriving at the CE, or the ACK packets from CE are not arriving back at the PE. Your own debug analysis furthermore revealed that there are no EIGRP Update packets arriving from the PE at the CE. Problems with MTU could indeed cause these problems but it is necessary to inspect the entire path between PE and CE.
Best regards,
Peter

VTI and EIGRP problem

Have a lab setup to run IPSEC VPN with DVTI on Hub and SVTI on spoke. The goal is to have two tunnels from each spoke to two Hubs for redundancy. Eigrp is needed in order to get BGP up and running which will be used for routing policies.
The problem I phase is that eigrp is not established over the IPSEC tunnel (see neighbour details below). The spoke is configured with vrf on the public interface for security reasons. I have one spoke without vrf on the public interface and this connection works fine.
I can ping the physical interfaces and the ISAKMP SA and IPSEC SA are up. Doing debug eigrp packet shows that both mcast and ucast traffic is exchanged but no ack on both sides are transmitted (also indicated by Q > 0). feels like I have missed some basic stuff but can't find it.
Spoke1 (vrf with problem):
sesthcombox001#sh ip eigrp 1 neighbors detail
IP-EIGRP neighbors for process 1
H   Address                 Interface       Hold Uptime   SRTT   RTO Q Seq
                                            (sec)         (ms)       Cnt Num
0   172.16.0.1              Tu1               57 00:01:07    1 5000 2 0
   Version 10.0/2.0, Retrans: 14, Retries: 14, Waiting for Init, Waiting for Init Ack
    UPDATE seq 499 ser 0-0 Sent 67028 Init Sequenced
    UPDATE seq 500 ser 1-9 Sequenced
Spoke2)working fine):
sesthcombox002#sh ip eigrp 1 neighbors detail
EIGRP-IPv4 Neighbors for AS(1)
H   Address                 Interface              Hold Uptime   SRTT   RTO Q Seq
                                                   (sec)         (ms)       Cnt Num
0   172.16.0.1              Tu1                      59 04:21:46    4 1452 0 53
   Version 10.0/2.0, Retrans: 0, Retries: 0, Prefixes: 2
   Topology-ids from peer - 0
Hub:
sesthcg1rtr002#sh ip eigrp 1 neighbors detail
EIGRP-IPv4 Neighbors for AS(1)
H   Address                 Interface              Hold Uptime   SRTT   RTO Q Seq
                                                   (sec)         (ms)       Cnt Num
0   172.16.0.2              Vi1                      58 00:00:30    1 5000 1 509
   Version 12.4/1.2, Retrans: 7, Retries: 7, Waiting for Init Ack
   Topology-ids from peer - 0
    UPDATE seq 246 ser 0-0 Sent 30664 Init Sequenced
1   172.16.0.6              Vi2                      10 04:22:04    4   100 0 26
   Version 10.0/2.0, Retrans: 0, Retries: 0, Prefixes: 1
   Topology-ids from peer - 0
Relevant configuration:
Spoke1 (no working)
crypto keyring key-internet vrf internet
pre-shared-key address 20.20.20.2 key cisco
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 14
crypto isakmp key cisco address 20.20.20.2
crypto isakmp profile ISA-PROP
   keyring key-internet
   match identity address 20.20.20.2 255.255.255.255 internet
crypto ipsec transform-set aes256sha esp-aes 256 esp-sha-hmac
crypto ipsec profile LAB
set transform-set aes256sha
set pfs group14
set isakmp-profile ISA-PROP
interface Tunnel1
ip address 172.16.0.2 255.255.255.0
ip mtu 1400
ip hold-time eigrp 1 60
ip virtual-reassembly
ip tcp adjust-mss 1400
tunnel source FastEthernet0/0.37
tunnel destination 20.20.20.2
tunnel mode ipsec ipv4
tunnel path-mtu-discovery
tunnel vrf internet
tunnel protection ipsec profile LAB
interface FastEthernet0/0.37
description internet
encapsulation dot1Q 37
ip vrf forwarding internet
ip address 20.20.30.2 255.255.255.248
HUB:
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 14
crypto isakmp key cisco address 0.0.0.0
crypto isakmp profile lab-vti
   keyring default
   match identity address 0.0.0.0
   virtual-template 1
   local-address 20.20.20.2
crypto ipsec transform-set aes256sha esp-aes 256 esp-sha-hmac
mode tunnel
crypto ipsec profile LAB
set transform-set aes256sha
set pfs group14
set isakmp-profile lab-vti
interface Virtual-Template1 type tunnel
ip unnumbered Loopback10
ip access-group shop-out out
ip mtu 1400
ip hold-time eigrp 1 60
ip virtual-reassembly in
ip tcp adjust-mss 1400
tunnel source GigabitEthernet0/0.800
tunnel mode ipsec ipv4
tunnel protection ipsec profile LAB
Spoke2:
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 14
crypto isakmp key cisco address 20.20.20.2
crypto ipsec transform-set aes256sha esp-aes 256 esp-sha-hmac
mode tunnel
crypto ipsec profile LAB
set transform-set aes256sha
set pfs group14
interface Tunnel1
ip address 172.16.0.6 255.255.255.0
ip virtual-reassembly in
ip tcp adjust-mss 1400
tunnel source GigabitEthernet0/0.37
tunnel mode ipsec ipv4
tunnel destination 20.20.20.2
tunnel path-mtu-discovery
tunnel protection ipsec profile LAB

But from config you provided,
Relevant configuration:Spoke1 (no working)crypto keyring key-internet vrf internet pre-shared-key address 20.20.20.2 key ciscocrypto isakmp policy 10 encr aes 256 authentication pre-share group 14crypto isakmp key cisco address 20.20.20.2crypto isakmp profile ISA-PROP   keyring key-internet   match identity address 20.20.20.2 255.255.255.255 internetcrypto ipsec transform-set aes256sha esp-aes 256 esp-sha-hmac crypto ipsec profile LAB set transform-set aes256sha set pfs group14 set isakmp-profile ISA-PROPinterface Tunnel1 ip address 172.16.0.2 255.255.255.0 ip mtu 1400 ip hold-time eigrp 1 60 ip virtual-reassembly ip tcp adjust-mss 1400 tunnel source FastEthernet0/0.37 tunnel destination 20.20.20.2 tunnel mode ipsec ipv4 tunnel path-mtu-discovery tunnel vrf internet tunnel protection ipsec profile LAB
the tunnel itself is the part of internet routing table. So you should configure eigrp correspondingly, i assume.

EIGRP with over 1000 neighbors using Metro Ethernet

No documentation about using EIGRP with what kind router can build a large network using Metro Ethernet. Cisco7600 become unstable unstable after applying over 600 eigrp neighbors.

Is there a reason you need EIGRP? If you're scaling to 1000 neighbors you should really use BGP. It's meant to be scalabale (I have routers that have 150,000 BGP routes in it). It's really designed for scalability, where as I find EIGRP is preferable in a low-neighbor routing environment.
-Mike
http://cs-mars.blogspot.com

Having an issue adding network to eigrp

I'm doing a class project using a network simulator and am asked to: Design and implement an network for company RoutersCourseMatters. The names of the department names at this company are Faculty, Staff, and Students. For security reasons, each department must be isolated from each other's broadcast domain on the network. The Faculty have 50 end devices that need to be connected to the network. Staff has 26 end devices and the Students have 100 end devices. The network spaced provided by the ISP is 192.168.0.0/24. The dynamic protocol used for this network must be for Cisco-only equipment. Test each department network with just one end device and ensure full connectivity across the entire network
So we have our network topology setup for the class project(see picture attached). We are using one router for faculty+staff. Faculty has ip/mask of 192.168.0.1/26 and staff is: 192.168.0.65/27. we have a seperate router for students which the IP subnet for students is 192.168.0.150/25. The routers are directly connected and are using ips 192.168.0.98/29 & 192.168.0.100/29 so since the two routers are directly connected on the same subnet they have no issue pinging each other. The problem is pinging hosts from a subnet to hosts on a different subnet. When I try and add ANY 192.168.0.* subnet to eigrp it instead adds 192.168.16.* network. For instance on the faculty/student router if i do a 'router eigrp 1' command followed by 'network 192.168.0.0 0.0.0.63' it shows network 192.168.16.0 has been added to eigrp under show run. here is show run command:
faculty/staff Con0 is now available
Press RETURN to get started!
faculty/staff>en
faculty/staff#show run
Building configuration...
Current configuration : 874 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname faculty/staff
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
ip subnet-zero
interface FastEthernet0/0
description blank
ip address 192.168.0.65 255.255.255.224
no ip directed-broadcast
interface FastEthernet0/1
description link to switch
ip address 192.168.0.1 255.255.255.192
no ip directed-broadcast
interface Serial0/0/0
ip address 192.168.20.2 255.255.255.0
no ip directed-broadcast
clockrate 2000000
interface Serial0/0/1
no ip address
no ip directed-broadcast
shutdown
clockrate 2000000
interface Serial0/1/0
no ip address
no ip directed-broadcast
shutdown
clockrate 2000000
interface Serial0/1/1
ip address 192.168.0.98 255.255.255.248
no ip directed-broadcast
router eigrp 1
network 0.0.0.0
network 192.168.1.1 0.0.0.0
network 192.168.16.0
network 192.168.20.0
no auto-summary
ip classless
no ip http server
no ip http secure-server
control-plane
line con 0
line aux 0
line vty 0 4
login
line vty 5 1180
login
scheduler allocate 20000 1000
end
faculty/staff#config t
Enter configuration commands, one per line. End with CNTL/Z
faculty/staff(config)#router eigrp 1
faculty/staff(config-router)#network 192.168.0.0 0.0.0.63
faculty/staff(config-router)#exit
faculty/staff(config)#exit
faculty/staff#show run
Building configuration...
Current configuration : 874 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname faculty/staff
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
ip subnet-zero
interface FastEthernet0/0
description blank
ip address 192.168.0.65 255.255.255.224
no ip directed-broadcast
interface FastEthernet0/1
description link to switch
ip address 192.168.0.1 255.255.255.192
no ip directed-broadcast
interface Serial0/0/0
ip address 192.168.20.2 255.255.255.0
no ip directed-broadcast
clockrate 2000000
interface Serial0/0/1
no ip address
no ip directed-broadcast
shutdown
clockrate 2000000
interface Serial0/1/0
no ip address
no ip directed-broadcast
shutdown
clockrate 2000000
interface Serial0/1/1
ip address 192.168.0.98 255.255.255.248
no ip directed-broadcast
router eigrp 1
network 0.0.0.0
network 192.168.1.1 0.0.0.0
network 192.168.16.0
network 192.168.20.0
no auto-summary
ip classless
no ip http server
no ip http secure-server
--More--
project.jpg
Reply Reply to Main Discussion
    Cody Robinson
    Cody Robinson
    2:36pm
Here is 'show ip eigrp topology' on staff/faculty router:
faculty/staff Con0 is now available
Press RETURN to get started!
faculty/staff>en
faculty/staff#show ip interface
FastEthernet0/0 is up, line protocol is up
Internet address is 192.168.0.65/27
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1514 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is disabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
FastEthernet0/1 is up, line protocol is up
Internet address is 192.168.0.1/26
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1514 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is disabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
Serial0/0/0 is down, line protocol is down
Internet address is 192.168.20.2/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1514 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is disabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
Serial0/0/1 is administratively down, line protocol is down
Internet protocol processing disabled
Serial0/1/0 is administratively down, line protocol is down
Internet protocol processing disabled
Serial0/1/1 is up, line protocol is up
Internet address is 192.168.0.98/29
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1514 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is disabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
faculty/staff#show ip eigrp ?
<1-65535>   Autonomous System
accounting IP-EIGRP Accounting
interfaces IP-EIGRP interfaces
neighbors   IP-EIGRP neighbors
topology    IP-EIGRP Topology Table
traffic     IP-EIGRP Traffic Statistics
vrf         Select a VPN Routing/Forwarding instance
faculty/staff#show ip eigrp topology
IP-EIGRP Topology Table for AS(1)/ID(192.168.20.2)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
       r - reply Status, s - sia Status
P 192.168.0.0/26, 1 successors, FD is 2172416
         via Connected, FastEthernet0/1
P 192.168.0.64/27, 1 successors, FD is 2172416
         via Connected, FastEthernet0/0
P 192.168.0.96/29, 1 successors, FD is 2172416
         via Connected, Serial0/1/1
faculty/staff#
    Cody Robinson
    Cody Robinson
    2:37pm
Here is show run on students router:
Students Con0 is now available
Press RETURN to get started!
Students>sh run
            ^
% Invalid input detected at '^' marker.
Students>en
Students#sh run
Building configuration...
Current configuration : 874 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Students
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
ip subnet-zero
interface FastEthernet0/0
no ip address
no ip directed-broadcast
shutdown
interface FastEthernet0/1
description link to switch
ip address 192.168.0.150 255.255.255.128
no ip directed-broadcast
interface Serial0/0/0
ip address 192.168.10.1 255.255.255.0
no ip directed-broadcast
clockrate 2000000
interface Serial0/0/1
no ip address
no ip directed-broadcast
shutdown
clockrate 2000000
interface Serial0/1/0
no ip address
no ip directed-broadcast
shutdown
clockrate 2000000
interface Serial0/1/1
ip address 192.168.0.100 255.255.255.248
no ip directed-broadcast
clockrate 2000000
router eigrp 1
network 0.0.0.0
network 192.168.1.1 0.0.0.0
network 192.168.10.0
ip classless
no ip http server
no ip http secure-server
control-plane
line con 0
line aux 0
line vty 0 4
login
line vty 5 1180
login
scheduler allocate 20000 1000
end
Students#

Hello lolwar,
From your setup and description you provided I see some mismatch in IP subneting you calculated.
For instance in your diagram you have networks 192.168.0.0/26 (FACULTY), 192.168.0.64/27 (STAFF), 192.168.0.96/29 (point-to-point link between routers) and 192.168.0.128/25 (STUDENTS).
First, you're wasting IP addresses, because you have unused space between point-to-point link and STUDENTS subnet. It's a good practice, when calculating subnets first calculate the biggest, subnet, then smaller one until the smallest one (usually some point-to-point cross-connects). For more about this see this guide.
Now, the issue I see as the most important is, that you have in your diagram networks as I mentioned above, but into your EIGRP process you're adding completely different subnets (192.168.16.x, 192.168.20.x,...).
I entered following:
STUDENT ROUTER =------------>
router eigrp 1
network 192.168.0.96 0.0.0.7
network 192.168.0.128 0.0.0.127
FACULTY/STAFF ROUTER =------------->
router eigrp 1
network 192.168.0.0 0.0.0.63
network 192.168.0.64 0.0.0.31
network 192.168.0.96 0.0.0.7
And all works just fine, computer's are able to ping each other. Also although it's not necessary, it's good to includes network wildcard mask into the "network" command under EIGRP (or OSPF) configuration.
I hope this will help you (please rate if this is the case. Thanks.)

Monitoring EIGRP using EEM

Hi,
I'm trying to create an EEM script to monitor the status of some EIGRP peers on a specific interface. The failure detection works, the problems I have are:
- The applet trigger is syslog, unfortunately there are two peers on the interface, so I get two syslogs, and thus the applet runs twice sending two traps. I only want one.
- I want the applet to wait for 10 minutes after it is triggered before checking the EIGRP neighbor status (in case the peer comes back up right away). The wait 600 seconds command doesn't seem to work as the trap is sent immediately.
Any help would be greatly appreciated!
snmp-server enable traps event-manager
event manager session cli username myuserid
event manager scheduler applet thread class default number 1
event manager applet backup-link-status
event syslog pattern "%DUAL-5-NBRCHANGE"
action 90 wait 600
action 100 cli command "show ip eigrp nei | inc Tu150"
action 110 regexp " [0-9.]+ " $_cli_result result
action 120 if $_regexp_result eq 0
action 130 syslog msg "Backup path down"
action 136 end
action 140 exit

This will not work since the EEM policy will terminate after 20 seconds. What you should do is have the first policy configure a second timer policy to do the actual check of the EIGRP neighbor state:
event manager environment q "!event manager applet backup-link-change event syslog pattern "DUAL-5-NBRCHANGE" action 001 handle-error type ignore action 002 context retrieve key EIGRPCTX variable mutex action 003 if $_error eq FH_EOK action 004 exit 0 action 005 end action 006 set mutex 1 action 007 context save key EIGRPCTX variable mutex action 008 handle-error type exit action 009 cli command "enable" action 010 cli command "config t" action 011 cli command "event manager applet backup-link-status" action 012 cli command "event timer countdown time 600" action 013 cli command "action 1.0 cli command $q enable$q" action 014 cli command "action 2.0 cli command $q show ip eigrp nei | inc Tu150$q" action 015 cli command "action 3.0 regexp $q ^V?[0-9.]+$q \$_cli_result" action 016 cli command "action 4.0 if \$_regexp_result eq 0" action 017 cli command "action 5.0 syslog msg $q Backup path is down$q" action 018 cli command "action 6.0 end" action 019 cli command "action 7.0 cli command $q config t$q" action 020 cli command "action 7.1 context retrieve key EIGRPCTX variable mutex" action 021 cli command "action 7.2 cli command $q no event manager applet backup-link-status$q" action 022 cli command "action 7.3 cli command end" action 023 cli command "end"
On action 015, that ^V? sequence is "Control+V,Control+V,?". You will need to type that in manually.
Depending on the timing of the two syslog messages, this may not defeat the double syslog. If not, you could change the first event line to:
event syslog pattern "DUAL-5-NBRCHANGE" occurs 2 period X
Where X is the number of seconds between messages.

Nexus 6004 EIGRP Relationship between the two switches

Hi All,
I will try to explain this as best as I can. In our current TEST LAB we have a Pair of Cisco ASA5585x running in Active/Passive mode. We use a VRF transit to connect the 10 GB interface to a Pair of Cisco Nexus 6004 (L3) switches running vPC between them. Downstream we also have a pair of Cisco 9372 switches (L2) also running vPC between the two.
As of right now we have EIGRP neighbor relationship formed between the two N6K's and the ASA.
ASA
ciscoasa# sh eigrp neighbors
EIGRP-IPv4 neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 172.16.230.9 Te0/8.451 12 01:30:25 1 200 0 52
0 172.16.230.10 Te0/8.451 12 01:30:25 1 200 0 48
The ASA formed relationship with both N6K's
SWITCH1
Nexus6-1# sh ip eigrp neighbors vrf inside
IP-EIGRP neighbors for process 100 VRF Inside
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 172.16.8.3 Vlan680 11 01:28:28 1 50 0 45
1 172.16.230.10 Vlan451 13 01:28:28 1 50 0 46
2 172.16.230.11 Vlan451 10 01:28:00 4 50 0 13
Nexus6-1#
SWITCH2
Nexus6-2# sh ip eigrp neighbors vrf Inside
IP-EIGRP neighbors for process 100 VRF Inside
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
2 172.16.8.2 Vlan680 14 01:30:11 23 138 0 48
0 172.16.230.9 Vlan451 13 01:30:11 480 2880 0 50
1 172.16.230.11 Vlan451 13 01:29:48 1598 5000 0 13
Nexus6-2#
Both Nexus Switches formed EIGRP neighbors using the vPC Peer-Link. There is enough documentation out there that strongly suggest not to use vPC Peer-Links for EIGRP anything.
We do have additional interfaces available on the 6K's that we can use as a cross connect for EIGRP. What we are having trouble understanding how we can force EIGRP traffic over those ports?
Here is a complete Switch config:
Switch1
Nexus6-1# sh run
feature telnet
cfs eth distribute
feature eigrp
feature interface-vlan
feature lacp
feature vpc
feature lldp
vlan 1
vlan 451
name P2P_VRF_SVI
vlan 652
name Management
vlan 680
name Inside
vrf context Inside
vrf context management
ip route 0.0.0.0/0 172.16.52.1
vrf context peer-keepalive
vpc domain 99
role priority 1
peer-keepalive destination 10.200.50.2 source 10.200.50.1 vrf peer-keepalive
delay restore 120
interface Vlan1
interface Vlan451
description Inside p2p to ASA
no shutdown
vrf member Inside
ip address 172.16.230.9/29
ip router eigrp 100
no ip passive-interface eigrp 100
interface Vlan651
interface Vlan680
description Inside Network
no shutdown
vrf member Inside
ip address 172.16.8.2/22
ip router eigrp 100
interface port-channel99
switchport mode trunk
spanning-tree port type network
vpc peer-link
interface port-channel102
switchport mode trunk
vpc 102
interface Ethernet1/1
description vPC Peer Link 1.1
switchport mode trunk
speed auto
channel-group 99
interface Ethernet1/6
interface Ethernet1/7
description vPC Peer Link 1.7 to Nexus 9372 PRI
switchport mode trunk
speed auto
channel-group 102 mode active
interface Ethernet1/8
interface Ethernet1/9
interface Ethernet2/1
description vPC Peer Link 2.1
switchport mode trunk
speed auto
channel-group 99
interface Ethernet2/2
interface Ethernet2/7
description vPC Peer Link 2.1 to Nexus SEC
switchport mode trunk
speed auto
channel-group 102 mode active
interface Ethernet2/8
interface Ethernet8/1
description keep-alive peer-link to ALNSWI02
no switchport
vrf member peer-keepalive
ip address 10.200.50.1/30
interface Ethernet8/2
description Uplink to ASA
switchport mode trunk
interface Ethernet8/3
interface mgmt0
vrf member management
ip address 172.16.52.3/23
line console
line vty
boot kickstart bootflash:/n6000-uk9-kickstart.7.0.1.N1.1.bin
boot system bootflash:/n6000-uk9.7.0.1.N1.1.bin
router eigrp 100
passive-interface default
default-information originate
vrf Inside
autonomous-system 100
default-information originate
poap transit
Nexus6-1#
Nexus6-1# sh ip eigrp neighbors vrf inside
IP-EIGRP neighbors for process 100 VRF Inside
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 172.16.8.3 Vlan680 11 01:28:28 1 50 0 45
1 172.16.230.10 Vlan451 13 01:28:28 1 50 0 46
2 172.16.230.11 Vlan451 10 01:28:00 4 50 0 13
Nexus6-1#
Nexus6-1# sh ip eigrp topology vrf Inside
IP-EIGRP Topology Table for AS(100)/ID(172.16.8.2) VRF Inside
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 172.16.8.0/22, 1 successors, FD is 2816
via Connected, Vlan680
P 172.16.230.8/29, 1 successors, FD is 2816
via Connected, Vlan451
Nexus6-1# sh vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 99
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 1
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
vPC Peer-link status
id Port Status Active vlans
1 Po99 up 1,451,652,680
vPC status
id Port Status Consistency Reason Active vlans
102 Po102 up success success 1,451,652,6
80
Nexus6-1# sh spanning-tree
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address 1005.caf5.88ff
Cost 2
Port 4197 (port-channel102)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 8c60.4f2d.2ffc
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po99 Desg FWD 1 128.4194 (vPC peer-link) Network P2p
Po102 Root FWD 1 128.4197 (vPC) P2p
Eth8/2 Desg FWD 2 128.1026 P2p
Eth8/3 Desg FWD 2 128.1027 P2p
VLAN0451
Spanning tree enabled protocol rstp
Root ID Priority 33219
Address 8c60.4f2d.2ffc
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 33219 (priority 32768 sys-id-ext 451)
Address 8c60.4f2d.2ffc
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po99 Desg FWD 1 128.4194 (vPC peer-link) Network P2p
Po102 Desg FWD 1 128.4197 (vPC) P2p
Eth8/2 Desg FWD 2 128.1026 P2p
VLAN0652
Spanning tree enabled protocol rstp
Root ID Priority 33420
Address 1005.caf5.88ff
Cost 2
Port 4197 (port-channel102)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 33420 (priority 32768 sys-id-ext 652)
Address 8c60.4f2d.2ffc
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po99 Desg FWD 1 128.4194 (vPC peer-link) Network P2p
Po102 Root FWD 1 128.4197 (vPC) P2p
Eth8/2 Desg FWD 2 128.1026 P2p
VLAN0680
Spanning tree enabled protocol rstp
Root ID Priority 33448
Address 1005.caf5.88ff
Cost 2
Port 4197 (port-channel102)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 33448 (priority 32768 sys-id-ext 680)
Address 8c60.4f2d.2ffc
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po99 Desg FWD 1 128.4194 (vPC peer-link) Network P2p
Po102 Root FWD 1 128.4197 (vPC) P2p
Eth8/2 Desg FWD 2 128.1026 P2p
Nexus6-1#
Switch2
Nexus6-2# sh run
!Command: show running-config
!Time: Sat Feb 12 19:02:44 2011
version 7.0(1)N1(1)
hostname Nexus6-2
feature telnet
cfs eth distribute
feature eigrp
feature interface-vlan
feature lacp
feature vpc
feature lldp
vlan 1
vlan 451
name P2P_VRF_SVI
vlan 652
name Management
vlan 680
name Inside
vrf context Inside
vrf context P2P_Inside_VRF
vrf context management
ip route 0.0.0.0/0 172.16.52.1
vrf context peer-keepalive
vpc domain 99
role priority 2
peer-keepalive destination 10.200.50.1 source 10.200.50.2 vrf peer-keepalive
delay restore 120
interface Vlan1
interface Vlan451
description Inside p2p to ASA
no shutdown
vrf member Inside
ip address 172.16.230.10/29
ip router eigrp 100
no ip passive-interface eigrp 100
interface Vlan680
description Inside Network
no shutdown
vrf member Inside
ip address 172.16.8.3/22
ip router eigrp 100
interface port-channel99
switchport mode trunk
spanning-tree port type network
vpc peer-link
interface port-channel102
switchport mode trunk
vpc 102
interface Ethernet1/1
description vPC Peer Link 1.1
switchport mode trunk
speed auto
channel-group 99
interface Ethernet1/2
interface Ethernet1/6
interface Ethernet1/7
description vPC Link 1.7 to Nexus 9372 SEC
switchport mode trunk
speed auto
channel-group 102 mode active
interface Ethernet1/8
interface Ethernet1/12
interface Ethernet2/1
description vPC Peer Link 2.1
switchport mode trunk
speed auto
channel-group 99
interface Ethernet2/2
interface Ethernet2/6
interface Ethernet2/7
description vPC Link 2.1 to Nexus PRI
switchport mode trunk
speed auto
channel-group 102 mode active
interface Ethernet2/8
interface Ethernet2/12
interface Ethernet8/1
description keep-alive peer-link to ALNSWI01
no switchport
vrf member peer-keepalive
ip address 10.200.50.2/30
interface Ethernet8/2
description Uplink to ASA
switchport mode trunk
switchport trunk allowed vlan 1,451,652,680
interface Ethernet8/3
interface Ethernet8/20
interface mgmt0
vrf member management
ip address 172.16.52.4/23
line console
line vty
boot kickstart bootflash:/n6000-uk9-kickstart.7.0.1.N1.1.bin
boot system bootflash:/n6000-uk9.7.0.1.N1.1.bin
router eigrp 100
vrf Inside
autonomous-system 100
default-information originate
poap transit
logging logfile messages 6
Nexus6-2#
Nexus6-2#
Nexus6-2# sh ip eigrp neighbors vrf Inside
IP-EIGRP neighbors for process 100 VRF Inside
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
2 172.16.8.2 Vlan680 14 01:30:11 23 138 0 48
0 172.16.230.9 Vlan451 13 01:30:11 480 2880 0 50
1 172.16.230.11 Vlan451 13 01:29:48 1598 5000 0 13
Nexus6-2#
Nexus6-2# sh ip eigrp topology vrf Inside
IP-EIGRP Topology Table for AS(100)/ID(172.16.8.3) VRF Inside
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 172.16.8.0/22, 1 successors, FD is 2816
via Connected, Vlan680
P 172.16.230.8/29, 1 successors, FD is 2816
via Connected, Vlan451
Nexus6-2#
Nexus6-2#
Nexus6-2# sh vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 99
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : secondary
Number of vPCs configured : 1
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
vPC Peer-link status
id Port Status Active vlans
1 Po99 up 1,451,652,680
vPC status
id Port Status Consistency Reason Active vlans
102 Po102 up success success 1,451,652,6
80
Nexus6-2#
Nexus6-2#
Nexus6-2# sh spanning-tree
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32769
Address 1005.caf5.88ff
Cost 3
Port 4194 (port-channel99)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 8c60.4f2d.777c
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
Po99 Root FWD 1 128.4194 (vPC peer-link) Network P2p
Po102 Root FWD 1 128.4197 (vPC) P2p
Eth8/2 Desg FWD 2 128.1026 P2p
Eth8/3 Desg FWD 2 128.1027 P2p
VLAN0451
Spanning tree enabled protocol rstp
Root ID Priority 33219
Address 8c

Jon,
Are you ready for the mass confusion?
when Looking at the ASA EIGRP neighbors output here is what I see.
ASA# sh eigrp neighbors
EIGRP-IPv4 neighbors for process 100
H   Address                 Interface       Hold Uptime   SRTT   RTO Q Seq
                                            (sec)         (ms)       Cnt Num
3   172.16.230.1            Te0/8.450        13 16:45:14 1    200   0   64
2   172.16.230.2            Te0/8.450        11 16:45:14 1    200   0   84
1   172.16.230.10           Te0/8.451        11 16:45:20 1    200   0   178
0   172.16.230.9            Te0/8.451        13 16:45:20 1    200   0   148
For simplicity sake lets just concetrate on Interface TenGigabit0/8.451 which is the SVI on the Nexus switch that is VLAN451
From the Nexus Switch 6004 that is directly connected to the ASA here is what I see
SWI01# sh ip eigrp neighbors vrf Inside
IP-EIGRP neighbors for process 100 VRF Inside
H   Address                 Interface       Hold Uptime SRTT   RTO Q Seq
                                            (sec)         (ms)       Cnt Num
0   172.16.8.3              Vlan680         10   17:04:30 54   324   0   177
1   172.16.230.10           Vlan451         11   16:59:10 819 4914 0   178
2   172.16.230.11           Vlan451         14   16:53:48 24   144   0   20
The Inside VRF that is tied to both SVI's on the Switch vlans 451 and 680 is in EIGRP 100 on the switch
SWI01# sh run int vlan 451
interface Vlan451
description Inside p2p to ASA
no shutdown
vrf member Inside
ip address 172.16.230.9/29
ip router eigrp 100
no ip passive-interface eigrp 100
SWI01# sh run int vlan 680
interface Vlan680
description Inside Network
no shutdown
vrf member Inside
ip address 172.16.8.2/22
ip router eigrp 100
hsrp 1
    authentication text test
    preempt
    priority 250
    ip 172.16.8.1
so you with me so far?
If you are you have noticed that on the ASA neighbors the ASA sees 172.16.230.11 as a neighbor which is the Secondary Nexus SW. That is becauise they all share the same subnet.
172.16.230.8/29
Brakedown:
PRI Nexus 6004 - 172.16.230.9
SEC NEXUS 6004 - 172.16.230.10
PRI ASA 5585x - 172.16.230.11
SEC ASA 5585x - 172.16.230.12
Because the ASA EIGRP network is a /29 it learns the Secondary Nexus via the Primary Nexus.
I am not sure that the link we created between the two Nexus Switches is doing anything but consuming ports right now.
SWI01# sh run int ethernet 8/9
interface Ethernet8/9
description EIGRP PORT to Secondary Nexus
switchport mode trunk
switchport trunk allowed vlan 450-451
SWI02# sh run int ethernet 8/9
interface Ethernet8/9
description EIGRP PORT to Primary Nexus
switchport mode trunk
switchport trunk allowed vlan 450-451
So the SVI's that go up to the ASA for inspection are 450 and 451. The network SVI's are 600 and 680 all of them live on the switch, and 680, and 600 are extended over the peer links down to the 9372's.
I think that we are breaking the golden rule of vPC BUT.. I am not 100% sure. Some of the documents read that we should not be allowing network vlans over peer links, but then how do you extend the vlans down to the leaf switch?
This is giving me nightmares at the moment…
does this make sense?

Cisco ASA 8.6 - EIGRP not working

Hi!
We have 2 ASA5510 and 2 ASA5525. Got a very weird error; up to release 8.4 eigrp works fine, after upgrading to 8.6 eigrp stops working.
If i do 'sh ei nei' i get this after upgrade to 8.6:
GRPCPDFW01# sh ei neighbors de
EIGRP-IPv4 neighbors for process 100
Can't see any neighbors; but same command from another asa on same network but with release 8.4:
GRPCPDFW02# sh eigrp neighbors de
EIGRP-IPv4 neighbors for process 100
H   Address                 Interface       Hold Uptime   SRTT   RTO Q Seq
                                            (sec)         (ms)       Cnt Num
4   10.5.1.3                Ma0/0            10 00:00:09 1    4500 1   0
   Version 8.6/3.0, Retrans: 2, Retries: 2, Waiting for Init, Waiting for Init A
ck
   Topology-ids from peer - 0
    UPDATE seq 69932 ser 0-0 Sent 9320 Init Sequenced
1   172.16.150.1            Et0/0            12      3w2d 1    200   0   3813
   Version 5.2/3.0, Retrans: 0, Retries: 0
   Topology-ids from peer - 0
0   172.16.150.2            Et0/0            10      3w2d 1    200   0   10842
   Version 8.0/2.0, Retrans: 0, Retries: 0
   Topology-ids from peer - 0
3   10.20.1.2               Et0/1.201        10     14w5d 1    200   0   41791
   Version 8.0/2.0, Retrans: 150, Retries: 0
   Topology-ids from peer - 0
2   10.5.1.2                Ma0/0            14     14w5d 2    200   0   23542
   Version 5.2/3.0, Retrans: 10, Retries: 0
   Topology-ids from peer - 0
   Stub Peer Advertising ( CONNECTED SUMMARY ) Routes
   Suppressing queries
As you can see, 10.5.1.3 is the ASA5525 with 8.6; also detected this on the logs, from a switch 3750 connected on same network with eigrp on:
Sep 25 21:15:23.818: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 10.5.1.3 (Vlan5
1) is down: retry limit exceeded
Sep 25 21:15:28.473: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 10.5.1.3 (Vlan5
1) is up: new adjacency
keeps saying this every minute.
Can anyone help me on this? I want to put the 5525 on production but would like to do it with latest release; could this be a bug on 8.6?
thanks in advance!
xavier

Hi Julio!
exactly, if i upgrade to 8.6 i cannot see any neighborship; going to 8.4 goes fine again, without changing anything else.
Your answers:
1 .ASA Version 8.6(1)2
2.
GRPCPDFW01# sh ei eve
Event information for AS 100: Event log is empty.
GRPCPDFW01# show cap test
26 packets captured
   1: 02:39:02.009658 10.5.1.2 > 10.5.1.3: ip-proto-88, length 20
   2: 02:39:02.948666 10.5.1.3 > 224.0.0.10: ip-proto-88, length 40
   3: 02:39:04.224002 10.5.1.1 > 10.5.1.3: ip-proto-88, length 20
   4: 02:39:07.017073 10.5.1.2 > 10.5.1.3: ip-proto-88, length 20
   5: 02:39:07.568680 10.5.1.3 > 224.0.0.10: ip-proto-88, length 40
   6: 02:39:09.223377 10.5.1.1 > 10.5.1.3: ip-proto-88, length 20
   7: 02:39:12.024428 10.5.1.2 > 10.5.1.3: ip-proto-88, length 20
   8: 02:39:12.378703 10.5.1.3 > 224.0.0.10: ip-proto-88, length 40
   9: 02:39:14.222995 10.5.1.1 > 10.5.1.3: ip-proto-88, length 20
10: 02:39:16.648693 10.5.1.3 > 224.0.0.10: ip-proto-88, length 40
11: 02:39:17.031858 10.5.1.2 > 10.5.1.3: ip-proto-88, length 20
12: 02:39:19.222202 10.5.1.1 > 10.5.1.3: ip-proto-88, length 20
13: 02:39:21.208714 10.5.1.3 > 224.0.0.10: ip-proto-88, length 40
14: 02:39:22.039258 10.5.1.2 > 10.5.1.3: ip-proto-88, length 20
15: 02:39:24.221652 10.5.1.1 > 10.5.1.3: ip-proto-88, length 20
16: 02:39:26.098719 10.5.1.3 > 224.0.0.10: ip-proto-88, length 40
17: 02:39:27.046628 10.5.1.2 > 10.5.1.3: ip-proto-88, length 20
18: 02:39:29.221012 10.5.1.1 > 10.5.1.3: ip-proto-88, length 20
19: 02:39:30.408700 10.5.1.3 > 224.0.0.10: ip-proto-88, length 40
20: 02:39:32.054059 10.5.1.2 > 10.5.1.3: ip-proto-88, length 20
21: 02:39:34.220523 10.5.1.1 > 10.5.1.3: ip-proto-88, length 20
22: 02:39:34.998666 10.5.1.3 > 224.0.0.10: ip-proto-88, length 40
23: 02:39:39.219867 10.5.1.1 > 10.5.1.3: ip-proto-88, length 20
24: 02:39:39.818667 10.5.1.3 > 224.0.0.10: ip-proto-88, length 40
25: 02:39:39.837618 10.5.1.2 > 10.5.1.3: ip-proto-88, length 20
26: 02:39:41.842180 10.5.1.2 > 10.5.1.3: ip-proto-88, length 20
26 packets shown
About the router conf; i can email it to you, its quite big! lots of objects, etc... any way i put here the basic eigrp conf and interface connecting to other eigrp peers:
router eigrp 100
no auto-summary
network 10.5.1.0 255.255.255.0
network 10.10.1.0 255.255.255.0
network 10.11.1.0 255.255.255.0
network 10.12.1.0 255.255.255.0
network 10.13.1.0 255.255.255.0
network 10.20.1.0 255.255.255.0
network 10.252.1.0 255.255.255.0
network 10.253.1.0 255.255.255.0
network 10.254.1.0 255.255.255.0
network 172.16.150.0 255.255.254.0
redistribute static
interface Management0/0
nameif management
security-level 100
ip address 10.5.1.3 255.255.255.0 standby 10.5.1.4
management-only
thanks!
xavier

EIGRP within data center

I am looking for best practice advice. In a network I have two Nexus 5548UP switches that are connected together with a port channel.  I have created a layer 3 link over the port channel using vlan 1152 192.168.150.8/30. A management vlan has been also been created on the switches with vlan 211 172.30.211.0/24. A Cisco ASA firewall is connected to the Nexus1 switch and has the inside intereface configured with an IP from the management network. A Cisco Router is connected to the Nexus2 switch and the LAN interface is also configured with an IP from the management network. EIGRP has been configured on all 4 devices. On the Nexus switches all svi's have been configured with the passive-interface command with the exception of the Vlan 1152 SVI's and the Vlan 211 SVI's. I am using the vlan 211 SVI IP for my EIGRP router-id. With this configuration the Nexus switches are neighbored twice with each other on both the 192.168.150.8.0/30 network and the 172.30.211.0/24 network. I would like to reduce that down to where they only neighbor using the layer 3 192.168.150.8.0/30 network but if I put the vlan 211 svi's in passive mode then it will break the neighborship with my ASA and router. To overcome this issue would I be better creating loopback interfaces to use as my router id and also making the links between my switch and ASA plus switch and router layer 3? Is there a better way to do this? I have attached two images, the first being the original design and the second being the proposed design. I have also provided the neighbor show commands from original design which lists all the neighbors being formed.
Nexus1# sh ip eigrp neighbor
IP-EIGRP neighbors for process 100 VRF default
H   Address                 Interface       Hold Uptime SRTT   RTO Q Seq
                                            (sec)         (ms)       Cnt Num
3   172.30.211.1            Vlan211         14   6w6d      3    200   0   439537
2   172.30.211.2            Vlan211         14   6w6d      2    200   0   439536
1   192.168.150.10          Vlan1152        14   6w6d      1    200   0   439535
0   172.30.211.20           Vlan211         14   11w5d     1    200   0   293289
slondc1#

for high availability - I run HSRP.
No single point of failure - I have redundant etherchannels between core and distribution.
Quick convergence - I have manually configured STP root's and secondarys. I also run RPVST
I have a failover pair of PIX535's - with a static route point to the inside IP of the failover pair, if one fails, the other picks up. I have also configured statefull failover - so no connections are lost.
We run EIGRP - mainly from legacy networks, but it runs smooth. We have tweaked the hello/hold timeres, to 1 and 3. We also summarise out to the remote sites (no need to fill up routiong tables, just takes cpu cycles)
All routing protocols have their merits - you just need to choose one you are comfortable with, that you can troublshoot and you know really well. I don't think it's a good idea to implement a routing protocol in a D/C that you are not 100% with.
HTH.

EIGRP over trunks

Hi
I need to form an EIGRP neighbor relationship between 2 x 3750 switches but they have 2 x 2960 layer 2 switches sitting in between them.
The layout is as follows.
3750---------------2960---------------2960--------------------3750
How would this be possible. Can the eigrp pass over these trunks through a vlan.
Any help will be much appreciated
Thanks

Hi,
How would this be possible. Can the eigrp pass over these trunks through a vlan.
Yes, absolutely. EIGRP is a protocol whose messages are encapsulated in IP packets. If there is an IP connectivity between the 3750 switches, EIGRP will run perfectly. How are you going to configure the 3750 - are you going to configure an interface Vlan with an IP address and run EIGRP on this interface, or are you going to configure routed ports from 3750 toward the 2960?
Best regards,
Peter

EIGRP neighbor problem

Similar Messages

Maybe you are looking for