EIGRP over trunks
Hi
I need to form an EIGRP neighbor relationship between 2 x 3750 switches but they have 2 x 2960 layer 2 switches sitting in between them.
The layout is as follows.
3750---------------2960---------------2960--------------------3750
How would this be possible. Can the eigrp pass over these trunks through a vlan.
Any help will be much appreciated
Thanks
Hi,
How would this be possible. Can the eigrp pass over these trunks through a vlan.
Yes, absolutely. EIGRP is a protocol whose messages are encapsulated in IP packets. If there is an IP connectivity between the 3750 switches, EIGRP will run perfectly. How are you going to configure the 3750 - are you going to configure an interface Vlan with an IP address and run EIGRP on this interface, or are you going to configure routed ports from 3750 toward the 2960?
Best regards,
Peter
Similar Messages
-
Catalyst series - Private VLAN over trunk
Hey every body
I was planning to implement a Cisco Nexus 5596 in a data center as it supports private VLAN over trunk.
But now, I av been forced to use a Cisco Catalyst series instead of the Nexus one.
Based on the feature that is very important for my manager (private VLAN over trunk), which Catalyst switch can be replaced with the Nexus 5596? In other words, what Catalyst series switch works at the same scale and efficiency of Nexus 5596 and supports private VLAN over trunk feature?
Cheers4500x Yes
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_26674-01.html
Nexus 5k Yes
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/layer2/521_n1_3/b_5k_Layer2_Config_521N13/b_5k_Layer2_Config_521N13_chapter_0100.html
3850s
They dont support pvs at all yet
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/vlan/configuration_guide/b_vlan_3se_3850_cg/b_vlan_3se_3850_cg_chapter_0100.html
Restrictions for VLANs
The following are restrictions for VLANs:
The switch supports per-VLAN spanning-tree plus (PVST+) or rapid PVST+ with a maximum of 128 spanning-tree instances. One spanning-tree instance is allowed per VLAN.
The switch supports IEEE 802.1Q trunking methods for sending VLAN traffic over Ethernet ports.
Configuring an interface VLAN router's MAC address is not supported. The interface VLAN already has an MAC address assigned by default.
Private VLANs are not supported on the switch.
You cannot have a switch stack containing a mix of Catalyst 3850 and Catalyst 3650 switches. -
Unequal Load Balancing with EIGRP over 4 Wireless networks
We are trying to load-balance on 4 interfaces that have unequal bandwidths. The setup looks like this
8 Computers -> Empty Config Switch -> 3560 Router\Switch -> 4x Wireless Radios on different frequencies - networks -> 3560 Router\Switch->Empty Config Switch -> 8 Computers
We have EIGRP setup and the bandwidths defined, and the routes are showing proper share counts, but once we start adding traffic to the network, they all jump on one of the links. The config and everything looks right, its just not working. I have tried switching to different cef algorithms. Removed the vlans . I made them equal cost and they did the same thing. Its like EIGRP does not want to load balance.
When i did this config with static routes or as OSPF, it actually load balanced them, but I'm stuck with a 1:1 share ratio. If i could control the ratio, then that would be an acceptable solution.
Any ideas on what could be causing this?
Code:
Routing entry for 192.168.104.0/24
Known via "eigrp 10", distance 90, metric 13312, type internal
Redistributing via eigrp 10
Last update from 192.168.2.4 on Vlan2, 00:04:25 ago
Routing Descriptor Blocks:
* 192.168.9.4, from 192.168.9.4, 00:04:25 ago, via Vlan9
Route metric is 51712, traffic share count is 31
Total delay is 20 microseconds, minimum bandwidth is 50000 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 1
192.168.5.4, from 192.168.5.4, 00:04:25 ago, via Vlan5
Route metric is 13312, traffic share count is 120
Total delay is 20 microseconds, minimum bandwidth is 200000 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 1
192.168.3.4, from 192.168.3.4, 00:04:25 ago, via Vlan3
Route metric is 26112, traffic share count is 61
Total delay is 20 microseconds, minimum bandwidth is 100000 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 1
192.168.2.4, from 192.168.2.4, 00:04:25 ago, via Vlan2
Route metric is 13312, traffic share count is 120
Total delay is 20 microseconds, minimum bandwidth is 200000 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 1
3560_Switch_1#show int Fa 0/1 | inc packets/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
3560_Switch_1#show int Fa 0/2 | inc packets/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
3560_Switch_1#show int Fa 0/3 | inc packets/sec
5 minute input rate 17111000 bits/sec, 2545 packets/sec
5 minute output rate 13872000 bits/sec, 2251 packets/sec
3560_Switch_1#show int Fa 0/4 | inc packets/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
3560_Switch_1#show ip cef exact-route 192.168.101.57 192.168.104.57
192.168.101.57 -> 192.168.104.57 => IP adj out of Vlan5, addr 192.168.5.4
Here is the config.
Code:
ip cef load-sharing algorithm universal 00123456
interface FastEthernet0/1
switchport access vlan 2
bandwidth 200000
delay 1
spanning-tree portfast
interface FastEthernet0/2
switchport access vlan 3
bandwidth 200000
delay 1
spanning-tree portfast
interface FastEthernet0/3
switchport access vlan 5
bandwidth 200000
delay 1
spanning-tree portfast
interface FastEthernet0/4
switchport access vlan 9
bandwidth 200000
delay 1
spanning-tree portfast
interface GigabitEthernet0/1
description USER PORT
switchport access vlan 100
spanning-tree portfast
interface Vlan2
bandwidth 200000
ip address 192.168.2.1 255.255.255.0
delay 1
interface Vlan3
bandwidth 100000
ip address 192.168.3.1 255.255.255.0
delay 1
interface Vlan5
bandwidth 200000
ip address 192.168.5.1 255.255.255.0
delay 1
interface Vlan9
bandwidth 50000
ip address 192.168.9.1 255.255.255.0
delay 1
interface Vlan100
description User Data
ip address 192.168.101.1 255.255.255.0
router eigrp 10
maximum-paths 8
variance 15
network 192.168.2.0
network 192.168.3.0
network 192.168.5.0
network 192.168.9.0
network 192.168.101.0Yup, that was the first cef algorithm I had tried. ip cef load-sharing algorithm include-ports source destination
I tried all of the different types.
Also, I was sending data trough iperf from 4 computers + 1 comp steaming video on one network to 5 computers on another network. In any case of source or destination, it should have switched over. The odds of it all going on Vlan 5 is ~ 0.6% Restarting the router sometimes places it all on a different vlan, but in any case its all or nothing. -
Eigrp - How to modify Admin distance for redistributing connected links and over WAN
We have a single EIGRP domain 101 across 2 locations (A and B) separated by a WAN link. Each location has a number of L3 switches at the IDF behind the router which has the L3 vlans VL1, VL2 etc. We run eigrp 101 across all the switches and on the routers but we dont advertise any of the L3 vlans on them and we do redistribute static and connected for the static and the vlans to be distributed on eigrp.
Qn
1. How do i reduce the admin distance of the directly connected vlan on IDF on our core switch. ie. Vl1 and Vl2 that are distributed via connected has a admin distance of 170 locally as the other switches sees that as External without having to advertise the networks individually on each switch.
2. Is that possible to increase the admin distance over the WAN link without having to create a 2nd eigrp domain. ie.. Add a admin distance of say 50 over the WAN link and that way devices on both sides do see that there is a 130 distance for the remote side and 90 for local for admin distance.
Why?
I am trying to separate two locations and i don't think we will be able to create an additional domain and i am trying to see alternate methods of achieving this.
Additional info-
The design i mentioned has 2 locations with a WAN connection and i have mixed (90/170) distance based on where the routes are coming(eigrp/connected/static) from eventhough everything is within the same network. We only have 1 Eigrp network 101 and was looking to alter the AD for just connected if at all possible.
Assuming i put in all the routes into the network how can i make site 2 see the site 1 network with a larger admin distance and 1 to 2 with a larger admin distance while not altering the admin distance within the local site.
Underlying reason: We are getting a MPLS link(lower bandwidth) connecting to site 3,4 and 5 at both sites and wanted to clear the internal routing first before i can add them or redistribute them into bgp.If these two sites are connected via a P2P link and you are exchanging EIGRP routes across it then you need to be aware of what you redistribute into BGP because each site will know about it's own subnets but also the other sites subnets.
If you just redistribute all EIGRP at both sites then it's a lottery as to which MPLS connection the non EIGRP sites use.
So you either need to -
1) when you redistribute EIGRP at each site into BGP use a route map and only allow the local networks for that site
or
2) if you want each of the EIGRP sites to back each other's MPLS connection up you could have them both advertise out all networks ie. their own and the other EIGRP site's networks but modify the BGP attributes of the non local networks so they are least preferred.
You still want to use a route map to ensure only the local and other EIGRP sites network are redistributed because remember you are also receiving BGP routes from the non EIGRP sites and redistributing these into EIGRP at each site and these are exchanged via the P2P link as well.
It realty depends on what you are trying to do.
The actual basic redistribution is very straightforward, see this link -
http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/113506-failover-eigrp-bgp-00.html
but you need to decide what you are going to do in terms of EIGRP to BGP advertisements as covered above.
I'm not trying to make things complicated for you but because you have a P2P link connecting these sites and you are running EIGRP over it then any routes received via BGP will be redistributed into EIGRP and you need to make sure they are then not redistributed back into BGP on the other site router.
Jon -
VPN device with dual ISP, fail-over, and load balancing
We currently service a client that has a PIX firewall that connects to multiple, separate outside vendors via IPSEC VPN. The VPN connections are mission critical and if for any reason the VPN device or the internet connection (currently only a T1) goes down, the business goes down too. We're looking for a solution that allows dual-ISP, failover, and load balancing. I see that there are several ASA models as well as the IOS that support this but what I'm confused about is what are the requirements for the other end of the VPN, keeping in mind that the other end will always be an outside vendor and out of our control. Current VPN endpoints for outside vendors are to devices like VPN 3000 Concentrator, Sonicwall, etc. that likely do not support any type of fail-over, trunking, load-balancing. Is this just not possible?
Unless I am mistaken the ASA doesn't do VPN Load Balancing for point-to-point IPSec connections either. What you're really after is opportunistic connection failover, and/or something like DMVPN. Coordinating opportunistic failover shouldn't be too much of an issue with the partners, but be prepared for lot of questions.
-
DMVPN Question on NHRP and EIGRP neighbor relations
First of all thank you for your answer, in a DMVPN network, running EIGRP over GRE, will a spoke consider another spoke an EIGRP neighbor? or will it just consider the hub to be an EIGRP neighbor when it comes to sending/receiving eigrp queries/updates? given that in dmvpn setup one spoke can establish a direct tunnel with another spoke.
If you are running EIGRP, under EIGRP type in
no split-horizon eigrp ; where x is the as #.
Also, if your dmvpn routers have default routes ie 0.0.0.0/0 pointing to the ISP on all routers that is ok. IF you have specific static routes for DMVPN hub public on DMVPN spoke router, you would also need to add a static route for the other dmvpn spoke public address on your first dmvpn spoke and vice versa. Hope this helps. -
Is it possible to use MVR for delivering multicast to customers over dot1q-tunnel interface ?
Can QinQ and MVR work together ?I think the muticast vlan registration shortly termed MVR is not supported in dot1Q tunnelling interface.Because, there is a criteria for configuring MVR.That is, while configuring MVR, receiver ports cannot be trunk ports. Since, do11q is a trunking protocol,I believe MVR can't be transmitted over trunk port, and hence over dot1q tunnel interface.For detailed info on this mvr,
refer to the configuration guidelines sections of mvr at:
http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_guide_chapter09186a008007e8d9.html#xtocid14 -
Dear All
There is a network where there are one data center and more than 200 branch office networks. They are connected with each other through EIGRP over MPLS. We can imagine there are a lot EIGRP traffic in there. My question is that what is a good way to summarize all the traffic ? Thank you.
yangfrankThank you for your reply.
Can we use command "ip summary-address " under the interface which is connected to MPLS PE ?
In addition, can we use eigrp stub or use the stub with " ip summary-address eigrp 1 x.x.x.x x.x.x.x" ? -
Need suggestion on IP SLA on DC and DR scenario
Dear Experts,
I need to build a back-up MPLS connectivity for an existing MPLS link connecting multiple locations to DC and DR as shown in the diagram.Hello.
Sure you may use ip sla (on spokes) to track ISP1 reachability and failover to ISP2 in case of any issue.
At the same time this would work ONLY if you have dynamic routing between DC and ISP1!
If only statics are available for DC, then I would suggest to build a mesh of GRE tunnels (mGRE) over both ISPs and run EIGRP over tunnels.
PS: it's also possible to run BGP over ISP clouds, but it would make things slightly more complicated. -
Load balancing between two routers
I have two routers connected through the LAN connection. The first one is using as routing protocol EIGRP, the other one is part of the managed service and I do not have access to it. I would like to make a load balancing between the two of them by redistributing the static routes in EIGRP. When I tried this, I am loosing the EIGRP entry for this route in the routing table. I would like to have both of them , so we could have traffic sharing. I appreciate if you give me any hints.
Raju,
you have two choices as far as I can see. If you want to use static routing over the WAN to your branch, you could duplicate your static routes to the branch and point them to the secondary router. You will have two identical sets of static routes in the primary router, one set pointing to the WAN interface and the other one pointing to the secondary router.
ip route x.x.x.x "WAN-interface"
ip route x.x.x.x "secondary router"
ip route y.y.y.y "WAN-interface"
ip route y.y.y.y "secondary router"
etc.
As a result the primary router will have two routes to the branch and will load-balance. If one next-hop fails (either the WAN interface or the secondary router), only the other will be used. If the next-hop comes back up, load-balancing will resume.
The other choice would be to use EIGRP over the WAN, and make sure the two routers become EIGRP neighbors. Then you can use the "variance" command to achieve unequal cost load-balancing between the two routers. Let me know if you need more information about this, but i think static routes will be sufficient in your situation.
HTH, Thomas -
I am cutting a frame-relay with ISDN backup Network over to MPLS with DSL Backup - I want to use OSPF on the MPLS and EIGRP over DSL; I have a mixture of routers 1750, 1751, & 1760. I have been doing my DD but was wondering if anyone here has done this and has any tips or a good place to some more research and or a good place to find a config builder?
You can try the ciso 1800,2800 or the 3800 series routers...depending upon your budget .You can be sure to get the best BANG!!! for your $$$$.
-
Adding a Route Pattern to a Line Group?
Hi
We have an analog device which is patched into our Voice Gateway and has a dial peer using extension 444.
I have setup a route pattern within CUCM which points at the gateway for 444.
However I can't seem to add this Route pattern to a line group to be part of a hunt?
The line group seems to be just internal extensions but I need the route pattern of 444 to be in the same line group as two internal extensions?
ThanksHi
Route Patterns are used for destinations that are 'off-ssytem' i.e. over trunks and so on.
Line Groups can only contain local lines on the system. This pretty much means only SCCP controlled lines, as CUCM is fully aware of the line state at all times.
If you want a port to be in a line group, you'll need to register it to CUCM as an SCCP gateway.
Aaron -
Hi,
i want to implement DMVPN to one of our branch as a fail over link if the MPLS point to point is down.
The MPLS VPN is working fine but due to SP faults we are experiencing frequent link downs.so i want to place a dsl router at branch and configure DMVPN to our existing HUB router.
i am configuring branch router as a spoke to HUB router R3 with rip so when the MPLS which using eigrp goes down , then DMVPN link should be up depending upon AD but, my doubt is if again MPLS link gets up, will it switchover to MPLS from DMVPN.
here is the topology
Here is the configurations for HO,HUB and Branch Routers
******** HO ********
interface Tunnel102
description " Tunnel HO-Br3"
bandwidth 2048
ip address 10.10.0.10 255.255.255.252
tunnel source 172.33.1.18
tunnel destination 172.33.33.18
interface FastEthernet0/0
description "HO-LAN"
ip address 192.168.1.10 255.255.255.0
duplex auto
speed auto
interface FastEthernet0/1
description " Connection MPLS SP"
ip address 172.33.1.18 255.255.255.252
duplex full
speed 100
router eigrp 200
redistribute ospf 10 metric 512 600 100 100 1500
network 10.10.0.8 0.0.0.3
no auto-summary
router ospf 10
log-adjacency-changes
redistribute eigrp 200 subnets
redistribute bgp 65350 subnets
network 192.168.12.0 0.0.0.255 area 0
router bgp 65350
no synchronization
bgp log-neighbor-changes
bgp redistribute-internal
network 10.10.10.0 mask 255.255.255.0
neighbor 172.31.3.17 remote-as 65400
no auto-summary
******** HUB *********
(Router R3 Config)
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 3600
crypto isakmp key welc0me address 0.0.0.0 0.0.0.0
crypto ipsec transform-set strong esp-3des
crypto ipsec profile cisco
set security-association lifetime seconds 7200
set transform-set strong
interface Tunnel10
ip address 172.20.20.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication welc0me
ip nhrp map multicast dynamic
ip nhrp network-id 250
ip tcp adjust-mss 1360
no ip split-horizon
delay 100
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
tunnel key 100
tunnel protection ipsec profile cisco
interface GigabitEthernet0/1
ip address 74.99.128.25 255.255.255.240
ip flow ingress
ip flow egress
duplex auto
speed auto
router rip
version 2
redistribute ospf 10 metric 5
network 172.20.0.0
no auto-summary
ip route 0.0.0.0 0.0.0.0 74.99.128.17
(Fail over DMVPN with RIP )
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
lifetime 3600
crypto isakmp key welc0me address 74.99.128.25
crypto ipsec transform-set strong esp-3des
crypto ipsec profile cisco
set security-association lifetime seconds 7200
set transform-set strong
interface Tunnel10
bandwidth 1024
ip address 172.20.20.2 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication
ip nhrp map multicast 74.99.128.25
ip nhrp map 172.20.20.1 74.99.128.25
ip nhrp network-id 250
ip nhrp holdtime 300
ip nhrp nhs 172.20.20.1
ip nhrp registration no-unique
ip tcp adjust-mss 1360
no ip split-horizon
delay 1000
tunnel source FastEthernet4
tunnel destination 74.99.128.25
tunnel key 100
tunnel protection ipsec profile cisco
interface vlan 1
description " HWIC-DSL Link"
ip addresss dhcp
ip virtual-reassembly in
duplex auto
speed auto
router rip
version 2
network 172.20.0.0
network 192.168.50.0
no auto-summary
ip route 74.99.128.25 255.255.255.255 192.168.1.1
interface Tunnel102
description " Tunnel BR-HO "
bandwidth 2048
ip address 10.10.0.9 255.255.255.252
tunnel source 172.33.33.18
tunnel destination 172.33.1.18
interface FastEthernet0/0
description "BR LAN"
ip address 192.168.50.5 255.255.255.0
duplex auto
speed auto
interface FastEthernet0/1
bandwidth 2048
ip address 172.33.33.18 255.255.255.252
duplex auto
speed auto
router eigrp 200
network 10.10.0.8 0.0.0.3
network 192.168.50.0
no auto-summary
router bgp 65350
no synchronization
bgp log-neighbor-changes
neighbor 172.33.33.17 remote-as 65400
no auto-summaryHi,
i am running eigrp over MPLS and i want the dmvpn as failover, so configured rip as it's AD is higher and it will be preferred only when the primary is down, but i want to make sure , it switches over to primary as soon as MPLS comes up.
if not DMVPN then canyou please suggest me anyother way to get over it... -
Has anybody done any configs with transparent CCS.
I need to configure this for a VOIP link using Clear Channel Code over IP.
I have found a config on Cisco - http://www.cisco.com/en/US/tech/tk652/tk653/technologies_tech_note09186a00800a96c1.shtml
I am having trouble understanding the relation with the POTS / VOIP configs and the PABX. What does the PABX send to the router in relation to a call. The PABX is using DPNSS signaling.
Normally voice routers do inteligent call routing depending on your dial-peer voip configs, but the above document has 6000 & 8000 pots configs. Just wondering how the PABX fits into these configs. Do these 6000 & 8000 pots configs have any relation with the call coming from the PABX or are they just a number.
If anybody has done transparent CCS, could they possible send me a copy of their configs, excluding IP addresses(obviously) or point me to any more links with relavent information.PABX will connect with the gateway over trunk line like E1 in the config examples in the above url. so the call will come in the gateway over E1 and since the trunks are nailed up between two gateway, based on the number dialed like 6000 or 8000 the call will be forwarded to appropriate voice-port as configured under the dial-peer.
So the network will look like
PABX----E1----Gateway-------IP Network-----Gateway-----E1---PABX
visit following link to get yourself clear on that
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t3/dt_tccs.htm
and
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t2/ccsfm.htm -
Multiple WAN site redundancy design review (dark fiber, p2p, DMVPN)
I'm re-designing a couple of wan sites. I'm using EIGRP over both some leased dark fiber and p2p provider connections. The attached (pdf) physical topology says it all, I'm thinking of using ip sla to track and inject routes over prefered connections, but really just looking for feed back if someone is interested in taking a look.
I've bought 2 2951's with es3g-16-p modules so I can build svi's and do hsrp between the paths, building redundancy between the 3 available paths back to our enterprise core (1Gbps, 40Mbps, 50Mbps).
multiple vlans at both sites...
e.g.: (wan site1 (vlan 10-15), want site2 (vlan 16-20))
Thoughts and thanks?hi there
not sure why you need to use DMVPN if it all internal same internal network unless you need to have all the traffic between sites to be encrypted
anyway in general i would say of use the direct link to reach the directly connected networks per site
example using site one 100M link to reach DC and WAN
and use site2 50M local link to reach WAN as primary path and use the site1-site2 fibre to reach DC as primary path for site2 this could archive a good load sharing and reduce the load on the link between site1 and site2
IP SLA in a topology like your for sure can very helpful to improve failover time and make the routing more topology aware
hope this helps
Maybe you are looking for
-
Birthday Calendar in iCal Alarm
Hi, I created a birthday calendar in iCal. Now I don't know how to get recognition of these data by a ringing tone.
-
Runtime error...plz help me .ful amrks wud be given
Hi gurus.. m running a user defined transaction ZV48cji which includes all standard Programs..it gives short dump after running it..the description is as follows. An exception occurred that is explained in detail below. The exception, which is assign
-
hi experts i have itab having a field status and its data ( 'open' , 'complete') pls explain the needed steps to be followed for setting the traffic light in ALV. open --red light complete -- green light. pls, explain me the step by step procedure. t
-
Hi ; What casting should I do to jlong inorder to get a proper long representing the same number . running the next example gives the below resault : int main() jlong f = 40956436157 ; unsigned long g = (unsigned long)f ; // my jlongs will always be
-
As the subject line says, my "early 2008" Mac Pro will not shut down. I have let it set overnight and it will not shut down or restart. I also installed an update which required a restart, selected to restart and the computer would not. Also, wheneve