Workings of auto-summary in EIGRP?
We are using 172.20.0.0 internally with /25 mask for local user subnets. This network is spread around 40 locations. Normally we have 'no auto-summary' under our router command like:
router eigrp 1
network 172.20.0.0
no auto-summary
So if I wanted to know if a particular subnet was in use, ie, 'sh ip route 172.20.100.0', I would see that in a routing table, and felt confident that there truly was a 172.20.100.0 subnet.
Someone inadvertently configured a router with 'auto-summary', and I was trying to troubleshoot a problem on 172.20.100.0. I shut down the interface that is configured for 172.20.100.0, yet it still showed up in the routing table. I track down where that route was advertised, and I found it was coming from a router that has the 'auto-summary' and the 'show ip route 172.20.100.0' on that router showed it coming from interface null-0.
The reason I don't like to use auto-summary is because of just that - I don't get a true picture of what subnets are actually real - everything gets summarized into the major network.
Is that the way auto-summary is supposed to work? If one uses the 'auto-summary on all routers, how does one tell if a particular subnet is in actual use of not?
Jim
In your description you tell us that your network uses 172.20.0.0 and do not mention any other networks. If this is true (that there are no other networks than 172.20.0.0) then it makes no difference whether no auto-summary is configured or not - you will get the exact same results as long as the network is based on a single major network (a class B network in your case).
auto-summary only makes a difference when a router has an interface in one network and has another interface(s) in another network. If all interfaces are in the same network then EIGRP advertises all subnets out all interfaces. If the router has interfaces in two networks (say for example that your LAN interfaces were in 172.20.0.0 and you put your serial interfaces on 10.0.0.0) the the router would not advertise subnets of 172.20.0.0 over the serial 10.0.0.0 interfaces but would advertise a summary route.
In the situation that you describe that you found a router with an entry for 172.20.100.0 to null 0 then the logical explanations would be that either there is a summary address configured on that router for 172.20.100.0 or that someone configured a static route for 172.20.100.0. Or is it possible that the route that you were looking at was really for 172.20.0.0 and not for 172.20.100.0?
HTH
Rick
Similar Messages
-
Hi all,
I have question about EIGRP auto summary.
Lets say R1 is connected to R2 and R2 is connected to R3.
R2 and R3 have auto summ on by default.
R1 has no auto summary configured.
If R1 advertise about its Lan network 10.10.10.0/24
Router EIGRP 100
network 10.0.0.0
no auto summary
When router 10.10.10.0 reaches R3 will it be shown as or 10.0.0.0/8 classfull address in R3s routing table?
Thanks
MAheshHello, it's been a few monts since you posted your question, but i fund it while preparing to ROUTE exam and i feel need to respond.
Well I must say Mohamed i wrong. In your case R2 will NOT advertise summary route to R3.
The official certification guide says:
When a router has multiple working interfaces, and those interfaces use IP addresses in different classful networks, the router advertises a summary route for each classful network on interfaces attached to a different classful network.
So learned routes are not subject of auto-summarization. They can still be summarized manually ofcourse.
Firs of all - create a lab. Ok. I did it for you:
10.10.10.0 - R1 - 192.168.12.x - R2 - 193.168.23.x - R3
R1 does not summarize, R2 does.
Lets see at R3:
R3#sh ip route
D 192.168.12.0/24 [90/307200] via 193.168.23.2, 00:42:30, FastEthernet0/0
10.0.0.0/24 is subnetted, 1 subnets
D 10.10.10.0 [90/332800] via 193.168.23.2, 00:42:30, FastEthernet0/0
C 193.168.23.0/24 is directly connected, FastEthernet0/0
See? No summary route. Let's do an experiment - let's add loopback interface on R2 with IP of 10.1.1.1 and check R3 again:
R3#sh ip route
D 192.168.12.0/24 [90/307200] via 193.168.23.2, 00:50:45, FastEthernet0/0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
D 10.10.10.0/24 [90/332800] via 193.168.23.2, 00:50:45, FastEthernet0/0
D 10.0.0.0/8 [90/409600] via 193.168.23.2, 00:00:35, FastEthernet0/0
C 193.168.23.0/24 is directly connected, FastEthernet0/0
Now we have a 10/8 network as R2 summarised 10.1.1.0/24 to a classfull boudary, but we can still see /24 network as well. Thats the freaky way the auto-summariazation works.
You have to remember: auto-summary feature indeed works when a router advertises prefixes between major networks, but ONLY directly connected ones. It does not affect learned networks. -
In the OSPF routing, Why can't use the command "no auto-summary"?
Hello
I will post the article here because this question.
The question for OSPF.
Am I more than trying a variety of routing's a wonder suddenly become, OSPF is why there is no "no auto-summary" of commands like protocols such as RIP and EIGRP?
It's strange grammar?
Yes, using the Google Translator.
Please consider it.ckfurtn01,
By default, RIP and EIGRP summarize networks to their classful boundaries. No auto-summary disables that feature.
In OSPF, we need to configure wildcard masks to identify our networks. For example, in EIGRP network 10.1.1.0/24, with auto-summary enabled, will advertise a 10.0.0.0/8 network. In OSPF, to identify the same 10.1.1.0/24 network we would advertise 10.1.1.0 0.0.0.255 area X. If we wanted to do the classful boundary then it would be 10.0.0.0 0.255.255.255 area X.
OSPF, in short, does not perform auto-summarization so it is not a needed command. Hope this helps.
v/r
Mike -
BGP and auto-summary enabled or disabled with "network" command
http://www.cisco.com/en/US/tech/tk365/technologies_q_and_a_item09186a00800949e8.shtml#five
I just modified the below quoted by adding numbers
My understanding is this:
A- I hope my numbering to the quoted above is right ,,,I numbered it to be easy to point to it.
B- What does it mean by locally originated, does it mean within AS ?
1- auto-summary is enabled it summarizes the locally originated BGP networks to their classfull boundaries without caring to check if there are any entry in IGP routing table,,,,Am I right ?
2- auto-summary is disabled, the routes introduced locally into the BGP table are not summarized to their classfull boundaries, without caring to check if there are any entry in IGP routing table,,,,Am I right ?
3- I could not match his example with his explanation
4- It is obvious.Thanks hritter
I think you forgot to answer this :
1- Does that mean with "no auto-summary" we do not care about the exact match
The author says:
"3- When a subnet exists in the routing table and the following three conditions are satisfied, then any subnet of that classfull network in the local routing table will prompt BGP to install the classfull network into the BGP table.
* Classfull network statement for a network in the routing table
* Classfull mask on that network statement
* Auto-summary enabled "
Correct my understanding to the above quoted
The author says: For example, if the subnet in the routing table is 75.75.75.0 mask 255.255.255.0 {match the above quoted : When a subnet exists in the routing table}.
The author says : and you configure network 75.0.0.0 under the router bgp command (for my understanding it does not match the above quoted first comdition : Classfull network statement for a network in the routing table},,,,,,,he says 75.0.0.0 under bgp table and the above quoted says under routing table (IGP table) -
EIGRP network vs. no passive-interface
What is the difference between configuring EIGRP with the "network" command, then specifying the IP addresses of the interfaces you want to use OR using the no passive-interface command.
The examples below might make more sense:
gi0/0.1 has an IP of 192.168.1.1
gi0/0.2 has an IP of 192.168.2.1
s1/0 has an IP of 192.168.3.1
s1/0 has an IP of 192.168.4.1
router eigrp 100
passive-interface default
no passive-interface GigabitEthernet0/0.1
no passive-interface GigabitEthernet0/0.2
no passive-interface Serial1/0
no passive-interface Serial1/1
network 192.168.0.0
no auto-summary
router eigrp 100
network 192.168.1.1
network 192.168.2.1
network 192.168.3.1
network 192.168.4.1
no auto-summary
Don't both of these configurations accomplish the same thing? If so, is there any advantage to using one over the other?
Thanks,
NateActually, on a technecality, they do not do the same thing. And it is one of the subtlties of the behavior of EIGRP that may be important to understand when preparing for the CCIE or when administering an EIGRP network.
The important aspect to recognize here is the classful network boundaries. The first example had network 192.168.0.0. This happens to be a class C network. And EIGRP would be looking for interfaces that are in that particular network. And it would not process the interfaces on 192.168.1.0 or 192.168.2.0 etc. Even though EIGRP works very well in a classless addressing environment, its roots are in a classful background. And one manifestation of that is the default behavior to treat the network statement as looking for classful boundaries. So in fact if you configure EIGRP with network 192.168.1.1 and then do a show run what you will see is 192.168.1.0 because EIGRP is processing classful network boundaries.
If the example had used a class B like 172.16.1.1 and 172.16.2.1 etc then the two approaches would have produced the same results.
There are two more aspects of this I would like to comment on. One is the background of the passive default. This ties back to the essentially classful nature of the processing that EIGRP does on the network statement. If you were bringing up a router that would eventually have many interfaces that would be subnets of the same classful network and you put in network 172.16.0.0 then EIGRP would attempt to process every interface with an address in the subnets of that network. But you might not want them to be advertised when they were configured, you might want to wait till there was actually something deployed there, or perhaps you might not want EIGRP to process a particular interface at all (perhaps that interface connected to something external to your network. Cisco introduced the passive default to accomodate this situation. With passive default EIGRP does not process the interface till you specifically activate it.
Another interesting aspect is that Cisco then introduced the ability within EIGRP to use a netmask on the network statement which allows you to specifically identify the particular interface you want to process. This addresses the classful default behavior and makes EIGRP truly more of a classless routing protocol.
So lets take the example that started this discussion and change it a little bit. Suppose there was a router with interfaces 172.16.1.1, 172.16.2.1, 172.16.3.1, and 172.16.4.1. And suppose that you wanted (for whatever reason) to include 1, 2, and 4 but not 3. How could you do it?
The more traditional solution would be to use passive default and leave the 3 as passive. Or the more recent solution would be to use network statements with netmask to include only the specific interfaces that you wanted.
HTH
Rick -
Problem when applying IPSEC to DMVPN
Hi i have some trouble with DMVPN
i configured NHRP between a HUB and aSPOKE:
HUB
tu0 tu1
| |
ISP
|
tu0,tu1
SPOKE
the HUB has two physical interfaces and two logical interfaces.
The SPOKE has one physical interface and two logical interfaces.
in configured NHRP correctly, the tunnels are detected in the HUB and the SPOKE.
when i add the profile IPSEC to the intefaces i lose tunnel1.
SPOKE1#sh ip nhrp
10.1.1.4/32 via 10.1.1.4, Tunnel0 created 02:22:01, never expire
Type: static, Flags: authoritative used
NBMA address: 190.1.1.1
10.2.2.4/32 via 10.2.2.4, Tunnel1 created 02:18:21, never expire
Type: static, Flags: authoritative used
NBMA address: 190.1.2.1
SPOKE1#debug ip nhrp
tunnel0
*Mar 1 03:50:09.399: NHRP: Attempting to send packet via DEST 10.1.1.4
*Mar 1 03:50:09.399: NHRP: Encapsulation succeeded. Tunnel IP addr 190.1.1.1
*Mar 1 03:50:09.399: NHRP: Send Registration Request via Tunnel0 vrf 0, packet size: 82
*Mar 1 03:50:09.403: src: 10.1.1.1, dst: 10.1.1.4
*Mar 1 03:50:09.403: NHRP: 82 bytes out Tunnel0
*Mar 1 03:50:09.519: NHRP: Receive Registration Reply via Tunnel0 vrf 0, packet size: 102
*Mar 1 03:50:09.519: NHRP: netid_in = 0, to_us = 1
tunnel 1
*Mar 1 03:50:30.575: NHRP: Attempting to send packet via DEST 10.2.2.4
*Mar 1 03:50:30.575: NHRP: Encapsulation succeeded. Tunnel IP addr 190.1.2.1
*Mar 1 03:50:30.575: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 82
*Mar 1 03:50:30.579: src: 10.2.2.1, dst: 10.2.2.4
*Mar 1 03:50:30.579: NHRP: 82 bytes out Tunnel1
*Mar 1 03:50:30.579: NHRP: Resetting retransmit due to hold-timer for 10.2.2.4
no reply from the HUB.
HUB#sh ip nhrp
10.1.1.1/32 via 10.1.1.1, Tunnel0 created 00:05:05, expire 00:08:29
Type: dynamic, Flags: authoritative unique registered
NBMA address: 191.1.1.11
just tunnel0 is there !
i have also this on the HUB :
*Mar 1 03:58:54.519: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer at 191.1.1.11 (physical adress of SPOKE1)
configs :
HUB :
crypto isakmp policy 10
encr aes
hash md5
authentication pre-share
group 2
crypto isakmp key techservices address 0.0.0.0 0.0.0.0
crypto ipsec transform-set AES_MD5 esp-aes esp-md5-hmac
crypto ipsec profile DMVPN
set transform-set AES_MD5
interface Tunnel0
bandwidth 10000
ip address 10.1.1.4 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 123
ip nhrp authentication dmvpn1
ip nhrp map multicast dynamic
ip nhrp network-id 123
no ip split-horizon eigrp 123
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile DMVPN
interface Tunnel1
bandwidth 10000
ip address 10.2.2.4 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 124
ip nhrp authentication dmvpn2
ip nhrp map multicast dynamic
ip nhrp network-id 124
no ip split-horizon eigrp 124
tunnel source FastEthernet1/0
tunnel mode gre multipoint
tunnel key 124
tunnel protection ipsec profile DMVPN
router eigrp 123
network 10.1.1.0 0.0.0.255
network 172.16.4.0 0.0.0.255
no auto-summary
router eigrp 124
network 10.2.2.0 0.0.0.255
network 172.16.4.0 0.0.0.255
no auto-summary
SPOKE1:
crypto isakmp policy 10
encr aes
hash md5
authentication pre-share
group 2
crypto isakmp key techservices address 0.0.0.0 0.0.0.0
crypto ipsec transform-set AES_MD5 esp-aes esp-md5-hmac
crypto ipsec profile DMVPN
set transform-set AES_MD5
interface Tunnel0
bandwidth 10000
ip address 10.1.1.1 255.255.255.0
ip mtu 1400
ip nhrp authentication dmvpn1
ip nhrp map multicast 190.1.1.1
ip nhrp map 10.1.1.4 190.1.1.1
ip nhrp network-id 123
ip nhrp holdtime 600
ip nhrp nhs 10.1.1.4
ip nhrp registration timeout 300
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile DMVPN
interface Tunnel1
bandwidth 10000
ip address 10.2.2.1 255.255.255.0
ip mtu 1400
ip nhrp authentication dmvpn2
ip nhrp map multicast 190.1.2.1
ip nhrp map 10.2.2.4 190.1.2.1
ip nhrp network-id 124
ip nhrp holdtime 600
ip nhrp nhs 10.2.2.4
ip nhrp registration timeout 300
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 124
tunnel protection ipsec profile DMVPN
router eigrp 123
network 10.1.1.0 0.0.0.255
network 172.16.1.0 0.0.0.255
no auto-summary
router eigrp 124
network 10.2.2.0 0.0.0.255
network 172.16.1.0 0.0.0.255
no auto-summary
regardsbut when i add an other SPOKE there is a problem :
HUB
| |
SPOKE1___ ISP__SPOKE2
HUB:
crypto isakmp policy 10
encr aes
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
crypto ipsec transform-set AES_MD5 esp-aes esp-md5-hmac
crypto ipsec profile DMVPN
set transform-set AES_MD5
interface Tunnel0
bandwidth 1000
ip address 10.1.1.4 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 123
ip nhrp authentication dmvpn1
ip nhrp map multicast dynamic
ip nhrp network-id 123
no ip split-horizon eigrp 123
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile DMVPN
interface Tunnel1
bandwidth 1000
ip address 10.2.2.4 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 124
ip nhrp authentication dmvpn2
ip nhrp map multicast dynamic
ip nhrp network-id 124
no ip split-horizon eigrp 124
tunnel source FastEthernet1/0
tunnel mode gre multipoint
tunnel key 124
tunnel protection ipsec profile DMVPN
router eigrp 123
network 10.1.1.0 0.0.0.255
network 172.16.4.0 0.0.0.255
no auto-summary
router eigrp 124
network 10.2.2.0 0.0.0.255
network 172.16.4.0 0.0.0.255
no auto-summary
SPOKE1 :
crypto isakmp policy 10
encr aes
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
crypto ipsec transform-set AES_MD5 esp-aes esp-md5-hmac
crypto ipsec profile DMVPN
set transform-set AES_MD5
interface Tunnel0
bandwidth 1000
ip address 10.1.1.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication dmvpn1
ip nhrp map multicast 190.1.1.1
ip nhrp map 10.1.1.4 190.1.1.1
ip nhrp network-id 123
ip nhrp holdtime 600
ip nhrp nhs 10.1.1.4
ip nhrp registration timeout 300
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile DMVPN shared
interface Tunnel1
bandwidth 1000
ip address 10.2.2.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication dmvpn2
ip nhrp map multicast 190.1.2.1
ip nhrp map 10.2.2.4 190.1.2.1
ip nhrp network-id 124
ip nhrp holdtime 600
ip nhrp nhs 10.2.2.4
ip nhrp registration timeout 300
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 124
tunnel protection ipsec profile DMVPN shared
router eigrp 123
network 10.1.1.0 0.0.0.255
network 172.16.1.0 0.0.0.255
no auto-summary
router eigrp 124
network 10.2.2.0 0.0.0.255
network 172.16.1.0 0.0.0.255
no auto-summary
SPOKE2 :
crypto isakmp policy 10
encr aes
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
crypto ipsec transform-set AES_MD5 esp-aes esp-md5-hmac
crypto ipsec profile DMVPN
set transform-set AES_MD5
interface Tunnel0
bandwidth 1000
ip address 10.1.1.2 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication dmvpn1
ip nhrp map multicast 190.1.1.1
ip nhrp map 10.1.1.4 190.1.1.1
ip nhrp network-id 123
ip nhrp holdtime 600
ip nhrp nhs 10.1.1.4
ip nhrp registration timeout 300
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile DMVPN shared
interface Tunnel1
bandwidth 1000
ip address 10.2.2.2 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication dmvpn2
ip nhrp map multicast 190.1.2.1
ip nhrp map 10.2.2.4 190.1.2.1
ip nhrp network-id 124
ip nhrp holdtime 600
ip nhrp nhs 10.2.2.4
ip nhrp registration timeout 300
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 124
tunnel protection ipsec profile DMVPN shared
router eigrp 123
network 10.1.1.0 0.0.0.255
network 172.16.2.0 0.0.0.255
no auto-summary
router eigrp 124
network 10.2.2.0 0.0.0.255
network 172.16.2.0 0.0.0.255
no auto-summary
HUB:
HUB#sh ip nhrp
10.1.1.1/32 via 10.1.1.1, Tunnel0 created 00:15:17, expire 00:09:21
Type: dynamic, Flags: authoritative unique registered
NBMA address: 191.1.1.11
10.1.1.2/32 via 10.1.1.2, Tunnel0 created 00:12:09, expire 00:07:50
Type: dynamic, Flags: authoritative unique registered
NBMA address: 191.1.1.12
10.2.2.1/32, Tunnel1 created 00:02:57, expire 00:00:07
Type: incomplete, Flags: negative
Cache hits: 7
10.2.2.2/32 via 10.2.2.2, Tunnel1 created 00:12:00, expire 00:07:58
Type: dynamic, Flags: authoritative unique registered
NBMA address: 191.1.1.12
HUB can't have the NBMA adress for 10.2.2.1 for SPOKE1
HUB#ping 10.2.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.2.1, timeout is 2 seconds:
Success rate is 0 percent (0/5)
*Mar 1 00:45:18.431: NHRP: MACADDR: if_in null netid-in 0 if_out Tunnel1 netid-out 124
*Mar 1 00:45:18.435: NHRP: Checking for delayed event 0.0.0.0/10.2.2.1 on list (Tunnel1).
*Mar 1 00:45:18.435: NHRP: No node found..
*Mar 1 00:45:07.131: NHRP: MACADDR: if_in null netid-in 0 if_out Tunnel1 netid-out 124
*Mar 1 00:45:07.131: NHRP: Checking for delayed event 0.0.0.0/10.2.2.1 on list (Tunnel1).
*Mar 1 00:48:30.759: NHRP: Checking for delayed event 0.0.0.0/10.2.2.1 on list (Tunnel1).
*Mar 1 00:48:30.763: NHRP: No node found.
*Mar 1 00:48:30.763: NHRP: Attempting to send packet via DEST 10.2.2.1
*Mar 1 00:48:30.767: NHRP: Send Resolution Request via Tunnel1 vrf 0, packet size: 82
*Mar 1 00:48:30.771: src: 10.2.2.4, dst: 10.2.2.1
*Mar 1 00:48:30.771: NHRP: Encapsulation failed for destination 10.2.2.1 out Tunnel1
SPOKE1#
*Mar 1 00:53:38.695: NHRP: Setting retrans delay to 64 for nhs dst 10.2.2.4
*Mar 1 00:53:38.699: NHRP: Attempting to send packet via DEST 10.2.2.4
*Mar 1 00:53:38.699: NHRP: Encapsulation succeeded. Tunnel IP addr 190.1.2.1
*Mar 1 00:53:38.703: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 82
*Mar 1 00:53:38.711: src: 10.2.2.1, dst: 10.2.2.4
*Mar 1 00:53:38.715: NHRP: 82 bytes out Tunnel1
no reply from the HUB
SPOKE1#ping 10.2.2.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.2.4, timeout is 2 seconds:
Success rate is 0 percent (0/5)
the SPOKE can't reach 10.2.2.4
after a few time :
HUB#sh ip nhrp
10.1.1.1/32 via 10.1.1.1, Tunnel0 created 00:25:03, expire 00:09:35
Type: dynamic, Flags: authoritative unique registered used
NBMA address: 191.1.1.11
10.1.1.2/32 via 10.1.1.2, Tunnel0 created 00:21:55, expire 00:08:03
Type: dynamic, Flags: authoritative unique registered
NBMA address: 191.1.1.12
10.2.2.2/32 via 10.2.2.2, Tunnel1 created 00:21:47, expire 00:08:12
Type: dynamic, Flags: authoritative unique registered
NBMA address: 191.1.1.12
only 3 tunnels -
Isdn Layer 1 deactivated when there is no active call
Hi All,
I am in Nairobi Kenya. Here we use ISDN Basic-net3 and my problem is that most of the telco switches here deactivate Layer 1 when there is no active call.
When I try to initiate a call by using the ISDN test call command I get an error to the effect that B channel is not available.
The only way I can initiate a call is I first call the line then and then disconnect. Then I have about 5 seconds to make a test call and pings are successful. How do I make the router initiate a call when layer 1 is deactivated.
the debug isdn q921 out has nothing till a call comes in.
I also understatnd that European ISDN switches deactivate Layer 1 when there no active call. I dont have a problem with one of the switches, coz it does not bring down the line when there is no active call.
Thakx in advance
MartinThanks for the quick response.
It is a cisco 1760
The IOS is c1700-sv3y-mz.122-15.T5.bin
When I try to make a test call the show isdn status initially indicates that the router is trying to activate layer 1 then after 5 seconds it indicates that it is deactivated.
I have not yet configured DDR as indicated in the config file
Building configuration...
Current configuration : 3054 bytes
! Last configuration change at 00:38:54 UTC Mon Aug 9 1993
! NVRAM config last updated at 00:36:54 UTC Mon Aug 9 1993
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Gill-House
logging queue-limit 100
enable secret xxx
ip subnet-zero
no ip domain lookup
isdn switch-type basic-net3
no voice hpi capture buffer
no voice hpi capture destination
class-map match-all voice-traffic
match ip rtp 16384 16383
policy-map voice
class voice-traffic
priority 24
class class-default
fair-queue
gw-accounting syslog
interface Loopback0
description Loopback interface for VoIP Dial-peers
ip address 128.1.x.x.255.255.255
interface Multilink1
bandwidth 6
ip address 128.1.x.x.255.255.252
ip tcp header-compression iphc-format
ppp multilink
ppp multilink fragment-delay 20
ppp multilink interleave
multilink-group 1
ip rtp header-compression iphc-format
interface FastEthernet0/0
description Gill-House LAN
ip address 128.1.x.x.255.255.0
speed auto
interface Serial0/0
description Link to Head Office
bandwidth 64
no ip address
encapsulation ppp
no fair-queue
ppp multilink
multilink-group 1
interface BRI1/0
ip address 10.10.1.2 255.255.255.0
encapsulation ppp
isdn switch-type basic-net3
isdn point-to-point-setup
keepalive 20
router eigrp 100
passive-interface FastEthernet0/0
passive-interface Loopback0
network 128.1.0.0
no auto-summary
no eigrp log-neighbor-changes
ip classless
no ip http server
logging source-interface Loopback0
logging 128.1.1.179
call rsvp-sync
voice-port 2/0
cptone GB
ring frequency 50
voice-port 2/1
cptone GB
ring frequency 50
dial-peer cor custom
dial-peer voice 2 pots
destination-pattern 101
port 2/0
dial-peer voice 51 voip
destination-pattern 100
session target ipv4:128.1.0.254
ip qos dscp cs5 signaling
dial-peer voice 55 voip
destination-pattern 120
session target ipv4:128.1.31.254
ip qos dscp cs5 signaling
dial-peer voice 52 voip
destination-pattern 102
session target ipv4:128.1.91.254
ip qos dscp cs5 signaling
dial-peer voice 53 voip
destination-pattern 103
session target ipv4:128.1.121.254
ip qos dscp cs5 signaling
dial-peer voice 54 voip
destination-pattern 110
session target ipv4:128.1.21.254
ip qos dscp cs5 signaling
dial-peer voice 56 voip
destination-pattern 130
session target ipv4:128.1.41.254
ip qos dscp cs5 signaling
dial-peer voice 57 voip
destination-pattern 140
session target ipv4:128.1.111.254
ip qos dscp cs5 signaling
dial-peer voice 58 voip
destination-pattern 150
session target ipv4:128.1.61.254
ip qos dscp cs5 signaling
dial-peer voice 59 voip
destination-pattern 160
session target ipv4:128.1.71.254
ip qos dscp cs5 signaling
line con 0
logging synchronous
line aux 0
line vty 0 4
password housing
login
ntp clock-period 17208074
ntp server 128.1.1.211
ntp server 128.1.0.254
end
Gill-House# -
Trouble With Routing on One Router
Hi, I am a new user and am studying for my CCNA at this time. I have two routers, bought from e-bay. 1 - 2505 and 1 - 2507.
My configuration is this;
2505:
Ethernet 0 - 172.16.0.99 255.255.0.0
Serial 0 - 192.168.1.3 255.255.255.0
Systems connected on the 172.16 subnet to the hub ports
2507:
Ethernet 0 - 10.0.0.2 255.0.0.0
Serial 1 - 192.168.1.1 255.255.255.0
Systems on the 10. subnet connected to hub ports
Now, I can ping all 172.16 hosts from 2505. I can also ping all 10. hosts from 2505 and clients on that host.
From 2507, I can ping 172.16.0.99 on 2505 which is the ethernet 0 interface but I cannot ping anything beyond that.
I have tried RIP, EIGRP and static routes but I cannot route beyond the 2505 router for some reason.
Am I missing something simple here?
Thanks
GerryI had my IP's backwards for the serial interfaces in my OP as well but that shouldn't make a difference as they routers can see each other.
Here is the running-config for both routers;
2507 Config
Current configuration : 1339 bytes
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
hostname xxx
enable password
ip subnet-zero
hub ether 0 1
link-test
auto-polarity
hub ether 0 2
link-test
auto-polarity
hub ether 0 3
link-test
auto-polarity
hub ether 0 4
link-test
auto-polarity
hub ether 0 5
link-test
auto-polarity
hub ether 0 6
link-test
auto-polarity
hub ether 0 7
link-test
auto-polarity
hub ether 0 8
link-test
auto-polarity
hub ether 0 9
link-test
auto-polarity
hub ether 0 10
link-test
auto-polarity
hub ether 0 11
link-test
auto-polarity
hub ether 0 12
link-test
auto-polarity
hub ether 0 13
link-test
auto-polarity
hub ether 0 14
link-test
auto-polarity
hub ether 0 15
link-test
auto-polarity
hub ether 0 16
link-test
auto-polarity
interface Ethernet0
ip address 10.0.0.1 255.0.0.0
interface Serial0
ip address 192.168.1.3 255.255.255.0
interface Serial1
no ip address
shutdown
router eigrp 2
network 10.0.0.0
network 192.168.1.0
auto-summary
no eigrp log-neighbor-changes
router rip
network 10.0.0.0
network 192.168.1.0
no ip classless
no ip http server
line con 0
line aux 0
line vty 0
password
login
line vty 1 4
login
end
2505 Config
Current configuration : 1128 bytes
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
hostname Rascals2505
enable secret xxx
enable password
ip subnet-zero
hub ether 0 1
link-test
auto-polarity
hub ether 0 2
link-test
auto-polarity
hub ether 0 3
link-test
auto-polarity
hub ether 0 4
link-test
auto-polarity
hub ether 0 5
link-test
auto-polarity
hub ether 0 6
link-test
auto-polarity
hub ether 0 7
link-test
auto-polarity
hub ether 0 8
link-test
auto-polarity
interface Ethernet0
ip address 172.16.0.99 255.255.0.0
interface Serial0
no ip address
loopback
shutdown
interface Serial1
ip address 192.168.1.1 255.255.255.0
clockrate 125000
router eigrp 1
network 172.16.0.0
network 192.168.1.0
auto-summary
no eigrp log-neighbor-changes
router rip
network 172.16.0.0
network 192.168.1.0
ip classless
ip http server
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
line con 0
line aux 0
line vty 0 4
password
login
end -
Having an issue adding network to eigrp
I'm doing a class project using a network simulator and am asked to: Design and implement an network for company RoutersCourseMatters. The names of the department names at this company are Faculty, Staff, and Students. For security reasons, each department must be isolated from each other's broadcast domain on the network. The Faculty have 50 end devices that need to be connected to the network. Staff has 26 end devices and the Students have 100 end devices. The network spaced provided by the ISP is 192.168.0.0/24. The dynamic protocol used for this network must be for Cisco-only equipment. Test each department network with just one end device and ensure full connectivity across the entire network
So we have our network topology setup for the class project(see picture attached). We are using one router for faculty+staff. Faculty has ip/mask of 192.168.0.1/26 and staff is: 192.168.0.65/27. we have a seperate router for students which the IP subnet for students is 192.168.0.150/25. The routers are directly connected and are using ips 192.168.0.98/29 & 192.168.0.100/29 so since the two routers are directly connected on the same subnet they have no issue pinging each other. The problem is pinging hosts from a subnet to hosts on a different subnet. When I try and add ANY 192.168.0.* subnet to eigrp it instead adds 192.168.16.* network. For instance on the faculty/student router if i do a 'router eigrp 1' command followed by 'network 192.168.0.0 0.0.0.63' it shows network 192.168.16.0 has been added to eigrp under show run. here is show run command:
faculty/staff Con0 is now available
Press RETURN to get started!
faculty/staff>en
faculty/staff#show run
Building configuration...
Current configuration : 874 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname faculty/staff
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
ip subnet-zero
interface FastEthernet0/0
description blank
ip address 192.168.0.65 255.255.255.224
no ip directed-broadcast
interface FastEthernet0/1
description link to switch
ip address 192.168.0.1 255.255.255.192
no ip directed-broadcast
interface Serial0/0/0
ip address 192.168.20.2 255.255.255.0
no ip directed-broadcast
clockrate 2000000
interface Serial0/0/1
no ip address
no ip directed-broadcast
shutdown
clockrate 2000000
interface Serial0/1/0
no ip address
no ip directed-broadcast
shutdown
clockrate 2000000
interface Serial0/1/1
ip address 192.168.0.98 255.255.255.248
no ip directed-broadcast
router eigrp 1
network 0.0.0.0
network 192.168.1.1 0.0.0.0
network 192.168.16.0
network 192.168.20.0
no auto-summary
ip classless
no ip http server
no ip http secure-server
control-plane
line con 0
line aux 0
line vty 0 4
login
line vty 5 1180
login
scheduler allocate 20000 1000
end
faculty/staff#config t
Enter configuration commands, one per line. End with CNTL/Z
faculty/staff(config)#router eigrp 1
faculty/staff(config-router)#network 192.168.0.0 0.0.0.63
faculty/staff(config-router)#exit
faculty/staff(config)#exit
faculty/staff#show run
Building configuration...
Current configuration : 874 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname faculty/staff
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
ip subnet-zero
interface FastEthernet0/0
description blank
ip address 192.168.0.65 255.255.255.224
no ip directed-broadcast
interface FastEthernet0/1
description link to switch
ip address 192.168.0.1 255.255.255.192
no ip directed-broadcast
interface Serial0/0/0
ip address 192.168.20.2 255.255.255.0
no ip directed-broadcast
clockrate 2000000
interface Serial0/0/1
no ip address
no ip directed-broadcast
shutdown
clockrate 2000000
interface Serial0/1/0
no ip address
no ip directed-broadcast
shutdown
clockrate 2000000
interface Serial0/1/1
ip address 192.168.0.98 255.255.255.248
no ip directed-broadcast
router eigrp 1
network 0.0.0.0
network 192.168.1.1 0.0.0.0
network 192.168.16.0
network 192.168.20.0
no auto-summary
ip classless
no ip http server
no ip http secure-server
--More--
project.jpg
Reply Reply to Main Discussion
Cody Robinson
Cody Robinson
2:36pm
Here is 'show ip eigrp topology' on staff/faculty router:
faculty/staff Con0 is now available
Press RETURN to get started!
faculty/staff>en
faculty/staff#show ip interface
FastEthernet0/0 is up, line protocol is up
Internet address is 192.168.0.65/27
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1514 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is disabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
FastEthernet0/1 is up, line protocol is up
Internet address is 192.168.0.1/26
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1514 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is disabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
Serial0/0/0 is down, line protocol is down
Internet address is 192.168.20.2/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1514 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is disabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
Serial0/0/1 is administratively down, line protocol is down
Internet protocol processing disabled
Serial0/1/0 is administratively down, line protocol is down
Internet protocol processing disabled
Serial0/1/1 is up, line protocol is up
Internet address is 192.168.0.98/29
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1514 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is disabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
faculty/staff#show ip eigrp ?
<1-65535> Autonomous System
accounting IP-EIGRP Accounting
interfaces IP-EIGRP interfaces
neighbors IP-EIGRP neighbors
topology IP-EIGRP Topology Table
traffic IP-EIGRP Traffic Statistics
vrf Select a VPN Routing/Forwarding instance
faculty/staff#show ip eigrp topology
IP-EIGRP Topology Table for AS(1)/ID(192.168.20.2)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 192.168.0.0/26, 1 successors, FD is 2172416
via Connected, FastEthernet0/1
P 192.168.0.64/27, 1 successors, FD is 2172416
via Connected, FastEthernet0/0
P 192.168.0.96/29, 1 successors, FD is 2172416
via Connected, Serial0/1/1
faculty/staff#
Cody Robinson
Cody Robinson
2:37pm
Here is show run on students router:
Students Con0 is now available
Press RETURN to get started!
Students>sh run
^
% Invalid input detected at '^' marker.
Students>en
Students#sh run
Building configuration...
Current configuration : 874 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Students
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
ip subnet-zero
interface FastEthernet0/0
no ip address
no ip directed-broadcast
shutdown
interface FastEthernet0/1
description link to switch
ip address 192.168.0.150 255.255.255.128
no ip directed-broadcast
interface Serial0/0/0
ip address 192.168.10.1 255.255.255.0
no ip directed-broadcast
clockrate 2000000
interface Serial0/0/1
no ip address
no ip directed-broadcast
shutdown
clockrate 2000000
interface Serial0/1/0
no ip address
no ip directed-broadcast
shutdown
clockrate 2000000
interface Serial0/1/1
ip address 192.168.0.100 255.255.255.248
no ip directed-broadcast
clockrate 2000000
router eigrp 1
network 0.0.0.0
network 192.168.1.1 0.0.0.0
network 192.168.10.0
ip classless
no ip http server
no ip http secure-server
control-plane
line con 0
line aux 0
line vty 0 4
login
line vty 5 1180
login
scheduler allocate 20000 1000
end
Students#Hello lolwar,
From your setup and description you provided I see some mismatch in IP subneting you calculated.
For instance in your diagram you have networks 192.168.0.0/26 (FACULTY), 192.168.0.64/27 (STAFF), 192.168.0.96/29 (point-to-point link between routers) and 192.168.0.128/25 (STUDENTS).
First, you're wasting IP addresses, because you have unused space between point-to-point link and STUDENTS subnet. It's a good practice, when calculating subnets first calculate the biggest, subnet, then smaller one until the smallest one (usually some point-to-point cross-connects). For more about this see this guide.
Now, the issue I see as the most important is, that you have in your diagram networks as I mentioned above, but into your EIGRP process you're adding completely different subnets (192.168.16.x, 192.168.20.x,...).
I entered following:
STUDENT ROUTER =------------>
router eigrp 1
network 192.168.0.96 0.0.0.7
network 192.168.0.128 0.0.0.127
FACULTY/STAFF ROUTER =------------->
router eigrp 1
network 192.168.0.0 0.0.0.63
network 192.168.0.64 0.0.0.31
network 192.168.0.96 0.0.0.7
And all works just fine, computer's are able to ping each other. Also although it's not necessary, it's good to includes network wildcard mask into the "network" command under EIGRP (or OSPF) configuration.
I hope this will help you (please rate if this is the case. Thanks.) -
How to change AD of specific routes in EIGRP NX-OS 6.2
Hi,
I need some help in converting following IOS config to NX-OS
router eigrp 10
distance 18 10.16.0.16 0.0.0.7 bgp_acl <-----
distance 18 10.16.0.24 0.0.0.7 distance_18 <-----
no auto-summary
ip access-list standard distance_18
permit 10.1.1.1
permit 10.14.52.0
permit 10.13.52.0
permit 10.106.1.1
ip access-list standard bgp_acl
permit 10.1.1.1
permit 10.106.1.1
how do I change administrative distance of specific routes in NX-OS learned from sources specified in distance command?
In NX-OS I see that distance command changes AD globally for all internal and external routes.
Thank youThis is what I have finalized. first I tried with 2 prefix-list to match for routes but route-map has limitation and you can't use 2 address type prefix-lists.
router eigrp 10
address-family ipv4 unicast
table-map vpls-route-AD
route-map vpls-route-AD permit 10
match ip route-source prefix-list vpls-route-source
match ip address prefix-list vpls-route
set distance 18
ip prefix-list vpls-route-source seq 5 permit 10.16.0.16/29
ip prefix-list vpls-route-source seq 10 permit 10.16.0.24/29
ip prefix-list vpls-route seq 15 permit 10.13.52.0/24
ip prefix-list vpls-route seq 20 permit 10.14.52.0/24
ip prefix-list vpls-route seq 25 permit 10.1.1.1/32
ip prefix-list vpls-route seq 30 permit 10.106.1.1/32 -
EIGRP Routing across MPLS Cloud
I appologize if this has been covered but I dont see any exact hits...
We are working with our Service Provider to implement MPLS between our remote sites and main campus. We are currently using PtoP T1 in a hub and spoke model. We are running EIGRP in our entire environment.
We would like to continue to run EIGRP in our environment but the SP does not support this protocol through the cloud. I would prefer not to introduce any new routing protocols into our environment such as BGP. (I believe SP is running BGP).
I have read snippits that I can us e GRE tunnel between sites and send EIGRP routing updates via this tunnel.
Can anyone support this method or are there better alternatives? If I implement GRE, I will still need to configure static routes so GRE knows how to reach the remote sites. I also cannot find any literature on how to configure GRE tunnels and use them ONLY for routing updates. I would think sending all traffic via GRE would cause additional overhead.
I will also have a need to send Multicast traffic between sites. I have read that GRE is the way to do this. To me it seems GRE will serve dual purposes.. first to allowing Dynamic routing updates between sites and also to allow Multicast traffic.
I appreciate any comments or suggestions!Hello Phil,
using GRE tunnels to build an overlay would deny one of the greatest benefits of MPLS L3 VPN: the peer model where each CE talks only with local PE node.
unless you have a small number of sites this approach is not recommended.
What if a new site is added in the future? you would need to configure a tunnel GRE to the new site in each of the existing sites.
You could run a DMVPN ( that is to use mGRE) to solve this but it has some complexity.
You can run BGP without using mutual redistribution: BGP allows to advertise internal networks using the network command even if they are not directly connected to the CE router but learned via EIGRP.
So it is enough to redistribute only BGP into EIGRP by setting a default seed metric (it requires five values in EIGRP and it is necessary or redistribution will not occur)
router bgp 65001
neigh PE-address remote-as SP-AS-number
network 10.10.10.0 mask 255.255.255.0
network 10.10.20.0 mask 255.255.254.0
no auto-summary
! note:if auto-summary is disabled you need to provide the exact mask / prefix length
router eigrp 100
redistribute bgp 65001
default-metric 10000 1000 255 1 1500
! BW delay reliabilty load MTU
Hope to help
Giuseppe -
Passive-interface default on eigrp
When using the passive-interface default on a router, to advertise networks you have to use the no passive-interface Vlan20, for example, what happens to the following network statements, are they ignored? For example, I have the following config:
router eigrp 1
passive-interface default
no passive-interface vlan 1
no passive-interface vlan 2
no passive-interface vlan 3
no passive-interface vlan 4
network 10.0.0.0
network 172.0.0.0
no auto-summary
Will I still advertise the networks defined over the vlan interfaces?
Just curious.Hi Mason,
There is some historical reasoning here. Until IOS release 12.0(4)T, you could not specify a wildcard mask when configuring the 'network' statement for EIGRP. In fact, the 'network' statement would only accept classful (i.e. major) networks at that time. So the ability to add a wildcard mask has been a relatively recent invention.
However, there is absolutely no problem with using a '0.0.0.0' wildcard in order to limit the network statement to a single IP address. From a convenience perspective, though, people tend to use a wildcard mask that reflects the actual subnet mask used on the interface. Either way is perfectly acceptable.
Now, if you are using a protocol such as OSPF, the wildcard mask becomes a bit more significant. The following link describes why that is so:
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009405a.shtml
Hope that helps - pls do rate the post if it does.
Paresh -
Cisco ASA 8.6 - EIGRP not working
Hi!
We have 2 ASA5510 and 2 ASA5525. Got a very weird error; up to release 8.4 eigrp works fine, after upgrading to 8.6 eigrp stops working.
If i do 'sh ei nei' i get this after upgrade to 8.6:
GRPCPDFW01# sh ei neighbors de
EIGRP-IPv4 neighbors for process 100
Can't see any neighbors; but same command from another asa on same network but with release 8.4:
GRPCPDFW02# sh eigrp neighbors de
EIGRP-IPv4 neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
4 10.5.1.3 Ma0/0 10 00:00:09 1 4500 1 0
Version 8.6/3.0, Retrans: 2, Retries: 2, Waiting for Init, Waiting for Init A
ck
Topology-ids from peer - 0
UPDATE seq 69932 ser 0-0 Sent 9320 Init Sequenced
1 172.16.150.1 Et0/0 12 3w2d 1 200 0 3813
Version 5.2/3.0, Retrans: 0, Retries: 0
Topology-ids from peer - 0
0 172.16.150.2 Et0/0 10 3w2d 1 200 0 10842
Version 8.0/2.0, Retrans: 0, Retries: 0
Topology-ids from peer - 0
3 10.20.1.2 Et0/1.201 10 14w5d 1 200 0 41791
Version 8.0/2.0, Retrans: 150, Retries: 0
Topology-ids from peer - 0
2 10.5.1.2 Ma0/0 14 14w5d 2 200 0 23542
Version 5.2/3.0, Retrans: 10, Retries: 0
Topology-ids from peer - 0
Stub Peer Advertising ( CONNECTED SUMMARY ) Routes
Suppressing queries
As you can see, 10.5.1.3 is the ASA5525 with 8.6; also detected this on the logs, from a switch 3750 connected on same network with eigrp on:
Sep 25 21:15:23.818: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 10.5.1.3 (Vlan5
1) is down: retry limit exceeded
Sep 25 21:15:28.473: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 10.5.1.3 (Vlan5
1) is up: new adjacency
keeps saying this every minute.
Can anyone help me on this? I want to put the 5525 on production but would like to do it with latest release; could this be a bug on 8.6?
thanks in advance!
xavierHi Julio!
exactly, if i upgrade to 8.6 i cannot see any neighborship; going to 8.4 goes fine again, without changing anything else.
Your answers:
1 .ASA Version 8.6(1)2
2.
GRPCPDFW01# sh ei eve
Event information for AS 100: Event log is empty.
GRPCPDFW01# show cap test
26 packets captured
1: 02:39:02.009658 10.5.1.2 > 10.5.1.3: ip-proto-88, length 20
2: 02:39:02.948666 10.5.1.3 > 224.0.0.10: ip-proto-88, length 40
3: 02:39:04.224002 10.5.1.1 > 10.5.1.3: ip-proto-88, length 20
4: 02:39:07.017073 10.5.1.2 > 10.5.1.3: ip-proto-88, length 20
5: 02:39:07.568680 10.5.1.3 > 224.0.0.10: ip-proto-88, length 40
6: 02:39:09.223377 10.5.1.1 > 10.5.1.3: ip-proto-88, length 20
7: 02:39:12.024428 10.5.1.2 > 10.5.1.3: ip-proto-88, length 20
8: 02:39:12.378703 10.5.1.3 > 224.0.0.10: ip-proto-88, length 40
9: 02:39:14.222995 10.5.1.1 > 10.5.1.3: ip-proto-88, length 20
10: 02:39:16.648693 10.5.1.3 > 224.0.0.10: ip-proto-88, length 40
11: 02:39:17.031858 10.5.1.2 > 10.5.1.3: ip-proto-88, length 20
12: 02:39:19.222202 10.5.1.1 > 10.5.1.3: ip-proto-88, length 20
13: 02:39:21.208714 10.5.1.3 > 224.0.0.10: ip-proto-88, length 40
14: 02:39:22.039258 10.5.1.2 > 10.5.1.3: ip-proto-88, length 20
15: 02:39:24.221652 10.5.1.1 > 10.5.1.3: ip-proto-88, length 20
16: 02:39:26.098719 10.5.1.3 > 224.0.0.10: ip-proto-88, length 40
17: 02:39:27.046628 10.5.1.2 > 10.5.1.3: ip-proto-88, length 20
18: 02:39:29.221012 10.5.1.1 > 10.5.1.3: ip-proto-88, length 20
19: 02:39:30.408700 10.5.1.3 > 224.0.0.10: ip-proto-88, length 40
20: 02:39:32.054059 10.5.1.2 > 10.5.1.3: ip-proto-88, length 20
21: 02:39:34.220523 10.5.1.1 > 10.5.1.3: ip-proto-88, length 20
22: 02:39:34.998666 10.5.1.3 > 224.0.0.10: ip-proto-88, length 40
23: 02:39:39.219867 10.5.1.1 > 10.5.1.3: ip-proto-88, length 20
24: 02:39:39.818667 10.5.1.3 > 224.0.0.10: ip-proto-88, length 40
25: 02:39:39.837618 10.5.1.2 > 10.5.1.3: ip-proto-88, length 20
26: 02:39:41.842180 10.5.1.2 > 10.5.1.3: ip-proto-88, length 20
26 packets shown
About the router conf; i can email it to you, its quite big! lots of objects, etc... any way i put here the basic eigrp conf and interface connecting to other eigrp peers:
router eigrp 100
no auto-summary
network 10.5.1.0 255.255.255.0
network 10.10.1.0 255.255.255.0
network 10.11.1.0 255.255.255.0
network 10.12.1.0 255.255.255.0
network 10.13.1.0 255.255.255.0
network 10.20.1.0 255.255.255.0
network 10.252.1.0 255.255.255.0
network 10.253.1.0 255.255.255.0
network 10.254.1.0 255.255.255.0
network 172.16.150.0 255.255.254.0
redistribute static
interface Management0/0
nameif management
security-level 100
ip address 10.5.1.3 255.255.255.0 standby 10.5.1.4
management-only
thanks!
xavier -
EIGRP summarization don't works
Hello everyone.
I have a lot of branches with a lot of small networks (around 14 networks at each branch):
C 10.0.0.112/28 is directly connected, FastEthernet0/0.7
C 10.0.0.96/29 is directly connected, FastEthernet0/0.2
C 10.0.0.80/28 is directly connected, FastEthernet0/0.11
C 10.0.0.64/28 is directly connected, FastEthernet0/0.4
C 10.0.0.56/29 is directly connected, FastEthernet0/0.21
C 10.0.0.48/29 is directly connected, FastEthernet0/0.8
C 10.0.0.32/28 is directly connected, FastEthernet0/0.51
C 10.0.0.24/29 is directly connected, FastEthernet0/0.20
C 10.0.0.16/29 is directly connected, FastEthernet0/0.16
C 10.0.0.8/29 is directly connected, FastEthernet0/0.5
C 10.0.0.4/30 is directly connected, FastEthernet0/0.3
C 10.0.0.0/30 is directly connected, FastEthernet0/0.15
C 10.0.0.192/26 is directly connected, FastEthernet0/0.50
C 10.0.0.128/26 is directly connected, FastEthernet0/0.17
So I want to use route summarization to send 1 route insteand of 14. After using command "ip summary-address eigrp" at the interface I see that branch router create a summarization route:
D 10.0.0.0/24 is a summary, 15:26:01, Null0
The sceme of connection looks like this:
But the central router still gets routes from branch router like this:
D 10.0.0.0/30 [90/1286912] via 172.2.0.68, 12:30:09, Tunnel1
D 10.0.0.4/30 [90/1286912] via 172.2.0.68, 12:30:09, Tunnel1
D 10.0.0.8/29 [90/1286912] via 172.2.0.68, 12:30:09, Tunnel1
D 10.0.0.16/29 [90/1286912] via 172.2.0.68, 12:30:09, Tunnel1
D 10.0.0.24/29 [90/1286912] via 172.2.0.68, 12:30:09, Tunnel1
D 10.0.0.32/28 [90/1286912] via 172.2.0.68, 12:30:09, Tunnel1
D 10.0.0.48/29 [90/1286912] via 172.2.0.68, 12:30:09, Tunnel1
D 10.0.0.56/29 [90/1286912] via 172.2.0.68, 12:30:09, Tunnel1
D 10.0.0.64/28 [90/1286912] via 172.2.0.68, 12:30:09, Tunnel1
D 10.0.0.80/28 [90/1286912] via 172.2.0.68, 12:30:09, Tunnel1
D 10.0.0.96/29 [90/1286912] via 172.2.0.68, 12:30:09, Tunnel1
D 10.0.0.112/28 [90/1286912] via 172.2.0.68, 12:30:09, Tunnel1
D 10.0.0.128/26 [90/1286912] via 172.2.0.68, 12:30:09, Tunnel1
D 10.0.0.192/26 [90/1286912] via 172.2.0.68, 12:30:09, Tunnel1
Configuration of EIGRP at the branch side:
interface Tunnel1
ip summary-address eigrp 1 10.0.0.0 255.255.255.0 90
router eigrp 1
passive-interface default
no passive-interface Tunnel1
network 10.0.0.0 0.0.255.255
network 172.2.0.0 #Tunnel interface network
no auto-summary
eigrp stub connected
Configuration of EIGRP at central router:
interface Tunnel1
no ip split-horizon eigrp 1
router eigrp 1
passive-interface default
no passive-interface Tunnel1
network 172.2.0.0 #Tunnel interface network
no auto-summary
Additional information: I'm using DmVPN (without spoke to spoke connections) for connection between the routers. Central router is 3925 (IOS c3900-universalk9-mz.SPA.152-4.M6a) and branch router is 2801 (IOS c2800nm-advsecurityk9-mz.151-4.M7).
Thanks in advance for any help.
Best Regards.Hello,
Your EIGRP stub routers (the branch routers) are currently configured with eigrp stub connected command. This command allows the stub router to advertise only directly connected networks. Even if address summarization is configured, the stub is not allowed to advertise the summary address.
The correction should be fairly simple: replace the eigrp stub connected command with eigrp stub connected summary on your branch routers. This should do the trick.
Please be aware that your EIGRP adjacencies may momentarily flap when you enter the eigrp stub connected summary - please accomodate the time of this change to a period of day where the connectivity outage of a couple of seconds is acceptable.
Best regards,
Peter -
Hi, I tried to find documentation about the usage of the BEAHOME/modules jars.
Has anybody a link to any docs how it works? I couldn't find any.
I have the problem that the org.apache.commons classes from
modules/com.bea.core.apache.commons.lang_2.1.0.jar
are visible in my application.
Does one have to prefer-application-packages for all packages in BEAHOME/modules ?
Thanks,
JuergenJim
In your description you tell us that your network uses 172.20.0.0 and do not mention any other networks. If this is true (that there are no other networks than 172.20.0.0) then it makes no difference whether no auto-summary is configured or not - you will get the exact same results as long as the network is based on a single major network (a class B network in your case).
auto-summary only makes a difference when a router has an interface in one network and has another interface(s) in another network. If all interfaces are in the same network then EIGRP advertises all subnets out all interfaces. If the router has interfaces in two networks (say for example that your LAN interfaces were in 172.20.0.0 and you put your serial interfaces on 10.0.0.0) the the router would not advertise subnets of 172.20.0.0 over the serial 10.0.0.0 interfaces but would advertise a summary route.
In the situation that you describe that you found a router with an entry for 172.20.100.0 to null 0 then the logical explanations would be that either there is a summary address configured on that router for 172.20.100.0 or that someone configured a static route for 172.20.100.0. Or is it possible that the route that you were looking at was really for 172.20.0.0 and not for 172.20.100.0?
HTH
Rick
Maybe you are looking for
-
HT3529 Can I set up an iphone and two itouches to the same apple id and use imessages?
I would like to set up my daughters Itouches on my Itunes account so I can manage them. Will we be able to use imessages between my iphone and the two itouches if they are all registered to the same apple id? I tried to put a different email for th
-
Delivery type determination in case of returns to vendor without return PO
Hello Gurus, When we create Return PO, and when we want to created delivery for this PO , we assign delivery type RL to the PO in SPRO. Now when I return the material thorugh MIGO (without return PO) with delivery check box active, system determines
-
How to preserve a lot of work with forms?
It is a document with pages of text and pages of forms. We usually have changes mainly in the text pages and the idea is to reuse the last created PDF (where the forms are already fine). We try to merge two PDF (just the new one with corrections for
-
How can I access a web site that is blocked?
The website listed below is blocked. How can I access it?
-
Shadow Effect Not Publishing in Slideshow
I have set a shadow effect on the Hero image box that does show in the design mode of MUSE. But when I preview it in MUSE, preview it in the browser and when it is published, the drop shadow is gone. Any suggestions?