Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
256
Views
0
Helpful
0
Replies

CSCvt37438 - Inconsistent tagging for L3 dual routers when deploying from IWAN-APP

Igor Mordiuk
Level 1
Level 1

‎03-12-2020 08:09 AM - edited ‎03-12-2020 08:12 AM

In the case, if the site was already provisioned and there is no option to rebuild it, the manual fix can be applied to the affected routers (in the example it will be MCBR and BR).

 

Topology: 
LAN (10.1.0.0/16) == MCBR  <====> DMVPN2( Tag 850) 
       ||

       L============ BR <=======> DMVPN3 (Tag 851)


In this example, BR was added first (so it got tag 850 and filter all incoming prefixes from DMVPN3 cloud with the tag 851) before MCBR ( local site prefix (10.1.0.0/16) is tagged here 851 and filtered all incoming prefixes from DMVPN2 cloud with the tag 850). This misconfiguration prevents both routers to see remote sites and advertise 10.1.0.0/16 with the wrong tags, that will cause remote sites to ignore this prefix.


MCBR 
!
! EIGRP 100 (Local routing)
router eigrp 100
 redistribute eigrp 400 route-map SET-TAG-ALL
!
route-map SET-TAG-ALL permit 10
 set tag 851
!
!
!
router eigrp IWAN-EIGRP
 address-family ipv4 unicast autonomous-system 400
  topology base
   distribute-list route-map DMVPN2-BR-IN in Tunnel11
   redistribute eigrp 100 route-map EIGRP-LAN-TO-WAN
!
route-map EIGRP-LAN-TO-WAN deny 10
 description block redistribution of WAN routes
 match tag 850 851
route-map EIGRP-LAN-TO-WAN permit 20
 set tag 851
!
!
route-map DMVPN2-BR-IN deny 4
 match tag 850
route-map DMVPN2-BR-IN permit 5
 match tag 201
 set metric +4000000000
route-map DMVPN2-BR-IN permit 10
route-map DMVPN2-BR-IN permit 20

 

 

BR
!
! EIGRP 100 (Local routing)
router eigrp 100
 redistribute eigrp 400 route-map SET-TAG-ALL
!
route-map SET-TAG-ALL permit 10
 set tag 850
!
!
!
router eigrp IWAN-EIGRP
 address-family ipv4 unicast autonomous-system 400
  topology base
   distribute-list route-map DMVPN3-BR-IN in Tunnel12
   redistribute eigrp 100 route-map EIGRP-LAN-TO-WAN
!
route-map EIGRP-LAN-TO-WAN deny 10
  description block redistribution of WAN routes
  match tag 850 851
route-map EIGRP-LAN-TO-WAN permit 20
  set tag 850

!
!
route-map DMVPN3-BR-IN deny 4
  match tag 851
route-map DMVPN3-BR-IN permit 5
  match tag 301
  set metric +4000000000
route-map DMVPN3-BR-IN permit 10
route-map DMVPN3-BR-IN permit 20

 

FIX:

MCBR
!
route-map DMVPN2-BR-IN deny 4
  no match tag 850
  match tag 851
!
route-map EIGRP-LAN-TO-WAN permit 20
  no set tag 851
  set tag 850
!
route-map SET-TAG-ALL permit 10
  no set tag 851
  set tag 850
BR
!
route-map DMVPN3-BR-IN deny 4
  no match tag 851
  match tag 850
!
route-map EIGRP-LAN-TO-WAN permit 20
  no set tag 850
  set tag 851
!
route-map SET-TAG-ALL permit 10
  no set tag 850
  set tag 851
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents