Solved: EIGRP issue using VRF on 3750

ktwaddell · ‎08-14-2012

Hi,

I am in the Lab playing with VRF, got it to work when the switchport itself is a no switchport with IP address, however if I stick the Wan connecting interface into a vlan EIGRP wont create a Neighborship though I can ping it under that VRF.

interface FastEthernet1/0/1

description WAN interconnection

switchport access vlan 5

router eigrp 90

address-family ipv4 vrf NHSS

network 10.202.128.0 0.0.31.255

passive-interface default

no passive-interface FastEthernet1/0/1

autonomous-system 90

exit-address-family

interface Vlan5

ip vrf forwarding NHSS

ip address 10.202.128.200 255.255.255.0

switch-x#ping vrf NHSS 10.202.128.12

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.202.128.12, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms

switch-x#

switch-x#sh ip eigrp vrf NHSS ne

EIGRP-IPv4 Neighbors for AS(90) VRF(NHSS)

switch-x#

So does anyone know why I cant neighbour 10.202.128.12 now that f1/0/1 is a switchport and in a vlan?

Thanks

Kev

Peter Paluch · ‎08-14-2012

Hi Kevin,

This starts to look like an IOS bug. Can you perhaps try to totally remove the entire EIGRP configuration and configure it completely anew? Avoid configuring the passive interfaces at this point. In addition, can you assign the "global" EIGRP process a different AS number than the ASN 90 for the NHSS VRF EIGRP?

I assume that interface Vlan5 reports as "up, line protocol up" - a silly question considering the fact that you can ping the other party but nevertheless - let's check it.

Best regards,

Peter

View solution in original post

Peter Paluch · ‎08-14-2012

Hi Kev,

You have passive-interface default in your EIGRP VRF configuration, and the IP interface through which the EIGRP VRF NHSS tries to establish adjacencies is interface Vlan5. However, you did not declare that interface as non-passive. You need to enter the following commands:

router eigrp 90

address-family ipv4 vrf NHSS

no passive-interface vlan5

end

Making a switchport (i.e. a Layer2 interface) a non-passive interface will have no effect. The passive/non-passive interface configuration is intended for and applies only to Layer3 interfaces.

Try it out.

Best regards,

Peter

ktwaddell · ‎08-14-2012

2 things

1st, Of course!!!!!!!!!! that makes alot of sense and cant believe i missed it (the no passive f1/0/1 is from when the port was set to no switchport)

2nd, sadly it didn't work, though I will be keeping it in as I think you are right.

Thanks

Kev

Peter Paluch · ‎08-14-2012

Hello Kev,

So you are saying that despite using the no passive-interface vlan5 you were not successful in bringing the EIGRP adjacency up? Hmmm...

First, make sure that the Fa1/0/1 is properly configured as a static access port:

interface FastEthernet1/0/1

switchport ! Depending on your platform, this command may not be accepted

switchport mode access

switchport access vlan 5

spanning-tree portfast ! Use this only if the port is not connected to another switch

Second, can you try running the show ip eigrp vrf NHSS interface and post the output here? We should be seeing the interface Vlan5 in the output.

Third, let's see if the debugs can help us here. Try running the debug eigrp packet hello and see if any Hello packets are being sent and received.

I am sure this is something trivial, it's just we are not seeing it Oh, by the way, can you describe your testing topology, i.e. what are the devices you're experimenting with, what are the IOS versions and how are they exactly interconnected?

Best regards,

Peter

ktwaddell · ‎08-14-2012

Hi

I had also missed out the switchport mode access, but again still not working.

interface FastEthernet1/0/1

switchport access vlan 5

switchport mode access

srr-queue bandwidth share 10 10 60 20

priority-queue out

mls qos trust dscp

auto qos voip trust

switch-x#sh ip eigrp vrf NHSS interfaces

EIGRP-IPv4 Interfaces for AS(90) VRF(NHSS)

Xmit Queue Mean Pacing Time Multicast Pending

Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes

switch-x#

I have all these debugs on and not showing anything.

switch-x#sh debugging

VRF:

VRF Selection debugging is on

EIGRP:

Packet debugging is on

Route Event debugging is on

Neighbors debugging is on

EIGRP-IPv4: Address-Family:

Route Event debugging is on

router eigrp 90

!

address-family ipv4 vrf NHSS

network 10.202.128.0 0.0.31.255

passive-interface default

no passive-interface FastEthernet1/0/1

no passive-interface Vlan5

autonomous-system 90

eigrp router-id 10.202.128.200

exit-address-family

!

I can still ping the other switch under vrf NHSS.

Thanks

Kevin

Peter Paluch · ‎08-14-2012

Kevin,

Notice that the interface Vlan5 is still not listed in the show ip eigrp vrf NHSS interface output. Until it is missing, EIGRP won't be using it.

Can I suggest a blind experiment? I have tested this on a 2691 IOS, and strangely enough, the passive-interface command was not added to the address-family ipv4 stanza but rather to the "global" level of the EIGRP configuration. Can you try to move all the passive interface configuration to the global level?

Best regards,

Peter

ktwaddell · ‎08-14-2012

Hi Peter,

Yeah I noticed that this morning as well.

ok I just removed all the passive-interface commands at the moment, but still no neighbour or vlan 5 under the interfaces

router eigrp 90

!

address-family ipv4 vrf NHSS

network 10.202.128.0 0.0.31.255

autonomous-system 90

eigrp router-id 10.202.128.200

exit-address-family

!

I am a lost as to why at the moment!!

Thanks

Kev

Peter Paluch · ‎08-14-2012

Hello Kev,

Do you believe you could post the entire configuration? And what is the platform once more? Is it a 3750 or something? And the IOS version?

Best regards,

Peter

ktwaddell · ‎08-14-2012

of course mate, here you go (left out un-used ports config), its a 3750v2 on 122-52.SE

switch-x#sh runn

Building configuration...

Current configuration : 10003 bytes

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname switch-x

!

boot-start-marker

boot-end-marker

!

no aaa new-model

switch 1 provision ws-c3750v2-48ps

system mtu routing 1500

authentication mac-move permit

ip subnet-zero

ip routing

!

ip vrf NHSS

description Salford VRF

rd 65000:1

!

ip vrf SRFT

description Royal VRF

rd 65000:2

!

mls qos map policed-dscp 24 26 46 to 0

mls qos map policed-dscp 0 10 18 to 8

mls qos map cos-dscp 0 8 16 24 32 46 48 56

mls qos srr-queue input bandwidth 90 10

mls qos srr-queue input threshold 1 8 16

mls qos srr-queue input threshold 2 34 66

mls qos srr-queue input buffers 67 33

mls qos srr-queue input cos-map queue 1 threshold 2 1

mls qos srr-queue input cos-map queue 1 threshold 3 0

mls qos srr-queue input cos-map queue 2 threshold 1 2

mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7

mls qos srr-queue input cos-map queue 2 threshold 3 3 5

mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15

mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7

mls qos srr-queue input dscp-map queue 1 threshold 3 32

mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23

mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48

mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56

mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63

mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31

mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47

mls qos srr-queue output cos-map queue 1 threshold 3 5

mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7

mls qos srr-queue output cos-map queue 3 threshold 3 2 4

mls qos srr-queue output cos-map queue 4 threshold 2 1

mls qos srr-queue output cos-map queue 4 threshold 3 0

mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47

mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31

mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55

mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63

mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23

mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39

mls qos srr-queue output dscp-map queue 4 threshold 1 8

mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15

mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7

mls qos queue-set output 1 threshold 1 138 138 92 138

mls qos queue-set output 1 threshold 2 138 138 92 400

mls qos queue-set output 1 threshold 3 36 77 100 318

mls qos queue-set output 1 threshold 4 20 50 67 400

mls qos queue-set output 2 threshold 1 149 149 100 149

mls qos queue-set output 2 threshold 2 118 118 100 235

mls qos queue-set output 2 threshold 3 41 68 100 272

mls qos queue-set output 2 threshold 4 42 72 100 242

mls qos queue-set output 1 buffers 10 10 26 54

mls qos queue-set output 2 buffers 16 6 17 61

mls qos

!

crypto pki trustpoint TP-self-signed-4188889088

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-4188889088

revocation-check none

rsakeypair TP-self-signed-4188889088

!

crypto pki certificate chain TP-self-signed-4188889088

certificate self-signed 01

30820241 308201AA A0030201 02020101 300D0609 2A864886 F70D0101 04050030

31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 34313838 38383930 3838301E 170D3933 30333031 30303031

32345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 31383838

38393038 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

8100C237 2437BD69 D7DAAEF3 9D23DF13 514207ED A4AC234F 32BFCBF7 51D88497

52B6159D 8D273229 AEC8EF38 1E9A215F 2F90DC9A 973C01AC F3151B1A 98EA357E

E1A86BEE BA8055E2 257CCFC3 C44DA505 B4CA8B5C D6F9050B 16BAA092 292A3141

6C9933C8 BFC9411A DFF5309A 620E368A 53FCF533 9E5B0402 E180F442 0E6A3555

B9450203 010001A3 69306730 0F060355 1D130101 FF040530 030101FF 30140603

551D1104 0D300B82 09737769 7463682D 782E301F 0603551D 23041830 16801430

48AF3CD8 CA06133D 9C9B55E4 5B1F38E9 E8C66730 1D060355 1D0E0416 04143048

AF3CD8CA 06133D9C 9B55E45B 1F38E9E8 C667300D 06092A86 4886F70D 01010405

00038181 00AE74C3 8EC33C3F CFF7D4CC A16F378A 3E2CC973 FDC4C8F9 86CD8694

7F9C72AE 2724A827 08A93DEB 3CF1871A 39B3F5E5 45A37338 AB3A3E6A 61857D33

05CE0793 FB14F8C0 7431ADA7 9C437DA5 960B18BC 4E63DDB9 EF92E7FD 1E1525B4

F403C1E9 FA5F2510 2A7C5EA0 C9D79AC4 99F15A27 7E357737 57C39B40 CFD979C1

04A63802 9D

quit

!

spanning-tree mode pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

class-map match-all AUTOQOS_VOIP_DATA_CLASS

match ip dscp ef

class-map match-all AUTOQOS_DEFAULT_CLASS

match access-group name AUTOQOS-ACL-DEFAULT

class-map match-all AUTOQOS_VOIP_SIGNAL_CLASS

match ip dscp cs3

class-map match-all AutoQoS-VoIP-RTP-Trust

match ip dscp ef

class-map match-all AutoQoS-VoIP-Control-Trust

match ip dscp cs3 af31

!

policy-map AUTOQOS-SRND4-CISCOPHONE-POLICY

class AUTOQOS_VOIP_DATA_CLASS

set dscp ef

police 128000 8000 exceed-action policed-dscp-transmit

class AUTOQOS_VOIP_SIGNAL_CLASS

set dscp cs3

police 32000 8000 exceed-action policed-dscp-transmit

class AUTOQOS_DEFAULT_CLASS

set dscp default

police 10000000 8000 exceed-action policed-dscp-transmit

policy-map AutoQoS-Police-CiscoPhone

class AutoQoS-VoIP-RTP-Trust

set dscp ef

police 320000 8000 exceed-action policed-dscp-transmit

class AutoQoS-VoIP-Control-Trust

set dscp cs3

police 32000 8000 exceed-action policed-dscp-transmit

!

interface Loopback0

ip vrf forwarding SRFT

ip address 192.168.95.1 255.255.255.255

!

interface FastEthernet1/0/1

description Salford Routed Subnet

switchport access vlan 5

switchport mode access

srr-queue bandwidth share 10 10 60 20

priority-queue out

mls qos trust dscp

auto qos voip trust

!

interface FastEthernet1/0/2

no switchport

bandwidth 100000

ip vrf forwarding SRFT

ip address 192.168.94.1 255.255.255.0

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 srft

ip ospf network broadcast

ip ospf dead-interval minimal hello-multiplier 3

srr-queue bandwidth share 10 10 60 20

priority-queue out

mls qos trust cos

auto qos voip trust

!

interface FastEthernet1/0/3

!

interface FastEthernet1/0/46

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface FastEthernet1/0/47

description Salford Port

switchport access vlan 2

switchport mode access

switchport voice vlan 3

srr-queue bandwidth share 10 10 60 20

priority-queue out

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

service-policy input AutoQoS-Police-CiscoPhone

!

interface FastEthernet1/0/48

description SRFT Port

switchport access vlan 101

switchport mode access

switchport voice vlan 102

srr-queue bandwidth share 10 10 60 20

priority-queue out

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

service-policy input AutoQoS-Police-CiscoPhone

!

interface GigabitEthernet1/0/1

!

interface GigabitEthernet1/0/2

!

interface GigabitEthernet1/0/3

!

interface GigabitEthernet1/0/4

!

interface Vlan1

no ip address

shutdown

!

interface Vlan2

description Salford Data VLAN

ip vrf forwarding NHSS

ip address 10.202.146.1 255.255.255.128

!

interface Vlan3

description Salford Voice VLAN

ip vrf forwarding NHSS

ip address 10.202.146.129 255.255.255.128

!

interface Vlan5

ip vrf forwarding NHSS

ip address 10.202.128.200 255.255.255.0

!

interface Vlan101

description SRFT Data VLAN

ip vrf forwarding SRFT

ip address 192.168.64.254 255.255.255.0

!

interface Vlan102

description SRFT Voice VLAN

ip vrf forwarding SRFT

ip address 192.168.65.254 255.255.255.0

!

router eigrp 90

!

address-family ipv4 vrf NHSS

network 10.202.128.0 0.0.31.255

autonomous-system 90

eigrp router-id 10.202.128.200

exit-address-family

!

router ospf 1 vrf SRFT

router-id 192.168.94.1

log-adjacency-changes

auto-cost reference-bandwidth 10000

area 0 authentication message-digest

network 192.168.64.0 0.0.31.255 area 0

!

ip classless

ip http server

ip http secure-server

!

ip access-list extended AUTOQOS-ACL-DEFAULT

permit ip any any

!

ip sla enable reaction-alerts

!

line con 0

line vty 0 4

login

line vty 5 15

login

!

end

Thanks

Kev

Peter Paluch · ‎08-14-2012

Hi Kevin,

This starts to look like an IOS bug. Can you perhaps try to totally remove the entire EIGRP configuration and configure it completely anew? Avoid configuring the passive interfaces at this point. In addition, can you assign the "global" EIGRP process a different AS number than the ASN 90 for the NHSS VRF EIGRP?

I assume that interface Vlan5 reports as "up, line protocol up" - a silly question considering the fact that you can ping the other party but nevertheless - let's check it.

Best regards,

Peter

ktwaddell · ‎08-15-2012

Morning,

Ok I took a copy of the config, wri era and reloaded.

Pasted the config back on and is now working

Also need to note that I had switched off the other EIGRP switch without saving the config, so had to reconfig that as well, but I do think it was the VRF switch.

Thanks for all your help Peter

Cheers

Kevin

Peter Paluch · ‎08-15-2012

Hi Kev,

Thanks for keeping us informed Well, I don't like when things start working miracuously after reload, but... well. We all know about software bugs.

It has been a pleasure!

Best regards,

Peter

ktwaddell · ‎08-15-2012

Hi

Yeah I know what you mean, I have missed out the passive interfaces, so just putting that back in now and see what happens.

Thanks Again

Kev