cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4355
Views
0
Helpful
12
Replies

EIGRP issue using VRF on 3750

ktwaddell
Level 1
Level 1

Hi,

I am in the Lab playing with VRF, got it to work when the switchport itself is a no switchport with IP address, however if I stick the Wan connecting interface into a vlan EIGRP wont create a Neighborship though I can ping it under that VRF.

interface FastEthernet1/0/1

description WAN interconnection

switchport access vlan 5

router eigrp 90

address-family ipv4 vrf NHSS

  network 10.202.128.0 0.0.31.255

  passive-interface default

  no passive-interface FastEthernet1/0/1

  autonomous-system 90

exit-address-family

interface Vlan5

ip vrf forwarding NHSS

ip address 10.202.128.200 255.255.255.0

switch-x#ping vrf NHSS 10.202.128.12

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.202.128.12, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms

switch-x#

switch-x#sh ip eigrp vrf NHSS ne

EIGRP-IPv4 Neighbors for AS(90) VRF(NHSS)

switch-x#

So does anyone know why I cant neighbour 10.202.128.12 now that f1/0/1 is a switchport and in a vlan?

Thanks

Kev

1 Accepted Solution

Accepted Solutions

Hi Kevin,

This starts to look like an IOS bug. Can you perhaps try to totally remove the entire EIGRP configuration and configure it completely anew? Avoid configuring the passive interfaces at this point. In addition, can you assign the "global" EIGRP process a different AS number than the ASN 90 for the NHSS VRF EIGRP?

I assume that interface Vlan5 reports as "up, line protocol up" - a silly question considering the fact that you can ping the other party but nevertheless - let's check it.

Best regards,

Peter

View solution in original post

12 Replies 12

Peter Paluch
Cisco Employee
Cisco Employee

Hi Kev,

You have passive-interface default in your EIGRP VRF configuration, and the IP interface through which the EIGRP VRF NHSS tries to establish adjacencies is interface Vlan5. However, you did not declare that interface as non-passive. You need to enter the following commands:

router eigrp 90

address-family ipv4 vrf NHSS

no passive-interface vlan5

end

Making a switchport (i.e. a Layer2 interface) a non-passive interface will have no effect. The passive/non-passive interface configuration is intended for and applies only to Layer3 interfaces.

Try it out.

Best regards,

Peter

2 things

1st, Of course!!!!!!!!!! that makes alot of sense and cant believe i missed it (the no passive f1/0/1 is from when the port was set to no switchport)

2nd, sadly it didn't work, though I will be keeping it in as I think you are right.

Thanks

Kev

Hello Kev,

So you are saying that despite using the no passive-interface vlan5 you were not successful in bringing the EIGRP adjacency up? Hmmm...

First, make sure that the Fa1/0/1 is properly configured as a static access port:

interface FastEthernet1/0/1

  switchport ! Depending on your platform, this command may not be accepted

  switchport mode access

  switchport access vlan 5

  spanning-tree portfast ! Use this only if the port is not connected to another switch

Second, can you try running the show ip eigrp vrf NHSS interface and post the output here? We should be seeing the interface Vlan5 in the output.

Third, let's see if the debugs can help us here. Try running the debug eigrp packet hello and see if any Hello packets are being sent and received.

I am sure this is something trivial, it's just we are not seeing it Oh, by the way, can you describe your testing topology, i.e. what are the devices you're experimenting with, what are the IOS versions and how are they exactly interconnected?

Best regards,

Peter

Hi

I had also missed out the switchport mode access, but again still not working.

interface FastEthernet1/0/1

  switchport access vlan 5

switchport mode access

srr-queue bandwidth share 10 10 60 20

priority-queue out

mls qos trust dscp

auto qos voip trust

switch-x#sh ip eigrp vrf NHSS interfaces

EIGRP-IPv4 Interfaces for AS(90) VRF(NHSS)

                        Xmit Queue   Mean   Pacing Time   Multicast    Pending

Interface        Peers  Un/Reliable  SRTT   Un/Reliable   Flow Timer   Routes

switch-x#

I have all these debugs on and not showing anything.

switch-x#sh debugging

VRF:

  VRF Selection debugging is on

EIGRP:

  Packet debugging is on

  Route Event debugging is on

  Neighbors debugging is on

EIGRP-IPv4: Address-Family:

  Route Event debugging is on

router eigrp 90

!

address-family ipv4 vrf NHSS

  network 10.202.128.0 0.0.31.255

  passive-interface default

  no passive-interface FastEthernet1/0/1

  no passive-interface Vlan5

  autonomous-system 90

  eigrp router-id 10.202.128.200

exit-address-family

!

I can still ping the other switch under vrf NHSS.

Thanks

Kevin

Kevin,

Notice that the interface Vlan5 is still not listed in the show ip eigrp vrf NHSS interface output. Until it is missing, EIGRP won't be using it.

Can I suggest a blind experiment? I have tested this on a 2691 IOS, and strangely enough, the passive-interface command was not added to the address-family ipv4 stanza but rather to the "global" level of the EIGRP configuration. Can you try to move all the passive interface configuration to the global level?

Best regards,

Peter

Hi Peter,

Yeah I noticed that this morning as well.

ok I just removed all the passive-interface commands at the moment, but still no neighbour or vlan 5 under the interfaces

router eigrp 90

!

address-family ipv4 vrf NHSS

  network 10.202.128.0 0.0.31.255

  autonomous-system 90

  eigrp router-id 10.202.128.200

exit-address-family

!

I am a lost as to why at the moment!!

Thanks

Kev

Hello Kev,

Do you believe you could post the entire configuration? And what is the platform once more? Is it a 3750 or something? And the IOS version?

Best regards,

Peter

of course mate, here you go (left out un-used ports config), its a 3750v2 on 122-52.SE

switch-x#sh runn

Building configuration...

Current configuration : 10003 bytes

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname switch-x

!

boot-start-marker

boot-end-marker

!

!

!

!

no aaa new-model

switch 1 provision ws-c3750v2-48ps

system mtu routing 1500

authentication mac-move permit

ip subnet-zero

ip routing

!

!

ip vrf NHSS

description Salford VRF

rd 65000:1

!

ip vrf SRFT

description Royal VRF

rd 65000:2

!

!

mls qos map policed-dscp  24 26 46 to 0

mls qos map policed-dscp  0 10 18 to 8

mls qos map cos-dscp 0 8 16 24 32 46 48 56

mls qos srr-queue input bandwidth 90 10

mls qos srr-queue input threshold 1 8 16

mls qos srr-queue input threshold 2 34 66

mls qos srr-queue input buffers 67 33

mls qos srr-queue input cos-map queue 1 threshold 2 1

mls qos srr-queue input cos-map queue 1 threshold 3 0

mls qos srr-queue input cos-map queue 2 threshold 1 2

mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7

mls qos srr-queue input cos-map queue 2 threshold 3 3 5

mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15

mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7

mls qos srr-queue input dscp-map queue 1 threshold 3 32

mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23

mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48

mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56

mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63

mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31

mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47

mls qos srr-queue output cos-map queue 1 threshold 3 5

mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7

mls qos srr-queue output cos-map queue 3 threshold 3 2 4

mls qos srr-queue output cos-map queue 4 threshold 2 1

mls qos srr-queue output cos-map queue 4 threshold 3 0

mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47

mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31

mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55

mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63

mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23

mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39

mls qos srr-queue output dscp-map queue 4 threshold 1 8

mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15

mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7

mls qos queue-set output 1 threshold 1 138 138 92 138

mls qos queue-set output 1 threshold 2 138 138 92 400

mls qos queue-set output 1 threshold 3 36 77 100 318

mls qos queue-set output 1 threshold 4 20 50 67 400

mls qos queue-set output 2 threshold 1 149 149 100 149

mls qos queue-set output 2 threshold 2 118 118 100 235

mls qos queue-set output 2 threshold 3 41 68 100 272

mls qos queue-set output 2 threshold 4 42 72 100 242

mls qos queue-set output 1 buffers 10 10 26 54

mls qos queue-set output 2 buffers 16 6 17 61

mls qos

!

crypto pki trustpoint TP-self-signed-4188889088

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-4188889088

revocation-check none

rsakeypair TP-self-signed-4188889088

!

!

crypto pki certificate chain TP-self-signed-4188889088

certificate self-signed 01

  30820241 308201AA A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 34313838 38383930 3838301E 170D3933 30333031 30303031

  32345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 31383838

  38393038 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100C237 2437BD69 D7DAAEF3 9D23DF13 514207ED A4AC234F 32BFCBF7 51D88497

  52B6159D 8D273229 AEC8EF38 1E9A215F 2F90DC9A 973C01AC F3151B1A 98EA357E

  E1A86BEE BA8055E2 257CCFC3 C44DA505 B4CA8B5C D6F9050B 16BAA092 292A3141

  6C9933C8 BFC9411A DFF5309A 620E368A 53FCF533 9E5B0402 E180F442 0E6A3555

  B9450203 010001A3 69306730 0F060355 1D130101 FF040530 030101FF 30140603

  551D1104 0D300B82 09737769 7463682D 782E301F 0603551D 23041830 16801430

  48AF3CD8 CA06133D 9C9B55E4 5B1F38E9 E8C66730 1D060355 1D0E0416 04143048

  AF3CD8CA 06133D9C 9B55E45B 1F38E9E8 C667300D 06092A86 4886F70D 01010405

  00038181 00AE74C3 8EC33C3F CFF7D4CC A16F378A 3E2CC973 FDC4C8F9 86CD8694

  7F9C72AE 2724A827 08A93DEB 3CF1871A 39B3F5E5 45A37338 AB3A3E6A 61857D33

  05CE0793 FB14F8C0 7431ADA7 9C437DA5 960B18BC 4E63DDB9 EF92E7FD 1E1525B4

  F403C1E9 FA5F2510 2A7C5EA0 C9D79AC4 99F15A27 7E357737 57C39B40 CFD979C1

  04A63802 9D

  quit

!

!

!

spanning-tree mode pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

!

class-map match-all AUTOQOS_VOIP_DATA_CLASS

match ip dscp ef

class-map match-all AUTOQOS_DEFAULT_CLASS

match access-group name AUTOQOS-ACL-DEFAULT

class-map match-all AUTOQOS_VOIP_SIGNAL_CLASS

match ip dscp cs3

class-map match-all AutoQoS-VoIP-RTP-Trust

match ip dscp ef

class-map match-all AutoQoS-VoIP-Control-Trust

match ip dscp cs3  af31

!

!

policy-map AUTOQOS-SRND4-CISCOPHONE-POLICY

class AUTOQOS_VOIP_DATA_CLASS

  set dscp ef

  police 128000 8000 exceed-action policed-dscp-transmit

class AUTOQOS_VOIP_SIGNAL_CLASS

  set dscp cs3

  police 32000 8000 exceed-action policed-dscp-transmit

class AUTOQOS_DEFAULT_CLASS

  set dscp default

  police 10000000 8000 exceed-action policed-dscp-transmit

policy-map AutoQoS-Police-CiscoPhone

class AutoQoS-VoIP-RTP-Trust

  set dscp ef

  police 320000 8000 exceed-action policed-dscp-transmit

class AutoQoS-VoIP-Control-Trust

  set dscp cs3

  police 32000 8000 exceed-action policed-dscp-transmit

!

!

!

!

interface Loopback0

ip vrf forwarding SRFT

ip address 192.168.95.1 255.255.255.255

!

interface FastEthernet1/0/1

description Salford Routed Subnet

switchport access vlan 5

switchport mode access

srr-queue bandwidth share 10 10 60 20

priority-queue out

mls qos trust dscp

auto qos voip trust

!

interface FastEthernet1/0/2

no switchport

bandwidth 100000

ip vrf forwarding SRFT

ip address 192.168.94.1 255.255.255.0

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 srft

ip ospf network broadcast

ip ospf dead-interval minimal hello-multiplier 3

srr-queue bandwidth share 10 10 60 20

priority-queue out

mls qos trust cos

auto qos voip trust

!

interface FastEthernet1/0/3

!

!

interface FastEthernet1/0/46

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface FastEthernet1/0/47

description Salford Port

switchport access vlan 2

switchport mode access

switchport voice vlan 3

srr-queue bandwidth share 10 10 60 20

priority-queue out

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

service-policy input AutoQoS-Police-CiscoPhone

!

interface FastEthernet1/0/48

description SRFT Port

switchport access vlan 101

switchport mode access

switchport voice vlan 102

srr-queue bandwidth share 10 10 60 20

priority-queue out

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

spanning-tree portfast

service-policy input AutoQoS-Police-CiscoPhone

!

interface GigabitEthernet1/0/1

!

interface GigabitEthernet1/0/2

!

interface GigabitEthernet1/0/3

!

interface GigabitEthernet1/0/4

!

interface Vlan1

no ip address

shutdown

!

interface Vlan2

description Salford Data VLAN

ip vrf forwarding NHSS

ip address 10.202.146.1 255.255.255.128

!

interface Vlan3

description Salford Voice VLAN

ip vrf forwarding NHSS

ip address 10.202.146.129 255.255.255.128

!

interface Vlan5

ip vrf forwarding NHSS

ip address 10.202.128.200 255.255.255.0

!

interface Vlan101

description SRFT Data VLAN

ip vrf forwarding SRFT

ip address 192.168.64.254 255.255.255.0

!

interface Vlan102

description SRFT Voice VLAN

ip vrf forwarding SRFT

ip address 192.168.65.254 255.255.255.0

!

!

router eigrp 90

!

address-family ipv4 vrf NHSS

  network 10.202.128.0 0.0.31.255

  autonomous-system 90

  eigrp router-id 10.202.128.200

exit-address-family

!

router ospf 1 vrf SRFT

router-id 192.168.94.1

log-adjacency-changes

auto-cost reference-bandwidth 10000

area 0 authentication message-digest

network 192.168.64.0 0.0.31.255 area 0

!

ip classless

ip http server

ip http secure-server

!

!

ip access-list extended AUTOQOS-ACL-DEFAULT

permit ip any any

!

ip sla enable reaction-alerts

!

!

!

line con 0

line vty 0 4

login

line vty 5 15

login

!

end

Thanks

Kev

Hi Kevin,

This starts to look like an IOS bug. Can you perhaps try to totally remove the entire EIGRP configuration and configure it completely anew? Avoid configuring the passive interfaces at this point. In addition, can you assign the "global" EIGRP process a different AS number than the ASN 90 for the NHSS VRF EIGRP?

I assume that interface Vlan5 reports as "up, line protocol up" - a silly question considering the fact that you can ping the other party but nevertheless - let's check it.

Best regards,

Peter

Morning,

Ok I took a copy of the config, wri era and reloaded.

Pasted the config back on and is now working

Also need to note that I had switched off the other EIGRP switch without saving the config, so had to reconfig that as well, but I do think it was the VRF switch.

Thanks for all your help Peter

Cheers

Kevin

Hi Kev,

Thanks for keeping us informed Well, I don't like when things start working miracuously after reload, but... well. We all know about software bugs.

It has been a pleasure!

Best regards,

Peter

Hi

Yeah I know what you mean, I have missed out the passive interfaces, so just putting that back in now and see what happens.

Thanks Again

Kev

Review Cisco Networking for a $25 gift card