Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
828
Views
0
Helpful
1
Replies

EIGRP issue using VRF on 3850

jmperlewitz
Level 1
Level 1

‎03-29-2019 04:03 PM

Hello all,

We have a 4451 router which runs an integrated zone-based firewall.  We connect 2 physical interfaces via Port-channel to our core switch (3850).  We run a separate VRF for each zone on the switch so that is has it's own routing table.  We currently are using OSPF for our IGP with success.

 

However, I would like to setup EIGRP routing as well but I am having difficulty getting the VRF vlans to establish a neighbor relationship.  I can get the vlan that is not associated with any VRF to establish a neighbor relationship fine.  See my relevant info below:

 

R1.JPG         R2.JPG

 

4440:

Port-channel2          unassigned  
Port-channel2.101      10.10.101.1 
Port-channel2.103      10.10.103.1 
Port-channel2.105      10.10.105.1 
Port-channel2.107      10.10.107.1 
Port-channel2.109      10.10.109.1 
Port-channel2.111      10.10.111.1

3850:

Vlan101                10.10.101.2
Vlan103                10.10.103.2
Vlan105                10.10.105.2
Vlan107                10.10.107.2
Vlan109                10.10.109.2
Vlan111                10.10.111.2

VRFs:

  Name                           Default RD           Protocols     Interfaces
  109                              <not set>             ipv4,ipv6      Vl109
  105                              <not set>             ipv4,ipv6      Vl105
  Mgmt-vrf                         <not set>             ipv4,ipv6      Gi0/0
  111                              <not set>             ipv4,ipv6      Vl111
  103                              <not set>             ipv4,ipv6      Vl103
  107                              <not set>             ipv4,ipv6      Vl107

Vlan interfaces:

interface Vlan101
 description Internal_Infra
!
interface Vlan103
 description xxx_Infra
 vrf forwarding 103
!
interface Vlan105
 description xxx_Infra
 vrf forwarding 105
!
interface Vlan107
 description xxx_Infra
 vrf forwarding 107
!
interface Vlan109
 description xxx_Infra
 vrf forwarding 109
!
interface Vlan111
 description xxx_Infra
 vrf forwarding 111

OSPF reference:

We create separate OSPF processes for each vrf and it works fine

4451:
router ospf 65000
router-id 99.0.0.2
passive-interface default
no passive-interface Port-channel2.101
no passive-interface Port-channel2.103
no passive-interface Port-channel2.105
no passive-interface Port-channel2.107
no passive-interface Port-channel2.109
network 10.10.101.0 0.0.0.3 area 0
network 10.10.103.0 0.0.0.3 area 0
network 10.10.105.0 0.0.0.3 area 0
network 10.10.107.0 0.0.0.3 area 0
network 10.10.109.0 0.0.0.3 area 0
network 10.10.111.0 0.0.0.3 area 0

3850:
router ospf 109 vrf 109
router-id x.0.0.8
passive-interface default
no passive-interface Vlan109
!
router ospf 65000
router-id x.0.0.3
passive-interface default
no passive-interface Vlan101
network 10.10.101.0 0.0.0.3 area 0

EIGRP config so far:

4450:
router eigrp 65499
 default-metric 1000 100 255 1 1500
 network 10.10.101.0 0.0.0.3
 redistribute bgp 65499 route-map BGP->EIGRP
 passive-interface default
 no passive-interface Port-channel2.101
router eigrp 104
 network 10.10.103.0 0.0.0.3
 passive-interface default
 no passive-interface Port-channel2.103!

3850:
router eigrp 65499
network 10.10.101.0 0.0.0.3
passive-interface default
no passive-interface Vlan101
router eigrp 104
!
address-family ipv4 vrf POS autonomous-system 104
network 10.10.103.0 0.0.0.3
passive-interface default
no passive-interface Vlan103
exit-address-family

Any suggestions?

Labels:
0 Helpful
1 Reply 1

Deepak Kumar
VIP Alumni
VIP Alumni

‎03-30-2019 03:14 AM

Hi,

Can you check VRF Name assigned in the switch is correct?

router eigrp 104
!
address-family ipv4 vrf POS autonomous-system 104
network 10.10.103.0 0.0.0.3
passive-interface default
no passive-interface Vlan103
exit-address-family

But your VRF configuration is showing some other name:

  Name                           Default RD           Protocols     Interfaces
  109                              <not set>             ipv4,ipv6      Vl109
  105                              <not set>             ipv4,ipv6      Vl105
  Mgmt-vrf                         <not set>             ipv4,ipv6      Gi0/0
  111                              <not set>             ipv4,ipv6      Vl111
  103                              <not set>             ipv4,ipv6      Vl103
  107                              <not set>             ipv4,ipv6      Vl107

  and Share the Switch configuration and check that zone-based firewall is not blocking eigrp.

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card