EIGRP NEIGHBORS ARE FLAPPING

nani · ‎12-28-2018

We changed our circuit (VPLS) to new location and having issues with EIGRP Neighbor's, they are flapping sporadically (Coming up in less than 4sec).

here is the config

R1>>>>>>>>>>>

crypto isakmp policy 10
encr aes
authentication pre-share
group 2
crypto isakmp key 6 USER address 192.168.1.2 255.255.255.252

crypto ipsec transform-set AES-SHA esp-aes esp-sha-hmac
mode transport
!
crypto map WARN 10 ipsec-isakmp
set peer 192.168.1.2
set transform-set AES-SHA
match address 100
!

interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.252
speed 100
crypto map WARN

!

router eigrp 12

neighbor 192.168.1.2 g0/0

network 192.168.1.1 0.0.0.0

network 192.168.20.5 0.0.0.0

xxxx

xxx

redistribute static

ip route 0.0.0.0 0.0.0.0 192.168.1.2

ip route 10.200.255.25 192.168.20.5

R2>>>>>>>>>>>>

crypto isakmp policy 10
encr aes
authentication pre-share
group 2
crypto isakmp key 6 USER address 192.168.1.1 255.255.255.252

crypto ipsec transform-set AES-SHA esp-aes esp-sha-hmac
mode transport
!
crypto map WARN 10 ipsec-isakmp
set peer 192.168.1.1
set transform-set AES-SHA
match address 100
!

interface GigabitEthernet0/0
ip address 192.168.1.2 255.255.255.252
speed 100
crypto map WARN

!

router eigrp 12

neighbor 192.168.1.2 g0/0

network 192.168.1.2 0.0.0.0

xxxx

xxx

we have "Hold time expired" on R2 logs and R1 has "interface peer termination received". Assuming we are having issues with hold and Adjusted hello to 5 and Hold to 30, still we have neighbor flap. So we pointed the neighbors to each other making them unicast neighbors to see if the link has any multicast drops, still no luck.

Involved cisco Tac and they did not find any errors in the script and opened TIC# with ISP for circuit issues where they tested their circuit and said they don't have any issues.

Do any one experience the same issue and can guide me in right direction to solve this one.

Richard Burts · ‎12-28-2018

If R1 received a termination message and if R2 has hold time expired then it appears that there may be some issue and more likely it is with R2 (though it is possible that both are involved). Are there other log messages on R2. It might be helpful to run debug on R2 for EIGRP looking especially for adjacency events.

You describe this as a move. Would we be correct in assuming that R2 is the one that moved? Are you sure that provisioning of the new connection for R2 is exactly like that of the previous site?

Are R1 and R2 able to communicate successfully?

When I see IPsec and EIGRP both i the configuration I generally see some type of tunneling. But there is not any in what you have posted. Is this correct? Did this same configuration work before the move?

Perhaps you can post the content of the acl used by each side to identify traffic to be encrypted?

HTH

Rick

HTH

Rick

nani · ‎12-28-2018

Yes, R2 is the one moved and R1 is upgraded to ISR 4331 as well. This configuration is up and running for long time in 2900 series and had no issues.

no other logs at this time but to see more we attached bfd to eigrp at a point and saw a log RX down. That we assumed that their is a ciruit problem and opened a ticket with ISP which did not help

Richard Burts · ‎12-28-2018

When it was running on the 2900 were you configuring the neighbor under eigrp then as you are now?

HTH

Rick

HTH

Rick

Richard Burts · ‎12-28-2018

I see that there is another version of this discussion and that Georg and Peter have made responses in that discussion. I suggest that we focus our attention on that discussion and not do anything further with this thread.

HTH

Rick

HTH

Rick

nani · ‎12-29-2018

Sure , thank you