cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1600
Views
0
Helpful
19
Replies

EIGRP not populating routes on core from branch

cloksin
Level 1
Level 1

I have a strange issue here.  I have a branch router that I just deployed, connected via DMVPN.  The DMVPN tunnel builds just fine.  Once the tunnel is up, the branch router gets all the routes via EIGRP from the core.  However, the core routing table is not getting any of the routes from the branch.  

 

Branch config:

version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router
!
boot-start-marker
boot system flash c880data-universalk9-mz.153-2.T.bin
boot system flash c880data-universalk9-mz.153-3.M4.bin
boot system flash:c880data-universalk9-mz.154-3.M7.bin
boot-end-marker
!
!
enable secret 5 xxxx
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
memory-size iomem 10
clock timezone CST -6 0
clock summer-time CDT recurring
service-module wlan-ap 0 bootimage autonomous
!
!
!
!
!
!


!
ip dhcp excluded-address 10.40.62.1 10.40.62.99
!
ip dhcp pool 40
network 10.40.62.0 255.255.255.0
default-router 10.40.62.1
dns-server 10.1.1.69 10.1.1.95
!
ip dhcp pool 36
network 10.36.62.0 255.255.255.0
option 43 hex xxxx.xxxx.xxxx
default-router 10.36.62.1
!
ip dhcp pool 38
network 10.38.62.0 255.255.255.0
default-router 10.38.62.1
option 150 ip 10.1.1.20 10.1.65.240
domain-name domain.generic
!
!
!
ip flow-cache timeout active 1
no ip domain lookup
ip domain name domain.generic
ip cef
no ipv6 cef
ipv6 multicast rpf use-bgp
!
!
multilink bundle-name authenticated
!
flow record NTARecord
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
collect counter bytes
collect counter packets
!
!
flow exporter NTAExporter
destination 10.110.110.46
transport udp 2055
!
!
flow monitor NTAMonitor
exporter NTAExporter
cache timeout active 60
record NTARecord
!
license udi pid CISCO881W-GN-A-K9 sn xxxx
license accept end user agreement
license boot module c880-data level advipservices
!
!
archive
log config
hidekeys
username user1 privilege 15 secret 5 xxxx
!
!
!
!
!
ip ssh time-out 60
ip ssh authentication-retries 5
ip ssh version 2
!
!
!
!
!
!
!
!
!
interface Tunnel0
ip address 10.254.240.62 255.255.255.0
no ip redirects
ip mtu 1440
ip nhrp authentication cisco123
ip nhrp map multicast 71.xxx.xxx.xxx
ip nhrp map 10.254.240.1 71.xxx.xxx.xxx
ip nhrp network-id 1
ip nhrp nhs 10.254.240.1
delay 120
tunnel source FastEthernet4
tunnel mode gre multipoint
tunnel key 0
!
interface FastEthernet0
switchport access vlan 921
no ip address
no cdp enable
!
interface FastEthernet1
switchport access vlan 40
no ip address
!
interface FastEthernet2
switchport trunk native vlan 40
switchport mode trunk
no ip address
!
interface FastEthernet3
switchport trunk native vlan 40
switchport mode trunk
no ip address
!
interface FastEthernet4
ip address dhcp
duplex full
speed 100
!
interface wlan-ap0
description Service module interface to manage the embedded AP
no ip address
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
no ip address
!
interface Vlan1
no ip address
shutdown
!
interface Vlan36
ip address 10.36.62.1 255.255.255.0
!
interface Vlan38
ip address 10.38.62.1 255.255.255.0
!
interface Vlan40
ip address 10.40.62.1 255.255.255.0
!
interface Vlan54
ip address 10.54.62.1 255.255.255.0
!
interface Vlan57
ip address 10.57.62.1 255.255.255.0
!
interface Vlan60
ip address 10.60.62.1 255.255.255.0
!
interface Vlan921
ip address 10.254.230.62 255.255.255.0
ip flow monitor NTAMonitor input
ip flow monitor NTAMonitor output
!
!
router eigrp 101
network 10.36.62.0 0.0.0.255
network 10.38.62.0 0.0.0.255
network 10.40.62.0 0.0.0.255
network 10.54.62.0 0.0.0.255
network 10.57.62.0 0.0.0.255
network 10.60.62.0 0.0.0.255
network 10.254.230.0 0.0.0.255
network 10.254.240.0 0.0.0.255
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip flow-export version 5
ip flow-export destination 10.1.1.15 2055
!
ip route 71.xxx.xxx.xxx 255.255.255.255 dhcp
!
!
!
!
!
control-plane
!
!
!
line con 0
logging synchronous
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input ssh
line vty 0 4
logging synchronous
transport input ssh
line vty 5 15
logging synchronous
transport input ssh
!
scheduler max-task-time 5000
ntp update-calendar
ntp server 192.5.41.209
ntp server 198.30.92.2
!
end

1 Accepted Solution

Accepted Solutions

all your physical interfaces are down, you need to make sure you need to bring atleast one of the fa0-fa3 up and configure that interface as trunk and allow all vlans on trunk to bring the SVIs up.

View solution in original post

19 Replies 19

Hello,

 

what does the tunnel on the hub look like, did you configure:

 

no ip next-hop-self eigrp 101

no ip split-horizon eigrp 101

 

You need that on the spoke as well I think...

The DMVPN tunnel is connected to an ASR router, the EIGRP routing goes to a 4507 switch.  This is just one of many spokes on the DMVPN tunnel, all the other spokes have identical configs (except for the IP schema) and the EIGRP routing is working fine for those.

 

This is the EIGRP config on the 4507:

router eigrp 101
network 0.0.0.0
network 10.10.200.0 0.0.0.255
network 192.168.100.0
redistribute connected
redistribute static
eigrp stub connected static summary redistributed leak-map r~MATCH_ANY

Gaurav Gambhir
Cisco Employee
Cisco Employee

Assuming EIGRP is stable, I would check if the routes you are expecting to be advertised are getting into EIGRP topology table on the branch side, and verify the same on the core side. If this is a new install, make sure the SVI's on the brach router are up.

 

 

I really hope I'm just stupid and that's what it is.  Since it's a remote location that I can't remote into right now because of this issue, I'll have to drive over there tomorrow morning and make sure the SVIs are up.

Hello,

 

if the other branches are working fine with that same config, the problem might be elsewhere. Can you post the config of the hub ? Maybe we can spot something that can save you a trip to the remote location...

if the DMVPN is up, you should have ip connectivity to the tunnel interface on the branch router, you should be able to ssh/telnet to that address.

Yes, I was able to SSH into the branch router using the tunnel interface IP.  I verified that all the SVIs are up.  The routes I am trying to advertise are not showing up in the topology table.

Attached is the config from the Core switch that is doing the routing.

Hello,

 

can you post the full running config of the DMVPN hub ?

DMVPN Hub running config

If the routes are not in EIGRP topology table, rest of the config on the hub or anywhere doesnt matter.

 

can you share output of following from the branch

 

show ip route

show ip eigrp

show ip eigrp interfaces brief

show ip eigrp traffic

show ip eigrp topology

show ip eigrp route

See attached

are you sure your SVIs are up, I only see connected route for Fa4 and Tunnel0

 

C 10.254.240.0/24 is directly connected, Tunnel0
C 66.68.16.0/20 is directly connected, FastEthernet4

Well, they're down, but not administratively down.

 

show ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0 unassigned YES unset down down
FastEthernet1 unassigned YES unset down down
FastEthernet2 unassigned YES unset down down
FastEthernet3 unassigned YES unset down down
FastEthernet4 66.xxx.xxx.xxx YES DHCP up up
Tunnel0 10.254.240.62 YES manual up up
Vlan1 unassigned YES unset administratively down down
Vlan36 10.36.62.1 YES manual down down
Vlan38 10.38.62.1 YES manual down down
Vlan40 10.40.62.1 YES manual down down
Vlan54 10.54.62.1 YES manual down down
Vlan57 10.57.62.1 YES manual down down
Vlan60 10.60.62.1 YES manual down down
Vlan921 10.254.230.62 YES manual down down
Wlan-GigabitEthernet0 unassigned YES unset up up
wlan-ap0 unassigned YES NVRAM up up

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: