Solved: Thanks. I did and the

jebowling · ‎12-14-2015

I have a WAN that is terminated from BGP VRF MPLS Tunnel and I need to redistribute into EIGRP. The ip vrf LAN rd 2828:101 needs to redistribute into EIGRP 1 that connects on interface GigabitEthernet0/2.

GatewayXO#
GatewayXO#show ip vrf LAN
Name Default RD Interfaces
LAN 2828:101 Gi0/1.101
Gi0/2

GatewayXO#show ip eigrp vrf LAN interfaces
IP-EIGRP interfaces for process 2828
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Gi0/1.101 0 0/0 0 0/1 0 0

GatewayXO#show ip eigrp vrf LAN neighbors
IP-EIGRP neighbors for process 2828
GatewayXO#

BGPGateway#show run

Building configuration...

Current configuration : 3065 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname BGPGateway

!

boot-start-marker

boot system flash disk2:c7200-a3jk9s-mz.124-25f.bin

boot bootldr bootflash:c7200-kboot-mz.124-25g.bin

boot-end-marker

!

enable password ******

!

no aaa new-model

!

ip cef

!

ip vrf LAN

rd 2828:101

route-target export 2828:101

route-target import 2828:101

!

ip vrf VLAN

rd 2828:100

!

interface Loopback20

ip address 20.20.20.20 255.255.255.255

!

interface GigabitEthernet0/1

description XO BGP Gateway to WAN Systems

no ip address

load-interval 30

duplex auto

speed auto

media-type rj45

no negotiation auto

!

interface GigabitEthernet0/1.100

description description DMZ-VLAN-100 (Company Current IP Blocks)

encapsulation dot1Q 100

ip vrf forwarding VLAN

ip address 64.55.218.238 255.255.255.252

no cdp enable

!

interface GigabitEthernet0/1.101

description DMZ-VLAN-101 (route to Private IPs to WEB Filter at the end of MPLS Tunnel)

encapsulation dot1Q 101

ip vrf forwarding LAN

ip address 64.55.216.246 255.255.255.252

no cdp enable

!

interface GigabitEthernet0/2

description Connected to Cisco 6509 EIGRP 20 VLANS

ip vrf forwarding LAN

ip address 172.19.1.1 255.255.255.0

duplex auto

speed auto

media-type rj45

no negotiation auto

no keepalive

!

interface GigabitEthernet0/3

ip vrf forwarding VLAN

ip address 209.116.238.33 255.255.255.248

duplex auto

speed auto

media-type rj45

no negotiation auto

no keepalive

!

router eigrp 1

redistribute static

redistribute bgp 7014 1

network 20.0.0.0

network 172.19.0.0

no auto-summary

!

address-family ipv4 vrf LAN

redistribute bgp 7014 1

network 172.19.0.0

default-metric 10000 1 255 1 1500

no auto-summary

autonomous-system 2828

exit-address-family

!

router eigrp 10

network 172.19.0.0

no auto-summary

!

router bgp 7014

bgp router-id 64.55.218.238

no bgp default ipv4-unicast

bgp log-neighbor-changes

neighbor 64.55.216.245 remote-as 1

!

address-family ipv4 vrf VLAN

redistribute connected

redistribute static

neighbor 64.55.218.237 remote-as 2828

neighbor 64.55.218.237 description VLAN

neighbor 64.55.218.237 activate

no synchronization

exit-address-family

!

address-family ipv4 vrf LAN

redistribute connected

redistribute static

redistribute eigrp 1

neighbor 64.55.216.245 remote-as 2828

neighbor 64.55.216.245 description LAN

neighbor 64.55.216.245 activate

neighbor 64.55.216.245 soft-reconfiguration inbound

no synchronization

exit-address-family

!

ip forward-protocol nd

ip route 10.0.0.0 255.0.0.0 172.19.1.2

ip route vrf LAN 0.0.0.0 0.0.0.0 64.55.216.245

ip route vrf VLAN 0.0.0.0 0.0.0.0 64.55.218.237

!

no ip http server

no ip http secure-server

!

control-plane

!

gatekeeper

shutdown

!

line con 0

stopbits 1

line aux 0

stopbits 1

line vty 0 4

password *******

login

!

end

BGPGateway#

Masoud Pourshabanian · ‎12-14-2015

Hello,

How did you config EIGRP on other side?

It should be like this:

router eigrp 2828

network 172.19.0.0

no auto-summary

Masoud

View solution in original post

Masoud Pourshabanian · ‎12-15-2015

Adding to my previous comment.

Make sure 6509 only connected to interface under VRF LAN. Otherwise, configuration of EIGRP may cause routing loop.

Masoud

View solution in original post

Masoud Pourshabanian · ‎12-14-2015

Hello,

How did you config EIGRP on other side?

It should be like this:

router eigrp 2828

network 172.19.0.0

no auto-summary

Masoud

jebowling · ‎12-15-2015

Let me clarify sides:

Side A: Is a Cisco 6509 connected to interface GigabitEthernet0/2 as shown below. It has 20 VLANS and the whole network is running EIGRP 1

#Cisco_6509
Router EIGRP 1
Network 10.0.0.0
Network 172.19.0.0
!

DEMARC: This router running the above configuration.

Side Z: This is the Carrier WEB Filter which is at the end of a Fortigate firewall. I do not control this side.

Masoud Pourshabanian · ‎12-15-2015

Since on your 6509 you have this configuration

#Cisco_6509
Router EIGRP 1
Network 10.0.0.0
Network 172.19.0.0

So you need to change the autonomous system under Eigrp. They are now in different autonomous system.

address-family ipv4 vrf LAN

redistribute bgp 7014 1

network 172.19.0.0

default-metric 10000 1 255 1 1500

no auto-summary

autonomous-system 2828 to 1

exit-address-family

Maoud

jebowling · ‎12-15-2015

The word "to" after the number is not allowed in the current Cisco IOS

GatewayXO(config-router)#address-family ipv4 vrf LAN
GatewayXO(config-router-af)# autonomous-system 2828 ?
<cr>

GatewayXO(config-router-af)# autonomous-system 2828 to 1
^
% Invalid input detected at '^' marker.

Masoud Pourshabanian · ‎12-15-2015

I am sorry for confusion.

I meant change it to 1.

********

address-family ipv4 vrf LAN

redistribute bgp 7014 1

network 172.19.0.0

default-metric 10000 1 255 1 1500

no auto-summary

autonomous-system 1

exit-address-family

Masoud

jebowling · ‎12-15-2015

I cannot. I get the argument below:

router eigrp 1
redistribute static
redistribute bgp 7014 1
network 20.0.0.0
network 172.19.0.0
default-metric 10000 1 255 1 1500
no auto-summary
!
address-family ipv4 vrf LAN
redistribute connected metric 100000000 2000 255 255 1500
redistribute bgp 7014 metric 100000000 2000 255 255 1500 1
network 64.0.0.0
network 172.19.0.0
default-metric 10000 1 255 1 1500
no auto-summary
autonomous-system 2828
exit-address-family
!

GatewayXO#config t
Enter configuration commands, one per line. End with CNTL/Z.
GatewayXO(config)#router eigrp 1
GatewayXO(config-router)# address-family ipv4 vrf LAN
GatewayXO(config-router-af)#autonomous-system 1
% Changing AS not allowed - Remove Address Family instead
GatewayXO(config-router-af)#

Masoud Pourshabanian · ‎12-15-2015

You need to remove address family at first and config it again.

router eigrp 1

no address-family ipv4 vrf LAN

address-family ipv4 vrf LAN
redistribute connected metric 100000000 2000 255 255 1500
redistribute bgp 7014 metric 100000000 2000 255 255 1500 1
network 64.0.0.0
network 172.19.0.0
default-metric 10000 1 255 1 1500
no auto-summary
autonomous-system 1

jebowling · ‎12-15-2015

Thanks. I did and the Neighbor on GigE 0/2 came up but I cannot see the other VLANS

GatewayXO(config)#router eigrp 1
GatewayXO(config-router)#no address-family ipv4 vrf LAN
GatewayXO(config-router)#^Z
GatewayXO#
*Dec 15 14:54:19.779: %SYS-5-CONFIG_I: Configured from console by console
GatewayXO#
GatewayXO#config t
Enter configuration commands, one per line. End with CNTL/Z.
GatewayXO(config)#router eigrp 1
GatewayXO(config-router)#address-family ipv4 vrf LAN
GatewayXO(config-router-af)#autonomous-system 1
GatewayXO(config-router-af)#network 172.19.0.0
GatewayXO(config-router-af)#
*Dec 15 14:55:21.571: %DUAL-5-NBRCHANGE: IP-EIGRP(1) 1: Neighbor 172.19.1.2 (Gig
abitEthernet0/2) is up: new adjacency

Current config looks like:

router eigrp 1
redistribute static 1
no auto-summary
!
address-family ipv4 vrf LAN
redistribute connected metric 100000000 2000 255 255 1500
redistribute bgp 7014 metric 100000000 2000 255 255 1500 1
network 10.0.0.0
network 172.19.0.0
auto-summary
autonomous-system 1
exit-address-family
!

Masoud Pourshabanian · ‎12-15-2015

What command do you use to see?

show ip route VRF LAN

jebowling · ‎12-15-2015

show commands look like this. Question is how to get the VLANs on the 6509 to come up?

GatewayXO#
GatewayXO#
GatewayXO#show ip vrf LAN
Name Default RD Interfaces
LAN 2828:101 Gi0/1.101
Gi0/2
GatewayXO#

GatewayXO#show ip eigrp vrf LAN interfaces
IP-EIGRP interfaces for process 1
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Gi0/2 1 0/0 5 0/1 50 0

GatewayXO#show ip eigrp vrf LAN neighbors
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 172.19.1.2 Gi0/2 10 00:12:30 5 200 0 1284
GatewayXO#
GatewayXO#

jebowling · ‎12-15-2015

So I see the routes on the DEMARC router. Let me go to the 6509 and see what comes up.

GatewayXO#show ip route VRF LAN

Routing Table: LAN
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 64.55.216.245 to network 0.0.0.0

64.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
B 64.0.0.0/14 [20/0] via 64.55.216.245, 18:41:50
B 64.55.218.236/30 [20/0] via 64.55.216.245, 18:41:50
C 64.55.216.244/30 is directly connected, GigabitEthernet0/1.101
65.0.0.0/29 is subnetted, 2 subnets
B 65.44.4.40 [20/0] via 64.55.216.245, 18:41:50
B 65.44.4.16 [20/0] via 64.55.216.245, 18:41:50
172.9.0.0/24 is subnetted, 1 subnets
D 172.9.1.0 [90/28672] via 172.19.1.2, 00:15:35, GigabitEthernet0/2
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
D 172.16.7.0/24 [90/3328] via 172.19.1.2, 00:15:35, GigabitEthernet0/2
D 172.16.0.0/16 [90/31232] via 172.19.1.2, 00:15:37, GigabitEthernet0/2
172.19.0.0/24 is subnetted, 1 subnets
C 172.19.1.0 is directly connected, GigabitEthernet0/2
172.18.0.0/24 is subnetted, 1 subnets
D 172.18.1.0 [90/28672] via 172.19.1.2, 00:15:38, GigabitEthernet0/2
128.1.0.0/24 is subnetted, 1 subnets
D 128.1.1.0 [90/3328] via 172.19.1.2, 00:15:39, GigabitEthernet0/2
D 192.168.250.0/24
[90/2181632] via 172.19.1.2, 00:15:39, GigabitEthernet0/2
10.0.0.0/8 is variably subnetted, 17 subnets, 2 masks
D 10.0.0.0/8 [90/31232] via 172.19.1.2, 00:15:39, GigabitEthernet0/2
D 10.1.104.0/24 [90/3328] via 172.19.1.2, 00:15:40, GigabitEthernet0/2
D 10.1.110.0/24 [90/3328] via 172.19.1.2, 00:15:40, GigabitEthernet0/2
D 10.3.101.0/24 [90/3328] via 172.19.1.2, 00:15:40, GigabitEthernet0/2
D 10.2.100.0/24 [90/3072] via 172.19.1.2, 00:15:40, GigabitEthernet0/2
D 10.3.100.0/24 [90/3328] via 172.19.1.2, 00:15:41, GigabitEthernet0/2
D 10.2.101.0/24 [90/3328] via 172.19.1.2, 00:15:41, GigabitEthernet0/2
D 10.1.102.0/24 [90/3328] via 172.19.1.2, 00:15:41, GigabitEthernet0/2
D 10.1.101.0/24 [90/3328] via 172.19.1.2, 00:15:41, GigabitEthernet0/2
D 10.1.100.0/24 [90/3072] via 172.19.1.2, 00:15:41, GigabitEthernet0/2
D 10.1.123.0/24 [90/3328] via 172.19.1.2, 00:15:41, GigabitEthernet0/2
D 10.1.122.0/24 [90/3328] via 172.19.1.2, 00:15:42, GigabitEthernet0/2
D 10.1.121.0/24 [90/3328] via 172.19.1.2, 00:15:42, GigabitEthernet0/2
D 10.1.120.0/24 [90/3072] via 172.19.1.2, 00:15:42, GigabitEthernet0/2
D 10.1.114.0/24 [90/3328] via 172.19.1.2, 00:15:42, GigabitEthernet0/2
D 10.1.130.0/24 [90/3072] via 172.19.1.2, 00:15:42, GigabitEthernet0/2
D 10.1.177.0/24 [90/3328] via 172.19.1.2, 00:15:43, GigabitEthernet0/2
D 192.168.248.0/24
[90/2184192] via 172.19.1.2, 00:15:43, GigabitEthernet0/2
209.116.238.0/29 is subnetted, 1 subnets
B 209.116.238.32 [20/0] via 64.55.216.245, 18:41:59
S* 0.0.0.0/0 [1/0] via 64.55.216.245
GatewayXO#
GatewayXO#
GatewayXO#

Masoud Pourshabanian · ‎12-15-2015

Which device is going to do NAT? WEB filter?

jebowling · ‎12-15-2015

On the other end a FortiGate

This is what the 6509B Routes look like

6509_Backup#
6509_Backup#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.1.100.254 to network 0.0.0.0

64.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
D EX 64.0.0.0/14 [170/514816] via 172.19.1.1, 00:21:27, GigabitEthernet9/1
D EX 64.55.216.244/30
[170/514816] via 172.19.1.1, 00:21:27, GigabitEthernet9/1
D EX 64.55.218.236/30
[170/514816] via 172.19.1.1, 00:21:27, GigabitEthernet9/1
65.0.0.0/29 is subnetted, 2 subnets
D EX 65.44.4.40 [170/514816] via 172.19.1.1, 00:21:27, GigabitEthernet9/1
D EX 65.44.4.16 [170/514816] via 172.19.1.1, 00:21:27, GigabitEthernet9/1
172.9.0.0/24 is subnetted, 1 subnets
D 172.9.1.0 [90/28416] via 10.2.100.1, 1w1d, Vlan200
[90/28416] via 10.1.130.1, 1w1d, Vlan130
[90/28416] via 10.1.120.1, 1w1d, Vlan120
[90/28416] via 10.1.100.254, 1w1d, Vlan100
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
D 172.16.0.0/16 [90/30976] via 10.2.100.1, 1w0d, Vlan200
[90/30976] via 10.1.130.1, 1w0d, Vlan130
[90/30976] via 10.1.120.1, 1w0d, Vlan120
[90/30976] via 10.1.100.254, 1w0d, Vlan100
D 172.16.7.0/24 [90/3072] via 10.1.120.14, 7w0d, Vlan120
172.19.0.0/24 is subnetted, 1 subnets
C 172.19.1.0 is directly connected, GigabitEthernet9/1
172.18.0.0/24 is subnetted, 1 subnets
D 172.18.1.0 [90/28416] via 10.2.100.1, 1w1d, Vlan200
[90/28416] via 10.1.130.1, 1w1d, Vlan130
[90/28416] via 10.1.120.1, 1w1d, Vlan120
[90/28416] via 10.1.100.254, 1w1d, Vlan100
128.1.0.0/24 is subnetted, 1 subnets
D 128.1.1.0 [90/3072] via 10.2.100.1, 1w1d, Vlan200
[90/3072] via 10.1.130.1, 1w1d, Vlan130
[90/3072] via 10.1.120.1, 1w1d, Vlan120
[90/3072] via 10.1.100.254, 1w1d, Vlan100
D 192.168.250.0/24 [90/2181376] via 10.2.100.1, 1w1d, Vlan200
[90/2181376] via 10.1.130.1, 1w1d, Vlan130
[90/2181376] via 10.1.120.1, 1w1d, Vlan120
[90/2181376] via 10.1.100.254, 1w1d, Vlan100
10.0.0.0/8 is variably subnetted, 17 subnets, 2 masks
D 10.1.123.0/24 [90/3072] via 10.2.100.1, 1w1d, Vlan200
[90/3072] via 10.1.130.1, 1w1d, Vlan130
[90/3072] via 10.1.120.1, 1w1d, Vlan120
[90/3072] via 10.1.100.254, 1w1d, Vlan100
D 10.1.104.0/24 [90/3072] via 10.2.100.1, 1w1d, Vlan200
[90/3072] via 10.1.130.1, 1w1d, Vlan130
[90/3072] via 10.1.120.1, 1w1d, Vlan120
[90/3072] via 10.1.100.254, 1w1d, Vlan100
D 10.1.121.0/24 [90/3072] via 10.1.100.22, 1w1d, Vlan100
D 10.1.110.0/24 [90/3072] via 10.2.100.1, 1w1d, Vlan200
[90/3072] via 10.1.130.1, 1w1d, Vlan130
[90/3072] via 10.1.120.1, 1w1d, Vlan120
[90/3072] via 10.1.100.254, 1w1d, Vlan100
C 10.1.130.0/24 is directly connected, Vlan130
D 10.0.0.0/8 [90/30976] via 10.2.100.1, 1w0d, Vlan200
[90/30976] via 10.1.130.1, 1w0d, Vlan130
[90/30976] via 10.1.120.1, 1w0d, Vlan120
[90/30976] via 10.1.100.254, 1w0d, Vlan100
D 10.1.177.0/24 [90/3072] via 10.2.100.1, 1w1d, Vlan200
[90/3072] via 10.1.130.1, 1w1d, Vlan130
[90/3072] via 10.1.120.1, 1w1d, Vlan120
[90/3072] via 10.1.100.254, 1w1d, Vlan100
D 10.1.102.0/24 [90/3072] via 10.2.100.1, 1w1d, Vlan200
[90/3072] via 10.1.130.1, 1w1d, Vlan130
[90/3072] via 10.1.120.1, 1w1d, Vlan120
[90/3072] via 10.1.100.254, 1w1d, Vlan100
C 10.1.100.0/24 is directly connected, Vlan100
C 10.2.100.0/24 is directly connected, Vlan200
D 10.3.100.0/24 [90/3072] via 10.2.100.1, 1w1d, Vlan200
[90/3072] via 10.1.130.1, 1w1d, Vlan130
[90/3072] via 10.1.120.1, 1w1d, Vlan120
[90/3072] via 10.1.100.254, 1w1d, Vlan100
D 10.1.122.0/24 [90/3072] via 10.2.100.1, 1w1d, Vlan200
[90/3072] via 10.1.130.1, 1w1d, Vlan130
[90/3072] via 10.1.120.1, 1w1d, Vlan120
[90/3072] via 10.1.100.254, 1w1d, Vlan100
C 10.1.120.0/24 is directly connected, Vlan120
D 10.1.114.0/24 [90/3072] via 10.2.100.1, 1w1d, Vlan200
[90/3072] via 10.1.130.1, 1w1d, Vlan130
[90/3072] via 10.1.120.1, 1w1d, Vlan120
[90/3072] via 10.1.100.254, 1w1d, Vlan100
D 10.1.101.0/24 [90/3072] via 10.2.100.1, 7w0d, Vlan200
[90/3072] via 10.1.130.1, 7w0d, Vlan130
[90/3072] via 10.1.120.14, 7w0d, Vlan120
[90/3072] via 10.1.100.254, 7w0d, Vlan100
D 10.2.101.0/24 [90/3072] via 10.2.100.1, 1w1d, Vlan200
[90/3072] via 10.1.130.1, 1w1d, Vlan130
[90/3072] via 10.1.120.1, 1w1d, Vlan120
[90/3072] via 10.1.100.254, 1w1d, Vlan100
D 10.3.101.0/24 [90/3072] via 10.2.100.1, 1w1d, Vlan200
[90/3072] via 10.1.130.1, 1w1d, Vlan130
[90/3072] via 10.1.120.1, 1w1d, Vlan120
[90/3072] via 10.1.100.254, 1w1d, Vlan100
D 192.168.248.0/24 [90/2183936] via 10.2.100.1, 1w1d, Vlan200
[90/2183936] via 10.1.130.1, 1w1d, Vlan130
[90/2183936] via 10.1.120.1, 1w1d, Vlan120
[90/2183936] via 10.1.100.254, 1w1d, Vlan100
209.116.238.0/29 is subnetted, 1 subnets
D EX 209.116.238.32
[170/514816] via 172.19.1.1, 00:21:42, GigabitEthernet9/1
S* 0.0.0.0/0 [1/0] via 10.1.100.254
6509_Backup#
6509_Backup#
6509_Backup#
6509_Backup#
6509_Backup#ping 172.19.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.19.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
6509_Backup#
6509_Backup#show ip route VRF LAN
% IP routing table LAN does not exist
6509_Backup#
6509_Backup#
6509_Backup#

Masoud Pourshabanian · ‎12-15-2015

I do not have a complete view on your network so double check my commands before setting them.

6509 is supposed to get INTERNET from DEMARC and fortigate? if yes, you need to change this default route.

S* 0.0.0.0/0 [1/0] via 10.1.100.254

no IP route 0.0.0.0 0.0.0.0 10.1.100.254

IP route 0.0.0.0 0.0.0.0 172.19.1.1

Routing is correct between 6509 and DEMARC. VRF LAN does not exist on 6509 and it is also correct. It should not be there.

EIGRP Redistribution into BGP VRF MPLS Tunnel