cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1096
Views
6
Helpful
15
Replies

EIGRP route redistribution config question. Please confirm/assist?

INTENT: implement connectivity with maximum security by placing device on new /30 subnet, on own new vlan.

On a 9300, If I want to advertise the directly-connected endpoint 172.16.5.2/30 with EIGRP, which is routable because of a local SVI 172.16.5.1/30, do I accomplish this with the existing static route and route map implementation...

 

#ip route 172.16.5.2 255.255.255.252 172.16.5.1

#ip prefix-list static-to-eigrp seq 10 permit 172.16.5.2/30  ?

Am I doing this wrong? May you please assist?

Thank you.

3 Accepted Solutions

Accepted Solutions

Hello


@jmaxwellUSAF wrote:

INTENT: implement connectivity with maximum security by placing device on new /30 subnet, on own new vlan.

On a 9300, If I want to advertise the directly-connected endpoint 172.16.5.2/30 with EIGRP, which is routable because of a local SVI 172.16.5.1/30, do I accomplish this with the existing static route and route map implementation...



router eigrp xx
network 172.16.5.1 0,0.0.0 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

Richard Burts
Hall of Fame
Hall of Fame

I am sorry but yes you are trying to do this wrong. In the first place you do not configure a static route for a remote address by specifying the next hop as another address in that subnet. If you want EIGRP to advertise that subnet then what you need is an EIGRP network statement for that subnet. You do not need a static route for a connected subnet and you certainly do not need a prefix list. You are trying to make this way more complex than is needed.

HTH

Rick

View solution in original post

sorry 

I run lab 
even if you add 
network 172.16.5.2 0.0.0.0
still the eigrp advertise 172.16.5.0/30 to other peers.
sorry you couldnot divide the prefix and advertise only one host to other peers. 

View solution in original post

15 Replies 15

...

Hello


@jmaxwellUSAF wrote:

INTENT: implement connectivity with maximum security by placing device on new /30 subnet, on own new vlan.

On a 9300, If I want to advertise the directly-connected endpoint 172.16.5.2/30 with EIGRP, which is routable because of a local SVI 172.16.5.1/30, do I accomplish this with the existing static route and route map implementation...



router eigrp xx
network 172.16.5.1 0,0.0.0 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

"INTENT: implement connectivity with maximum security by placing device on new /30 subnet, on own new vlan.

On a 9300, If I want to advertise the directly-connected endpoint 172.16.5.2/30 with EIGRP, which is routable because of a local SVI 172.16.5.1/30, do I accomplish this with the existing static route and route map implementation...

...router eigrp xx
network 172.16.5.1 0,0.0.0 "

The above seems wrong. I want to advertise 172.16.5.2/32.

Shouldn't the statement be...

router eigrp xx
network 172.16.5.2 0.0.0.0

?

Thank you.

I dont get, 
you have static route and you use prefix list to filter exact static route you redistribute into EIGRP 
(that my previous answer relate to)
Me and Mr. @Richard Burts  mention that there is some issue in static route 
then you remove all static route and prefix and now you talk about add prefix directly under the EIGRP. 
I dont get ?
but to summary the issue 
if the prefix direct connect to router then use prefix under eigrp 
if the prefix learn via static route then use redistribute static with prefix-list to match only this prefix

thanks 
MHM 

Yes, I was confused about how to accomplish intent. There should be no static route.

In summation:

1. On 9300...

I created vlan 33
I added int e0/5 switchport access vlan 33
I created svi 172.16.5.1/30
#router eigrp 1
#network 172.16.5.2 0.0.0.0 !!endpoint device is .2!!

Is this correct config?

Thank you.

 

Now It clear for us, 
I created svi 172.16.5.1/30
#router eigrp 1
#network 172.16.5.0 0.0.0.3 <<- this must be add as wildcard.
this make eigrp only advertise 172.16.5.0/30 to other peers. 

I don't understand the following-- Do I need to advertise the entire subnet , #network 172.16.5.0 0.0.0.3, because (maybe ?) the SVI 172.16.5.1 needs to be included as a subnet, because it exists between the enterprise subnets and the endpoint? or...

Can I just use #network 172.16.5.2 0.0.0.0 !!endpoint device is .2!!

?

but the prefix have only two host one is SVI and other is your Server. 
and as I know the EIGRP not allow to advertise /32 for other peers.
but let me see how we can solve this.

sorry 

I run lab 
even if you add 
network 172.16.5.2 0.0.0.0
still the eigrp advertise 172.16.5.0/30 to other peers.
sorry you couldnot divide the prefix and advertise only one host to other peers. 

Hello


@jmaxwellUSAF wrote:

I don't understand the following-- Do I need to advertise the entire subnet , #network 172.16.5.0 0.0.0.3, because (maybe ?) the SVI 172.16.5.1 needs to be included as a subnet, because it exists between the enterprise subnets and the endpoint? or..

 


You just need ( and is best practice) to be as specific as possible, adding the interface will advertsie its assoicate subnet

router eigrp xx
network 172.16.5.1 0,0.0.0 

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

I want to advertise the endpoint 172.16.5.2.  Why do you keep stating 172.16.5.1?

Actually you do not want to advertise the endpoint. You want the endpoint to be reachable and you achieve that by advertising the subnet that the endpoint is in.

When you run eigrp you need to tell the protocol which interfaces it should run on. That is why we are suggesting 172.16.5.1. That identifies the interface where eigrp should run. eigrp runs on that interface and advertises the subnet of that interface to other eigrp neighbors. That is how the endpoint becomes reachable from remote locations.

HTH

Rick

(I've studied this stuff, but too often there are exceptions) I just want to confirm-- for EIGRP to advertise my desired subnets, must I explicitly state EIGRP interfaces, or can I only insert the locally connected subnets?

 

I do not understand your question, especially this part "can I only insert the locally connected subnets". Let me try to provide an answer and hope that it addresses what you want to understand. In traditional EIGRP there were 2 ways to get EIGRP to advertise networks/subnets: 1) you could use network statements to identify interfaces on which EIGRP was to run. EIGRP would look for neighbors on those interfaces and would advertise the networks/subnets of the interface, 2) you could use redistribution (redistribute static, redistribute connected, redistribute some other routing protocol. No neighbors involved with this and it just advertised the networks/subnets. In newer versions of EIGRP there are additional ways to get EIGRP to advertise, such as configuring EIGRP directly on the interface. I think that your question is more about the traditional approach.

When you use a network statement you specify an IP address and a mask. EIGRP uses the address and mask and looks for any interface that matches and run on the selected interface. One option is to specify a specific host address such as 

network 172.16.5.1 0,0.0.0 it would use that address, find the interface which has that address, verify that the interface was active, and advertise the network of the interface

another option is to specify an address that is a specific subnet such as

network 172.16.5.1 0,0.0.3 it would find the interface which has that subnet, verify that the interface was active, and advertise the network of the interface.

another option is to specify an address that is a group of subnets such as
network 172.16.5.0 0,0.0.255 it would find all of the interfaces which are in the range, verify that the interfaces are active, and advertise the networks of the interfaces.

another option is to specify an address that is a group of networks such as
network 172.16.0.0 0,0.255.255 it would find all of the interfaces which are in the range, verify that the interfaces are active, and advertise the networks of the interfaces.

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: