Solved: Thanks Jon. I couldn't get

keith.holder · ‎02-25-2015

Hello everyone. I have an issue where I'm unsure why one route is selected over another and can use your help. Here's the scenario.

I have a 3750X stack that runs EIGRP with my WAN provider's router and my ASA. All neighbors are on the 10.41.1.0/24 subnet.

I would prefer that routes learned from my ASA be installed in the route table of the 3750x.

Here is the route learned from my ASA (10.41.1.252).

MDF_SW01#sho ip eigrp topology 10.0.0.0/8
EIGRP-IPv4 Topology Entry for AS(99)/ID(10.41.99.1) for 10.0.0.0/8
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 3072
Descriptor Blocks:
10.41.1.252 (Vlan101), from 10.41.1.252, Send flag is 0x0
Composite metric is (3072/2560), route is External
Vector metric:
Minimum bandwidth is 1000000 Kbit
Total delay is 20 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 1
External data:
Originating router is 65.41.39.48
AS number of route is 0
External protocol is Static, external metric is 0
Administrator tag is 0 (0x00000000)
MACT_MDF_SW01#

Once I plug in the LAN interface from the WAN router (10.41.1.249), the route it passes to my 3750x becomes the preferred route for 10.0.0.0/8. see below.

MDF_SW01#sho ip eigrp topology 10.0.0.0/8
EIGRP-IPv4 Topology Entry for AS(99)/ID(10.41.99.1) for 10.0.0.0/8
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 1711872
Descriptor Blocks:
10.41.1.249 (Vlan101), from 10.41.1.249, Send flag is 0x0
Composite metric is (1711872/1711616), route is External
Vector metric:
Minimum bandwidth is 1500 Kbit
Total delay is 210 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 1
External data:
Originating router is 192.168.2.2
AS number of route is 65000
External protocol is BGP, external metric is 0
Administrator tag is 15270 (0x00003BA6)
MACT_MDF_SW01#

It appears that the metrics from 10.41.1.252 are better than than 10.41.1.249, but the route from 10.41.1.249 is what the 3750x is choosing. I'm stumped and could use some help figuring this out. Thanks.

Jon Marshall · ‎02-25-2015

For some reason the ASA is no longer advertising it's EIGRP route for 10.0.0.0/8 to the 3750x once it receives the route from your router

What does the IP routing table look like on the ASA ie. specifically the 10.0.0.0/8 network ?

Jon

View solution in original post

Jon Marshall · ‎02-25-2015

Can you post a "sh ip eigrp topology all-links 10.0.0.0/8" from both the ASA and the 3750x.

Jon

keith.holder · ‎02-25-2015

Thanks Jon. I couldn't get the output to filter just 10.0.0.0/8 so I provided the entire output.

Here's the output from the ASA.

MACTASAFW01# sho eigrp topology all-links

EIGRP-IPv4 Topology Table for AS(99)/ID(65.41.39.48)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status

P 0.0.0.0 0.0.0.0, 1 successors, FD is 2560, serno 1316
via Rstatic (2560/0)
via 10.41.1.249 (1714176/1711616), inside
P 10.0.0.0 255.0.0.0, 1 successors, FD is 1714176, tag is 15270, serno 1328
via 10.41.1.249 (1714176/1711616), inside
P 10.41.1.0 255.255.255.0, 1 successors, FD is 28160, serno 1
via Connected, inside
P 10.41.0.0 255.255.0.0, 1 successors, FD is 28416, serno 79
via 10.41.1.1 (28416/2816), inside
P 192.168.0.0 255.255.0.0, 1 successors, FD is 1714176, tag is 15270, serno 1330
via 10.41.1.249 (1714176/1711616), inside
P 10.99.0.0 255.255.0.0, 1 successors, FD is 2560, serno 1320
via Rstatic (2560/0)
P 172.16.0.0 255.240.0.0, 1 successors, FD is 1714176, tag is 15270, serno 1329
via 10.41.1.249 (1714176/1711616), inside
P 10.200.0.0 255.255.0.0, 1 successors, FD is 2560, serno 1321
via Rstatic (2560/0)
P 10.201.0.0 255.255.0.0, 1 successors, FD is 2560, serno 1322
via Rstatic (2560/0)
P 10.201.51.0 255.255.255.0, 1 successors, FD is 2560, serno 1323
via Rstatic (2560/0)
P 10.200.51.0 255.255.255.0, 1 successors, FD is 2560, serno 1324
via Rstatic (2560/0)
MACTASAFW01#

The output from the 3750x....

MACT_MDF_SW01#sho ip eigrp topology all-links
EIGRP-IPv4 Topology Table for AS(99)/ID(10.41.99.1)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status

P 10.200.0.0/16, 1 successors, FD is 3072, serno 881
via 10.41.1.252 (3072/2560), Vlan101
P 192.168.0.0/16, 1 successors, FD is 1711872, tag is 15270, serno 890
via 10.41.1.249 (1711872/1711616), Vlan101
P 10.41.0.0/16, 1 successors, FD is 2816, serno 2
via Summary (2816/0), Null0
P 172.16.0.0/12, 1 successors, FD is 1711872, tag is 15270, serno 889
via 10.41.1.249 (1711872/1711616), Vlan101
P 10.0.0.0/8, 1 successors, FD is 1711872, tag is 15270, serno 888
via 10.41.1.249 (1711872/1711616), Vlan101
P 10.201.0.0/16, 1 successors, FD is 3072, serno 882
via 10.41.1.252 (3072/2560), Vlan101
P 10.41.1.0/24, 1 successors, FD is 2816, serno 1
via Connected, Vlan101
P 10.201.51.0/24, 1 successors, FD is 3072, serno 883
via 10.41.1.252 (3072/2560), Vlan101
P 10.41.2.0/24, 1 successors, FD is 2816, serno 91
via Connected, Vlan102
P 0.0.0.0/0, 1 successors, FD is 3072, serno 876
via 10.41.1.252 (3072/2560), Vlan101
via 10.41.1.249 (1711872/1711616), Vlan101
P 10.41.55.0/24, 1 successors, FD is 2816, serno 93
via Connected, Vlan155
P 10.200.51.0/24, 1 successors, FD is 3072, serno 884
via 10.41.1.252 (3072/2560), Vlan101
P 10.41.8.0/24, 1 successors, FD is 2816, serno 92
via Connected, Vlan108
P 10.99.0.0/16, 1 successors, FD is 3072, serno 880
via 10.41.1.252 (3072/2560), Vlan101
P 10.41.56.0/24, 1 successors, FD is 2816, serno 94
via Connected, Vlan156
P 10.41.99.0/24, 1 successors, FD is 2816, serno 90
via Connected, Vlan99

MACT_MDF_SW01#

Jon Marshall · ‎02-25-2015

For some reason the ASA is no longer advertising it's EIGRP route for 10.0.0.0/8 to the 3750x once it receives the route from your router

What does the IP routing table look like on the ASA ie. specifically the 10.0.0.0/8 network ?

Jon

keith.holder · ‎02-25-2015

Thanks Jon. Sometimes, you just need someone to remind you how you configured things. :). Here's what happened. I'm running IP SLA on ASA to automatically redistribute static routes for L2L IPsec. What I did, though was set the AD on the routes to 200. Since the WAN router sends the eigrp external AD of 170, then those were installed in the ASA's route table and no longer redistributed the static.

I appreciate your help. Thank you.

Keith

Here's the output you requested along with my static route config from the ASA.

MACTASAFW01# sho route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is 65.41.39.1 to network 0.0.0.0

C 65.41.39.0 255.255.255.128 is directly connected, outside
S 8.8.8.8 255.255.255.255 [1/0] via 65.41.39.1, outside
D EX 10.0.0.0 255.0.0.0 [170/1714176] via 10.41.1.249, 0:20:49, inside
C 10.41.1.0 255.255.255.0 is directly connected, inside
D 10.41.0.0 255.255.0.0 [90/28416] via 10.41.1.1, 22:31:35, inside
S 10.99.0.0 255.255.0.0 [200/0] via 65.41.39.1, outside
S 10.200.0.0 255.255.0.0 [200/0] via 65.41.39.1, outside
S 10.201.0.0 255.255.0.0 [200/0] via 65.41.39.1, outside
S 10.201.51.0 255.255.255.0 [200/0] via 65.41.39.1, outside
S 10.200.51.0 255.255.255.0 [200/0] via 65.41.39.1, outside
S* 0.0.0.0 0.0.0.0 [1/0] via 65.41.39.1, outside
D EX 172.16.0.0 255.240.0.0 [170/1714176] via 10.41.1.249, 0:20:49, inside
D EX 192.168.0.0 255.255.0.0 [170/1714176] via 10.41.1.249, 0:20:49, inside
MACTASAFW01#

MACTASAFW01# sho run route
route outside 0.0.0.0 0.0.0.0 65.41.39.1 1 track 1
route outside 10.0.0.0 255.0.0.0 65.41.39.1 200 track 1
route outside 192.168.0.0 255.255.0.0 65.41.39.1 200 track 1
route outside 172.16.0.0 255.240.0.0 65.41.39.1 200 track 1
route outside 10.99.0.0 255.255.0.0 65.41.39.1 200 track 1
route outside 10.200.0.0 255.255.0.0 65.41.39.1 200 track 1
route outside 10.201.0.0 255.255.0.0 65.41.39.1 200 track 1
route outside 10.201.51.0 255.255.255.0 65.41.39.1 200 track 1
route outside 10.200.51.0 255.255.255.0 65.41.39.1 200 track 1
route outside 8.8.8.8 255.255.255.255 65.41.39.1 1
MACTASAFW01#

Jon Marshall · ‎02-25-2015

Keith

No problem and makes perfect sense.

Glad you got it sorted.

Jon

EIGRP route selection