Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1163
Views
0
Helpful
8
Replies

Missing route in EIGRP

Go to solution
zrunner626
Level 1
Level 1

‎02-02-2017 10:08 AM - edited ‎03-05-2019 07:58 AM

Hoping someone can help...

I have a couple static routes in my data center switch, for traffic pointing to an ASA (site-to-site tunnel with another company.) The switch is redistributing the static routes into EIGRP. I see the routes in EIGRP on the switch, no problem there. I even see the routes in the routers at the data center (I have two, we are using iWAN - DMVPN, NHRP, EIGRP). but the branch routers are not seeing that route.

I have checked the route-maps/prefix-lists to make sure it is not being filtered on either the DC router or the branch router. 

Split-horizon is turned off.

Any other thoughts?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP
In response to zrunner626

‎02-02-2017 01:26 PM

Hello,

I have a feeling that your summary addresses are causing the problem. Do you actually see the EIGRP neighbors on each side ?

Either way, try and take the two lines below out:

af-interface Tunnel11
summary-address 10.0.0.0 255.0.0.0 leak-map EIGRP-LEAK
summary-address 10.1x.0.0 255.255.128.0 leak-map EIGRP-LEAK

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Georg Pauwen
VIP
VIP

‎02-02-2017 10:15 AM

Hello,

post the configs of one of the branch routers and the DC router (that is, the router directly connected to the branch router)...

0 Helpful

Go to solution
zrunner626
Level 1
Level 1
In response to Georg Pauwen

‎02-02-2017 12:05 PM

DC ROUTER
....
!
policy-map LAN
class INTERACTIVE-VIDEO
set dscp af41
class STREAMING-VIDEO
set dscp af31
class NET-CTRL
set dscp cs6
class CALL-SIGNALING
set dscp cs3
class CRITICAL-DATA
set dscp af21
class SCAVENGER
set dscp af11
class VOICE
set dscp ef
class class-default
policy-map WAN
class INTERACTIVE-VIDEO
bandwidth remaining percent 30
random-detect dscp-based
set dscp tunnel af41
class STREAMING-VIDEO
bandwidth remaining percent 10
random-detect dscp-based
set dscp tunnel af31
class NET-CTRL
bandwidth remaining percent 5
set dscp tunnel cs6
class CALL-SIGNALING
bandwidth remaining percent 4
set dscp tunnel af21
set dscp cs3
class CRITICAL-DATA
bandwidth remaining percent 25
random-detect dscp-based
set dscp tunnel af21
class SCAVENGER
bandwidth remaining percent 1
set dscp tunnel af11
class VOICE
priority level 1
police cir percent 10
set dscp tunnel ef
class class-default
bandwidth remaining percent 25
random-detect
policy-map RS-GROUP-20MBPS-POLICY
class class-default
shape average 20000000
bandwidth remaining ratio 20
service-policy WAN
policy-map RS-GROUP-30MBPS-POLICY
class class-default
bandwidth remaining ratio 30
shape average 30000000
service-policy WAN
policy-map type appnav APPNAV-1-PMAP
class WAAS-PassThroughTraffic
pass-through
class MAPI
distribute service-node-group WNG-Default-1
monitor-load mapi
class HTTPS
distribute service-node-group WNG-Default-1
monitor-load ssl
class HTTP
distribute service-node-group WNG-Default-1
monitor-load http
class CIFS
distribute service-node-group WNG-Default-1
monitor-load cifs
class Citrix-ICA
distribute service-node-group WNG-Default-1
monitor-load ica
class Citrix-CGP
distribute service-node-group WNG-Default-1
monitor-load ica
class epmap
distribute service-node-group WNG-Default-1
monitor-load MS-port-mapper
class NFS
distribute service-node-group WNG-Default-1
monitor-load nfs
class APPNAV-class-default
distribute service-node-group WNG-Default-1
policy-map RS-GROUP-100MBPS-POLICY
class class-default
shape average 100000000
bandwidth remaining ratio 100
service-policy WAN
policy-map RS-GROUP-50MBPS-POLICY
class class-default
shape average 50000000
bandwidth remaining ratio 50
service-policy WAN
policy-map POLICY-INET-SHAPE-ONLY
class class-default
shape average 100000000
policy-map RS-GROUP-10MBPS-POLICY
class class-default
shape average 10000000
bandwidth remaining ratio 10
service-policy WAN

!
interface Loopback0
description Loopback
ip address 10.1x.255.255 255.255.255.255
ip pim sparse-mode
!
interface Port-channel1
description Port-Channel (Internet)
ip address 10.1x.255.17 255.255.255.252
ip pim sparse-mode
ip nbar protocol-discovery
delay 25000
negotiation auto
!
interface Port-channel2
description Port-Channel (Internet)
vrf forwarding INET
ip address x.x.x.57 255.255.255.248
no ip redirects
no ip proxy-arp
negotiation auto
!
interface Tunnel11
bandwidth 100000
ip address 10.255.2.200 255.255.255.0
no ip redirects
ip mtu 1400
ip pim nbma-mode
ip pim sparse-mode
ip flow monitor Monitor-FNF-IWAN input
ip flow monitor Monitor-FNF-IWAN output
ip nhrp authentication-----
ip nhrp map multicast dynamic
ip nhrp map group RS-GROUP-100MBPS service-policy output RS-GROUP-100MBPS-POLICY
ip nhrp map group RS-GROUP-50MBPS service-policy output RS-GROUP-50MBPS-POLICY
ip nhrp map group RS-GROUP-30MBPS service-policy output RS-GROUP-30MBPS-POLICY
ip nhrp map group RS-GROUP-20MBPS service-policy output RS-GROUP-20MBPS-POLICY
ip nhrp map group RS-GROUP-10MBPS service-policy output RS-GROUP-10MBPS-POLICY
ip nhrp network-id 102
ip nhrp holdtime 600
ip nhrp redirect
ip tcp adjust-mss 1360
delay 20000
tunnel source GigabitEthernet0/2/1
tunnel mode gre multipoint
tunnel key 102
tunnel vrf INET
tunnel protection ipsec profile DMVPN-PROFILE-INET
service-insertion waas
domain iwan path INET path-id 2
!
interface GigabitEthernet0/0/0
description Routed Port-Channel Member to FRKS01
no ip address
negotiation auto
service-policy input LAN
channel-group 1 mode active
!
interface GigabitEthernet0/0/1
description Port-Channel to S09 (Internet)
no ip address
negotiation auto
channel-group 2 mode active
!
interface GigabitEthernet0/0/2
description Routed Port-Channel Member to S01
no ip address
negotiation auto
service-policy input LAN
channel-group 1 mode active
!
interface GigabitEthernet0/0/3
description Port-Channel to S09 (Internet)
no ip address
negotiation auto
channel-group 2 mode active
!
interface GigabitEthernet0/2/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/2/1
bandwidth 100000
vrf forwarding INET
ip address x.x.x.70 255.255.255.252
no ip redirects
no ip proxy-arp
ip flow monitor Monitor-FNF-INET input
ip flow monitor Monitor-FNF-INET output
media-type rj45
speed 100
no negotiation auto
no cdp enable
service-policy output POLICY-INET-SHAPE-ONLY
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 10.1x.40.3 255.255.255.0
negotiation auto
!
interface Vlan1
no ip address
shutdown
!
interface AppNav-Compress1
ip unnumbered Port-channel1
no keepalive
!
interface AppNav-UnCompress1
ip unnumbered Port-channel1
no keepalive
!
!
router eigrp EIGRP
!
address-family ipv4 unicast autonomous-system 1
!
af-interface default
passive-interface
exit-af-interface
!
af-interface Port-channel1
authentication mode md5
authentication key-chain LAN-KEY
no passive-interface
exit-af-interface
!
af-interface Tunnel11
summary-address 10.0.0.0 255.0.0.0 leak-map EIGRP-LEAK
summary-address 10.1x.0.0 255.255.128.0 leak-map EIGRP-LEAK
authentication mode md5
authentication key-chain WAN-KEY
hello-interval 20
hold-time 60
no passive-interface
no split-horizon
exit-af-interface
!
topology base
distribute-list ALL-EXCEPT-DEFAULT in Tunnel11
distribute-list SET-TAG-DC1 out Tunnel11
summary-metric 10.1x.0.0/17 100000 1000 255 0 1500
exit-af-topology
network 10.1x.0.0 0.0.255.255
network 10.255.2.0 0.0.0.255
eigrp router-id 10.1x.255.255
nsf
exit-address-family
!

!
ip forward-protocol nd
ip pim autorp listener
ip pim register-source Loopback0
no ip http server

ip tftp source-interface GigabitEthernet0
ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 10.200.40.1
ip route vrf INET 0.0.0.0 0.0.0.0 x.x.x.69
ip ssh source-interface Loopback0
ip ssh version 2
ip ssh server algorithm authentication password
!
!
ip access-list standard ALL-EXCEPT-DEFAULT
deny 0.0.0.0
permit any
ip access-list standard EIGRP-LEAK
permit 10.1x.255.240
ip access-list standard SSR-MGMT
permit 10.0.0.0 0.255.255.255
!
route-map ALL-EXCEPT-DEFAULT deny 5
match tag 222
!
route-map ALL-EXCEPT-DEFAULT permit 10
match ip address ALL-EXCEPT-DEFAULT
!
route-map SET-TAG-DC1 permit 10
set tag 111
!
route-map BLOCK-DC2 deny 10
match tag 222
!
route-map BLOCK-DC2 permit 20
!
route-map EIGRP-LEAK permit 10
match ip address EIGRP-LEAK
!END DC ROUTER!!!!!


BRANCH ROUTER
.....
!

policy-map POLICY-INET
class class-default
shape average 20000000
service-policy WAN
policy-map type inspect ACL-OUT-POLICY
class type inspect INSPECT-ACL-OUT-CLASS
inspect
class type inspect PASS-ACL-OUT-CLASS
pass
class class-default
drop
policy-map POLICY-MPLS
class class-default
shape average 45000000
service-policy WAN


!
interface Loopback0
description Loopback
ip address 10.2x.255.253 255.255.255.255
ip pim sparse-mode
h323-gateway voip interface
h323-gateway voip bind srcaddr 10.2x.255.253
!
interface Tunnel10
bandwidth 45000
ip address 10.255.1.2 255.255.255.0
no ip redirects
ip mtu 1400
ip pim dr-priority 0
ip pim nbma-mode
ip pim sparse-mode
ip flow monitor Monitor-FNF-IWAN input
ip flow monitor Monitor-FNF-IWAN output
ip nhrp authentication -----
ip nhrp group RS-GROUP-45MBPS
ip nhrp network-id 101
ip nhrp holdtime 600
ip nhrp nhs 10.255.1.1 nbma 1.x.x.66 multicast
ip nhrp nhs 10.255.1.200 nbma 3.x.x.162 multicast
ip nhrp shortcut
ip tcp adjust-mss 1360
delay 1000
no nhrp route-watch
tunnel source GigabitEthernet0/2/0
tunnel mode gre multipoint
tunnel key 101
tunnel vrf MPLS
tunnel protection ipsec profile DMVPN-PROFILE-MPLS
service-insertion waas
!
interface Tunnel11
bandwidth 20000
ip address 10.255.2.2 255.255.255.0
no ip redirects
ip mtu 1400
ip pim dr-priority 0
ip pim nbma-mode
ip pim sparse-mode
ip flow monitor Monitor-FNF-IWAN input
ip flow monitor Monitor-FNF-IWAN output
ip nhrp authentication ----
ip nhrp group RS-GROUP-20MBPS
ip nhrp network-id 102
ip nhrp holdtime 600
ip nhrp nhs 10.255.2.200 nbma 4.x.x.70 multicast
ip nhrp nhs 10.255.2.1 nbma 2.x.x.114 multicast
ip nhrp registration no-unique
ip nhrp shortcut
ip tcp adjust-mss 1360
delay 200000
no nhrp route-watch
tunnel source GigabitEthernet0/0/1
tunnel mode gre multipoint
tunnel key 102
tunnel vrf INET
tunnel protection ipsec profile DMVPN-PROFILE-INET
service-insertion waas
!
!
interface GigabitEthernet0/0/0
description LAN Interface (IPS Bypass)
ip address 10.2x.255.1 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip pim sparse-mode
ip nbar protocol-discovery
load-interval 30
delay 10000
negotiation auto
service-policy input LAN
!
interface GigabitEthernet0/0/1

vrf forwarding INET
ip address x.x.x.162 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip flow monitor Monitor-FNF-INET input
ip flow monitor Monitor-FNF-INET output
zone-member security OUTSIDE
ip policy route-map INET-INTERNAL
negotiation auto
no cdp enable
no mop enabled
no lldp transmit
no lldp receive
service-policy output POLICY-ATT-INET
!

!
interface GigabitEthernet0/2/0
vrf forwarding MPLS
ip address x.x.x.34 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
media-type rj45
speed 100
no negotiation auto
service-policy output POLICY-MPLS
!
!
interface ucse1/0/0
description Management Interface for UCSE and guests
ip address 10.2x.252.1 255.255.255.0
no negotiation auto
switchport mode access
no mop enabled
no mop sysid
!
interface ucse1/0/1
description LAN Interface (Sourcefire IPS)
ip address 10.2x.255.5 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip pim sparse-mode
ip nbar protocol-discovery
load-interval 30
negotiation auto
switchport mode trunk
no mop enabled
no mop sysid
service-policy input LAN
!
....
!
router eigrp EIGRP
!
address-family ipv4 unicast autonomous-system 1
!
af-interface default
passive-interface
exit-af-interface
!
af-interface Tunnel10
summary-address 10.2x.0.0 255.255.128.0 leak-map EIGRP-LEAK
authentication mode md5
authentication key-chain WAN-KEY
hello-interval 20
hold-time 60
no passive-interface
no split-horizon
exit-af-interface
!
af-interface Tunnel11
summary-address 10.2x.0.0 255.255.128.0 leak-map EIGRP-LEAK
authentication mode md5
authentication key-chain WAN-KEY
hello-interval 20
hold-time 60
no passive-interface
no split-horizon
exit-af-interface
!
af-interface GigabitEthernet0/0/0
authentication mode md5
authentication key-chain LAN-KEY
no passive-interface
exit-af-interface
!
af-interface ucse1/0/1
authentication mode md5
authentication key-chain LAN-KEY
no passive-interface
exit-af-interface
!
topology base
distribute-list route-map DMVPN1-BR-IN in Tunnel10
distribute-list route-map DMVPN2-BR-IN in Tunnel11
distribute-list route-map BLOCK-LEARNED out Tunnel10
distribute-list route-map BLOCK-LEARNED out Tunnel11
redistribute static route-map STATIC-IN
exit-af-topology
network 10.2x.0.0 0.0.255.255
network 10.255.1.0 0.0.0.255
network 10.255.2.0 0.0.0.255
eigrp router-id 10.2.255.253
nsf
exit-address-family
!
!
virtual-service AUTOWAAS
.....
!
ip nat inside source route-map NAT interface GigabitEthernet0/0/1 overload
ip forward-protocol nd
ip pim autorp listener
ip pim register-source Loopback0

ip tftp source-interface Loopback0
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1 2.2.2.161 10 name LocalDefault
ip route 10.0.0.0 255.0.0.0 Null0 254 name FloatingBlackhole
ip route 172.16.0.0 255.240.0.0 Null0 254 name FloatingBlackhole
ip route 192.168.0.0 255.255.0.0 Null0 254 name FloatingBlackhole
ip route vrf INET 0.0.0.0 0.0.0.0 x.x.x.161
ip route vrf MPLS 0.0.0.0 0.0.0.0 x.x.x.33

!
ip access-list standard ALL-EXCEPT-DEFAULT
deny 0.0.0.0
permit any

!
route-map BLOCK-LEARNED deny 10
description Block learned routes outbound
match tag 101 102
!
route-map BLOCK-LEARNED permit 20
description Advertise all other routes outbound
!
route-map STATIC-IN permit 10
description Redistribute local default route
match ip address DEFAULT-ONLY
!
route-map INET-INTERNAL permit 10
description Return routing for Local Internet Access
match ip address INTERNAL-NETS
set global
!
route-map NAT permit 10
description Local Internet NAT
match ip address NAT-LOCAL
match interface GigabitEthernet0/0/1
!
route-map DMVPN2-BR-IN permit 10
description Match tagged routes inbound
description Match routes and tag as 102
match ip address ALL-EXCEPT-DEFAULT
set tag 102
!
route-map EIGRP-LEAK permit 10
match ip address EIGRP-LEAK
!
route-map DMVPN1-BR-IN permit 10
description Match tagged routes inbound
description Match routes and tag as 101
set tag 101
!END BRANCH!!!

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to zrunner626

‎02-02-2017 01:26 PM

Hello,

I have a feeling that your summary addresses are causing the problem. Do you actually see the EIGRP neighbors on each side ?

Either way, try and take the two lines below out:

af-interface Tunnel11
summary-address 10.0.0.0 255.0.0.0 leak-map EIGRP-LEAK
summary-address 10.1x.0.0 255.255.128.0 leak-map EIGRP-LEAK

0 Helpful

Go to solution
zrunner626
Level 1
Level 1
In response to Georg Pauwen

‎02-02-2017 01:37 PM

Yes, I see the Tunnel interfaces on each side. I'll find a time to remove those lines. 

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to zrunner626

‎02-02-2017 11:42 PM

Hello, 

you refer to two VRFs, INET on your DC router, and MPLS on your branch router. They are not in the configurations you posted ?

0 Helpful

Go to solution
zrunner626
Level 1
Level 1
In response to Georg Pauwen

‎02-04-2017 05:33 AM

This got me thinking...

We wanted the summarization so I added those routes to the EIGRP leak-map and they showed up on the branch router.

Thanks for your help!

0 Helpful

Go to solution
paul driver
VIP
VIP

‎02-02-2017 12:09 PM

Hello

If you have next-hop self enabled then try disabling it

what Dmvpn phase are you using

rs

paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
zrunner626
Level 1
Level 1
In response to paul driver

‎02-02-2017 01:47 PM

Next-hop self is not enabled. Not sure on the dmvpn phase, I would guess 2.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card