Solved: EIGRP Neighbor Not On Common Subnet why?

lowfell · ‎03-06-2019

I have two switches running EIGRP but get the following error messages

*Mar 6 16:06:19.511: %DUAL-6-NBRINFO: EIGRP-IPv4 100: Neighbor 172.18.8.1 (Vlan3) is blocked: not on common subnet (10.32.253.17/28)
*Mar 6 16:06:33.266: %DUAL-6-NBRINFO: EIGRP-IPv4 100: Neighbor 172.18.8.1 (Vlan3) is blocked: not on common subnet (10.32.253.17/28)
*Mar 6 16:06:47.191: %DUAL-6-NBRINFO: EIGRP-IPv4 100: Neighbor 172.18.4.1 (Vlan2) is blocked: not on common subnet (10.32.253.1/28)
*Mar 6 16:06:57.299: %DUAL-6-NBRINFO: EIGRP-IPv4 100: Neighbor 172.18.8.1 (Vlan3) is blocked: not on common subnet (10.32.253.17/28)
*Mar 6 16:07:10.092: %DUAL-6-NBRINFO: EIGRP-IPv4 100: Neighbor 172.18.4.1 (Vlan2) is blocked: not on common subnet (10.32.253.1/28)

Here is my config switch one.

FIRSTLY THE PORT CHANNEL

sw1#sho run int port-channel 1
Building configuration...

Current configuration : 171 bytes
!
interface Port-channel1
description *** Etherchannel FROM TenG3/0/1-4/0/1***
switchport trunk allowed vlan 2,3,267
switchport mode trunk

!

interface TenGigabitEthernet3/0/1
description *** MCR N5K Eth */* - ***
switchport trunk allowed vlan 2,3,267
switchport mode trunk
channel-group 1 mode on
!

!
interface TenGigabitEthernet4/0/1
description ***desc MCR N5K Eth */* - ***
switchport trunk allowed vlan 2,3,267
switchport mode trunk
channel-group 1 mode on
!!
interface Vlan2
description ***TEST_FCC_vlan2***
ip address 10.32.253.1 255.255.255.240
end

!

interface Vlan3
description ***TEST Voice Vlan FCC***
ip address 10.32.253.17 255.255.255.240

!

interface Vlan267
description ***New_Core_Routin_/30***
ip address 10.1.1.1 255.255.255.252
end

!

here is my EIGRP setup

router eigrp 100
network 10.1.1.0 0.0.0.3
network 10.32.253.0 0.0.0.15
network 10.32.253.16 0.0.0.15
!

#sho ip eigrp nei
EIGRP-IPv4 Neighbors for AS(100)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 10.1.1.2 Vl267 14 00:43:13 179 1074 0 1

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Now switch 2

!
interface Port-channel1
description ***LACP Etherchannel ***
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2,3,267
switchport mode trunk
end

!
!
interface GigabitEthernet0/25
description *** UPLINK TRUNK to ***
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2,3,267
switchport mode trunk
channel-group 1 mode on
!
interface GigabitEthernet0/26
description *** UPLINK TRUNK ***
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2,3,267
switchport mode trunk
channel-group 1 mode on
!
!
!
interface Vlan2
description ***TEST_***
ip address 172.18.4.1 255.255.252.0
!
interface Vlan3
description ***TEST Vlan***
ip address 172.18.8.1 255.255.252.0
!

interface Vlan267
description *** Transit svi ***
ip address 10.1.1.2 255.255.255.252
!

!
!
router eigrp 100
network 10.1.1.0 0.0.0.3
network 172.18.4.0 0.0.3.255
network 172.18.8.0 0.0.3.255
no auto-summary
!
#sho ip eigrp nei
IP-EIGRP neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q Seq Type
(sec) (ms) Cnt Num
0 10.1.1.1 Vl267 15 00:52:36 1 4500 0 3

ON SWITCH TWO I GET OBVIOUSLY THE OPPOSITE MESSAGES. lIKE THIS

IP-EIGRP(Default-IP-Routing-Table:100): Neighbor 10.32.253.17 not on common subnet for Vlan3
00:58:57: IP-EIGRP(Default-IP-Routing-Table:100): Neighbor 10.32.253.1 not on common subnet for Vlan2
00:59:10: IP-EIGRP(Default-IP-Routing-Table:100): Neighbor 10.32.253.17 not on common subnet for Vlan3
00:59:24: IP-EIGRP(Default-IP-Routing-Table:100): Neighbor 10.32.253.17 not on common subnet for Vlan3
00:59:38: IP-EIGRP(Default-IP-Routing-Table:100): Neighbor 10.32.253.1 not on common subnet for Vlan2
00:59:52: IP-EIGRP(Default-IP-Routing-Table:100): Neighbor 10.32.253.17 not on common subnet for Vlan3
01:00:02: IP-EIGRP(Default-IP-Routing-Table:100): Neighbor 10.32.253.1 not on common subnet for Vlan2
01:00:14: IP-EIGRP(Default-IP-Routing-Table:100): Neighbor 10.32.253.17 not on common subnet for Vlan3

so, i think what you will say is "they need to be on the same subnet" ?

1. Whilst my vlans might have the same vlan numbers their subnet their ip ranges are different so why should this make a difference ?

2. what do I need to do to make this work?

3. I suspect it's something to do with Layer2 & layer3 mixup ?

Jon Marshall · ‎03-06-2019

1) If you change the vlan ID on one of the switches then allow both vlans on the trunk then pick one of the switches and create SVIs for both vlans which means that switch will route between the vlans.

That would be the L2 solution and would not require EIGRP network statements.

2) Alternatively you could route across the L2 etherchannel for those vlans.

What you do is have a dedicated vlan for routing with an SVI on each switch and this forms the EIGRP neighborship but you don't allow either of the vlans we are talking about on the trunk link.

With this solution you would add network statements in EIGRP on both switches for it's corresponding subnet.

Hope that makes sense, if not I'll explain in more detail tomorrow.

Jon

View solution in original post

Richard Burts · ‎03-07-2019

The point of EIGRP is to advertise to the switches subnets that are found only on the other switch. If switch 1 has some subnet (perhaps 192.168.5.0) and that subnet is not also physically present on switch 2 then switch 2 has no way to route to the hosts in that subnet. Advertising that subnet using EIGRP provides routing information so that switch 2 would be able to forward packets to that subnet.

HTH

Rick

HTH

Rick

View solution in original post

Jon Marshall · ‎03-06-2019

They need to be in the same IP subnet because that is one of the requirements when forming an EIGRP neighborship.

It does not matter they are in the same vlan if the IP subnets are different.

Jon

lowfell · ‎03-06-2019

So should I exclude them from my EIGRP process?

All I wan to do is have a host on sw1 network be able to talk to a a host on switch 2 network and run a bandwidth test over my etherchannel.

How do I accomplish this?

Jon Marshall · ‎03-06-2019

Excluding them from EIGRP won't mean they can talk to each other because they are in different subnets ?

What port(s) are used to interconnect the switches and which hosts (IPs) are you doing the test between ?

Jon

lowfell · ‎03-06-2019

A bit more detail.

One switch is a 9407 with a portchannel of two interfaces. See the configuration above. The description says tenG interfaces but these are actually configured as 1g.

The second switch is an old 3560g

My port channel is up.

I have an eigrp neighbour from the svi's configured each side of the portchannel

A host on switch on SW1 in Vlan2 with an ip address of say

10.32.253.2

SHOULD be able to communicate with a host on SW2 in ITS vlan 2 with an ip address of

172.18.4.2 ?

Jon Marshall · ‎03-06-2019

The link between the switches is an etherchannel trunk which means vlan 2 (or 3) is the same vlan on both switches but you have used different IP subnets so no it won't work.

If the link between the two switches was a L3 link then each switch could have it's own vlan 2/3 with it's own IP subnet and you could route between the switches but you don't have that.

If you want to use the same vlan on both switches use the same IP subnet for both hosts.

Jon

lowfell · ‎03-06-2019

doesn't the svi's on the etherchannel make it a routed port?

Jon Marshall · ‎03-06-2019

No it doesn't.

You have connected your switches with a L2 trunk that is allowing vlan 2/3 across so the vlans are the same on both switches.

You could either not allow those vlans across and then they would be different vlans but you would need to advertise the subnets across the link or you make the link a L3 link and advertise the subnets across.

Jon

lowfell · ‎03-06-2019

Thanks for this Jon. i'm really grateful.

so, just to reiterate.

1. If I change the vlan id's numbers at one end then allow them through the trunk, this will work?

2. I leave the network statements in eigrp ?

lowfell · ‎03-06-2019

Right. I can see where I've gone wrong I think. I've got layer 2 & layer 3 portchannels mixed up.

So, now I have three questions.

1. If I used a Layer 3 Portchannel would my originals setup work?

2. If I leave it the way it is, but changed the vlan numbers at one side will it work? then i wouldnt need to include thre svi's for those vlans in eigrp because it's layer 2?

3. When would you use a Layer3 portchannel & when would you use a layer 2 port channel?

Jon Marshall · ‎03-06-2019

1) Yes as long as you advertise the subnets across the link it would work and vlan 2/3 would be different vlans on each switch.

2) It would work if you created SVIs for both vlans on either one or both switches and then allowed the vlans across the trunk link.

Then as you say you would not need to advertise those IP subnets across the link because you have extended the L2 vlan(s) between the switches.

3) There are no hard and fast rules but L2 etherchannel (trunks) are used primarily when you want to have the same vlan (using the same IP subnet) on multiple switches.

L3 etherchannels are primarily used to route between devices.

I am logging off now but by all means ask if you need further clarification or want to go into it more and I'll pick this up tomorrow.

Jon

lowfell · ‎03-06-2019

Thanks for this Jon. i'm really grateful.

so, just to reiterate.

1. If I change the vlan id's numbers at one end then allow them through the trunk, this will work?

2. I leave the network statements in eigrp ?

Jon Marshall · ‎03-06-2019

1) If you change the vlan ID on one of the switches then allow both vlans on the trunk then pick one of the switches and create SVIs for both vlans which means that switch will route between the vlans.

That would be the L2 solution and would not require EIGRP network statements.

2) Alternatively you could route across the L2 etherchannel for those vlans.

What you do is have a dedicated vlan for routing with an SVI on each switch and this forms the EIGRP neighborship but you don't allow either of the vlans we are talking about on the trunk link.

With this solution you would add network statements in EIGRP on both switches for it's corresponding subnet.

Hope that makes sense, if not I'll explain in more detail tomorrow.

Jon

Richard Burts · ‎03-07-2019

I suggest that we look at some fundamental aspects of this situation.

- If you want to run EIGRP over the port channel then there must be at least one vlan where the SVI for that vlan on each switch is in the same subnet. This would allow EIGRP to form successful neighbor relationship between the switches.

- This would allow you to change the vlan IDs on one switch so that each switch has different vlan numbers and each vlan would have its own unique IP subnet. If each switch has unique vlan numbers then there is not much point in having the vlans included on the trunk.

- Running EIGRP over the port channel would allow you to advertise the subnets of one switch to the other switch.

- This would allow a device connected in one vlan on a switch to communicate with a device connected to another vlan on the other switch and allow the speed test to be run.

- But at that point the port channel has only a single vlan on it. What is the point of a port channel if there is a single vlan?

Perhaps we need some explanation of what the original poster was trying to accomplish by having the same vlan numbers on both switches, and having a port channel running as a trunk and carrying multiple vlans, and having each switch have a different subnet in each vlan. If we knew what was to be accomplished we might be able to give better advice about how to achieve it.

HTH

Rick

HTH

Rick

lowfell · ‎03-07-2019

Thanks again. I've got this working using just different vlan numbers over the trunk. It works fine. However because thus is a trunk and I allow the vlans then what is the point of the Eigrp?