I run a IPSEC tunnel using both the GRE keepalive 10 3 and Crypto isakmp keepalive 60, as well as using the default EIGRP hello and hold timers. I keep receiving EIGRP "PEER-TERMINATION" syslog messages causing eigrp to constantly re-build neighborship.
%DUAL-5-NBRCHANGE: EIGRP-IPv4 27097: Neighbor 10.0.0.1 (Tunnel5) is down: Interface PEER-TERMINATION received
%DUAL-5-NBRCHANGE: EIGRP-IPv4 27097: Neighbor 10.0.0.1 (Tunnel5) is up: new adjacency
I have been unable to locate any documentation on this syslog message. I suspect that it could be QoS, but the QoS queuing is set to provide 11 kbps priority queuing for routing protocols so it should be more than enough for Eigrp hellos and updates. The link is going over satellite connection so every once in a while it drops some packets but to cause this much occurrence makes me question if this is the cause.
Does anyone have any input on why this peer-termination keeps accuring?
If you don’t think it's the instability of your satellite WAN connection that’s causing the EIGRP to break, perhaps this could be a QOS or MTU related issue, that causes a specific EIGRP update of a certain size to be dropped in between the two devices.
The EIGRP update size, depends highly on the prefix length of carried routes. Just in case you didn’t know, routes with prefix length > /24 takes 4 more bytes to be carried.
Moving forward, you might wanna increase the QOS size and tune the MTU size. Don’t do these together. Do the QOS, and if that doesn’t solve it, change the MTU size. Let me know how it goes :-)
Posting this for anyone interested in using a Raspberry PI as a flow collector for Stealthwatch. We created a very lightweight version of our software. It can create flows if the eth port is attached to a SPAN or you can forward NetFlow/IPFIX ...
Dear Team Suppose we have hundreds of rules in access policy on cisco fmc device. Now I want to fetch all access policy rules in which I have mentioned some specific port number X. Can anyone help me with the process to fetch the same?
Greetings everyone, Happy New Year! I would like to thank you all for making our ISE demos in dCloud a great success!
The ISE instant demo has been in the top 5 of Enterprise demos for a long time now and recently just moved into the #1 and 2 slots...
User Experience Enhancements
As part of the Cisco Common User Experience program, we are working towards a more uniform user experience and terminology alignment. This program runs across all Cisco security products.
A More Intuitive Cognitiv...