Getting VLANS subnets into EIGRP from a switch?

ptlinva

I have 2x Class C's at a datacenter.

The router has a /29 for the outside interface. I have a /23 (x.x.x.1) assigned to my inside interface. I have a DMVPN (as part of my CCNP route studies) with EIGRP going back to my house and I can ping all IP addresses remotely.

AWESOME! Works great!

Next, I'm using a 3560 switch hanging off of the router and have created multiple vlans with SVIs. What's the best way to get the routes into EIGRP? I've tried loading EIGRP on the 3560 but neighbor relationships never establish. I am running ipservicesk9 so it is supported.

I was thinking about creating static routes on the router and insert those into EIGRP? I'm thinking I can convert the uplink port from a switchport to a Layer3 port. Not sure I want to do that with the way I've configured things...

DCSwitch#show ip eigrp interfaces
EIGRP-IPv4 Interfaces for AS(1)
Xmit Queue PeerQ Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable Un/Reliable SRTT Un/Reliable Flow Timer Routes
Vl205 0 0/0 0/0 0 0/0 0 0
Vl30 0 0/0 0/0 0 0/0 0 0
Vl40 0 0/0 0/0 0 0/0 0 0
Vl88 0 0/0 0/0 0 0/0 0 0
Vl99 0 0/0 0/0 0 0/0 0 0


DCSwitch#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(1)
DCSwitch#


DCSwitch#show ip eigrp topology
EIGRP-IPv4 Topology Table for AS(1)/ID(205.251.110.2)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status


P 205.xxx.xxx.0/23, 1 successors, FD is 2816
via Connected, Vlan205
P 10.10.88.0/22, 1 successors, FD is 2816
via Connected, Vlan88

I can ping all devices from the other devices. EIGRP has formed across the tunnel I have from one router to another. I just can't get the switch to join as a neighbor and distribute different subnets assigned on vlans.

---

DCRouter#show run | s router
router eigrp 1
network 10.0.0.0
DCRouter#

DCRouter#
DCRouter#show ip int b
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 67.x.x.108 YES NVRAM up up
GigabitEthernet0/1 205.x.x.1 YES NVRAM up up
Serial0/0/0 unassigned YES NVRAM administratively down down
Serial0/1/0 unassigned YES NVRAM administratively down down
GigabitEthernet1/0 unassigned YES NVRAM administratively down down
Tunnel0 10.100.100.1 YES NVRAM up up

DCRouter#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(1)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 10.100.100.2 Tu0 10 00:09:04 7 1362 0 28
DCRouter#

---

DCSwitch#show ip int b
Interface IP-Address OK? Method Status Protocol
Vlan1 unassigned YES NVRAM administratively down down
Vlan30 10.10.30.1 YES NVRAM up down
Vlan40 10.10.40.1 YES NVRAM up down
Vlan88 10.10.88.2 YES manual up up
Vlan90 unassigned YES unset up down
Vlan99 10.10.99.1 YES NVRAM up down
Vlan205 205.x.x.2 YES NVRAM up up
GigabitEthernet0/1 unassigned YES unset up up
GigabitEthernet0/2 unassigned YES unset administratively down down
GigabitEthernet0/3 unassigned YES unset up up
GigabitEthernet0/4 unassigned YES unset up up
GigabitEthernet0/5 unassigned YES unset up up
GigabitEthernet0/6 unassigned YES unset administratively down down

DCSwitch#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(1)
DCSwitch#

---

Any assistance would be greatly appreciated.

Thanks!
Your friend in Virginia,
Paul L.

Dollarhyde

I have not started working much on my Route studies, but one random thing, it will probably not work, but worth trying.

Is the ip routing enabled on your switch?

Hondabuff

IP routing enabled on the switch. Default route on the switch to the router. Static routes on the router to the switch. Option 2, No switchport on the link from the switch to the router. Enable Eigrp on the switch and add your routes. Both options are fairly simple.

cpartin

On DCRouter you're missing a network statement in your EIGRP config for the interface connected to your switch.

ptlinva

Yes, I have IP Routing enabled on the switch. I'm able to ping all of the IP addresses from the switch.

ptlinva

IP Routing is enabled on the switch. Default route is on the switch. I've tried adding static routes on the DC Router, works great. I then add another static route on my local router, works great. However, I'm not able to ping that route from my PC.

In regards to doing a "no switchport", which I originally had, I have several things that I need to use public IPs on. So I was using a switchport in a separate vlan with several other ports, to use the public IPs. If I change that to a routed port, then I need to figure out how to route the remaining public IPs through the one IP I assign to the routed port. Did that make sense?

I tried on several attempts to get the static route injected into EIGRP and it ends up messing with my tunnel. I get the following errors...

*Jan 24 08:31:44.708: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.100.100.1 (Tunnel0) is down: Interface PEER-TERMINATION received
WLC#
*Jan 24 08:31:48.228: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.100.100.1 (Tunnel0) is up: new adjacency
WLC#
*Jan 24 08:32:03.240: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.100.100.1 (Tunnel0) is down: Interface PEER-TERMINATION received
WLC#
*Jan 24 08:32:06.216: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.100.100.1 (Tunnel0) is up: new adjacency
*Jan 24 08:32:06.236: %ADJ-5-PARENT: Midchain parent maintenance for IP midchain out of Tunnel0, addr 10.100.100.1 - looped chain attempting to stack
WLC#
*Jan 24 08:32:21.228: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.100.100.1 (Tunnel0) is down: Interface PEER-TERMINATION received
WLC#
*Jan 24 08:32:24.608: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.100.100.1 (Tunnel0) is up: new adjacency
WLC#
*Jan 24 08:32:39.620: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.100.100.1 (Tunnel0) is down: Interface PEER-TERMINATION received
WLC#
*Jan 24 08:32:42.600: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.100.100.1 (Tunnel0) is up: new adjacency
*Jan 24 08:32:42.616: %ADJ-5-PARENT: Midchain parent maintenance for IP midchain out of Tunnel0, addr 10.100.100.1 - looped chain attempting to stack
WLC#
*Jan 24 08:32:57.612: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.100.100.1 (Tunnel0) is down: Interface PEER-TERMINATION received
WLC#
*Jan 24 08:33:00.692: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.100.100.1 (Tunnel0) is up: new adjacency
WLC#
*Jan 24 08:33:15.704: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.100.100.1 (Tunnel0) is down: Interface PEER-TERMINATION received
WLC#
*Jan 24 08:33:18.816: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.100.100.1 (Tunnel0) is up: new adjacency
*Jan 24 08:33:18.832: %ADJ-5-PARENT: Midchain parent maintenance for IP midchain out of Tunnel0, addr 10.100.100.1 - looped chain attempting to stack
WLC#conf t
*Jan 24 08:33:33.828: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.100.100.1 (Tunnel0) is down: Interface PEER-TERMINATION received

Don't you hate it when something simple messes with you?

Thank you everyone for responding. I really do appreciate your time and suggestions.

Your friend in snowed-in Virginia!
Paul L.

ptlinva

I have a tunnel going to that router. Whenever I tried to add the "missing" network statement, it tears my tunnel down with a "Midchain parent maintenance for IP midchain out of Tunnel0, addr 10.100.100.1 - looped chain attempting to stack" error.

Somethings make you go, "Hmm...".

ptlinva

DCSwitch#show run
Building configuration...


Current configuration : 7961 bytes
!
! Last configuration change at 23:35:30 UTC Mon Mar 1 1993
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname DCSwitch
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1d$m2Pp3.LYH/pHFvipqY/a2/
!
no aaa new-model
system mtu routing 1500
ip routing
!
!
!
!
!
crypto pki trustpoint TP-self-signed-13909408xx
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-13909408xx
revocation-check none
rsakeypair TP-self-signed-13909408xx
!
!
crypto pki certificate chain TP-self-signed-13909408xx
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31333930 39343038 3030301E 170D3933 30333031 30303033
<-SNIP->
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/1
switchport access vlan 205
switchport mode access
!
interface GigabitEthernet0/2
switchport access vlan 90
switchport mode access
shutdown
!
interface GigabitEthernet0/3
switchport access vlan 205
switchport mode access
!
interface GigabitEthernet0/4
description SONICWALL WAN PORT
switchport access vlan 205
switchport mode access
!
interface GigabitEthernet0/5
description SONICWALL LAN PORT
switchport access vlan 88
switchport mode access
!
<-SNIP->


interface GigabitEthernet0/17
description HYPERV-5 NETWORK PORT #1
switchport access vlan 205
switchport mode access
!
interface GigabitEthernet0/18
description HYPERV-5 NETWORK PORT #2
switchport access vlan 88
switchport mode access
!
interface GigabitEthernet0/19
description HYPERV-5 NETWORK PORT #3
switchport access vlan 90
switchport mode access
shutdown
!
<-SNIP->
interface Vlan1
no ip address
shutdown
!
interface Vlan30
description BIG AL
ip address 10.10.30.1 255.255.255.0
!
interface Vlan40
description PuertoRico Hosting
ip address 10.10.40.1 255.255.255.0
!
interface Vlan88
description LAN-SIDE
ip address 10.10.88.2 255.255.252.0
!
interface Vlan90
description DISABLED
no ip address
!
interface Vlan99
description MANAGEMENT
ip address 10.10.99.1 255.255.255.0
!
interface Vlan205
description WAN-SIDE
ip address xxx.xxx.110.2 255.255.254.0
!
!
router eigrp 1
network 10.10.0.0 0.0.255.255
network xxx.xxx.0.0 0.0.255.255
!
ip http server
ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 xxx.xxx.110.1
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
length 58
full-help
line vty 0 4
exec-timeout 0 0
password xxx
logging synchronous
login
transport input all
line vty 5 15
no login
transport input all
!
end


DCSwitch#

ptlinva

DCRouter#show run
Building configuration...



Current configuration : 2312 bytes
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname DCRouter
!
boot-start-marker
boot system flash:c2800nm-adventerprisek9-mz.151-4.M10.bin
boot-end-marker
!
!
enable secret 5 $1$aaG0$2s.bEPM8TKeeXXX
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2851 sn FTX1352AJXX
archive
log config
hidekeys
!
redundancy
!
!
!
!
crypto isakmp policy 5
encr aes 256
authentication pre-share
group 14
crypto isakmp key xxxxxxxx address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set OURSET esp-aes 256 esp-sha-hmac
mode transport
!
crypto ipsec profile OUR_IPSec_PROFILE
set transform-set OURSET
!
!
!
!
!
!
!
interface Tunnel0
ip address 10.100.100.1 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 1
ip nhrp authentication xxxxxxxx
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp shortcut
ip nhrp redirect
ip tcp adjust-mss 1360
no ip split-horizon eigrp 1
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
tunnel key 4545
tunnel protection ipsec profile OUR_IPSec_PROFILE
!
interface GigabitEthernet0/0
ip address 67.xxx.xx.108 255.255.255.248
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 205.xxx.xxx.1 255.255.254.0
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
!
interface Serial0/1/0
no ip address
shutdown
!
interface GigabitEthernet1/0
no ip address
shutdown
!
!
router eigrp 1
network 10.0.0.0
!
ip forward-protocol nd
ip http server
no ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 67.xxx.xx.105
!
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
length 58
full-help
line aux 0
line 66
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
line vty 0 4
exec-timeout 0 0
password xxxxxx
logging synchronous
login
transport input all
line vty 5 15
no login
transport input all
!
scheduler allocate 20000 1000
end

ptlinva

Another idea...

On the switch, instead of using SVIs and assigning them an IP, what about using router-on-a-stick with the uplink port on the router?

Would EIGRP work in this fashion?

Thanks!
-Paul

ptlinva

RESOLVED: I was able to get the 3560 switch (DCSwitch) to neighbor with my router (DCRouter) WITHOUT going to a "no switchport" routed port. EIGRP works just fine on a switchport. You don't need to change it to a routed port.

I then fixed my Tunnel issues by changing my local router to use the "ip nhrp map" and "ip nhrp multicast" ip address to the OUTSIDE interface of the DCRouter. Even though the INSIDE and OUTSIDE IP addresses assigned to my DCRouter are both public IPs and routable, the tunnel did not like using EIGRP with the switch while using the inside interface. I switched the tunnel over the outside interface and my woes went away...

HURRAY! No errors yet and EIGRP is showing routes on both routers and switch.

Dollarhyde

Good job, I am glad you fixed it!

theodoxa

ptlinva wrote: »

I have a tunnel going to that router. Whenever I tried to add the "missing" network statement, it tears my tunnel down with a "Midchain parent maintenance for IP midchain out of Tunnel0, addr 10.100.100.1 - looped chain attempting to stack" error.

Somethings make you go, "Hmm...".

You don't want the underlay network to be advertised by EIGRP. When you include it, it becomes possible for traffic to the tunnel endpoints to be routed through the tunnel itself, creating a loop of sorts. You could block the underlay network from being advertised using a prefix/distribute list.

Hondabuff

Since your using DMVPN, try using the "ip unnumbered" command for your tunnels.

or this below. Then just use the passive interface command on the router and only broadcast on tunnel 0. Much easier and gre not needed on VTI tunnels anymore. Easier to scale and manage. Is you 2851 your hub router? I can show you a virtual template that would make a lot easier for you to build multiple spokes.

!
interface Tunnel0
ip unnumbered vlan88
no ip redirects
ip mtu 1400
ip tcp adjust-mss 1360
tunnel source GigabitEthernet0/1
tunnel mode IPsec ipv4
tunnel protection ipsec profile OUR_IPSec_PROFILE
!