Getting VLANS subnets into EIGRP from a switch?

ptlinvaptlinva Member Posts: 125
I have 2x Class C's at a datacenter.

The router has a /29 for the outside interface. I have a /23 (x.x.x.1) assigned to my inside interface. I have a DMVPN (as part of my CCNP route studies) with EIGRP going back to my house and I can ping all IP addresses remotely.

AWESOME! Works great!

Next, I'm using a 3560 switch hanging off of the router and have created multiple vlans with SVIs. What's the best way to get the routes into EIGRP? I've tried loading EIGRP on the 3560 but neighbor relationships never establish. I am running ipservicesk9 so it is supported.

I was thinking about creating static routes on the router and insert those into EIGRP? I'm thinking I can convert the uplink port from a switchport to a Layer3 port. Not sure I want to do that with the way I've configured things...

DCSwitch#show ip eigrp interfaces
EIGRP-IPv4 Interfaces for AS(1)
Xmit Queue PeerQ Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable Un/Reliable SRTT Un/Reliable Flow Timer Routes
Vl205 0 0/0 0/0 0 0/0 0 0
Vl30 0 0/0 0/0 0 0/0 0 0
Vl40 0 0/0 0/0 0 0/0 0 0
Vl88 0 0/0 0/0 0 0/0 0 0
Vl99 0 0/0 0/0 0 0/0 0 0


DCSwitch#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(1)
DCSwitch#


DCSwitch#show ip eigrp topology
EIGRP-IPv4 Topology Table for AS(1)/ID(205.251.110.2)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status


P 205.xxx.xxx.0/23, 1 successors, FD is 2816
via Connected, Vlan205
P 10.10.88.0/22, 1 successors, FD is 2816
via Connected, Vlan88

I can ping all devices from the other devices. EIGRP has formed across the tunnel I have from one router to another. I just can't get the switch to join as a neighbor and distribute different subnets assigned on vlans.

DCRouter#show run | s router
router eigrp 1
network 10.0.0.0
DCRouter#

DCRouter#
DCRouter#show ip int b
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 67.x.x.108 YES NVRAM up up
GigabitEthernet0/1 205.x.x.1 YES NVRAM up up
Serial0/0/0 unassigned YES NVRAM administratively down down
Serial0/1/0 unassigned YES NVRAM administratively down down
GigabitEthernet1/0 unassigned YES NVRAM administratively down down
Tunnel0 10.100.100.1 YES NVRAM up up

DCRouter#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(1)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 10.100.100.2 Tu0 10 00:09:04 7 1362 0 28
DCRouter#

DCSwitch#show ip int b
Interface IP-Address OK? Method Status Protocol
Vlan1 unassigned YES NVRAM administratively down down
Vlan30 10.10.30.1 YES NVRAM up down
Vlan40 10.10.40.1 YES NVRAM up down
Vlan88 10.10.88.2 YES manual up up
Vlan90 unassigned YES unset up down
Vlan99 10.10.99.1 YES NVRAM up down
Vlan205 205.x.x.2 YES NVRAM up up
GigabitEthernet0/1 unassigned YES unset up up
GigabitEthernet0/2 unassigned YES unset administratively down down
GigabitEthernet0/3 unassigned YES unset up up
GigabitEthernet0/4 unassigned YES unset up up
GigabitEthernet0/5 unassigned YES unset up up
GigabitEthernet0/6 unassigned YES unset administratively down down

DCSwitch#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(1)
DCSwitch#

Any assistance would be greatly appreciated.

Thanks!
Your friend in Virginia,
Paul L.

Comments

  • DollarhydeDollarhyde Member Posts: 111
    I have not started working much on my Route studies, but one random thing, it will probably not work, but worth trying.

    Is the ip routing enabled on your switch?
    ___________________________________________________________________________________________________________
  • HondabuffHondabuff Member Posts: 667 ■■■□□□□□□□
    IP routing enabled on the switch. Default route on the switch to the router. Static routes on the router to the switch. Option 2, No switchport on the link from the switch to the router. Enable Eigrp on the switch and add your routes. Both options are fairly simple.
    “The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln
  • cpartincpartin Member Posts: 84 ■■□□□□□□□□
    On DCRouter you're missing a network statement in your EIGRP config for the interface connected to your switch.
  • ptlinvaptlinva Member Posts: 125
    Yes, I have IP Routing enabled on the switch. I'm able to ping all of the IP addresses from the switch.
  • ptlinvaptlinva Member Posts: 125
    IP Routing is enabled on the switch. Default route is on the switch. I've tried adding static routes on the DC Router, works great. I then add another static route on my local router, works great. However, I'm not able to ping that route from my PC.

    In regards to doing a "no switchport", which I originally had, I have several things that I need to use public IPs on. So I was using a switchport in a separate vlan with several other ports, to use the public IPs. If I change that to a routed port, then I need to figure out how to route the remaining public IPs through the one IP I assign to the routed port. Did that make sense?

    I tried on several attempts to get the static route injected into EIGRP and it ends up messing with my tunnel. I get the following errors...

    *Jan 24 08:31:44.708: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.100.100.1 (Tunnel0) is down: Interface PEER-TERMINATION received
    WLC#
    *Jan 24 08:31:48.228: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.100.100.1 (Tunnel0) is up: new adjacency
    WLC#
    *Jan 24 08:32:03.240: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.100.100.1 (Tunnel0) is down: Interface PEER-TERMINATION received
    WLC#
    *Jan 24 08:32:06.216: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.100.100.1 (Tunnel0) is up: new adjacency
    *Jan 24 08:32:06.236: %ADJ-5-PARENT: Midchain parent maintenance for IP midchain out of Tunnel0, addr 10.100.100.1 - looped chain attempting to stack
    WLC#
    *Jan 24 08:32:21.228: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.100.100.1 (Tunnel0) is down: Interface PEER-TERMINATION received
    WLC#
    *Jan 24 08:32:24.608: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.100.100.1 (Tunnel0) is up: new adjacency
    WLC#
    *Jan 24 08:32:39.620: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.100.100.1 (Tunnel0) is down: Interface PEER-TERMINATION received
    WLC#
    *Jan 24 08:32:42.600: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.100.100.1 (Tunnel0) is up: new adjacency
    *Jan 24 08:32:42.616: %ADJ-5-PARENT: Midchain parent maintenance for IP midchain out of Tunnel0, addr 10.100.100.1 - looped chain attempting to stack
    WLC#
    *Jan 24 08:32:57.612: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.100.100.1 (Tunnel0) is down: Interface PEER-TERMINATION received
    WLC#
    *Jan 24 08:33:00.692: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.100.100.1 (Tunnel0) is up: new adjacency
    WLC#
    *Jan 24 08:33:15.704: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.100.100.1 (Tunnel0) is down: Interface PEER-TERMINATION received
    WLC#
    *Jan 24 08:33:18.816: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.100.100.1 (Tunnel0) is up: new adjacency
    *Jan 24 08:33:18.832: %ADJ-5-PARENT: Midchain parent maintenance for IP midchain out of Tunnel0, addr 10.100.100.1 - looped chain attempting to stack
    WLC#conf t
    *Jan 24 08:33:33.828: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 10.100.100.1 (Tunnel0) is down: Interface PEER-TERMINATION received

    Don't you hate it when something simple messes with you?

    Thank you everyone for responding. I really do appreciate your time and suggestions.

    Your friend in snowed-in Virginia!
    Paul L.

  • ptlinvaptlinva Member Posts: 125
    I have a tunnel going to that router. Whenever I tried to add the "missing" network statement, it tears my tunnel down with a "Midchain parent maintenance for IP midchain out of Tunnel0, addr 10.100.100.1 - looped chain attempting to stack" error.

    Somethings make you go, "Hmm...".
  • ptlinvaptlinva Member Posts: 125
    DCSwitch#show run
    Building configuration...


    Current configuration : 7961 bytes
    !
    ! Last configuration change at 23:35:30 UTC Mon Mar 1 1993
    !
    version 15.0
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname DCSwitch
    !
    boot-start-marker
    boot-end-marker
    !
    !
    enable secret 5 $1d$m2Pp3.LYH/pHFvipqY/a2/
    !
    no aaa new-model
    system mtu routing 1500
    ip routing
    !
    !
    !
    !
    !
    crypto pki trustpoint TP-self-signed-13909408xx
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-13909408xx
    revocation-check none
    rsakeypair TP-self-signed-13909408xx
    !
    !
    crypto pki certificate chain TP-self-signed-13909408xx
    certificate self-signed 01
    3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 31333930 39343038 3030301E 170D3933 30333031 30303033
    <-SNIP->
    !
    !
    spanning-tree mode pvst
    spanning-tree extend system-id
    !
    vlan internal allocation policy ascending
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    interface GigabitEthernet0/1
    switchport access vlan 205
    switchport mode access
    !
    interface GigabitEthernet0/2
    switchport access vlan 90
    switchport mode access
    shutdown
    !
    interface GigabitEthernet0/3
    switchport access vlan 205
    switchport mode access
    !
    interface GigabitEthernet0/4
    description SONICWALL WAN PORT
    switchport access vlan 205
    switchport mode access
    !
    interface GigabitEthernet0/5
    description SONICWALL LAN PORT
    switchport access vlan 88
    switchport mode access
    !
    <-SNIP->


    interface GigabitEthernet0/17
    description HYPERV-5 NETWORK PORT #1
    switchport access vlan 205
    switchport mode access
    !
    interface GigabitEthernet0/18
    description HYPERV-5 NETWORK PORT #2
    switchport access vlan 88
    switchport mode access
    !
    interface GigabitEthernet0/19
    description HYPERV-5 NETWORK PORT #3
    switchport access vlan 90
    switchport mode access
    shutdown
    !
    <-SNIP->
    interface Vlan1
    no ip address
    shutdown
    !
    interface Vlan30
    description BIG AL
    ip address 10.10.30.1 255.255.255.0
    !
    interface Vlan40
    description PuertoRico Hosting
    ip address 10.10.40.1 255.255.255.0
    !
    interface Vlan88
    description LAN-SIDE
    ip address 10.10.88.2 255.255.252.0
    !
    interface Vlan90
    description DISABLED
    no ip address
    !
    interface Vlan99
    description MANAGEMENT
    ip address 10.10.99.1 255.255.255.0
    !
    interface Vlan205
    description WAN-SIDE
    ip address xxx.xxx.110.2 255.255.254.0
    !
    !
    router eigrp 1
    network 10.10.0.0 0.0.255.255
    network xxx.xxx.0.0 0.0.255.255
    !
    ip http server
    ip http secure-server
    !
    !
    ip route 0.0.0.0 0.0.0.0 xxx.xxx.110.1
    !
    !
    !
    !
    line con 0
    exec-timeout 0 0
    privilege level 15
    logging synchronous
    length 58
    full-help
    line vty 0 4
    exec-timeout 0 0
    password xxx
    logging synchronous
    login
    transport input all
    line vty 5 15
    no login
    transport input all
    !
    end


    DCSwitch#
  • ptlinvaptlinva Member Posts: 125
    DCRouter#show run
    Building configuration...



    Current configuration : 2312 bytes
    !
    version 15.1
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname DCRouter
    !
    boot-start-marker
    boot system flash:c2800nm-adventerprisek9-mz.151-4.M10.bin
    boot-end-marker
    !
    !
    enable secret 5 $1$aaG0$2s.bEPM8TKeeXXX
    !
    no aaa new-model
    !
    !
    dot11 syslog
    ip source-route
    !
    !
    ip cef
    !
    !
    !
    no ip domain lookup
    no ipv6 cef
    !
    multilink bundle-name authenticated
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    voice-card 0
    !
    crypto pki token default removal timeout 0
    !
    !
    !
    !
    license udi pid CISCO2851 sn FTX1352AJXX
    archive
    log config
    hidekeys
    !
    redundancy
    !
    !
    !
    !
    crypto isakmp policy 5
    encr aes 256
    authentication pre-share
    group 14
    crypto isakmp key xxxxxxxx address 0.0.0.0 0.0.0.0
    !
    !
    crypto ipsec transform-set OURSET esp-aes 256 esp-sha-hmac
    mode transport
    !
    crypto ipsec profile OUR_IPSec_PROFILE
    set transform-set OURSET
    !
    !
    !
    !
    !
    !
    !
    interface Tunnel0
    ip address 10.100.100.1 255.255.255.0
    no ip redirects
    ip mtu 1400
    no ip next-hop-self eigrp 1
    ip nhrp authentication xxxxxxxx
    ip nhrp map multicast dynamic
    ip nhrp network-id 1
    ip nhrp shortcut
    ip nhrp redirect
    ip tcp adjust-mss 1360
    no ip split-horizon eigrp 1
    tunnel source GigabitEthernet0/1
    tunnel mode gre multipoint
    tunnel key 4545
    tunnel protection ipsec profile OUR_IPSec_PROFILE
    !
    interface GigabitEthernet0/0
    ip address 67.xxx.xx.108 255.255.255.248
    duplex auto
    speed auto
    !
    interface GigabitEthernet0/1
    ip address 205.xxx.xxx.1 255.255.254.0
    duplex auto
    speed auto
    !
    interface Serial0/0/0
    no ip address
    shutdown
    !
    interface Serial0/1/0
    no ip address
    shutdown
    !
    interface GigabitEthernet1/0
    no ip address
    shutdown
    !
    !
    router eigrp 1
    network 10.0.0.0
    !
    ip forward-protocol nd
    ip http server
    no ip http secure-server
    !
    !
    ip route 0.0.0.0 0.0.0.0 67.xxx.xx.105
    !
    !
    !
    !
    !
    !
    !
    control-plane
    !
    !
    !
    !
    mgcp profile default
    !
    !
    !
    !
    !
    !
    line con 0
    exec-timeout 0 0
    privilege level 15
    logging synchronous
    length 58
    full-help
    line aux 0
    line 66
    no activation-character
    no exec
    transport preferred none
    transport input all
    transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
    line vty 0 4
    exec-timeout 0 0
    password xxxxxx
    logging synchronous
    login
    transport input all
    line vty 5 15
    no login
    transport input all
    !
    scheduler allocate 20000 1000
    end
  • ptlinvaptlinva Member Posts: 125
    Another idea...

    On the switch, instead of using SVIs and assigning them an IP, what about using router-on-a-stick with the uplink port on the router?

    Would EIGRP work in this fashion?

    Thanks!
    -Paul
  • ptlinvaptlinva Member Posts: 125
    RESOLVED: I was able to get the 3560 switch (DCSwitch) to neighbor with my router (DCRouter) WITHOUT going to a "no switchport" routed port. EIGRP works just fine on a switchport. You don't need to change it to a routed port.

    I then fixed my Tunnel issues by changing my local router to use the "ip nhrp map" and "ip nhrp multicast" ip address to the OUTSIDE interface of the DCRouter. Even though the INSIDE and OUTSIDE IP addresses assigned to my DCRouter are both public IPs and routable, the tunnel did not like using EIGRP with the switch while using the inside interface. I switched the tunnel over the outside interface and my woes went away...

    HURRAY! No errors yet and EIGRP is showing routes on both routers and switch.
  • DollarhydeDollarhyde Member Posts: 111
    Good job, I am glad you fixed it!
    ___________________________________________________________________________________________________________
  • theodoxatheodoxa Member Posts: 1,340 ■■■■□□□□□□
    ptlinva wrote: »
    I have a tunnel going to that router. Whenever I tried to add the "missing" network statement, it tears my tunnel down with a "Midchain parent maintenance for IP midchain out of Tunnel0, addr 10.100.100.1 - looped chain attempting to stack" error.

    Somethings make you go, "Hmm...".

    You don't want the underlay network to be advertised by EIGRP. When you include it, it becomes possible for traffic to the tunnel endpoints to be routed through the tunnel itself, creating a loop of sorts. You could block the underlay network from being advertised using a prefix/distribute list.
    R&S: CCENT CCNA CCNP CCIE [ ]
    Security: CCNA [ ]
    Virtualization: VCA-DCV [ ]
  • HondabuffHondabuff Member Posts: 667 ■■■□□□□□□□
    Since your using DMVPN, try using the "ip unnumbered" command for your tunnels.

    or this below. Then just use the passive interface command on the router and only broadcast on tunnel 0. Much easier and gre not needed on VTI tunnels anymore. Easier to scale and manage. Is you 2851 your hub router? I can show you a virtual template that would make a lot easier for you to build multiple spokes.

    !
    interface Tunnel0
    ip unnumbered vlan88
    no ip redirects
    ip mtu 1400
    ip tcp adjust-mss 1360
    tunnel source GigabitEthernet0/1
    tunnel mode IPsec ipv4
    tunnel protection ipsec profile OUR_IPSec_PROFILE
    !
    “The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln
Sign In or Register to comment.