Cisco WAN :: 7206 - EIGRP Behaviour Change In IOS 15.1(x)
Jan 24, 2011
I have a problem with spurious loss of EIGRP neighbour relationships following the introduction of some IOS 15.1(x) into our network. Here's a rough diagram of the topology in question.
Core sites - summarising out RFC 1918 address space to branch. Core routers are 7206s running 12.4(24)T3
Branch has a fractional Ethernet primary link (4Mbit/s) and 4 private ADSLs using CEF load-balancing (per packet) as a backup link (bandwidth 2Mbit/s to branch, 1Mbit/s to core) These links are on separate routers connected at 100Mbit/s. This topology has been in place for some years without issue.
We've recently started putting in 2900 series routers running IOS 15.1(x) instead of 2811s running 12.4(x) in the 2nd buildings - Routers X and W in the diagram. Following that change we're seeing regular loss of EIGRP neighbours on the ADSL links, errors logged as folllows;
Jan 24 16:30:14.192 UTC: %DUAL-5-NBRCHANGE: EIGRP-IPv4 2: Neighbor 10.121.31.114 (ATM0/0/0.1) is down: retry limit exceededJan 24 16:30:16.852 UTC: %DUAL-5-NBRCHANGE: EIGRP-IPv4 2: Neighbor 10.121.31.114 (ATM0/0/0.1) is up: new adjacency
EIGRP packet debugging indicates that router X is periodically attempting to send an EIGRP update to router B. Router B does not log receipt of this update, consequently does not acknowledge it, router X tries 16 times and tears down the neighbour relationship. It's brought back up a varying but small number of seconds later with the exchange of EIGRP hellos - which seem to be fine throughout.
I've been able to reproduce the problem as described by upgrading a working 2811 running 12.4(13a) to 15.1(3)T with no change in config. Downgrading it back to 12.4 again removes the problem. In fact, when running 12.4 the normal state is for no EIGRP updates to be generated by router X. I can contrive to force an update by configuring static routes on routers W,Y or Z and the updates are exchanged and acknowledged normally between router X and router B. If I shut down router X's LAN connections to router W and the adjacent switch, so router X becomes just a spoke on its ADSL links, the problem does not occur.
We only see the problem on ADSL links right now, I'm unable to confirm yet whether we'd see the same if it were another shaped Ethernet link connecting the 2nd building to the core.
The problem is also apparent when running IOS 15.0(1)M3 on router X.
I've gone through the Bug Report list on CCO and not found anything similar to this. The only documented significant difference in EIGRP defaults I can find between IOS 12.4 and 15.x is that no auto-summary is now default.That's not relevant here though because we explicitly turn it off in IOS 12.4.
So, what I could try to make EIGRP operate seamlessly with older IOSs on 15.x.
This issue is a bit confounding for me, but hopefully simple for one of you. I have two sites, one in Alaska and one in California, connected via 10mb QinQ service from an ISP in Alaska. The ISP is utilizing Verizon from Seattle south who is delivering the circuit on a DS3 here in California. The ISP gear on site here is a Tasman. The Tasman is directly connected to a Cisco 3845 G0/1 with a routing sub interface. In Alaska, the ISP is directly connected to a 6513 which in turn is connected to a 7206 with a routing sub interface. I cannot seem to get the 7206 and 3845 to come up as neighbors.
The 7206 receives the 3845's Hello and the 7206 shows the 3845 as a neighbor until the hold time expires. It does not see updates from the 3845 since the 3845 never sees a Hello from the 7206 and comes up as a neighbor to send an update. The 3845 does see EIGRP updates from the 7206, but no Hello. Pinging 224.0.0.10 from the 7206 does not get a response from the 3845, but it does get a response from many other sites/neighbors, including another site here in California with a nearly identical setup (same provider and gear). I am ableto ping between the devices' routing interfaces. Being QinQ, I don't believe the ISP could possibly be the issue (the circuit is clean and stable) as they don't filter any of our packets. There are no ACLs applied to these interfaces. The 3845 does have other EIGRP neighbors from sites over a TLAN around here in SoCal.
Why the Hellos may not be reaching the 3845? I have verified they're being sent from the 7206.
I configured 3750 A switch with vlan 20 and its IP address 192.168.20.41Its default gateway was 192.168.20.3Then i configured 3750 B switch with same default gateway and vlan 20 IP 192.168.20.43My question is now when we stack it becomes single switch and now vlan 20 ip address is 192.168.20.43 thats only IP i can see.So how does stack switch choose vlan 20 IP?Does it choose highest IP address between two switches if they have same vlan 20 as in my case?Also when i go to switch 3750 b by session command and do sh ip route it does not show ip default gateway .Also it shows vlan 20 as admin down .
I have been reading several posts in this forum to try to understand ACL behaviour on a standby HSRP 6500, I would be glad to get this cleared.I have two 6509 running HSRP for all Vlans...I created VLAN 100 with standby ip address 192.168.1.129 255.255.255.128
Active 6509 (SW01) ip is 192.168.1.130/25, priority 120 Standby 6509 (SW02) ip is 192.168.1.131/25
I have created a DHCP server on the standby 6509 only on the same VLAN 100 with a defaul router of 192.168.1.129 (i.e. the hsrp vip). I connected a pc directly to the ethernet port on the standby 6509 and put it under VLAN 100 and it obtained its ip 192.168.1.200 from the ios dhcp.Now I want to restrict this PC (and any other on its subnet) to access only a remote server 172.168.10.10 and nothing else. I have created the following access list, allowing traffic to the remote server, ospf and hsrp updates,ios dhcp...
Extended IP access list SWRES 10 permit ospf any any log (172 matches) 20 permit ip any host 172.168.10.10 30 permit ip any host 224.0.0.2 40 permit udp any host 255.255.255.255 eq bootpc 50 deny ip any any log (52 matches)
I have applied this ACL on both the 6509s under interface VLAN 100 ip access-group SWRES in
1. When I ping different subnets on the 6509s from the PC, I still receive icmp replies although I expected the acl to pass traffic destined for the remote server only. I do get deny log messages on the Active 6509, but not on the standby 6509 where the PC is connected.
2. Is permitting bootpc in the acl enough for IOS DHCP server and client operation? Do i need to explicitly permit access to the defaul-router configured in the DHCP, which happens to be the VLAN 100 gateway ip and hsrp vip as well (192.168.1.129)
3. I do get deny logs on both the 6509s from the PC trying to access the local VLAN 100 broadcast address on ports 137, 138.
%SEC-6-IPACCESSLOGP: list SWRES denied udp 192.168.1.200(137) -> 192.168.1.255(137)
I have DIR-615, connected via ethernet. I enabled port forwarding for Quake 3, using the range of 27660-27980 to account for custom server ports. Set schedule to "always" although also did "never" but it didn't make a difference. I checked the FAQs for frequent resets vis a vis application outbound requests, which recommended disable uPnP and this had no effect. Symptom: when Quake 3 attempts to connect to the Master Server, the router resets all connections, LAN and WLAN. It takes approximately 30 seconds to regain connection to WAN, although LAN does not drop. Also during this time, the world sigil on the router itself turns orange. This is the only time this happens, when trying to play Quake 3. Previous router to this one was Linksys (by Cisco) BEFSR41, in which simply setting up port forwarding for the client IP address allowed connection. I can find no particular reason why the router resets all interfaces when blocking a port, if it is indeed the firewall triggering this.
Other infos:
Model: Wireless N 615, DHCP enabled on both sides LAN connect: Category5 to 10/100 NIC onboard to Intel 865GBF Client firewall: none Client OS: Windows XP Professional SP3
In s SPAN session , normally the destination prt is used for monitoring purpose only. But could destination port be used to access the equipement or PC connected to that port , for a 2960 LAN BASE image switch .
I have two 7206 VXR routers with the VPN Service Adapter either side of a leased line (i.e. no provider between, pure layer two connectivity)A requirement is that traffic traversing the link is encrypted so I've configured an IPSec VPN between the two endpoints.During load testing we noticed a very severe performance hit when the VPN was enabled, disabling it again saw we were able to use almost 100% of the 1000Mbs line. The performance hit looks to be due to the increased MTU size when using IPSec, possible due to fragmentation.
I've read that the 7206 VXR can support 980Mbs (or there abouts) of throughput using AES providing the MTU size is 1400.Configuring this manually on each server in each data centre isn't feasible.As the link is effectively a point to point and we have control over the MTU size between the two routers, what options are available to increase the performance when the VPN is enabled?
I am attaching my current network topology, My problem is that i am having mpls & p2p link terminated on the 7206 router left side of diagram. now my problem is if i apply PBR on this 7206 router & tracer any host which are on right side of the diagram, it drops on IP 10.1.1.1..ideally it should go to my Core switch on right of the diagram.
I am having a Cisco 7406 VXR router. I want to know what is the max. MPLS link capacity that can be terminated on the link? We are planning to upgrade the MPLS link to 450 Mb..so was just wondering whether 7206 will support or not..
I have a problem in understanding how LLQ is implemented in different platforms of Cisco.QoS should kick in only when there is a congestion in the link irrespective of queueing / scheduling (LLQ and CBWFQ).But in certain platforms like GSR and IOS-XR, LLQ is confiugred only with priority and police command not with "prioirity percent <value>" command. In priority and police command since policer is used, LLQ is always on even there is no period of congestion. Of course with police you can re-mark the exceed traffic to different marking but thats not the requirement in my case.
In platforms like 7206, LLQ is configured with "prioirty percent <value>" which works ideally only when there is a period of congestion. When there is no congestion, LLQ class can use scanvenge other classes as well.Would like to know is there any specific reason why there is a difference in the implentation of LLQ between different platforms of Cisco.
I need to upload IOS c7200-advipservicesk9-mz.124-15.T16.binin 7206 NPE 400 router , As per cisco recommendation router should have DRAM : 256 MB ; Flash : 64I think my router contain only DRAM= 128 MB but not sure.
how much DRAM & Flash it contains.
Router1#sh versionCisco Internetwork Operating System SoftwareIOS (tm) 7200 Software (C7200-IK9S-M), Version 12.3(1a), RELEASE SOFTWARE (fc1)Copyright (c) 1986-2003 by cisco Systems, Inc.Compiled Thu 05-Jun-03 20:58 by dchihImage text-base: 0x60008954, data-base: 0x61E0C000
i did in past a lot of L2TP connection between two end point. in this case ans with 2911 series with ios 15 and DATA license Activated. the l2tp session does not establishe between a this 2911 and 7209. Attached is topology file and bellow the configuration of both router.
I have a lot of cisco 7206 vxr deviceses. I have a high cpu problem.I have a 7206 vxr g2. I used to use ebgp for three upstream carrier. I used to bgp full route table method. I have about 800 Mbps active traffics and behing the router about 1600 active customers.
How can I trouble shoot this high cpu problem?
#sh int gigabitEthernet 0/1 GigabitEthernet0/1 is up, line protocol is up Hardware is MV64460 Internal MAC, address is 000c.cf1d.d01b (bia 000c.cf1d.d01b) Description: ***** GW Interface ***** [Code]....
In Cisco 7206 VXR (NPE-G2) router , the CPU utilization is at an 80-90% always , but none of the process is consuming not more than 1%. In the show stacks output we are observing network interface interrupt is called very frequently. so what does network interface interrupt is about. Logs for the reference: show process CPU sorted
CPU utilization for five seconds: 88%/88%; one minute: 89%; five minutes: 89% PID Runtime(uS) Invoked u Secs 5Sec 1Min 5Min TTY Process 1 0 72 0 0.00% 0.00% 0.00% 0 Chunk Manager 2 20020000 17159 1166 0.00% 0.02% 0.01% 0 Load Meter [Code]...
I have a scenario with a Cisco 6506 and a 7206. The 6506 is running BGP and peers with our data center router. The 7206 is a stub router off the 6506 and is used as an edge router for customer T1 circuits. I want to use OSPF between the routers to exchange connected and static routes. The problem I have is that static BGP null routes on the 6506 are overriding the OSPF routes being received from the 7206. Example: The 6506 is advertising a class C network 192.168.1.0/24 to our data center. The 6506 does not utilize the 192.168.1.0/24 network. It is only used on the 7206 for customer T1 circuits and is carved up into /29 subnets. So the 6506 has a static route: ip route 192.168.1.0 255.255.255.0 null 0. Today the routing is accomplished with static routes on the 6506 for the 192.168.1.0 networks on the 7206. Using OSPF the 7206 advertises /29 links back to the 6506, but when I withdraw one of the /29 static routes from the 6506, the /24 null route takes precedence over the more specific /29 routes and the traffic is black-holed on the 6506. how can I get the OSPF routes to look preferable to the /24 null route on the 6506?
I would like to find out what the status is of the Cisco 7204 VXR and 7206 VXR routers?I understand they are EOLife and EOSale.Are they also EOSupport? we planning to upgrade 3 of them in our environment and management requires feedback around this.We thinking of going the ASR1000 route..
One of end costumers is trying to configure IP Accounting on 7206 running version 12.4(4)XD8,The issue we are having is that while the physical interface is up (the sub interface is part of a metro line which is directly connected) we dont see packets being accounted if the destination IP is down.
We have a router (7206) which connected to client device in /30 IP segment, but this device is a switch which connected to many more devices. Doing packet capture on our router interface unravel many ARP requests whcih comes from the client switch. Is there any feature or command which we can stop this?
I have an outside 7206 router that is configured with BGP. Behind that I have an ASA 5520 with a failover. Everytime my primary ISP goes down I have to failover the ASA to restablish a connection to the secondary ISP. When the primary comes back on line I have to fail it over again. I have had Cisco TAC look at the ASA and they didn't see anything misconfigured on the ASA. Doesn't seem to be any problems with the router config either.
I have problem with the WAN Router 7206. It has been reloaded automatically 2 times since yesterday. [code] I have already put this message to the output interpreter and the solution is upgrading to the latest IOS. But, when I search in the Bug Toolkit about SegV problem, this bug status is still "Open". So, how can I upgrade to the latest IOS if the status of this bug is still open?
We have a router (7206) which connected to client device in /30 IP segment, but this device is a switch which connected to many more devices. Doing packet capture on our router interface unravel many ARP requests which comes from the client switch.Is there any feature or command which we can stop this?
I have configured below SNMP v3 commands in Cisco Router 7206VXR (NPE-G1) . I have tested with all option but it is not working . SNMP server is a SNMPc tool and I have configured user name and piv and authentication credential correctly in both side . Same configurations is working for all Cisco switches but not working for Cisco Router.
SNMP V3 configurations:
access-list 20 permit 43.194.10.0 0.0.0.255 snmp-server view readview iso included snmp-server group readonly-group v3 priv read readview access 20 [ code]....
Router :
Host Name# sh versionCisco IOS Software, 7200 Software (C7200-ADVIPSERVICESK9-M), Version 12.2(33)SRD7, RELEASE SOFTWARE (fc1)[ code]...
ROUTER#sh run | i ip cefip cef table event-logip cefip cef accounting non-recursive load-balance-hash ip cef accounting non-recursive external >snip<
ROUTER#conf tEnter configuration commands, one per line. End with CNTL/Z.ROUTER(config)#no ip cef accounting non-recursive load-balance-hashCommand authorization failed.
% Incomplete command.
ROUTER(config)#no ip cef accounting non-recursive load-balance-hash ?% Unrecognized commandROUTER(config)#^Z
cisco 7206VXR (NPE-G1) processor (C7200-JS-M), Version 12.3(10c)
How do I remove "ip cef accounting non-recursive load-balance-hash" from the config. I'd like to leave the box as I found it. Is it to do with an authority level or something more?
I have a 7206 VXR router between a several Mikrotik routers on our backbone. We have the Mikrotiks on both sides of the CIsco 7206VXR setup for MPLS/VPLS. I need to simply setup the 7206 to pass the MPLS/VPLS tagged packets to the next router on the link. We are using OSPF as the routing protocol. I am told by our Mikrotik guy that I just need to enable LDP and VPLS tunnels 4:0 on the 2 gig interfaces on the 7206VXR to let it pass the MPLS/VPLS traffic. It sounds simple but I'm not sure how to do this.
Any commands I need to imput to allow this router to pass this MPLS/VPLS traffic.
We have a 7206 router which acts as a MPLS Hub router for around 100+ remote locations. Bandwidh at mpls hub(terminated on this router) is 50 Mbps.
We have noticed that Memory utilization in this router gradually increases and when it reaches 100% this router hangs. It happence in frequesncy of 10 days and we have to restart the router when memory is 100%.
CPU utilization is normal i.e below 20%, WAN bandwidth will never cross 30mbps.
We could not able to upload an IOS for 7206 router with NPE-150 via xmodem as there was no image available in flash it is in rommon mode. But same can be done in 1841. So how to upload an image in flah for 7206 via xmodem.Where the IOS will be stored in 7206, wethet in flash or NPE. If it's in flash what for NPE used other than for routing engine capabilities.
We have a Cisco 7206 VXR Router with NPE-G2. As everybody aware that, It has got 3 x Gigabit Ethernet Ports on this. We would like to add Two more Copper Gigabit Ethernet Interfaces. The Configurator does not show any options to add that.Now we have a doubt that, Does this 7206 VXR support how many Copper Gigabit Ethernet Interface ?. There is no clear answer available in the Data Sheets.
i have a cisco router 7206 ,when i create subinterface with ip , the router hangs , and all interfaces are down ,i just remove interface gi0/1 and plug it again, what is the relaiton between subinterfaces and hanging routers> the problem occurred when i configured sub-interface on GI0/2. [code]