Cisco WAN :: EIGRP In ASR 1001 Does Not Receive All Route
Aug 8, 2012
We have problem con EIGRP and two ASR 1001 in High Availability. ASR2 have received all route (100 route) from PE, but in ASR1 doesnt received all route (75 route) from PE or from other ASR02. All PE have all route. The ASR1 when modify or lost some route dont update to the ASA. see diagram.
Is there a loop between 192.168.99.191 and .192 (this are two routers with hsrp .190) or is this normal behavior when using trace route on an asr 1001?
I config the routers with EIGRP and also write Static route between two PC before remove the link between router0 and router1 , destination is reachable , but when remove this connection , packet from pc1 to pc0 will drop in a loop and never reach to destination , is it possible to have a Link state routing protocol and static route at the same network like this scenario , how to prevent loop in this topology static route is configure as bellow :
I have an ASA 5520 connected to a Cisco 6509E, and we're turning up EIGRP between the two. The problem that I'm running into is that there a few static routes (including a 0.0.0.0) on the core that's being redistributed into the EIGRP AS, and I need to block this from being propagated to the ASA. The ASA only has the capability to use an ACL in conjunction with a distribute-list, and I can't find a way to filter the default route (0.0.0.0 /0), while allowing everything else.
I have a customer with a primary datacenter and DR datacenter, that has a P2P 100Mbps link connection between them. At the primary Datacenter there will be a Nexus 5596U with a L3 card running EIGRP, it will have three connections, one nothbound to the Internet not a problem, the other is north bound to an MPLS SP managed ISR router. Both datacenters will have MPLS SP managed ISR router, the MPLS service provider will be redistributing BGP into EIGRP from their ISR routers at both datacenters. This means we will learn external EIGRP routes with an AD of 170.
Connected to my 5596 southbound will be the SAN for the EMC storage traffic, the DR also has a SAN with EMC storage as well. The 100Mbps P2P link is primarily for replication traffic.
Since the Nexus 5596U with L3 module doesn't support PBR I have to figure a way for replication traffic to prefer the 100Mbps P2P link vs the MPLS cloud. I was thinking of running iBGP over the P2P link with the Nexus 5596 being a route reflector and it's iBGP peer which will be a Catalyst 3750X at the other end of the P2P link being the route-reflector client. That way both iBGP peers will exchanged learned routes.
I have to come up with a way for the replication traffic that comes sourced from the IP addresses of the EMC/storage to prefer the P2P link which will have an AD of 200 from iBGP in the routing table vs the external EIGRP traffic that has an AD of 170 in the routing table. All other traffic will route normally across the MPLS cloud. All other traffic will include client server traffic as there are application servers that sit south bound of the Nexus 5596, the client traffic will come inbound to the datacenter via the MPLS cloud.
I don't have a Nexus 5596 to do a mock lab. My thought is to redistributed connected with a route-map in EIGRP on the Nexus 5596 with a two match statements then set the IP next hop to the IP of the 3750X. I would need to select only replication traffic, so I was thinking if I can match on vlan and next-hop then my set command would be the next-hop of the 3750X.
I have a mixed WAN environment with both eBGP and EIGRP routes. The BGP routes should always take precedence, when they exist. If no BGP routes exist I want the router to fail over to using the EIGRP routes. So far, this works fine.
The problem is, when the BGP route again becomes available (and the associated entry appears in the "sh ip bgp ... received-routes" output) the router is NOT relinquishing the EIGRP route. It remains in effect, showing as a "D" route int the route table even though there is a better ("B") route available. If I bounce EIGRP or the interface associated with it, the EIGRP route disappears and the BGP route reasserts itself, and everything will run correctly until the next time the BGP route disappears due to maintenance, line failure, etc.
My router is (C2900-UNIVERSALK9-M), Version 15.3(1)T
Here's the associated config interface Tunnel101 description VPN backup WAN interface bandwidth 7168 ip address 192.168.75.1 255.255.255.0 [code].....
In EIGRP, if a router loses the successor to a route, and it has no FS, it goes active (starts asking all neighbors if they have a successor for that route).But if the neighbor did have a successor, shouldn't they have pro-actively told us about it when they learned it (so we already have it as the Feasible Successor?).
I have a 3750 at a branch running EIGRP connected to two routers that both have configured:
access-list 1 deny 0.0.0.0 access-list 1 permit any access-list 2 permit 0.0.0.0 access-list 2 deny any
router eigrp 1distribute-list 1 out FastEthernet0/0distribute-list 2 in FastEthernet0/0
Due to this recently applied config the switch become unreachable from the outside and cannot ping anything. Everything connected to it works fine. I was able to remote into it from a switch behind it and noticed that the 3750 has no default route in the routing table. I do see a default route in the eigrp topology table. How to make the switch learn a default route maintaining the existing configuration on the routers.
I'm trying to create a route-map for an EIGRP Distribute list on a N7K, the goal is to not advertise a 10.0.0.0/8 and 172.31.30.20/32 networks out a link to a remote site while permitting all other traffic to the internet (default). I configured the ACL/route-maps below and applied them outbound on the N7K interface but no subnets at all are being received on the remote site router.
ip access-list DENY_10.0.0.0 10 permit ip any 10.244.244.20/30 <<--WAN interface network 20 deny ip any 10.0.0.0/8 25 deny ip any 172.31.30.20/32 30 permit ip any any
I'm attempting to redistribute a static route into EIGRP on a 3750 switch and pass it to an upstream router, sadly however this isn't working, or at least the route isn't being recieved on the upstream router. [code]
We are deploying a new office in the building next to our main office. The main office has a Cisco ASA 5510 behind that is a Cisco 3750 stack. In the new office we are deploying a new Cisco 3750, they will be connected via fiber cable. I have sliced off VLAN 800 as a transit link /30 with an address space of 10.249.249.1-4. The new 3750 only has two VLAN's 800 and 112 (10.112.0.0/24). VLAN 112 routes are advertised to the neighboring 3750 properly as seen in the routing tables of the 3750 stack:
D 10.112.0.0/24 [90/3072] via 10.249.249.2, 00:22:24, Vlan800
Traffic passes between all local VLANS with no issue. I found in order to get packets to pass between the ASA and the new 3750 I had to add a static route to the ASA:
S 10.112.0.0 255.255.255.0 [1/0] via 10.100.0.1, inside
My question is why is EIGRP not advertising the 10.112.0.0 network to the ASA. Here are EIGRP configs on the switches
Is it possible to track a IPSLA operation and if it goes down track a static route which will be removed from EIGRP process. I have read through documentation and have come stuck. I have the below configured and have shown the features installed. How would I go about getting the below static route injected into EIGRP only if the IPSLA operation in ok?
I have an issue with my setup of a 6500 switch (12.2(33)SXI9).We have a 6500 switch with several VRF's. For a certain VRF I would like to redistribute a static route in EIGRP. After doing so I don't see the static route on my eigrp neighbor.
This is a overview of my config. I'm basically redistributing only my static route for this vrf in eigrp.
I found a similar case in which the solution was adding a metric to the static route. (eg. redistribute static route-map static-eigrp-pp metric 10000 100 255 1 1500). But the strange thing is that we don't have this issue on a similar machine (same IOS, same config setup). [code]
It looks like the deny statement is not working as I can see all routes I am redistributing. I even did a deny on a specific route and I still see it in the routing table on another router in the autonomous system.The same below works fine on IOS platform. [code]
I've an ASR1001 with 15.1(2)S code on it connected to out ISP, we've been get some complaints about performance and I'm seeing drop on the output policy. Checking the bandwidth consumption we have plenty spare when drops are occuring, there's 300Mb/s. Details below, any suggestions gratefully received
The policy is to guarantee the following bandwidth: Outbound policy: class 1 => 50% guaranteed class 2 => 8% guaranteed class 3 => 1% guaranteed class 4 => 5% guaranteed class 5 => 1% guaranteed class 6 => 5% guaranteed class => 7% guaranteed class 8 => 7% guaranteed class default => not configured
config :
policy-map priority class 1 priority percent 50 class 2 priority percent 8 class 3 priority percent 1 class 4(code)
i have 1001 ASR which boots up ok but shows a warning "filesystem is not clean" and thereafter the image is validated well, it shows up the following two messages and just goes idle from there. [code]
We are going to purchase ASR 1001 with ipbase, BGP is our basic requirment if we purchase ipbase(SLASR1-IPB) it will support BGP.
ProductDescriptionASR1001Cisco ASR1001 System,Crypto, 4 built-in GE, Dual P/SASR1001-PWR-ACCisco ASR1001 AC Power SupplyCAB-IND-RAPower Cord India, Right AngleSASR1001UK9-32SCisco ASR 1001 IOS XE - ENCRYPTION UNIVERSALSLASR1-IPBCisco ASR 1000 IP BASE LicenseM-ASR1K-1001-4GBCisco ASR1001 4GB DRAM
I just need to start building the configuration of an ASR 1001 but I do not know how gigabitethernet interfaces are named on these routers? Are Gi0/0/X or Gi0/X ??
I am replacing my 2900 Internet router with a ASR 1001. I am really not doing anything to fancy on the configuration just routing traffic from the internal LAN to our ISP connection. With the new ASR 1001 there is a configuration for VRF Definition Mgmt-Intf do I do anything with this? There is also a interface for vrf forwarding. At this point we are just running IPv4. The plan was just to configure the GigabitEthernet interfaces but I wanted to make sure if I should try and configure VRF.
We have an existing WAN connection from a Cisco 2821 router to Time Warner with a single mode fiber connection using the following SFP:We have a ASR 1001 router configured to replace the 2821 router. When I connect the fiber into the ASR 1001 router the link does not come up. I have used the above SFP without success and the following SFP.I have seen Cisco documentation that only certain SFP modules are compatible with ASR router, but I believe the second SFP I listed is compatible. As a test, I connected my ASR router to a 3750 switch using long haul SFP modules on each end so I know the SFP module works. The only downside to this test is I only had a multi mode patch cable. Are there specific settings on the ASR interface that need to be set to allow this connection?
I have an issue with an ASR 1001. The problem occurs with MQC shaping applied to a gigabit interface in the outbound direction. The CIR of the provider we are using is 100Mb/sec, so we are shaping to that value. However when reported traffic levels are about 60Mb/sec, we see a steady increase in output drops. [code]
I have also tried increasing the hold queue, however this does not work with the drops. Increasing the shaping rate to 200Mb/sec gets rid of almost all the drops (not quite all!) but is not what we need. I think that we should see some drops when rates spike above 100mb, however the amount we are seeing seems excessive?
This would be the first time I will be working on NCS for a client. There is completely a new install and I was just doing my reading to get my head around the overall working of the product. I had a small Q in mind which I wanted to ask here, while going the config guide, i could not find the way to add a router to the NCS prime. W have ASR 1001 in use along with switches. I read in some forum that NCS supported routers but couldnt find the way in the config guide unless i am missing somewhere. The NCS version is 1.0
I have a need to capture traffic on an ASR 1001 subinterface, but what I have found is that the Embedded Packet Capture feature is not supported on this platform. Are there any simple alternatives to capture egress traffic on a subinterface or am I SOL? This is a walk in the park on normal IOS routers...
I'm trying to configure Tacacs on Cisco ASR1001, and the Tacacs server is Cisco ACS v3.3, the ACS won't pass the authentication, complaining bad request from NAS, key mismatch - which I compared millions of times on both ASR and ACS sides. [code]
A customer recently purchased an ASR 1001 under the impression it could replace their old 3662 router and ASA 5505. The ASA is configured for their SmartFilter proxy server (N2H2), and I am having a heck of a time finding any documention on how to configure this. I found the following: To use SmartFilter with Cisco IOS firewall, install the SmartFilter componentsand use the IFP plugin (off-box). To configure the Cisco IOS for SmartFilter,use the Cisco document Firewall N2H2 Support located on the Cisco Web site,[URL]Well, I found the Firewall N2H2 Support document [URL], but the ip inspect command doesn't seem to work on the ASR. Is there any way to make this work or does the ASA have to stay in line?...
I've enabled antispoof on all interfaces on asa 5510.If you start a traceroute to a network on the default route, everything works, since replies comes to an interface with route 0.0.0.0/0 defined.If you start a tracer route to a network that is NOT on the default route (let's assume coporate MPLS), you only get response from first carrier router, the other are discarded because of anti spoof violation.
I have ICMP inspection and icmp-error inspection enabled.
i want to apply a QOS for my trafic LAN, in my ASR 1001 , the LAN is connected with ge0/0/0 interface and it configured with the service instance to bridge vlan 1 ( i do that for OTV ) i put service policy in "service instance 1" to marking data with ef31 but i noticed that the class "plateform_datacenter" match the trafic and the ACL associate to this class not mach any trafic trafic !
tha policy-map march trafic for Datacenter : sh policy-map interface gigabitEthernet 0/0/0 service instance 1 GigabitEthernet0/0/0: EFP 1 Service-policy input: MARKING-OTV Class-map: Platforme_DC (match-any)
I have problems to configure CBWFQ on a ethernet sub-interface on a Cisco Router ASR 1001. Then I applied the policy in the physical interface but it should be is in the sub-interface. How can I configure CBWFQ on sub-interface in ASR 1001. (version 3.02).
Error Messages:
CBWFQ: Not supported on subinterfaces and efps
This the final output:
interface GigabitEthernet0/0/0 description Conexion WAN bandwidth 153600 no ip address load-interval 30 no negotiation auto
My company has purchased a second ASA for fail over reasons and I'm needing to attach it to my core router (ASR 1001). Currently I'm running the connection between my ASA and my Core as a /19 ie. ASA-10.10.10.2/19 -- ASR-10.10.10.1/19. I know the 2nd interface on the ASR will need to be on a different network segment then the first connection (10.10.10.1/19). What would be the best way to segment this out with out breaking up my /19?
Run /30 segments for each interface? Use a VLan ?
I don't want to use up my Internet rout able IP's on /30 segments. Attached diagram.