cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
607
Views
10
Helpful
16
Replies

So Called Unnecessary Routes in the Access Layer Switch

mrashby
Level 1
Level 1

All,

I have my network up and passing traffic between the access, distribution, and core switches okay. We built the network based off of one of Cisco's High Availability network design documents. I was reading further in the document and it says that it is unnecessary to have all of the external routes, and it is a lot of external routes, on the access layer switches. The document claims that it doesn't serve a purpose.

Now my first question is why do they not serve a purpose? If the admin distance of the external EIGRP routes are higher wouldn't the traffic just be routed via the internal EIGRP routes down to the distribution switches since those are the next hop, or is my thinking not right?

My second question is how do you stop the access layer switches from receiving all of those unnecessary routes?

1 Accepted Solution

Accepted Solutions

Mario is correct. If you want your access switches to have only one route, a default route, then the summary address is what you want but if you require more than i would look in to distribute lists.

Put the IP Summary address on the distribution switch, which will "advertise" a default route to the access switches. if you run a show ip route on the access switches you will only see a dynamic default route.

btw, you have 6509's as access switches???!!! I wish i had your budget! lol!

View solution in original post

16 Replies 16

cowetacoit
Level 1
Level 1

It is not necessary because the access layer switches should be configured as EIGRP STUB. Meaning the only other switch you have connected to them is the distribution. Those access layer switches do not need the entire routing table of your network. Only a default route back to the distribution switch or HUB. If i understand you correctly, you want to "inject" a default route to all of your EIGRP STUB access switches to shrink the routing table? So if you do a show ip route on your access layer switches you will only see a dynamic EIGRP default route?

ex:

D* 0.0.0.0/0 [90/3072] via 10.0.0.1, 00:35:20, Vlan5

Try this command on the interfaces on your distribution layer. This can be configured on a physical interface or SVI.

ip summary-address eigrp 100 0.0.0.0 0.0.0.0 5

I had a similar problem and this corrected it. It may be different in your case due to lack of information like show run and show ip eigrp commands

http://www.cisco.com/en/US/docs/ios/12_0/np1/configuration/guide/1ceigrp.html

Richard Burts
Hall of Fame
Hall of Fame

Mario

I am not sure that we have enough information about your environment to accurately answer your questions. In general the access switch probably needs routes for any locally connected subnets/networks and then needs only a default route pointing to the distribution switch. What other routes would you want the access switch ot have in its routing table?

In terms of your specific questions:

1) If the access switch had a default route to the distribution, what purpose does it serve to have specific external routes in the routing table of the access switch?

Further, your question asks if you would not just route using the internal EIGRP routes since their administrative distance is more attractive. But would you have the same destination route as an external and also as an internal route? (you would not have the same destination as both internal and external - EIGRP will put one or the other but not both internal and external for the same destination)

2) If you want to stop the access layer from receiving all the unnecessary routes you would generally configure a distribute list on the distribution router to limit the routes advertised to the access switch.

[edit] the suggestion by Michael of using a summary-address command to inject a default route and to also suppress other routes being advertised is also a good possibility.

HTH

Rick

HTH

Rick

Hey guys sorry about the documentation see the attached diagram.

In the diagram all of my access swithes come down into my dist 1 and dist 2, simple enough. On my access swithces I am getting stuff from all over the WAN. So if I understand you correctly the access switches only need to know how to get to the distribution switches? I can accomplish this by either using a distribution list on the distribution router or use the summary-address command on the access switch to achieve the desired results?

Here is the config from my access switch

!

interface GigabitEthernet7/48

description HOST PORT

switchport

switchport access vlan 40

switchport mode access

switchport port-security

switchport port-security maximum 3

switchport port-security aging time 2

switchport port-security violation restrict

ip arp inspection limit rate 100

spanning-tree portfast

spanning-tree bpduguard enable

ip dhcp snooping limit rate 100

!

interface Vlan1

no ip address

!

interface Vlan40

ip address 16.11.45.4 255.255.255.0 secondary

ip address 16.11.40.4 255.255.255.0

ip helper-address 16.11.1.2

ip helper-address 16.11.4.1

no ip redirects

ip pim sparse-mode

ip igmp snooping fast-leave

!

router eigrp 1

redistribute connected

passive-interface default

no passive-interface TenGigabitEthernet5/1

no passive-interface TenGigabitEthernet6/1

network 16.11.7.6 0.0.0.3

network 16.11.7.0 0.0.0.3

auto-summary

eigrp stub connected summary

!

ip classless

!

!

no ip http server

no ip http secure-server

ip pim rp-address 16.11.1.2

ip pim autorp listener

!

!

!

radius-server source-ports 1645-1646

!

control-plane

!

!

dial-peer cor custom

!

!

!

I think you have two good options. The injecting a default route by the ip summary address command or the distribute list. I do not have much experience with distribute lists that is why i suggested using ip summary address. I had a similar problem where i didn't want anything but a default route on my access switches. but a distribute list can probably filter out certain routes and allow others.

since I haven't used this command before do I apply this command to the access switches or to the distribution switches?

Mario

Both solutions seem capable of solving your requirements. In some circumstances one approach may be better and in some other circumstances the other approach may be better.

Certainly if you need to advertise some routes but not others then the distribute list would seem to be best. If the distribution router is learning a default route from the core, I would suggest that the distribute list might be better than the summary address (since the summary address will generate its own default route with a default administrative distance of 5, which would make it more attractive than the learned default route). In some other circumstances it may be preferable to create the default route with the summary address command. (and note that the summary address would be configured on the distribution router and not on the access router)

HTH

Rick

HTH

Rick

Mario is correct. If you want your access switches to have only one route, a default route, then the summary address is what you want but if you require more than i would look in to distribute lists.

Put the IP Summary address on the distribution switch, which will "advertise" a default route to the access switches. if you run a show ip route on the access switches you will only see a dynamic default route.

btw, you have 6509's as access switches???!!! I wish i had your budget! lol!

Rick,

I have a question. I configured the ip summary command on the distribution switch uplink for my 4th floor closet. I went to the switch on the 4th floor to check the routing table and the routes were summarized, it was perfect. But then my other access switches lost their default gateways. Do you know why this happend. Here is the command I used on the distribution interface uplink for the 4th floor closet.

ip summary-address eigrp 1 0.0.0.0 0.0.0.0 5

send a sample config of those other access switches. from the diagram you posted, when you say "other access switches" are you referring to the 6509's? Did you have ip default-gateway configured on them? You don't need that, i would at least put ip route 0.0.0.0 0.0.0.0 x.x.x.x if you're not summarizing the routes to those switches.

Also...are the links between the Distribution and access in l2 or l3?

Yes when I say other access switches I mean the ones in the diagram. what happen was that the access switches on the other floors had routes in the routing tables but they weren't getting their default gateways from the distribution switches like they should. All links in the diagram are L3. I got the results I wanted I just don't know why it affected the other access switches the way it did.

Mario

If we get some more detail about your network we might be able to have a more definitive answer (perhaps configs, but more useful would be the output of show ip route on the distribution switch from before the summary address was applied and again after it was applied).

But I have a theory about what caused this. I referred to this in an earlier post when I said "since the summary address will generate its own default route with a default administrative distance of 5, which would make it more attractive than the learned default route"

I believe that what happened is this:

- the distribution switch was learning a default route (from the core) and advertising that default to the other switches. The administrative distance of that learned default route might have been 90 or might have been 170 depending on how the default was generated. And the learned default route was pointing to core as the next hop.

- when you configured the summary address it generates an entry in the routing table for 0.0.0.0 and this entry has AD of 5 and this entry has null 0 as the next hop.

- the generated default (with AD of 5) replaced the learned default in the routing table.

- since the learned default route was no longer in the routing table the distribution switch will no longer advertise the default route to the other switches.

HTH

Rick

HTH

Rick

Rick hope this information explains the situation. My question is then do I have to configure the ip summary command on all the interfaces on the distribution switches to fix this problem?

--Routing Table from my 2A access switch with the ip summary command on the Distribution switch interface--

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 17 subnets

D EX 1.2.2.1

[170/569600] via 65.10.17.14, 02:45:49, GigabitEthernet1/0/26

[170/569600] via 65.10.17.10, 02:45:49, GigabitEthernet1/0/25

D EX 1.2.3.1

[170/569600] via 65.10.17.14, 02:45:49, GigabitEthernet1/0/26

[170/569600] via 65.10.17.10, 02:45:49, GigabitEthernet1/0/25

D EX 1.4.5.2

[170/569600] via 65.10.17.14, 02:45:48, GigabitEthernet1/0/26

[170/569600] via 65.10.17.10, 02:45:48, GigabitEthernet1/0/25

D EX 1.2.3.2

[170/569600] via 65.10.17.14, 02:45:49, GigabitEthernet1/0/26

[170/569600] via 65.10.17.10, 02:45:49, GigabitEthernet1/0/25

--Routing Table from my 2A access switch without the ip summary command on the Distribution switch interface--

Gateway of last resort is 65.10.17.14 to network 0.0.0.0

1.0.0.0/32 is subnetted, 17 subnets

D EX 1.2.2.1

[170/569600] via 65.10.17.14, 02:56:40, GigabitEthernet1/0/26

[170/569600] via 65.10.17.10, 02:56:40, GigabitEthernet1/0/25

D EX 1.2.3.1

[170/569600] via 65.10.17.14, 02:56:40, GigabitEthernet1/0/26

[170/569600] via 65.10.17.10, 02:56:40, GigabitEthernet1/0/25

D EX 1.4.5.2

[170/569600] via 65.10.17.14, 02:56:40, GigabitEthernet1/0/26

[170/569600] via 65.10.17.10, 02:56:40, GigabitEthernet1/0/25

D EX 1.2.3.2

[170/569600] via 65.10.17.14, 02:56:40, GigabitEthernet1/0/26

[170/569600] via 65.10.17.10, 02:56:40, GigabitEthernet1/0/25

--Distribution 2 Switch Closet 2A Uplink--

interface TenGigabitEthernet3/1

description Link to HQ4A-2 TenGigabit6/1

ip address 65.10.17.22 255.255.255.252

ip pim sparse-mode

ip summary-address eigrp 1 0.0.0.0 0.0.0.0 5

carrier-delay msec 0

--Distribution 1 Switch Closet 2A Uplink--

interface TenGigabitEthernet3/1

description Link to HQ4A-1 TenGigabit 5/1

ip address 65.10.17.18 255.255.255.252

ip pim sparse-mode

ip summary-address eigrp 1 0.0.0.0 0.0.0.0 5

carrier-delay msec 0

--Routing Table from my 4A access switch with the ip summary command on the Distribution switch interface--

Gateway of last resort is 65.10.17.22 to network 0.0.0.0

65.10.0.0/30 is subnetted, 2 subnets

C 65.10.17.16 is directly connected, TenGigabitEthernet5/1

C 65.10.17.20 is directly connected, TenGigabitEthernet6/1

D* 0.0.0.0/0 [90/768] via 65.10.17.22, 00:00:42, TenGigabitEthernet6/1

[90/768] via 65.10.17.18, 00:00:42, TenGigabitEthernet5/1

Mario

While this output is not quite enough to prove that my theory is right I think that it does support my theory. It does clearly show that without the summary address configured the distribution switch is advertising a default route to the access switch and that with the summary address configured that the distribution switch is not advertising a default route to the access switch. So there does seem to be a cause and effect relationship between configuration of summary address and not advertising of default route to access switches.

To really prove my theory we would need the output of show ip route on the distribution switch when the summary address was not configured (and I would expect to see a default route with the core as the next hop) and then the output of show ip route on the distribution switch with summary address configured (and I would expect to see a default route with next hop of null 0).

The good news is that there is a simple and effective solution for this. A slightly different version of the summary address will solve this. Try configuring this on the distribution switch interface:

ip summary-address eigrp 1 0.0.0.0 0.0.0.0 250

I believe that this will resolve the issue.

(and of course if the solution had used distribute-list instead of summary-address there would not have been any issue of disappearing default routes)

HTH

Rick

HTH

Rick

Rick,

I will try this. Thanks for your help thus far.

Mario

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: