cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1371
Views
0
Helpful
8
Replies

EIGRP updates error between fwsm and msf

franpena2008
Level 1
Level 1

Good morning,

I receive eigrp routes from provider on an fwsm interface.

Some of these routes do not advertise to msfc on 6500.

example) i receive routes 10.100.0.0 , 10.22.0.0, 10.60.0.0 etc in fwsm

in msf I only receive 10.100.0.0 , 10.22.0.0 but nothing about 10.60.0.0...

no eigrp filter between fwsm and msf

any idea?

Regards

Fran

8 Replies 8

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Fran,

how are you using the FWSM? transparent mode or routed mode?

does the FWSM speak EIGRP in your setup?

Hope to help

Giuseppe

Routed mode,

Yes firewall speak eigrp in the two interfaces.

Most of 10.X.0.0 routes are received by 6500 but I have detected at least one that is not (10.60.0.0)...

Thank you for your help.

Fran

Hello Fran,

look at the EIGRP topology table for the missing IP prefix on the FWSM and on the MSFC.

for example a duplicated EIGRP router-id could prevent the MSFC from installing the route if it is an external EIGRP route.

you could even think of using specific EIGRP debug commands to see the update process on the MSFC.

Hope to help

Giuseppe

Hello I think the problem could be related with eigrp between 2 6500.

There are two links between them,

Checking the neighbors table i see nei 172.16.1.5 and 172.16.1.1 which

is the same 6500 configured with eigrp router-id 10.153.1.247

Is this normal? i think it should appear just one entry 10.153.1.247

instead 172.16.1.5 and 172.16.1.1...

sh ip eigrp neighbors

IP-EIGRP neighbors for process 10

H Address Interface Hold Uptime SRTT RTO Q Seq

(sec) (ms) Cnt Num

3 10.163.1.249 Vl301 13 23:35:21 1 200 0 13100

2 172.16.1.5 Gi8/48 10 1d23h 1 200 0 132763

1 10.163.1.247 Vl301 11 1d23h 1 200 0 5464

0 172.16.1.1 Gi7/48 13 1d23h 1 200 0 132762

the nei topology in the other 6500:

sh ip eigrp neighbors

IP-EIGRP neighbors for process 10

H Address Interface Hold Uptime SRTT RTO Q Seq

(sec) (ms) Cnt Num

0 10.153.1.249 Vl301 14 23:41:27 1 200 0 26049

3 172.16.1.6 Gi8/48 11 1d23h 1 200 0 109706

2 172.16.1.2 Gi7/48 13 1d23h 1 200 0 109707

4 172.16.3.241 Gi8/47 13 20w6d 1 200 0 75844

1 10.153.1.246 Vl301 12 20w6d 1 200 0 72748

2010/5/18 giuslar :

FRAN PENA MARTINEZ,

>

A new message was posted in the Discussion thread "EIGRP updates error between fwsm and msf":

>

https://supportforums.cisco.com/message/3074714#3074714

>

Author  : giuslar

Profile : https://supportforums.cisco.com/people/giuslar

>

Message:

Hello Fran,

>> Checking the neighbors table i see nei 172.16.1.5 and 172.16.1.1 which

is the same 6500 configured with eigrp router-id 10.153.1.247

Is this normal? i think it should appear just one entry 10.153.1.247

instead 172.16.1.5 and 172.16.1.1...

This is normal because EIGRP use of router-id is limited in comparison to OSPF, so you can see the same device as neighbor multiple times with the local IP addresses

this is not a problem, however the missing routes may be learned on another path

Hope to help

Giuseppe

Hi,

Could you please check the Eigrp topology & ip route on MSFC with using these commands. first of all lets verify whether the 10.60.0.0 is in the topology or not.

1 . sh ip route eigrp

2. sh ip eigrp 10 topology all-links

Regards

Hitesh Vinzoda

I receive routes in fwsm

example)

FWSMS1# sh route | i 10.20.0.0

D EX 10.20.0.0 255.255.0.0 via 10.153.3.254, 23:15:29, VPN-GS

FWSMS1# sh route | i 10.100.0.0

D EX 10.100.0.0 255.255.0.0 via 10.153.3.254, 23:16:41, VPN-GS

but in MSFC 10.100.0.0 received OK, but 10.20.0.0 not received , I had

to install a static route in fwsm for 10.0.0.0/8 to point providers

router

SWS1-246#sh ip eigrp 10 topology all-links | i 10.20.0.0

SWS1-246#sh ip eigrp 10 topology all-links | i 10.100.0.0

P 10.100.0.0/16, 1 successors, FD is 51712, tag is 3352, serno 84515

SWS1-246#sh ip route 10.20.0.0

Routing entry for 10.0.0.0/8

Known via "eigrp 10", distance 170, metric 3072, type external

Redistributing via eigrp 10

Last update from 10.153.1.249 on Vlan301, 04:16:18 ago

Routing Descriptor Blocks:

  • 10.153.1.249, from 10.153.1.249, 04:16:18 ago, via Vlan301

Route metric is 3072, traffic share count is 1

Total delay is 20 microseconds, minimum bandwidth is 1000000 Kbit

Reliability 255/255, minimum MTU 1500 bytes

Loading 1/255, Hops 1

SWS1-246#sh ip route 10.100.0.0

Routing entry for 10.100.0.0/16

Known via "eigrp 10", distance 170, metric 51712

Tag 3352, type external

Redistributing via eigrp 10

Last update from 10.153.1.249 on Vlan301, 23:17:06 ago

Routing Descriptor Blocks:

  • 10.153.1.249, from 10.153.1.249, 23:17:06 ago, via Vlan301

Route metric is 51712, traffic share count is 1

Total delay is 1020 microseconds, minimum bandwidth is 100000 Kbit

Reliability 255/255, minimum MTU 1500 bytes

Loading 1/255, Hops 2

Route tag 3352

2010/5/20 hitesh.vinzoda :

FRAN PENA MARTINEZ,

>

A new message was posted in the Discussion thread "EIGRP updates error between fwsm and msf":

>

https://supportforums.cisco.com/message/3076277#3076277

>

Author  : hitesh.vinzoda

Profile : https://supportforums.cisco.com/people/hitesh.vinzoda

>

Message:

BenBen
Level 1
Level 1

Hi Franpena,

Did you find out the reason?

 

We have a similar issue. The "debug ip eigrp" on the FWSM shows that it do advertise all the routes. The "debug ip eigrp" on the neighbor shows it receives the majority of the routes. But some are missing, as a result, some of the route are not shown in the 'show ip eigrip topo' for 'show ip eigrip topo all-links'.

I am still troubleshooting this issue. I know this thread is very old. But if you did resolve the issue, could you share the resolution with myself?

 

Thanks.

Frank

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco