cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1809
Views
0
Helpful
33
Replies

EIGRP error

cowetacoit
Level 1
Level 1

I have a 4506 with about 30 SVI's. I have a connection through a metro service provider for a branch with a 3560 in layer 3. It has a few SVI's on it. I am running EIGRP between the 3560 and my 4506. router eigrp 100, network 10.0.0.0, auto sum. The problem is on the 3560 i keep getting a "IP-EIGRP(Default-IP-Routing-Table:100): Neighbor 10.0.34.1 not on common subnet for Vlan1" I have double checked the configs and i have vlan 34 configured correctly. it is configured just like all of my other SVI's on the 4506. why would i be getting this error? The configuration works great, the error just keeps showing up in the log

33 Replies 33

Which port is being used for the MetroE on each switch?

Per previous post, I assumed the 3560 was using G0/1 as the MetroE switchport as that's the only switchport you decided to include.

The CDP is showing the 2950 is connected to G0/1.

Is the 2950 part of the MetroE connection?

If so, can we see the config and cdp information from that device ?

Most Layer2 MetroE implementations, you should be able to see your neighboring switch via CDP, is that the case here? Because I don't see the 4506 from the 3560.

sorry, you posted as i was still posting my configs

2950 sh cdp n.

this guy is in layer 2. No config to post, default except for IP address on vlan 1

Patillo is the ISP 3750

BT_Brown_2950#sh cdp n

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID

BTBrown_2811 Fas 0/3 121 R S I Cisco 2811Fas 0/0

BTBrown_3560 Fas 0/2 156 R S I WS-C3560-8Gig 0/1

Patillo(000a57-60Fas 0/1 145 S HP 2524 2

BT_Brown_2950#

Admin_4506#SH VLAN

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Gi1/1, Gi2/2, Gi2/3, Gi2/4, Gi2/5, Gi2/7, Gi2/8, Gi2/9, Gi2/10, Gi2/11, Gi2/12

Gi2/13, Gi2/14, Gi2/15, Gi2/16, Gi2/17, Gi2/18, Gi2/19, Gi2/21, Gi2/22, Gi2/23

Gi2/24, Fa3/1, Fa3/2, Fa3/3, Fa3/4, Fa3/5, Fa3/6, Fa3/7, Fa3/8, Fa3/9, Fa3/10

Fa3/11, Fa3/12, Fa3/13, Fa3/14, Fa3/15, Fa3/16, Fa3/17, Fa3/18, Fa3/19, Fa3/20

Fa3/21, Fa3/22, Fa3/23, Fa3/24, Fa3/25, Fa3/26, Fa3/27, Fa3/28, Fa3/29, Fa3/30

Fa3/31, Fa3/32, Fa3/33, Fa3/34, Fa3/35, Fa3/36, Fa3/37, Fa3/38, Fa3/39, Fa3/40

Fa3/41, Fa3/42, Fa3/43, Fa3/44, Fa3/45, Fa3/46, Fa3/47, Fa3/48, Fa4/1, Fa4/2, Fa4/3

Fa4/4, Fa4/5, Fa4/6, Fa4/7, Fa4/8, Fa4/9, Fa4/10, Fa4/11, Fa4/12, Fa4/13, Fa4/14

Fa4/15, Fa4/16, Fa4/17, Fa4/18, Fa4/19, Fa4/20, Fa4/21, Fa4/22, Fa4/23, Fa4/24

Fa4/25, Fa4/26, Fa4/27, Fa4/28, Fa4/29, Fa4/30, Fa4/31, Fa4/32, Fa4/33, Fa4/34

Fa4/35, Fa4/36, Fa4/37, Fa4/38, Fa4/39, Fa4/40, Fa4/41, Fa4/42, Fa4/43, Fa4/44

Fa4/45, Fa4/46, Fa4/47, Fa4/48, Fa5/1, Fa5/2, Fa5/3, Fa5/4, Fa5/5, Fa5/6, Fa5/7

Fa5/8, Fa5/9, Fa5/10, Fa5/11, Fa5/12, Fa5/13, Fa5/14, Fa5/15, Fa5/16, Fa5/17, Fa5/18

Fa5/19, Fa5/20, Fa5/21, Fa5/22, Fa5/23, Fa5/24, Fa5/25, Fa5/26, Fa5/27, Fa5/28

Fa5/29, Fa5/30, Fa5/31, Fa5/32, Fa5/33, Fa5/34, Fa5/35, Fa5/36, Fa5/37, Fa5/38

Fa5/39, Fa5/40, Fa5/41, Fa5/42, Fa5/43, Fa5/44, Fa5/45, Fa5/46, Fa5/47, Gi6/4, Gi6/5

Gi6/6, Gi6/7, Gi6/8, Gi6/9, Gi6/10, Gi6/11, Gi6/12, Gi6/13, Gi6/14, Gi6/15, Gi6/16

Gi6/17

3 active

10 active

11 active

20 active

21 active

22 active

23 active

24 active

25 active

26 active

27 active

28 active

29 active

30 active

31 active

32 active

33 active

34 active

35 active

36 active

37 active

38 active

39 active

41 active

45 active

100 active

101 active

103 active

250 active

252 active

BTBrown_3560#sh vlan

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/8, Gi0/1

50 BTBROWNTEST active

1002 fddi-default act/unsup

1003 token-ring-default act/unsup

1004 fddinet-default act/unsup

1005 trnet-default act/unsup

I agree with Edison, but I do think i understand the topology...

You're spanning vlan 1 across the service provider's ethernet cloud and placing an SVI on both ends in vlan 1 to simulate a routed connection. So, the EIGRP neighbor relationship is established between the SVIs in vlan 1 on both the 4506 and the 3560.

So, youre using vlan1 as a trasport vlan. No dot1q trunking -- both sides are access ports.

Do I have it correctly?

Victor

that is correct. the port on my 4506 that connects to the ISP is DOT1Q Trunk because they have a HP Procurve at that location. The ISP has me connected to a 3750 on my 3560 side of the metro cloud. i'm configured as access port there. Yes vlan 1 as transport vlan.

the port on my 4506 that connects to the ISP is DOT1Q Trunk

You said you weren't trunking. Are you pruning all Vlans except Vlan 1 ?

only vlan 1 is being sent out to the ISP. i have that side set as DOT1Q because it connects to a HP Procurve (ISP). ISP said i'd have to set it that way. frame tagging issue

sorry guys. i thought i was talking to one person there for a few. I feel like we are all out of order. I replied to an earlier post about the 2950. I posted the cdp n

Dont be sorry. Its all good. Edison was helping you, but I jumped in because I have seen this nutty set up before....

Why dont you configure the 3560 end as a dot1q trunk port also? It makes more sense to keep things consistent. I have a feeling that this inconsistency may be causing some unexpected results....

[EDIT I also just noticed that the dot1q trunk on the 4500 side is NOT pruning the vlans. You are allowing ALL vlans on that trunk, not just vlan 1, as you say. I would change that, too. Allow only vlan 1, block the others, and then change the 3560 to a dot1q trunk and only allow vlan 1 on that end. Consistency...[EDIT]

Victor

Again, I'm not saying NOT to send Vlan 1 in the trunk. What I'm asking is, are you pruning the user Vlans in this trunk.

As I suspected in my first post, you seem to have a Vlan leakage somewhere and by pruning on your egress port, you are ensuring the ISP only sees Vlan 1.

If you configure the 802.1q port without manual pruning, your ISP will get information from all Vlans in the trunk and who knows how their end is configured.

funny thing is i use to work for them. i know their set up.

On my 4506, i have a DOT1Q trunk (sending only vlan 1) connected to my ISP HP. It is layer 2 all the way to the ISP 3750. My 2950 connects to the ISP on layer 2 link, and my 3560 connects to the 2950 on an access port.

could you elaborate a little more on "pruning".

This is the interface on my 4506 connecting to the ISP. Like i said, i have to have it set to DOT1Q because of the way HP does tagging/untagging. Traditionally my company has had everything on vlan 1. I'm trying to change this. So we probably have about 500 hosts on vlan 1.

!

interface FastEthernet5/48

description ISP P2P

switchport trunk encapsulation dot1q

switchport mode trunk

speed 100

duplex full

!

Pruning:

switchport trunk allowed vlan 1

Only allows vlan 1...see my post...scroll up...I also added an EDIT.

Victor

ok thanks guys. i'll try it first thing tomorrow morning.

Alright, man. Sorry for the confusion. It isnt easy to follow the conversations on here sometimes.

Just to summarize my recommendations:

1.) As Edison pointed out, you should be pruning your dot1q trunk on the 4506 -- in other words, only allow traffic from the vlans you want traversing the trunk. In your case, its vlan 1, and everyone else will get blocked. Use the command I gave you.

NOTE: You mentioned bringing up more vlans in the future, so if you are going to span another vlan across the provider link, you must also allow that one, too. You added vlan 50 on the 3560 end, but that vlan is local to that side. Its not traversing the link, so you dont need to allow it across. Im talking about a case in which a vlan exists on BOTH sides and there are hosts sitting on that vlan on both sides. In that case, you would allow it through on the trunk.

I know I beat a dead horse. :-)

2.) On the 3560 end, convert that service provider-facing port to a dot1q and make sure you allow vlan 1 and block everything else.

HTH

Victor

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: