cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2074
Views
4
Helpful
12
Replies

inside interfaces only participate in EIGRP

kamal gargoum
Level 1
Level 1

i enabled EIGRP in 2911 router only the lan interfaces which has the ip nat inside enabled is showing in show ip eigrp interface:

st    Pending

Interface              Peers  Un/Reliable  Un/Reliable  SRTT   Un/Reliable   Flow Timer   Routes

Gi0/0.116                0        0/0       0/0           0       0/0            0           0

Gi0/0.115                0        0/0       0/0           0       0/0            0           0

NV0                      0        0/0       0/0           0      11/11           0

it dosent sow the other interfaces , i think the problem from the NV0 interfce (the virtual nat interface), which is take the the same IP as the internal interface 0/0.115:

GigabitEthernet0/0.115     192.168.15.2

NVI0                               192.168.15.2

i traied to remove the NVI0 int by deleting nat enabler from the interfaces no ip nat enable and use the old nat ip nat inside/outside in the interfaces.

but i still see the NVI0 up and it still has the samip as the internal interface.

i even tried ospf and other routing protocols but it is still the sam problem only the internal interfaces are forwording the routing messages

1 Accepted Solution

Accepted Solutions

You have this for your EIGRP config -

router eigrp 1

network 10.10.16.0 0.0.0.255

network 192.168.15.0

the interfaces with "ip nat outside" are using 172.21.x.x addressing, If you want them to participate in EIGRP you need to add network statements for them under your EIGRP config.

Jon

View solution in original post

12 Replies 12

John Blakley
VIP Alumni
VIP Alumni

Do you have acls applied to any of the interfaces? If so, be sure to allow eigrp through. If not, I can lab this up today to see if I get the same problem.

Hth,
John

Sent from Cisco Technical Support iPad App

HTH, John *** Please rate all useful posts ***

no there is no acls applied now

i remove them after i faced this problem and still no other interfaces apears

i just want to know why the NVI0 have an IP and how i can remove it , because i strongly thing that the problem from it

thank you

Hi,

NVI interface shouldn't have any effect on EIGRP interfaces and I labbed it up to confirm with a 12.4(15)T7 image.

I don't think you can get rid of the NVI interface which is only used if you use NAT NVI instead of legacy NAT but appears even if you configure legacy NAT.

Can you post your config and topology.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hello

Domain NAT - ip nat inside/outside

Domainless NAT- ip nat enable -NVI interface is utilized

Nat NVI is used in domainless natting -  that is applying nat without the inside/outside nat commands

It also performs differently in the lookup procedure than domain Nat

Domain NAT has difeerent orders of operation= http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml

Inside Nat looks in the ip routing table prior to nat translation

Outside nat - translates before lookup ip route table

Domainless NAT performs two lookups:

Once in the NVI interface and then in the ip routing table

http://blog.ine.com/2008/02/15/the-inside-and-outside-of-nat/

Lastly the NVI interface can be removed if you reload your router.

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

but this is dose not explain why the NVI0 interface has an IP address

it shouldn't has any IP int normal state :

Ben-GW#sh ip int br

GigabitEthernet0/0.115     192.168.15.2    YES NVRAM  up                    up

NVI0                                192.168.15.2    YES unset  up                    up

Hello

When enabling nat on a active interface, the NVI interface will take the ip address of the first interface you enable nat on.

Saying that only Domianless nat( NVI NAT) utilises this interface, Domain NAT ( legacy nat)  uses a different NAT Order as previously stated.

Res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

but why the NVI0 intrface has an IP of the internal interface.

ok this is my configurations:

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Ben-GW

!

boot-start-marker

boot-end-marker

!

!

logging buffered 52000

no logging console

!

aaa new-model

!

!

aaa authentication login default local

aaa authentication login userauthen local

aaa authorization network groupauthor local

!

!

no ip domain lookup

ip domain name aljeel.ly

ip cef

no ipv6 cef

!

multilink bundle-name authenticated

!

voice-card 0

!

!

!

!

ip ssh authentication-retries 4

!

class-map match-any BAD-P2P

match protocol bittorrent

match protocol edonkey

match protocol gnutella

match protocol kazaa2

match protocol fasttrack

match protocol winmx

!

policy-map police

class BAD-P2P

  drop

class class-default

  police 20000000 conform-action transmit  exceed-action drop  violate-action drop

!

!

!

interface Loopback1

ip address x.x.x.x. 255.255.255.255

no ip redirects

no ip unreachables

no ip proxy-arp

ip virtual-reassembly in max-fragments 64 max-reassemblies 1024

no ip route-cache

!

interface Tunnel4

ip address 172.28.9.2 255.255.255.252

ip mtu 1476

tunnel source 172.30.1.26

tunnel destination 172.30.1.13

!

interface Tunnel11

ip address 172.28.11.2 255.255.255.252

tunnel source 172.30.1.26

tunnel destination 172.30.1.3

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$

no ip address

duplex auto

speed auto

!

interface GigabitEthernet0/0.115

encapsulation dot1Q 115

ip address 192.168.15.2 255.255.255.0

ip nbar protocol-discovery

ip nat inside

ip virtual-reassembly in max-fragments 64 max-reassemblies 1024

ip tcp adjust-mss 1452

!

interface GigabitEthernet0/0.116

encapsulation dot1Q 116

ip address 10.10.16.2 255.255.255.0

!

interface GigabitEthernet0/1

no ip address

duplex auto

speed auto

!

interface GigabitEthernet0/1.750

encapsulation dot1Q 750

ip address 172.21.2.100 255.255.255.0

ip nbar protocol-discovery

ip nat outside

ip virtual-reassembly in max-reassemblies 1024

pppoe enable group global

pppoe-client dial-pool-number 1

!

interface GigabitEthernet0/1.751

encapsulation dot1Q 751

ip address 172.21.3.60 255.255.255.0

ip nat outside

ip virtual-reassembly in

pppoe enable group global

!

interface GigabitEthernet0/1.900

encapsulation dot1Q 900

ip address 172.30.1.26 255.255.255.248

ip nbar protocol-discovery

!

interface GigabitEthernet0/2

description $ES_LAN$

no ip address

duplex auto

speed auto

!

interface SM1/0

no ip address

shutdown

!Application: CUE Running on SM

!

interface SM1/1

description Internal switch interface connected to Service Module

no ip address

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly in max-fragments 64 max-reassemblies 1024

no ip route-cache

ip tcp adjust-mss 1452

!

interface Dialer1

ip unnumbered Loopback1

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly in max-fragments 64 max-reassemblies 1024

encapsulation ppp

no ip route-cache

dialer pool 1

ppp authentication chap callin

ppp chap hostname BG-ALJEEL-OFFICE

ppp chap password 7 0026344B257721232A0D01612F3F2C3437

ppp ipcp route default

ppp ipcp address accept

no cdp enable

!

!

router eigrp 1

network 10.10.16.0 0.0.0.255

network 192.168.15.0

!

ip forward-protocol nd

!

no ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

interface GigabitEthernet0/0.116

encapsulation dot1Q 116

ip address 10.10.16.2 255.255.255.0

!

interface GigabitEthernet0/1

no ip address

duplex auto

speed auto

!

interface GigabitEthernet0/1.750

encapsulation dot1Q 750

ip address 172.21.2.100 255.255.255.0

ip nbar protocol-discovery

ip nat outside

ip virtual-reassembly in max-reassemblies 1024

pppoe enable group global

pppoe-client dial-pool-number 1

!

interface GigabitEthernet0/1.751

encapsulation dot1Q 751

ip address 172.21.3.60 255.255.255.0

ip nat outside

ip virtual-reassembly in

pppoe enable group global

!

interface GigabitEthernet0/1.900

encapsulation dot1Q 900

ip address 172.30.1.26 255.255.255.248

ip nbar protocol-discovery

!

interface GigabitEthernet0/2

description $ES_LAN$

no ip address

duplex auto

speed auto

!

interface SM1/0

no ip address

shutdown

!Application: CUE Running on SM

!

interface SM1/1

description Internal switch interface connected to Service Module

no ip address

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly in max-fragments 64 max-reassemblies 1024

no ip route-cache

ip tcp adjust-mss 1452

!

interface Dialer1

ip unnumbered Loopback1

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly in max-fragments 64 max-reassemblies 1024

encapsulation ppp

no ip route-cache

dialer pool 1

ppp authentication chap callin

ppp chap hostname BG-ALJEEL-OFFICE

ppp chap password 7 0026344B257721232A0D01612F3F2C3437

ppp ipcp route default

ppp ipcp address accept

no cdp enable

!

!

router eigrp 1

network 10.10.16.0 0.0.0.255

network 192.168.15.0

!

ip forward-protocol nd

!

no ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

this is all of the configurations

regards

Hi,

As Paul explained the NAT NVI is created when you first enable NAT on an interface so it means you first did ip nat inside then ip nat outside so NVI was initialized with ip nat inside and took the IP address oif the nat inside interface.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

so my problem with the eigrp itselve not with NVI0 interface.

i tried to point to the neighbor router in eigrp but it still not working the neighbor router still doesn’t receive any messages from the interface which they connected to.

regards

Hi,

You said that  sh ip eigrp interface output doesn't include your nat outside interface? Is this correct?

Can you post sh ip int   for the  nat outside interface  and sh run | s r ei

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

You have this for your EIGRP config -

router eigrp 1

network 10.10.16.0 0.0.0.255

network 192.168.15.0

the interfaces with "ip nat outside" are using 172.21.x.x addressing, If you want them to participate in EIGRP you need to add network statements for them under your EIGRP config.

Jon

thank you it worked !!

when i addwd the network of the outside interface it starts to send messages to neighbor router

but i just want to advertise the internal network in the other routers how i can do that ?

thank you again

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: