[nsp] IP-EIGRP: Neighbor A.B.C.D not on common subnet...
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Wed Jan 29 15:54:58 EST 2003
Hi,
> I can connect sniffer if needed.
> The hellos are coming from multiple hosts on vlan4 and it all seems
> valid hosts for vlan4.
> I tried the suggested ACL and I get such logs:
>
> Jan 29 16:00:14 IST: %SEC-6-IPACCESSLOGRP: list 100 permitted eigrp
> A.B.4.D (FastEthernet0/0 0060.3ef3.5530) -> 224.0.0.10, 1 packet
>
> I verifed that the mac address belongs to the router with the IP in
> vlan4 and it looks ok.
> An important detail I might have left out: the routers
> complaining about
> the hellos are on another switch connected which has trunk to
> the switch
> of the routers sending the hellos (vlan4) and are on the
> Native vlan of
> that switch. However Vlan4 is not even allowed on the trunk.
Ah, now we're getting somewhere. A possible error scenario could be that
the switch (where the EIGRP speakers are connected to) is sending the
eigrp packets untagged over the trunk where they'll be put into the
native vlan and get sent to the ports on the native vlan.
Could it be that both switches disagree about the native vlan? I think
you need to concentrate your search on this trunk (I'm not a L2
switching geek, though)..
> Are you sure it is not a normal behaviour to flood unknown multicat
> packets out all ports ?, what about the command "port block multicast"
> described here:
> http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/c2
> 9xl/c29xlc
> r/macrintr.htm#xtocid121409
It says "all ports", but it *always* implies "within a vlan". There is
never ever a packet flooded into other vlans (if there is, it's a
bug)...
oli
> > -----Original Message-----
> > From: Oliver Boehmer (oboehmer) [mailto:oboehmer at cisco.com]
> > Sent: Wednesday, January 29, 2003 11:18 AM
> > To: Yuval Ben-Ari
> > Cc: Thomas Renzy; cisco-nsp at puck.nether.net
> > Subject: RE: [nsp] IP-EIGRP: Neighbor A.B.C.D not on common
> subnet...
> >
> >
> > Hi Yuval,
> >
> > if the Catalyst (or any other switch for this matter) is
> flooding the
> > multicast out to another vlan port this is a severe bug and
> > needs to be
> > addressed. Can you connect a sniffer and verify this assumption?
> > I would not ignore this problem as it points to some L2
> > problem in your
> > network (due to a bug or wrong cabling) which can hit you
> bad in other
> > areas as well..
> > It might also be a misconfiguration (i.e. some device on
> that segment
> > uses the wrong IP address), but you can check this if you apply an
> > ingress access-list with "permit eigrp any any log-input" on your
> > FastEthernet0/0 and look at the source-mac-address of the
> > hello packet.
> >
> > oli
> >
> > > -----Original Message-----
> > > From: Yuval Ben-Ari [mailto:yuvalba at netvision.net.il]
> > > Sent: Mittwoch, 29. Januar 2003 07:45
> > > To: Thomas Renzy; cisco-nsp at puck.nether.net
> > > Subject: RE: [nsp] IP-EIGRP: Neighbor A.B.C.D not on common
> > subnet...
> > >
> > >
> > > I am afraid I cannot post the configs here, it will also not
> > > help a lot
> > > for understanding the topology. (quite standard EIGRP config)
> > > Anyway I have a theory which I just hoped someone can confirm.
> > > I suspect the root for the problem is EIGRP hello packets being
> > > multicast and the fact that the L2 switches (Catalyst XL
> > > series in this
> > > case) flood multicast frames on all ports including ports
> from other
> > > Vlans. In this case my only option is to ignore the messages
> > > (or disable
> > > with "no eigrp log-neighbor-warnings")
> > > Can anyone confirm that ?
> > >
> > > --Yuval
> > >
> > > > -----Original Message-----
> > > > From: Thomas Renzy [mailto:thomas.renzy at veritas.com]
> > > > Sent: Tuesday, January 28, 2003 12:02 AM
> > > > To: Yuval Ben-Ari; cisco-nsp at puck.nether.net
> > > > Subject: RE: [nsp] IP-EIGRP: Neighbor A.B.C.D not on common
> > > subnet...
> > > >
> > > >
> > > > Hi,
> > > >
> > > > I have never seen an EIGRP hello relayed from a router, nor
> > > > have I ever
> > > > configured it. Would it be possible to see a copy of the EIGRP
> > > > configurations to see what is configured?
> > > >
> > > > Thanks,
> > > > Thomas
> > > >
> > > > Thomas Renzy
> > > > IS&T Global Network Services
> > > > VERITAS Software
> > > > Office: +650-527-4734
> > > > Mobile: +650-996-7048
> > > > Fax: +650-527-2034
> > > >
> > > > "Some people drink from the fountain of knowledge, others
> > > > just gargle." -
> > > > Author Robert Anthony
> > > >
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: Yuval Ben-Ari [mailto:yuvalba at netvision.net.il]
> > > > Sent: Monday, January 27, 2003 7:07 AM
> > > > To: Thomas Renzy; cisco-nsp at puck.nether.net
> > > > Subject: RE: [nsp] IP-EIGRP: Neighbor A.B.C.D not on common
> > > subnet...
> > > >
> > > >
> > > > Hi,
> > > >
> > > > Not sure I understand your question,
> > > > the complaining router has 2 intefaces to 2 different segements.
> > > > the router sending the hello packet has single interface
> > to another
> > > > segment (not one of the above 2).
> > > > all the 3 segments has a common router connected to it
> > (core router)
> > > > I suspect the router is relaying the hello, is it possible ?
> > > >
> > > > Were you able to eliminate the problem in your case ?
> > > >
> > > > Yuval.
> > > >
> > > > PS
> > > > I found this doc: http://www.cisco.com/warp/public/103/15.html
> > > > but it does not explain how I see the hello from a router
> > > on different
> > > > Vlan.
> > > >
> > > > > -----Original Message-----
> > > > > From: Thomas Renzy [mailto:thomas.renzy at veritas.com]
> > > > > Sent: Monday, January 27, 2003 12:01 AM
> > > > > To: Yuval Ben-Ari; cisco-nsp at puck.nether.net
> > > > > Subject: RE: [nsp] IP-EIGRP: Neighbor A.B.C.D not on common
> > > > subnet...
> > > > >
> > > > >
> > > > > Yuval,
> > > > >
> > > > > Do you have an EIGRP neighbor on this segment with a
> > > > > secondary interface
> > > > > configured? I've seen this type of message when, on an
> > > > > Ethernet segment, an
> > > > > EIGRP neighbor has a secondary interface configured on one
> > > > > router, but not
> > > > > on another router on the same Ethernet segment.
> > > > >
> > > > > EIGRP hello packets have a TTL of 2, so I don't think it
> > > > > traverse the next
> > > > > hop.
> > > > >
> > > > > Thanks,
> > > > > Thomas Renzy
> > > > > IS&T Global Network Services
> > > > > VERITAS Software
> > > > > Office: +650-527-4734
> > > > > Mobile: +650-996-7048
> > > > > Fax: +650-527-2034
> > > > >
> > > > > "Some people drink from the fountain of knowledge, others
> > > > > just gargle." -
> > > > > Author Robert Anthony
> > > > >
> > > > >
> > > > >
> > > > > -----Original Message-----
> > > > > From: Yuval Ben-Ari [mailto:yuvalba at netvision.net.il]
> > > > > Sent: Sunday, January 26, 2003 3:11 AM
> > > > > To: cisco-nsp at puck.nether.net
> > > > > Subject: [nsp] IP-EIGRP: Neighbor A.B.C.D not on common
> > subnet...
> > > > >
> > > > >
> > > > > Hi,
> > > > >
> > > > > I noticed messages of the above kind while logging to a
> > router and
> > > > > issuing 'term mon':
> > > > >
> > > > > Jan 26 13:01:59.566 IST:
> > IP-EIGRP(Default-IP-Routing-Table:1680):
> > > > > Neighbor A.B.C.D not on common subnet for FastEthernet0/0
> > > > >
> > > > > Obviously the message means the router is seeing EIGRP
> > > hello packets
> > > > > coming on the interface from a neighbor which is not on that
> > > > > interface's
> > > > > subnet, which happens to be correct.
> > > > > However I have no idea how these packets get to the
> > > > interface as it is
> > > > > not on the same L2 segment (different VLAN).
> > > > > The error is only reported on terminal and not on all routers
> > > > > (seems to
> > > > > be IOS dependent + 'eigrp log-neighbor-warnings' command)
> > > > >
> > > > > Is it possible the hello packet is transiting a L3 device ?
> > > > >
> > > > > Will be happy to hear your ideas.
> > > > >
> > > > > Thanks.
> > > > >
> > > > > _______________________________________________
> > > > > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > > > > http://puck.nether.net/mailman/listinfo/cisco-nsp
> > > > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > > > >
> > > >
> > >
> > > _______________________________________________
> > > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > > http://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > >
> >
>
More information about the cisco-nsp
mailing list