Configuring EIGRP
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Contents
Configuring EIGRPLast Updated: July 26, 2012
The Enhanced Interior Gateway Routing Protocol (EIGRP) is an enhanced version of the Interior Gateway Routing Protocol (IGRP) developed by Cisco. The convergence properties and the operating efficiency of EIGRP have improved substantially over IGRP, and IGRP is now obsolete. The convergence technology of EIGRP is based on an algorithm referred to as the Diffusing Update Algorithm (DUAL). The algorithm guarantees loop-free operation at every instant throughout a route computation and allows all devices involved in a topology change to synchronize. Devices that are not affected by topology changes are not involved in recomputations. Finding Feature InformationYour software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required. Information About Configuring EIGRP
EIGRP Features
EIGRP Autonomous System ConfigurationConfiguring the router eigrp command with the autonomous-system-number argument creates an EIGRP configuration referred to as the EIGRP autonomous system configuration or EIGRP classic mode. The EIGRP autonomous system configuration creates an EIGRP routing instance that can be used for exchanging routing information. In EIGRP autonomous system configurations, EIGRP VPNs can be configured only under IPv4 address family configuration mode. A virtual routing and forwarding (VRF) instance and a route distinguisher must be defined before the address family session can be created. When the address family is configured, we recommend that you configure an autonomous system number either by using the autonomous-system-number argument with the address-family command or by using the autonomous-system command. EIGRP Named ConfigurationConfiguring the router eigrp command with the virtual-instance-name argument creates an EIGRP configuration referred to as the EIGRP named configuration or EIGRP named mode. An EIGRP named configuration does not create an EIGRP routing instance by itself; it is a base configuration that is required to define address family configurations that are used for routing. In EIGRP named configurations, EIGRP VPNs can be configured in IPv4 and IPv6 named configurations. A VRF instance and a route distinguisher must be defined before the address family session can be created. A single EIGRP routing process can support multiple VRFs. The number of VRFs that can be configured is limited only by the available system resources on the device, which is determined by the number running processes and available memory. However, only a single VRF can be supported by each VPN, and redistribution between different VRFs is not supported. EIGRP IPv6 VRF-LiteThe EIGRP IPv6 VRF-Lite feature provides EIGRP IPv6 support for multiple VRFs. This feature provides separation between routing and forwarding, thereby providing an additional level of security because communication between devices belonging to different VRFs is not allowed, unless explicitly configured. The EIGRP IPv6 VRF-Lite feature simplifies the management and troubleshooting of traffic belonging to a specific VRF. The EIGRP IPv6 VRF-Lite feature is available only in EIGRP named configurations. EIGRP vNETsThe EIGRP vNET feature uses Layer 3 routing techniques to provide limited fate sharing (the term fate sharing refers to the failure of interconnected systems; that is, different elements of a network are interconnected in such a way that they either fail together or not at all), traffic isolation, and access control with simple configurations. EIGRP virtual network (vNET) configurations are supported in both autonomous-system configurations and named configurations. The vNET feature allows you to have multiple virtual networks by utilizing a single set of routers and links provided by the physical topology. Routers and links can be broken down into separate virtual networks using separate routing tables and routing processes by using vNETs and VRF configuration commands. The virtual networks facilitate traffic isolation and limited fate sharing. EIGRP's primary role in vNETs is to populate routing tables used by each vNET so that appropriate forwarding can take place. In the vNET model, each vNET effectively has its own complete set of EIGRP processes and resources, thus minimizing the possibility of actions within one vNET affecting another vNET. The vNET feature supports command inheritance that allows commands entered in interface configuration mode to be inherited by every vNET configured on that interface. These inherited commands, including EIGRP interface commands, can be overridden by vNET-specific configurations in vNET submodes under the interface. The following are some of the limitations of EIGRP vNETs:
EIGRP vNET Interface and Command InheritanceA vNET router supports two types of interfaces: Edge interface and core (shared) interface. An edge interface is an ingress point for vNET-unaware networks and is restricted to a single VRF. Use the vrf forwarding command to associate the edge interface with a VRF. The vrf forwarding command also allows entry into VRF submodes used to define interface settings on a per-VRF basis. A vNET core interface is used to connect vNET-aware systems and can be shared by multiple vNETs. Use the vnet trunk command to enable a core interface. When the vnet trunk command exists on an interface, with or without a VRF list, any EIGRP interface commands on that interface will be applied to the EIGRP instance for every vNET on that interface, including the instance running on the base or the global RIB. If the vnet trunk command is deleted from the interface, EIGRP interface commands will remain on and apply to only the global EIGRP instance. If an EIGRP interface command is removed from the main interface, the command will also be removed from every vNET on that interface. End systems or routing protocol peers reached through an edge interface are unaware of vNETs and do not perform the vNET tagging done in the core of the vNET network. EIGRP also supports the capability of setting per-vNET interface configurations, which allow you to define interface attributes that influence EIGRP behavior for a single vNET. In the configuration hierarchy, a specific vNET interface setting has precedence over settings applied to the entire interface and inherited by each vNET configured on that interface. EIGRP provides interface commands to modify the EIGRP-specific attributes of an interface, and these interface commands can be entered directly on the interface for EIGRP autonomous system configurations, or in address family interface configuration mode for the EIGRP named mode configurations. EIGRP Neighbor Relationship MaintenanceNeighbor relationship maintenance is the process that devices use to dynamically learn of other devices on their directly attached networks. Devices must also discover when their neighbors become unreachable or inoperative. Neighbor relationship maintenance is achieved with low overhead by devices when they periodically send small hello packets. As long as hello packets are received, the Cisco software can determine that a neighbor is alive and functioning. When this status is determined, neighboring devices can exchange routing information. The reliable transport protocol is responsible for the guaranteed, ordered delivery of EIGRP packets to all neighbors. It supports intermixed transmission of multicast and unicast packets. Some EIGRP packets must be sent reliably (require acknowledgment from the destination). For efficiency, reliability is provided only when necessary. For example, on a multiaccess network that has multicast capabilities (such as Ethernet), hello packets need not be sent reliably to all neighbors individually. Therefore, EIGRP sends a single multicast hello packet with an indication in the packet informing receivers that the packet need not be acknowledged. Some packets (such as updates) require acknowledgment, which is indicated in the packets. The reliable transport protocol has a provision to send multicast packets quickly when unacknowledged packets are pending. This provision helps to ensure that the convergence time remains low in the presence of varying speed links. Neighbor AuthenticationThe authentication of packets being sent between neighbors ensures that a device accepts packets only from devices that have the same preshared key. If this authentication is not configured, you can intentionally or accidentally add another device to the network or send packets with different or conflicting route information onto the network, resulting in topology corruption and denial of service. EIGRP authentication is configurable on a per-interface basis. Packets exchanged between neighbors connected through an interface are authenticated. EIGRP supports message digest algorithm 5 (MD5) authentication to prevent the introduction of unauthorized information from unapproved sources. MD5 authentication is defined in RFC 1321. EIGRP also supports the Hash-based Message Authentication Code (HMAC)-Secure Hash Algorithms (SHA)-256 authentication method. When you use the HMAC-SHA-256 authentication method, a shared secret key is configured on all devices attached to a common network. For each packet, the key is used to generate and verify a message digest that gets added to the packet. The message digest is a one-way function of the packet and the secret key. For more information on HMAC-SHA-256 authentication, see FIPS PUB 180-2, SECURE HASH STANDARD (SHS) for the SHA-256 algorithm and RFC 2104 for the HMAC algorithm. If HMAC-SHA-256 authentication is set, EIGRP packets will be authenticated using HMAC-SHA-256 message authentication codes. The HMAC algorithm takes as inputs the data to be authenticated (that is, the EIGRP packet) and a shared secret key that is known to both the sender and the receiver; the algorithm outputs a 256-bit hash that is used for authentication. If the hash value provided by the sender matches the hash value calculated by the receiver, the packet is accepted by the receiver; otherwise, the packet is discarded. Typically, the shared secret key is configured to be identical between the sender and the receiver. To protect against packet replay attacks because of a spoofed source address, the shared secret key for a packet is defined as the concatenation of the user-configured shared secret (identical across all devices participating in the authenticated domain) with the IPv4 or IPv6 address (which is unique for each device) from which the packet is sent. The device sending a packet calculates the hash to be sent based on the following:
The device receiving the packet calculates the hash for verification based on the following:
Therefore, for successful authentication, all of the following must be true:
Authentication cannot succeed if any of the following is true: DUAL Finite State MachineThe DUAL finite state machine embodies the decision process for all route computations. It tracks all routes advertised by all neighbors. DUAL uses the distance information (known as the metric) to select efficient, loop-free paths. DUAL selects routes to be inserted into a routing table based on feasible successors. A successor is a neighboring device (used for packet forwarding) that has the least-cost path to a destination that is guaranteed not to be part of a routing loop. When there are no feasible successors but only neighbors advertising the destination, a recomputation must occur to determine a new successor. The time required to recompute the route affects the convergence time. Recomputation is processor-intensive, and unnecessary recomputation must be avoided. When a topology change occurs, DUAL will test for feasible successors. If there are feasible successors, DUAL will use any feasible successors it finds to avoid unnecessary recomputation. Protocol-Dependent ModulesProtocol-dependent modules are responsible for network-layer protocol-specific tasks. An example is the EIGRP module, which is responsible for sending and receiving EIGRP packets that are encapsulated in the IP. The EIGRP module is also responsible for parsing EIGRP packets and informing DUAL about the new information received. EIGRP asks DUAL to make routing decisions, but the results are stored in the IP routing table. Also, EIGRP is responsible for redistributing routes learned from other IP routing protocols. EIGRP Metric WeightsEIGRP uses the minimum bandwidth on the path to a destination network and the total delay to compute routing metrics. You can use the metric weights command to adjust the default behavior of EIGRP routing and metric computations. EIGRP metric defaults have been carefully selected to provide optimal performance in most networks. By default, the EIGRP composite metric is a 32-bit quantity that is the sum of the segment delays and the lowest segment bandwidth (scaled and inverted) for a given route. The formula used to scale and invert the bandwidth value is 107/minimum bandwidth in kilobits per second. For a network of homogeneous media, this metric reduces to a hop count. For a network of mixed media (FDDI, Gigabit Ethernet, and serial lines running from 9600 bits per second to T1 rates), the route with the lowest metric reflects the most desirable path to a destination. Mismatched K ValuesEIGRP K values are the metrics that EIGRP uses to calculate routes. Mismatched K values can prevent neighbor relationships from being established and can negatively impact network convergence. The following example explains this behavior between two EIGRP peers (Device-A and Device-B). The following configuration is applied to Device-A. The K values are changed with the metric weights command. A value of 2 is entered for the k1 argument to adjust the bandwidth calculation. A value of 1 is entered for the k3 argument to adjust the delay calculation. Device(config)# hostname Device-A Device-A(config)# interface serial 0 Device-A(config-if)# ip address 10.1.1.1 255.255.255.0 Device-A(config-if)# exit Device-A(config)# router eigrp virtual-name1 Device-A(config-router)# address-family ipv4 autonomous-system 4533 Device-A(config-router-af)# network 10.1.1.0 0.0.0.255 Device-A(config-router-af)# metric weights 0 2 0 1 0 0 1 The following configuration is applied to Device-B. However, the metric weights command is not applied and the default K values are used. The default K values are 1, 0, 1, 0, 0, and 0. Device(config)# hostname Device-B Device-B(config)# interface serial 0 Device-B(config-if)# ip address 10.1.1.2 255.255.255.0 Device-B(config-if)# exit Device-B(config)# router eigrp virtual-name1 Device-B(config-router)# address-family ipv4 autonomous-system 4533 Device-B(config-router-af)# network 10.1.1.0 0.0.0.255 Device-B(config-router-af)# metric weights 0 1 0 1 0 0 0 The bandwidth calculation is set to 2 on Device-A and set to 1 (by default) on Device-B. This configuration prevents these peers from forming a neighbor relationship. The following error message is displayed in the console of Device-B because the K values are mismatched: *Apr 26 13:48:41.811: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 10.1.1.1 (Ethernet0/0) is down: K-value mismatch The following are two scenarios where the above error message can be displayed:
EIGRP Wide MetricsThe EIGRP composite metric (calculated using the bandwidth, delay, reliability, load, or K values) is not scaled correctly for high-bandwidth interfaces or Ethernet channels, resulting in incorrect or inconsistent routing behavior. The lowest delay that can be configured for an interface is 10 microseconds. As a result, high-speed interfaces, such as 10 Gigabit Ethernet (GE) interfaces, or high-speed interfaces channeled together (GE ether channel) will appear to EIGRP as a single GE interface. This may cause undesirable equal-cost load balancing. To resolve this issue, the EIGRP Wide Metrics feature introduces 64-bit metric calculations and Routing Information Base (RIB) scaling that provides the ability to support interfaces (either directly or via channeling techniques like port-channels or ether channels) up to approximately 4.2 terabits.
To accommodate interfaces with bandwidths above 1 gigabit and up to 4.2 terabits and to allow EIGRP to perform path selections, the EIGRP packet and composite metric formula is modified. The paths are selected based on the computed time. The time the information takes to travel through links is measured in picoseconds. The interfaces can either be directly capable of these high speeds or the interfaces can be bundles of links with an aggregate bandwidth greater than 1 gigabit. Metric = [(K1*Throughput+{K2*Throughput}/256-Load)+ (K3*Latency)+(K6*Extended Attributes)]* [K5/(K4+Reliability)] Default K values are as follows: If K5 is equal to 0, then the Reliability Quotient is defined to be 1. By default, the path selection scheme used by EIGRP is a combination of throughput and latency, where the selection is a product of total latency and minimum throughput of all links along the path. Metric= (K1 * minimum Throughput) + (K3 * Total Latency) With the calculation of larger bandwidths, EIGRP can no longer fit the computed metric into a 4-byte unsigned long value that is needed by the Cisco RIB. To set the RIB scaling factor for EIGRP, use the
metric rib-scale command. When you configure the
metric rib-scale command, all EIGRP routes in the RIB are cleared and replaced with the new metric values.
Goodbye MessageThe goodbye message is a feature designed to improve EIGRP network convergence. The goodbye message is broadcast when an EIGRP routing process is shut down to inform adjacent peers about an impending topology change. This feature allows supporting EIGRP peers to synchronize and recalculate neighbor relationships more efficiently than would occur if the peers discovered the topology change after the hold timer expired. The following message is displayed by devices that run a supported release when a goodbye message is received: *Apr 26 13:48:42.523: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 10.1.1.1 (Ethernet0/0) is down: Interface Goodbye received A Cisco device that runs a software release that does not support the goodbye message can misinterpret the message as a K-value mismatch and display the following error message: *Apr 26 13:48:41.811: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 10.1.1.1 (Ethernet0/0) is down: K-value mismatch Routing Metric Offset ListsAn offset list is a mechanism for increasing incoming and outgoing metrics to routes learned via EIGRP. Optionally, you can limit the offset list with either an access list or an interface.
EIGRP Cost MetricsWhen EIGRP receives dynamic raw radio link characteristics, it computes a composite EIGRP cost metric based on a proprietary formula. To avoid churn in the network as a result of a change in the link characteristics, a tunable dampening mechanism is used. EIGRP uses metric weights along with a set of vector metrics to compute the composite metric for local RIB installation and route selections. The EIGRP composite cost metric is calculated using the formula: EIGRP composite cost metric = 256*((K1*Bw) + (K2*Bw)/(256 - Load) + (K3*Delay)*(K5/(Reliability + K4))) EIGRP uses one or more vector metrics to calculate the composite cost metric. The table below lists EIGRP vector metrics and their descriptions.
EIGRP monitors metric weights on an interface to allow the tuning of EIGRP metric calculations and indicate the type of service (ToS). The table below lists the K values and their defaults. Most configurations use the delay and bandwidth metrics, with bandwidth taking precedence. The default formula of 256*(Bw + Delay) is the EIGRP metric. The bandwidth for the formula is scaled and inverted by the following formula: (107/minimum Bw in kilobits per second)
For example, look at a link whose bandwidth to a particular destination is 128 k and the delay is 84,000 microseconds. By using a cut-down formula, you can simplify the EIGRP metric calculation to 256*(Bw + Delay), thus resulting in the following value: Metric = 256*(107/128 + 84000/10) = 256*86525 = 22150400 To calculate route delay, divide the delay value by 10 to get the true value in tens of microseconds. When EIGRP calculates the delay for Mobile Ad Hoc Networks (MANET) and the delay is obtained from a router interface, the delay is always calculated in tens of microseconds. In most cases, when using MANET, you will not use the interface delay, but rather the delay that is advertised by the radio. The delay you will receive from the radio is in microseconds, so you must adjust the cut-down formula as follows: Metric = (256*(107/128) + (84000*256)/10) = 20000000 + 2150400 = 22150400 Route SummarizationYou can configure EIGRP to perform automatic summarization of subnet routes into network-level routes. For example, you can configure subnet 172.16.1.0 to be advertised as 172.16.0.0 over interfaces that have been configured with subnets of 192.168.7.0. Automatic summarization is performed when two or more network router configuration or address family configuration commands are configured for an EIGRP process. This feature is enabled by default. Route summarization works in conjunction with the ip summary-address eigrp command available in interface configuration mode for autonomous system configurations and with the summary-address (EIGRP) command for named configurations. You can use these commands to perform additional summarization. If automatic summarization is in effect, there usually is no need to configure network-level summaries using the ip summary-address eigrp command. Summary Aggregate AddressesYou can configure a summary aggregate address for a specified interface. If there are specific routes in the routing table, EIGRP will advertise the summary address of the interface with a metric equal to the minimum metric of the specific routes. Floating Summary RoutesA floating summary route is created by applying a default route and an administrative distance at the interface level or address family interface level. You can use a floating summary route when configuring the ip summary-address eigrp command for autonomous system configurations or the summary-address command for named configurations. The following scenarios illustrate the behavior of floating summary routes. The figure below shows a network with three devices, Router-A, Router-B, and Router-C. Router-A learns a default route from elsewhere in the network and then advertises this route to Router-B. Router-B is configured so that only a default summary route is advertised to Router-C. The default summary route is applied to serial interface 0/1 on Router-B with the following autonomous system configuration: Router-B(config)# interface Serial 0/1 Router-B(config-if)# ip summary-address eigrp 100 0.0.0.0 0.0.0.0 The default summary route is applied to serial interface 0/1 on Router-B with the following named configuration: Router-B(config)# router eigrp 1 Router-B(config-router)# address-family ipv4 unicast vrf vrf1 autonomous-system 1 Router-B(config-router-af)# af-interface serial0/1 Router-B(config-router-af-interface)# summary-address 192.168.0.0 255.255.0.0 95 The configuration of the default summary route on Router-B sends a 0.0.0.0/0 summary route to Router-C and blocks all other routes, including the 10.1.1.0/24 route, from being advertised to Router-C. However, this configuration also generates a local discard route--a route for 0.0.0.0/0 on the null 0 interface with an administrative distance of 5--on Router-B. When this route is created, it overrides the EIGRP-learned default route. Router-B will no longer be able to reach destinations that it would normally reach through the 0.0.0.0/0 route. This problem is resolved by applying a floating summary route to the interface on Router-B that connects to Router-C. The floating summary route is applied by configuring an administrative distance for the default summary route on the interface of Router-B with the following statement for an autonomous system configuration:
Router-B(config-if)# ip summary-address eigrp 100 0.0.0.0 0.0.0.0 250
The floating summary route is applied by configuring an administrative distance for the default summary route on the interface of Router-B with the following statement for a named configuration: Router-B(config)# router eigrp 1 Router-B(config-router)# address-family ipv4 unicast vrf vrf1 autonomous-system 1 Router-B(config-router-af)# af-interface serial0/1 Router-B(config-router-af-interface)# summary-address eigrp 100 0.0.0.0 0.0.0.0 250 The administrative distance of 250, applied in the summary-address command, is now assigned to the discard route generated on Router-B. The 0.0.0.0/0, from Router-A, is learned through EIGRP and installed in the local routing table. Routing to Router-C is restored. If Router-A loses the connection to Router-B, Router-B will continue to advertise a default route to Router-C, which allows traffic to continue to reach destinations attached to Router-B. However, traffic destined to networks connected to Router-A or behind Router-A will be dropped when the traffic reaches Router-B. The figure below shows a network with two connections from the core, Router-A and Router-D. Both Router-B and Router-E have floating summary routes configured on the interfaces connected to Router-C. If the connection between Router-E and Router-C fails, the network will continue to operate normally. All traffic will flow from Router-C through Router-B to hosts attached to Router-A and Router-D. However, if the link between Router-A and Router-B fails, the network may incorrectly direct traffic because Router-B will continue to advertise the default route (0.0.0.0/0) to Router-C. In this scenario, Router-C still forwards traffic to Router-B, but Router-B drops the traffic. To avoid this problem, you should configure the summary address with an administrative distance only on single-homed remote devices or areas that have only one exit point between two segments of the network. If two or more exit points exist (from one segment of the network to another), configuring the floating default route can result in the formation of a black hole route (a route that has quick packet dropping capabilities). EIGRP Route AuthenticationEIGRP route authentication provides MD5 authentication of routing updates from the EIGRP routing protocol. The MD5 keyed digest in each EIGRP packet prevents the introduction of unauthorized or false routing messages from unapproved sources. Each key has its own key identifier (specified with the key number key chain configuration command), which is stored locally. The combination of the key identifier and the interface associated with the message uniquely identifies the authentication algorithm and the MD5 authentication key in use. You can configure multiple keys with specific lifetimes. Only one authentication packet is sent, regardless of how many valid keys exist. The software examines the key numbers in the order from lowest to highest, and uses the first valid key it encounters. Note that the router needs to know the time to configure keys with lifetimes. Refer to the Network Time Protocol (NTP) and calendar commands in the Performing Basic System Management module of the Network Management Configuration Guide. Hello Packets and the Hold-Time IntervalsYou can adjust the interval between hello packets and the hold time. Hello packets and hold-time intervals are protocol-independent parameters that work for IP and Internetwork Packet Exchange (IPX). Routing devices periodically send hello packets to each other to dynamically learn of other devices on their directly attached networks. This information is used to discover neighbors and to learn when neighbors become unreachable or inoperative. By default, hello packets are sent every 5 seconds. The exception is on low-speed, nonbroadcast multiaccess (NBMA) media, where the default hello interval is 60 seconds. Low speed is considered to be a rate of T1 or slower, as specified with the bandwidth interface configuration command. The default hello interval remains 5 seconds for high-speed NBMA networks. Note that for the purposes of EIGRP, Frame Relay and Switched Multimegabit Data Service (SMDS) networks may or may not be considered to be NBMA. These networks are considered NBMA only if the interface has not been configured to use physical multicasting. You can configure the hold time on a specified interface for a particular EIGRP routing process designated by the autonomous system number. The hold time is advertised in hello packets and indicates to neighbors the length of time they should consider the sender valid. The default hold time is three times the hello interval or 15 seconds. For slow-speed NBMA networks, the default hold time is 180 seconds. On very congested and large networks, the default hold time might not be sufficient for all devices to receive hello packets from their neighbors. In such cases, you may want to increase the hold time.
Split HorizonSplit horizon controls the sending of EIGRP update and query packets. Split horizon is a protocol-independent parameter that works for IP and IPX. When split horizon is enabled on an interface, update and query packets are not sent to destinations for which this interface is the next hop. Controlling update and query packets in this manner reduces the possibility of routing loops. By default, split horizon is enabled on all interfaces. Split horizon blocks route information from being advertised by a router out of any interface from which that information originated. This behavior usually optimizes communications among multiple routing devices, particularly when links are broken. However, with nonbroadcast networks (such as Frame Relay and SMDS), situations can arise for which this behavior is less than ideal. In such situations and in networks that have EIGRP configured, you may want to disable split horizon. EIGRP Dual DMVPN Domain EnhancementThe EIGRP Dual DMVPN Domain Enhancement feature supports the no next-hop self command on dual Dynamic Multipoint VPN (DMVPN) domains in both IPv4 and IPv6 configurations. EIGRP, by default, sets the local outbound interface as the next-hop value while advertising a network to a peer, even when advertising routes out of the interface on which the routes were learned. This default setting can be disabled by using the no ip next-hop-self command in autonomous system configurations or the no next-hop-self command in named configurations. When the next-hop self command is disabled, EIGRP does not advertise the local outbound interface as the next hop if the route has been learned from the same interface. Instead, the received next-hop value is used to advertise learned routes. However, this functionality only evaluates the first entry in the EIGRP table. If the first entry shows that the route being advertised is learned on the same interface, then the received next hop is used to advertise the route. The no next-hop-self configuration ignores subsequent entries in the table, which may result in the no-next-hop-self configuration being dishonored on other interfaces. The EIGRP Dual DMVPN Domain Enhancement feature introduces the no-ecmp-mode keyword, which is an enhancement to the no next-hop-self and no ip next-hop-self commands. When this keyword is used, all routes to a network in the EIGRP table are evaluated to check whether routes advertised from an interface were learned on the same interface. If a route advertised by an interface was learned on the same interface, the no next-hop-self configuration is honored and the received next hop is used to advertise this route. Link Bandwidth PercentageBy default, EIGRP packets consume a maximum of 50 percent of the link bandwidth when configured with the bandwidth interface configuration command for autonomous system configurations and with the bandwidth-percent command for named configurations. You might want to change the bandwidth value if a different level of link utilization is required or if the configured bandwidth does not match the actual link bandwidth (which may have been configured to influence route metric calculations). This is a protocol-independent parameter that works for IP and IPX. EIGRP Stub RoutingThe EIGRP Stub Routing feature improves network stability, reduces resource utilization, and simplifies the stub device configuration. Stub routing is commonly used in hub-and-spoke network topologies. In a hub-and-spoke network, one or more end (stub) networks are connected to a remote device (the spoke) that is connected to one or more distribution devices (the hub). The remote device is adjacent to one or more distribution devices. The only route for IP traffic to reach the remote device is through a distribution device. This type of configuration is commonly used in WAN topologies, where the distribution device is directly connected to a WAN. The distribution device can be connected to many remote devices, which is often the case. In a hub-and-spoke topology, the remote device must forward all nonlocal traffic to a distribution device, so it becomes unnecessary for the remote device to have a complete routing table. Generally, the distribution device need not send anything more than a default route to the remote device. When using the EIGRP Stub Routing feature, you need to configure the distribution and remote devices to use EIGRP and configure only the remote device as a stub. Only specified routes are propagated from the remote (stub) device. The stub device responds to all queries for summaries, connected routes, redistributed static routes, external routes, and internal routes with the message "inaccessible." A device that is configured as a stub will send a special peer information packet to all neighboring devices to report its status as a stub device. Any neighbor that receives a packet informing it of the stub status will not query the stub device for any routes, and a device that has a stub peer will not query that peer. The stub device will depend on the distribution device to send proper updates to all peers. The figure below shows a simple hub-and-spoke network. The stub routing feature by itself does not prevent routes from being advertised to the remote device. In the above example, the remote device (in this case a router) can access the corporate network and the Internet only through the distribution device (in this case a router). Having a complete route table on the remote router would serve no functional purpose because the path to the corporate network and the Internet would always be through the distribution router. The large route table would only reduce the amount of memory required by the remote router. Bandwidth and memory can be conserved by summarizing and filtering routes in the distribution router. The remote router need not receive routes that have been learned from other networks because the remote router must send all nonlocal traffic, regardless of the destination, to the distribution router. If a true stub network is desired, the distribution router should be configured to send only a default route to the remote router. The EIGRP Stub Routing feature does not automatically enable summarization on distribution devices. In most cases, the network administrator will need to configure summarization on distribution devices. Without the EIGRP Stub Routing feature, even after routes that are sent from the distribution device to the remote device have been filtered or summarized, a problem might occur. If a route is lost somewhere in the corporate network, EIGRP could send a query to the distribution device, which in turn would send a query to the remote device, even if routes are being summarized. If there is a communication problem (over the WAN link) between the distribution device and the remote device, an EIGRP stuck in active (SIA) condition could occur and cause instability elsewhere in the network. The EIGRP Stub Routing feature allows a network administrator to prevent queries from being sent to the remote device. Dual-Homed Remote TopologyIn addition to a simple hub-and-spoke network, where a remote device is connected to a single distribution device, the remote device can be dual-homed to two or more distribution devices. This configuration adds redundancy and introduces unique issues, and the stub feature helps to address some of these issues. A dual-homed remote device will have two or more distribution (hub) devices. However, the principles of stub routing are the same as they are with a hub-and-spoke topology. The figure below shows a common dual-homed remote topology with one remote device--a router, but 100 or more routers could be connected on the same interfaces on distribution router 1 and distribution router 2. The remote router will use the best route to reach its destination. If distribution router 1 experiences a failure, the remote router can still use distribution router 2 to reach the corporate network. The figure above shows a simple dual-homed remote topology with one remote router and two distribution routers. Both distribution routers maintain routes to the corporate network and stub network 10.1.1.0/24. Dual-homed routing can introduce instability into an EIGRP network. In the figure below, distribution router 1 is directly connected to network 10.3.1.0/24. If summarization or filtering is applied on distribution router 1, the router will advertise network 10.3.1.0/24 to all of its directly connected EIGRP neighbors (distribution router 2 and the remote router). The figure above shows a simple dual-homed remote topology, where distribution router 1 is connected to both network 10.3.1.0/24 and network 10.2.1.0/24. If the 10.2.1.0/24 link between distribution router 1 and distribution router 2 fails, the lowest cost path to network 10.3.1.0/24 from distribution router 2 will be through the remote router (see the figure below). This route is not desirable because the traffic that was previously traveling across the corporate network 10.2.1.0/24 would now be sent across a much lower bandwidth connection. The overutilization of the lower bandwidth WAN connection can cause many problems that might affect the entire corporate network. The use of the lower bandwidth route that passes through the remote router may cause WAN EIGRP distribution routers to be dropped. Serial lines on distribution and remote routers may also be dropped, and EIGRP SIA errors on the distribution and core routers can occur. It is not desirable for traffic from distribution router 2 to travel through any remote router to reach network 10.3.1.0/24. Backup routes can be used if links are sized to manage the load. However, most networks, of the type shown in the figure above, have remote devices located at remote offices with relatively slow links. To ensure that traffic from distribution devices are not routed through a remote device, you can configure route summarization on the distribution device and the remote device. It is typically undesirable for traffic from a distribution device to use a remote device as a transit path. A typical connection from a distribution device to a remote device would have much less bandwidth than a connection at the network core. Attempting to use a remote device with a limited bandwidth connection as a transit path would generally produce excessive congestion at the remote device. The EIGRP Stub Routing feature can prevent this problem by preventing the remote device from advertising core routes back to the distribution devices. In the above example, routes learned by the remote router from distribution router 1 will not be advertised to distribution router 2. Therefore, distribution router 2 will not use the remote router as a transit for traffic destined to the network core. The EIGRP Stub Routing feature provides network stability. If the network is not stable, this feature prevents EIGRP queries from being sent over limited bandwidth links to nontransit devices. Instead, distribution devices to which the stub device is connected answer queries on behalf of the stub device. This feature greatly reduces the chance of further network instability due to congested or problematic WAN links. The EIGRP Stub Routing feature also simplifies the configuration and maintenance of hub-and-spoke networks. When stub routing is enabled in dual-homed remote configurations, it is no longer necessary to configure filtering on remote devices to prevent those devices from appearing as transit paths to hub devices. EIGRP Stub Routing Leak Map SupportIn EIGRP stub routing configurations where there is a remote site with more than one device, only one of the remote devices can be configured as the stub device. If you have two distribution layer devices and two devices at a remote site, there is no way to declare both remote devices as stub devices. If one remote device is configured as a stub device, the other remote device can neither learn routes towards the network core if the link between the stub device and the distribution layer device fails nor route around the failed link. The stub device cannot readvertise routes learned from any neighboring EIGRP device. To resolve this issue, a leak map configuration that allows a selected set of learned routes to be readvertised to other peers can be added to the EIGRP stub routing feature. The set of routes allowed through the stub device are specified using a standard route map so that routes can be matched based on tags, prefixes, or interfaces. These routes are marked using the site-of-origin code mechanism, which prevents routes permitted through the stub from being readvertised into the core of the network. Use the eigrp stub leak-map command to configure the EIGRP stub routing feature to reference a leak map that identifies routes that are allowed to be advertised on an EIGRP stub device that would normally have been suppressed. How to Configure EIGRP
Enabling EIGRP Autonomous System ConfigurationPerform this task to enable EIGRP and create an EIGRP routing process. EIGRP sends updates to interfaces in specified networks. If you do not specify the network of an interface, the interface will not be advertised in any EIGRP update. Configuring the router eigrp autonomous-system-number command creates an EIGRP autonomous system configuration that creates an EIGRP routing instance, which can be used for tagging routing information. DETAILED STEPS Enabling the EIGRP Named ConfigurationPerform this task to enable EIGRP and to create an EIGRP routing process. EIGRP sends updates to interfaces in specified networks. If you do not specify the network of an interface, the interface will not be advertised in any EIGRP update. Configuring the router eigrp virtual-instance-name command creates an EIGRP named configuration. The EIGRP named configuration does not create an EIGRP routing instance by itself. The EIGRP named configuration is the base configuration, which is required to define address family configurations used for routing. DETAILED STEPS Enabling the EIGRP IPv6 VRF-Lite Named ConfigurationSUMMARY STEPS
DETAILED STEPS Configuring Optional EIGRP Parameters in an Autonomous System ConfigurationPerform this task to configure optional EIGRP parameters, which include applying offsets to routing metrics, adjusting EIGRP metrics, and disabling automatic summarization in an EIGRP autonomous system configuration. DETAILED STEPS Configuring Optional EIGRP Parameters in a Named ConfigurationPerform this task to configure optional EIGRP named configuration parameters, which includes applying offsets to routing metrics, adjusting EIGRP metrics, setting the RIB-scaling factor, and disabling automatic summarization. DETAILED STEPS
Configuring the EIGRP Redistribution Autonomous System ConfigurationPerform this task to configure redistribution of non-EIGRP protocol metrics into EIGRP metrics and to configure the EIGRP administrative distance in an EIGRP autonomous system configuration. You must use a default metric to redistribute a protocol into EIGRP, unless you use the redistribute command.
Default metrics are supported only when you are redistributing from EIGRP or static routes. An administrative distance is a rating of the trustworthiness of a routing information source, such as an individual router or a group of routers. Numerically, an administrative distance is an integer from 0 to 255. In general, the higher the value the lower the trust rating. An administrative distance of 255 means the routing information source cannot be trusted at all and should be ignored. DETAILED STEPS
Configuring the EIGRP Route Summarization Autonomous System ConfigurationPerform this task to configure EIGRP to perform automatic summarization of subnet routes into network-level routes in an EIGRP autonomous system configuration. DETAILED STEPS
Configuring the EIGRP Route Summarization Named ConfigurationPerform this task to configure EIGRP to perform automatic summarization of subnet routes into network-level routes in an EIGRP named configuration. DETAILED STEPS
Configuring the EIGRP Event Logging Autonomous System ConfigurationSUMMARY STEPS
DETAILED STEPS
Configuring the EIGRP Event Logging Named ConfigurationSUMMARY STEPS
DETAILED STEPS
Configuring Equal and Unequal Cost Load Balancing Autonomous System ConfigurationSUMMARY STEPS
DETAILED STEPS
Configuring Equal and Unequal Cost Load Balancing Named ConfigurationSUMMARY STEPS
DETAILED STEPS
Configuring the EIGRP Route Authentication Autonomous System Configuration
SUMMARY STEPS
DETAILED STEPS
Configuring the EIGRP Route Authentication Named Configuration
SUMMARY STEPS
DETAILED STEPS
Adjusting the Interval Between Hello Packets and the Hold Time in an Autonomous System Configuration
SUMMARY STEPS
DETAILED STEPS
Adjusting the Interval Between Hello Packets and the Hold Time in a Named Configuration
SUMMARY STEPS
DETAILED STEPS
Disabling the Split Horizon Autonomous System ConfigurationSplit horizon controls the sending of EIGRP updates and query packets. When split horizon is enabled on an interface, updates and query packets are not sent for destinations for which this interface is the next hop. Controlling updates and query packets in this manner reduces the possibility of routing loops. By default, split horizon is enabled on all interfaces. DETAILED STEPS
Disabling the Split Horizon and Next-Hop-Self Named ConfigurationEIGRP, by default, sets the next-hop value to the local outbound interface address for routes that it is advertising, even when advertising those routes back from the same interface from where they were learned. Perform this task to change this default setting and configure EIGRP to use the received next-hop value when advertising these routes. Disabling next-hop-self is primarily useful in DMVPN spoke-to-spoke topologies. By default, split horizon is enabled on all interfaces. DETAILED STEPS
Configuring the EIGRP Stub Routing Autonomous System ConfigurationSUMMARY STEPS
DETAILED STEPS
Configuring the EIGRP Stub Routing Named ConfigurationSUMMARY STEPS
DETAILED STEPS
Configuring vNET Commands in an EIGRP Autonomous SystemPerform this task to configure a vNET trunk interface that connects routers to provide the core interface to transport traffic for multiple virtual networks. Traffic carried over a trunk interface is tagged. This task illustrates how to configure a trunk interface with a base VRF instance and two named VRFs, VRF vrf1 and VRF vrf2, and how to associate a VRF with an EIGRP process. DETAILED STEPS
Configuring vNET Commands in EIGRP Named Mode
SUMMARY STEPS
DETAILED STEPS
Monitoring and Maintaining the EIGRP Autonomous System ConfigurationSUMMARY STEPS
DETAILED STEPS
Monitoring and Maintaining the EIGRP Named ConfigurationThis task is optional. Use the commands in any order desired to monitor and maintain the EIGRP named configuration. DETAILED STEPS
Configuration Examples for EIGRP
Example: Enabling EIGRP IPv6 VRF-Lite--Named ConfigurationDevice> enable Device# configure terminal Device(config)# vrf definition vrf1 Device(config-vrf)# rd 100:1 Device(config-vrf)# address-family ipv6 Device(config-vrf-af)# exit Device(config-vrf)# exit Device(config)# router eigrp virtual-name1 Device(config-router)# address-family ipv6 vrf vrf1 autonomous-system 45000 Example: EIGRP Parameters--Autonomous System ConfigurationThe following example shows how to configure optional EIGRP autonomous system configuration parameters, including applying offsets to routing metrics, adjusting EIGRP metrics, and disabling automatic summarization: Device> enable Device# configure terminal Device(config)# router eigrp 1 Device(config-router)# network 172.16.0.0 Device(config-router)# passive-interface Device(config-router)# offset-list 21 in 10 ethernet 0 Device(config-router)# metric weights 0 2 0 2 0 0 Device(config-router)# no auto-summary Device(config-router)# exit Example: EIGRP Parameters--Named ConfigurationThe following example shows how to configure optional EIGRP named configuration parameters, including applying offsets to routing metrics, adjusting EIGRP metrics, setting RIB-scaling factor, and disabling automatic summarization. Device> enable Device# configure terminal Device(config)# router eigrp virtual-name1 Device(config-router)# address-family ipv4 autonomous-system 45000 Device(config-router-af)# network 172.16.0.0 Device(config-router-af)# metric weights 0 2 0 2 0 0 0 Device(config-router-af)# metric rib-scale 100 Device(config-router-af)# af-interface gigabitethernet 0/0/1 Device(config-router-af-interface)# passive-interface Device(config-router-af-interface)# bandwidth-percent 75 Device(config-router-af-interface)# exit-af-interface Device(config-router-af-interface)# topology base Device(config-router-af-topology)# offset-list 21 in 10 gigabitethernet 0/0/1 Device(config-router-af-topology)# no auto-summary Device(config-router-af-topology)# exit-af-topology Example: EIGRP Redistribution--Autonomous System ConfigurationThe following example shows how to configure redistribution of non-EIGRP protocol metrics into EIGRP metrics and configure the EIGRP administrative distance in an EIGRP autonomous system configuration: Device> enable Device# configure terminal Device(config)# router eigrp 1 Device(config-router)# network 172.16.0.0 Device(config-router)# redistribute rip Device(config-router)# distance eigrp 80 130 Device(config-router)# default-metric 1000 100 250 100 1500 Example: EIGRP Route Summarization--Autonomous System ConfigurationThe following example shows how to configure route summarization on an interface and configure the automatic summary feature for an EIGRP autonomous system configuration. The following configuration causes EIGRP to summarize the network from Ethernet interface 0/0. Device> enable Device# configure terminal Device(config)# router eigrp 101 Device(config-router)# exit Device(config)# interface ethernet 0/0 Device(config-if)# ip summary-address eigrp 100 0.0.0.0 0.0.0.0 Device(config-if)# ip bandwidth-percent eigrp 209 75
Example: EIGRP Route Summarization--Named ConfigurationThe following example shows how to configure route summarization on an interface and configure the automatic summary feature for an EIGRP named configuration. This configuration causes EIGRP to summarize network 192.168.0.0 only from Ethernet interface 0/0. Device> enable Device# configure terminal Device(config)# router eigrp virtual-name1 Device(config-router)# address-family ipv4 autonomous-system 45000 Device(config-router-af)# af-interface ethernet 0/0 Device(config-router-af-interface)# summary-address 192.168.0.0 255.255.0.0 Device(config-router-af-interface)# exit-af-interface Device(config-router-af)# topology base Device(config-router-af-topology)# summary-metric 192.168.0.0/16 10000 10 255 1 1500 Example: EIGRP Event Logging--Autonomous System ConfigurationThe following example shows how to configure EIGRP event logging parameters, including setting the size of the EIGRP event log for an EIGRP autonomous system configuration: Device> enable Device# configure terminal Device(config)# router eigrp 1 Device(config-router)# eigrp event-log-size 5000 Device(config-router)# eigrp log-neighbor-changes Device(config-router)# eigrp log-neighbor-warnings 300 Example: EIGRP Event Logging--Named ConfigurationThe following example shows how to configure EIGRP event logging parameters, including setting the size of the EIGRP event log for an EIGRP named configuration: Device> enable Device# configure terminal Device(config)# router eigrp virtual-name1 Device(config-router)# address-family ipv4 autonomous-system 45000 Device(config-router-af)# eigrp log-neighbor-warnings 300 Device(config-router-af)# eigrp log-neighbor-changes Device(config-router-af)# topology base Device(config-router-af-topology)# eigrp event-log-size 10000 Example: Equal and Unequal Cost Load Balancing--Autonomous System ConfigurationThe following example shows how to configure traffic distribution among routes, the maximum number of parallel routes, and load balancing in an EIGRP named configuration network: Device> enable Device# configure terminal Device(config)# router eigrp 1 Device(config-router)# traffic-share balanced Device(config-router)# maximum-paths 5 Device(config-router)# variance 1 Example: Equal and Unequal Cost Load Balancing--Named ConfigurationThe following example shows how to configure traffic distribution among routes, the maximum number of parallel routes, and load balancing in an EIGRP named configuration network: Device> enable Device# configure terminal Device(config)# router eigrp virtual-name1 Device(config-router)# address-family ipv4 autonomous-system 45000 Device(config-router-af)# topology base Device(config-router-af-topology)# traffic-share balanced Device(config-router-af-topology)# maximum-paths 5 Device(config-router-af-topology)# variance 1 Example: EIGRP Route Authentication--Autonomous System ConfigurationThe following example shows how to enable MD5 authentication on EIGRP packets in autonomous system 1. Router A will accept and attempt to verify the MD5 digest of any EIGRP packet with a key equal to 1. It will also accept a packet with a key equal to 2. All other MD5 packets will be dropped. Router A will send all EIGRP packets with key 2. Router B will accept key 1 or key 2 and will use key 1 to send MD5 authentication because key 1 is the first valid key of the key chain. Key 1 is not valid after December 4, 2006. After this date, key 2 is used to send MD5 authentication, and this key is valid until January 4, 2007. The figure below shows the scenario. Router A ConfigurationDevice> enable Device(config)# configure terminal Device(config)# router eigrp 1 Device(config-router)# exit Device(config)# interface ethernet 1/0 Device(config-if)# ip authentication mode eigrp 1 md5 Device(config-if)# ip authentication key-chain eigrp 1 key1 Device(config-if)# exit Device(config)# key chain key1 Device(config-keychain)# key 1 Device(config-keychain-key)# key-string 0987654321 Device(config-keychain-key)# accept-lifetime 04:00:00 Dec 4 2006 infinite Device(config-keychain-key)# send-lifetime 04:00:00 Dec 4 2006 04:48:00 Dec 4 1996 Device(config-keychain-key)# exit Device(config-keychain)# key 2 Device(config-keychain-key)# key-string 1234567890 Device(config-keychain-key)# accept-lifetime 04:00:00 Jan 4 2007 infinite Device(config-keychain-key)# send-lifetime 04:45:00 Jan 4 2007 infinite Router B ConfigurationDevice> enable Device(config)# configure terminal Device(config)# router eigrp 1 Device(config-router)# exit Device(config)# interface ethernet 1/0 Device(config-if)# ip authentication mode eigrp 1 md5 Device(config-if)# ip authentication key-chain eigrp 1 key2 Device(config-if)# exit Device(config)# key chain key2 Device(config-keychain)# key 1 Device(config-keychain-key)# key-string 0987654321 Device(config-keychain-key)# accept-lifetime 04:00:00 Dec 4 2006 infinite Device(config-keychain-key)# send-lifetime 04:00:00 Dec 4 2006 infinite Device(config-keychain-key)# exit Device(config-keychain)# key 2 Device(config-keychain-key)# key-string 1234567890 Device(config-keychain-key)# accept-lifetime 04:00:00 Jan 4 2007 infinite Device(config-keychain-key)# send-lifetime 04:45:00 Jan 4 2007 infinite Example: EIGRP Route Authentication--Named ConfigurationThe following example shows how to enable MD5 authentication on EIGRP packets in a named configuration. Router A will accept and attempt to verify the MD5 digest of any EIGRP packet with a key equal to 1. It will also accept a packet with a key equal to 2. All other MD5 packets will be dropped. Router A will send all EIGRP packets with key 2. Router B will accept key 1 or key 2 and will use key 1 to send MD5 authentication because key 1 is the first valid key of the key chain. Key 1 is not valid after December 4, 2006. After this date, key 2 will be used to send MD5 authentication because it is valid until January 4, 2007. Router A ConfigurationDevice> enable Device# configure terminal Device(config)# router eigrp virtual-name1 Device(config-router)# address-family ipv4 autonomous-system 45000 Device(config-router-af)# network 172.16.0.0 Device(config-router-af)# af-interface ethernet 0/0 Device(config-router-af-interface)# authentication key-chain SITE1 Device(config-router-af-interface)# authentication mode md5 Device(config-router-af-interface)# exit-af-interface Device(config-router-af)# exit-address-family Device(config-router)# exit Device(config)# key chain SITE1 Device(config-keychain)# key 1 Device(config-keychain-key)# key-string 0987654321 Device(config-keychain-key)# accept-lifetime 04:00:00 Dec 4 2006 infinite Device(config-keychain-key)# send-lifetime 04:00:00 Dec 4 2006 infinite Device(config-keychain-key)# exit Device(config-keychain)# key 2 Device(config-keychain-key)# key-string 1234567890 Device(config-keychain-key)# accept-lifetime 04:00:00 Jan 4 2007 infinite Device(config-keychain-key)# send-lifetime 04:45:00 Jan 4 2007 infinite Router B ConfigurationDevice> enable Device# configure terminal Device(config)# router eigrp virtual-name2 Device(config-router)# address-family ipv4 autonomous-system 45000 Device(config-router-af)# network 172.16.0.0 Device(config-router-af)# af-interface ethernet 0/0 Device(config-router-af-interface)# authentication key-chain SITE2 Device(config-router-af-interface)# authentication mode md5 Device(config-router-af-interface)# exit-af-interface Device(config-router-af)# exit-address-family Device(config-router)# exit Device(config)# key chain SITE2 Device(config-keychain)# key 1 Device(config-keychain-key)# key-string 0987654321 Device(config-keychain-key)# accept-lifetime 04:00:00 Jan 4 2007 infinite Device(config-keychain-key)# send-lifetime 04:00:00 Dec 4 2006 infinite The following example shows how to configure advanced SHA authentication with password password1 and several key strings that will be rotated as time passes: ! key chain chain1 key 1 key-string securetraffic accept-lifetime 04:00:00 Dec 4 2006 infinite send-lifetime 04:00:00 Dec 4 2010 04:48:00 Dec 4 2008 ! key 2 key-string newertraffic accept-lifetime 01:00:00 Dec 4 2010 infinite send-lifetime 03:00:00 Dec 4 2010 infinite exit ! router eigrp virtual-name address-family ipv6 autonomous-system 4453 af-interface ethernet 0 authentication mode hmac-sha-256 0 password1 authentication key-chain key1 ! ! Example: Adjusting the Interval Between Hello Packets and the Hold Time-- Autonomous System ConfigurationExample: Adjusting the Interval Between Hello Packets and the Hold Time--Named ConfigurationDevice> enable Device# configure terminal Device(config)# router eigrp virtual-name1 Device(config-router)# address-family ipv4 autonomous-system 45000 Device(config-router-af)# af-interface ethernet 0/0 Device(config-router-af-interface)# hello-interval 10 Device(config-router-af-interface)# hold-time 50 Example: Disabling the Split Horizon--Autonomous System ConfigurationSplit horizon is enabled on all interfaces by default. The following example shows how to disable split horizon for an EIGRP autonomous system configuration: Device> enable Device# configure terminal Device(config)# router eigrp 1 Device(config-router)# exit Device(config)# interface Ethernet 0/1 Device(config-if)# no ip split-horizon eigrp 101 Example: Disabling the Split Horizon and Next-Hop-Self--Named ConfigurationSplit horizon is enabled on all interfaces by default. The following example shows how to disable split horizon in an EIGRP named configuration. EIGRP, by default, sets the next-hop value to the local outbound interface address for routes that it advertises, even when advertising those routes back out of the same interface from where they were learned. The following example shows how to change this default to instruct EIGRP to use the received next-hop value when advertising these routes in an EIGRP named configuration. Disabling the next-hop-self command is primarily useful in DMVPN spoke-to-spoke topologies. Device> enable Device# configure terminal Device(config)# router eigrp virtual-name1 Device(config-router)# address-family ipv4 autonomous-system 45000 Device(config-router-af)# af-interface ethernet 0/0 Device(config-router-af-interface)# no split-horizon Device(config-router-af-interface)# no next-hop-self no-ecmp-mode Example: EIGRP Stub Routing--Autonomous System ConfigurationA device that is configured as a stub with the eigrp stub command shares connected and summary routing information with all neighbor devices by default. The following six keywords can be used with the eigrp stub command to modify this behavior: This section provides configuration examples for all forms of the eigrp stub command for an EIGRP autonomous system configuration.
Example: eigrp stub connected static CommandExample: eigrp stub leak-map CommandIn the following example, the eigrp stub command is issued with the leak-map name keyword-argument pair to configure the device to reference a leak map that identifies routes that would have been suppressed: Device(config)# router eigrp 1 Device(config-router)# network 10.0.0.0 Device(config-router)# eigrp stub leak-map map1 Example: eigrp stub receive-only CommandIn the following example, the eigrp stub command is issued with the receive-only keyword to configure the device as a receive-only neighbor (connected, summary, and static routes will not be sent): Device(config)# router eigrp 1 Device(config-router)# network 10.0.0.0 Device(config-router)# eigrp stub receive-only Example: EIGRP Stub Routing--Named ConfigurationA device that is configured as a stub with the eigrp stub command shares connected and summary routing information with all neighbor devices by default. The following six keywords can be used with the eigrp stub command to modify this behavior: This section provides configuration examples for all forms of the eigrp stub command for an EIGRP named configuration.
Example: eigrp stub CommandIn the following example, the eigrp stub command is used to configure the device as a stub that advertises connected and summary routes: Device(config)# router eigrp virtual-name1 Device(config-router)# address-family ipv4 autonomous-system 4453 Device(config-router-af)# network 10.0.0.0 Device(config-router-af) eigrp stub Example: eigrp stub connected static CommandIn the following named configuration example, the eigrp stub command is issued with the connected and static keywords to configure the device as a stub that advertises connected and static routes (sending summary routes will not be permitted): Device(config)# router eigrp virtual-name1 Device(config-router)# address-family ipv4 autonomous-system 4453 Device(config-router-af)# network 10.0.0.0 Device(config-router-af)# eigrp stub connected static Example: eigrp stub leak-map CommandIn the following named configuration example, the eigrp stub command is issued with the leak-map name keyword-argument pair to configure the device to reference a leak map that identifies routes that would normally have been suppressed: Device(config)# router eigrp virtual-name1 Device(config-router)# address-family ipv4 autonomous-system 4453 Device(config-router-af)# network 10.0.0.0 Device(config-router-af)# eigrp stub leak-map map1 Example: eigrp stub receive-only CommandIn the following named configuration example, the eigrp stub command is issued with the receive-only keyword to configure the device as a receive-only neighbor (connected, summary, and static routes will not be sent): Device(config)# router eigrp virtual-name1 Device(config-router)# address-family ipv4 autonomous-system 4453 Device(config-router-af)# network 10.0.0.0 Device(config-router-af)# eigrp stub receive-only Example: eigrp stub redistributed CommandIn the following named configuration example, the eigrp stub command is issued with the redistributed keyword to configure the device to advertise other protocols and autonomous systems: Device(config)# router eigrp virtual-name1 Device(config-router)# address-family ipv4 autonomous-system 4453 Device(config-router-af)# network 10.0.0.0 Device(config-router-af) eigrp stub redistributed Example: Command Inheritance and Virtual Network Interface Mode Override in an EIGRP EnvironmentSuppose a GigabitEthernet interface is configured with the following EIGRP commands: interface gigabitethernet 0/0/0 vnet trunk ip address 192.0.2.1 255.255.255.0 ip authentication mode eigrp 1 md5 ip authentication key-chain eigrp 1 x ip bandwidth-percent eigrp 1 3 ip dampening-change eigrp 1 30 ip hello-interval eigrp 1 6 ip hold-time eigrp 1 18 no ip next-hop-self eigrp 1 no ip split-horizon eigrp 1 end Because a trunk is configured, a VRF subinterface is automatically created and the commands on the main interface are inherited by the VRF subinterface (g0/0/0.3, where the number 3 is the tag number from vnet tag 3.) Use the show derived-config command to display the hidden subinterface. The following sample output shows that all the commands entered on GigabitEthernet 0/0/0 have been inherited by GigabitEthernet 0/0/0.3:
Router# show derived-config interface gigabitethernet 0/0/0.3
Building configuration...
Derived configuration : 478 bytes
!
interface GigabitEthernet0/0/0.3
description Subinterface for VNET vrf1
vrf forwarding vrf1
encapsulation dot1Q 3
ip address 192.0.2.1 255.255.255.0
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 x
ip bandwidth-percent eigrp 1 3
ip dampening-change eigrp 1 30
ip hello-interval eigrp 1 6
ip hold-time eigrp 1 18
no ip next-hop-self eigrp 1
no ip split-horizon eigrp 1
end
Use the virtual network interface mode to override the commands entered in interface configuration mode. For example: Router(config)# interface gigabitethernet 0/0/0 Router(config-if)# vnet name vrf1 Router(config-if-vnet)# no ip authentication mode eigrp 1 md5 ! disable authen for e0/0.3 only Router(config-if-vnet)# ip authentication key-chain eigrp 1 y ! different key-chain Router(config-if-vnet)# ip band eigrp 1 99 ! higher bandwidth-percent Router(config-if-vnet)# no ip dampening-change eigrp 1 ! disable dampening-change Router(config-if-vnet)# ip hello eigrp 1 7 Router(config-if-vnet)# ip hold eigrp 1 21 Router(config-if-vnet)# ip next-hop-self eigrp 1 ! enable next-hop-self for e0/0.3 Router(config-if-vnet)# ip split-horizon eigrp 1 ! enable split-horizon
Router(config-if-vnet)# do show running-config interface gigabitethernet 0/0/0
Building configuration...
Current configuration : 731 bytes
!
interface GigabitEthernet0/0/0
vnet trunk
ip address 192.0.2.1 255.255.255.0
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 x
ip bandwidth-percent eigrp 1 3
ip dampening-change eigrp 1 30
ip hello-interval eigrp 1 6
ip hold-time eigrp 1 18
no ip next-hop-self eigrp 1
no ip split-horizon eigrp 1
vnet name vrf1
ip split-horizon eigrp 1
no ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 y
ip bandwidth-percent eigrp 1 99
no ip dampening-change eigrp 1
ip hello-interval eigrp 1 7
ip hold-time eigrp 1 21
!
end
Notice that g/0/0.3 is now using the override settings:
Router(config-if-vnet)# do show derived-config interface gigabitethernet 0/0.3
Building configuration...
Derived configuration : 479 bytes
!
interface GigabitEthernet0/0/0.3
description Subinterface for VNET vrf1
vrf forwarding vrf1
encapsulation dot1Q 3
ip address 192.0.2.1 255.255.255.0
no ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 y
ip bandwidth-percent eigrp 1 99
no ip dampening-change eigrp 1
ip hello-interval eigrp 1 7
ip hold-time eigrp 1 21
ip next-hop-self eigrp 1
ip split-horizon eigrp 1
end
Commands entered in virtual network interface mode are sticky. That is, when you enter a command in this mode, the command will override the default value configured in interface configuration mode. The following example shows how to change the default hello interval value in vrf 1. The example also shows sample outputs of the current and derived configurations. Router(config)# interface gigabitethernet 0/0/0 Router(config-if)# ip address 192.0.2.1 255.255.255.0 Router(config-if)# vnet trunk Router(config-if)# ip hello eigrp 1 7 Router(config-if)# do show run interface gigabitethernet 0/0/2 Building configuration... Current configuration : 134 bytes ! interface GigabitEthernet0/0/0 vnet trunk ip address 192.0.2.1 255.255.255.0 ip hello-interval eigrp 1 7 ipv6 enable vnet global ! end Router(config-if)# do show derived interface gigabitethernet 0/0/0.3 Building configuration... Derived configuration : 177 bytes ! interface Ethernet0/0.3 description Subinterface for VNET vrf1 encapsulation dot1Q 3 vrf forwarding vrf1 ip address 192.0.2.1 255.255.255.0 ip hello-interval eigrp 1 7 end Router(config-if)# vnet name vrf1 Router(config-if-vnet)# ip hello-interval eigrp 1 10 Router(config-if-vnet)# do show run interface gigabitethernet 0/0/0 Building configuration... Current configuration : 183 bytes ! interface GigabitEthernet0/0/0 vnet trunk ip address 192.0.2.1 255.255.255.0 ip hello-interval eigrp 1 7 ipv6 enable vnet name vrf1 ip hello-interval eigrp 1 10 ! vnet global ! end Router(config-if-vnet)# do show derived interface gigabitethernet 0/0/0.3 Building configuration... Derived configuration : 178 bytes ! interface GigabitEthernet0/0/0.3 description Subinterface for VNET vrf1 encapsulation dot1Q 3 vrf forwarding vrf1 ip address 192.0.2.1 255.255.255.0 ip hello-interval eigrp 1 10 end Because of this sticky factor, to remove a configuration entry in virtual network interface mode, use the default form of that command. Some commands can also be removed using the no form. R1(config-if-vnet)# default ip authentication mode eigrp 1 md5 R1(config-if-vnet)# no ip bandwidth-percent eigrp 1 R1(config-if-vnet)# no ip hello eigrp 1 R1(config-if-vnet)# do show running-config interface gigabitethernet 0/0/0 Building configuration... Current configuration : 138 bytes ! interface GigabitEthernet0/0/0 vnet trunk no ip address vnet name vrf1 ! end Additional ReferencesRelated Documents
MIBsTechnical Assistance
Feature Information for EIGRPThe following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental. © 2012 Cisco Systems, Inc. All rights reserved.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||