eigrp邻居建立出现问题
各位大仙求助:
我想做DMvpn
其中的动态路由使用EIGRP
配置如下:
HUB端
router eigrp 100
network 172.16.1.0 0.0.0.255
network 192.168.100.0
no auto-summary
spoke1端
router eigrp 100
network 172.16.1.0 0.0.0.255
network 192.168.1.0
no auto-summary
spoke2端
router eigrp 100
network 172.16.1.0 0.0.0.255
network 192.168.2.0
no auto-summary
配置完毕后,hub端show ip eigrp nei没有信息
而两个spoke端有信息分别为:
Spoke1#show ip eigrp neighbors
IP-EIGRP neighbors for process 100
H Address Interface Hold Uptime SRTT RTOQSeq
(sec) (ms) Cnt Num
0 172.16.1.100 Tu0 11 00:00:08 1450020
Spoke2#show ip eigrp neighbors
IP-EIGRP neighbors for process 100
H Address Interface Hold Uptime SRTT RTOQSeq
(sec) (ms) Cnt Num
0 172.16.1.100 Tu0 10 00:00:13 1500020
而且两个spoke节点邻居关系总是一会up一会down 如下:
Spoke2#
*Oct5 23:08:37.463: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 172.16.1.100 (Tunnel0) is up: new adjacency
Spoke2#
*Oct5 23:09:56.987: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 172.16.1.100 (Tunnel0) is down: retry limit exceeded
高分求助原因!!!在线等!!!
本帖最后由 carzzz 于 2013-10-5 23:56 编辑
eigrp是通过组播hello和update,然后单播Query、reply、ack包来建立邻居的,邻居其实并非一会up一会down,是一直都在单边邻居出现了,超过dead时间不回应,邻居失效。
show邻居状态的时候的那个“Q ”,就是:队列数 还在排队等待发送的报文数,eigrp16次重传机制:
在EGIRP中,如果一台路由器向邻居发送了一个可靠的报文,是需要邻居回应一个ACK报文的,如果邻居没有回ACK,则会向邻居重传16次,如果邻居还没有回应,就会重置邻居关系。
好吧,帮你分析了症状了,剩下了就是你要在建立的tunnel找原因了!tunnel是否支持组播和单播?因为你没贴你做tunnel的配置,这个我不好判断了!
现在很明显是,spoke1和spoke2能发包到hub,但是hub不能发包到两个spoke!
排错思路:
1、确保三边之间互相能ping通,这代表单播通(还要确保没有acl 哦)
2、查一下你所建立的tunnel是否支持组播!
3、看你拓扑图,是在实验环境,GNS3?用抓包软件抓一下包,就非常清楚了! 本帖最后由 豆豆豆 于 2013-10-6 09:51 编辑
carzzz 发表于 2013-10-6 00:00 http://bbs.hh010.com/static/image/common/back.gif
现在很明显是,spoke1和spoke2能发包到hub,但是hub不能发包到两个spoke!
排错思路:
我把三台路由器的配置命令发给您!
HUB
interface Loopback0
ip address 192.168.100.1 255.255.255.0
!
interface Tunnel0
ip address 172.16.1.100 255.255.255.0
no ip redirects
no ip next-hop-self eigrp 100
ip nhrp authentication cisco
ip nhrp map multicast dynamic
ip nhrp network-id 10
ip nhrp cache non-authoritative
no ip split-horizon eigrp 100
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 12345
!
interface FastEthernet0/0
ip address 202.100.1.100 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router eigrp 100
network 172.16.1.0 0.0.0.255
network 192.168.100.0
no auto-summary
spoke1
interface Loopback0
ip address 192.168.1.1 255.255.255.0
!
interface Tunnel0
ip address 172.16.1.1 255.255.255.0
no ip redirects
ip nhrp authentication cisco
ip nhrp map 172.16.1.100 202.100.1.100
ip nhrp map multicast 202.10.1.100
ip nhrp network-id 10
ip nhrp nhs 172.16.1.100
ip nhrp cache non-authoritative
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 12345
!
interface FastEthernet0/0
ip address 202.100.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router eigrp 100
network 172.16.1.0 0.0.0.255
network 192.168.1.0
no auto-summary
spoke2
interface Loopback0
ip address 192.168.2.1 255.255.255.0
!
interface Tunnel0
ip address 172.16.1.2 255.255.255.0
no ip redirects
ip nhrp authentication cisco
ip nhrp map 172.16.1.100 202.100.1.100
ip nhrp map multicast 202.10.1.100
ip nhrp network-id 10
ip nhrp nhs 172.16.1.100
ip nhrp cache non-authoritative
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 12345
!
interface FastEthernet0/0
ip address 202.100.1.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router eigrp 100
network 172.16.1.0 0.0.0.255
network 192.168.2.0
no auto-summary
建立隧道ping结果:
HUB#ping 172.16.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
!!!!!
HUB#ping 172.16.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds:
!!!!!
Spoke1#ping 172.16.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds:
!!!!! 本帖最后由 豆豆豆 于 2013-10-6 09:51 编辑
carzzz 发表于 2013-10-6 00:00 http://bbs.hh010.com/static/image/common/back.gif
现在很明显是,spoke1和spoke2能发包到hub,但是hub不能发包到两个spoke!
排错思路:
我现在认真检查发现一个错误,就是spoke1与spoke2上的ip nhrp map multicast 202.10.1.100
地址写错了,修改后没有问题了!您能给我解释下,为什么么?
HUB#show ip eigrp neighbors
IP-EIGRP neighbors for process 100
H Address Interface Hold Uptime SRTT RTOQSeq
(sec) (ms) Cnt Num
1 172.16.1.1 Tu0 13 00:00:10 925000037
0 172.16.1.2 Tu0 10 00:07:276975000027
给您添麻烦了,方便留下QQ号么。或者加我的QQ:156230364
本帖最后由 carzzz 于 2013-10-6 10:09 编辑
hub:
ip nhrp map multicast dynamic
spoke1:
ip nhrp map multicast 202.10.1.100
spoke2:
ip nhrp map multicast 202.10.1.100
问题是这样的,hub发组播包到224.0.0.10(EIGRP组播地址),然后两个spoke 收到了,这个时候两个sopke上有邻居信息了,但是一直收不到两个hub发来的ack!这是因为,从hub到spoke的组播根本不通!所以导致单边邻居的出现。
我对DMvpn 不太熟悉,不知道你的配置对不对。。。你试试抓包,看看从hub端有没发组播到224.0.0.10这个地址?
另外,no ip split-horizon eigrp 100,为什么要关闭水平分割?是为了让1发到hub的路由,又从tunnel口出去发给2?
你看hub端有没通组播很简单,在hub端:
ping 224.0.0.10 repeat 5
看看有没设备回包! 豆豆豆 发表于 2013-10-6 09:47 static/image/common/back.gif
我现在认真检查发现一个错误,就是spoke1与spoke2上的ip nhrp map multicast 202.10.1.100
地址写错了 ...
我刚才方向写错了,你看看我最新修改的。。。
难怪啊,写错map 地址了!那肯定会出现这样的问题了!
也就是说,hub的组播hello包,能顺利达到两个spoke!
但是,你的两个spoke把组播映射的地址写错了,那么换言之,hub根本收不到两个小弟发来的组播hello包!这就是导致单边邻居的结果! 路过了解一下
页:
[1]