Logging EIGRP Neighbor State Changes
Problem
You want to log EIGRP neighbor state changes.
Solution
To enable the logging of EIGRP neighbor state changes, use the eigrp log-neighbor-changes configuration command:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#router eigrp 55
Router1(config-router)#eigrp log-neighbor-changes
Router1(config-router)#exit
Router1(config)#end
Router1#
Another closely related feature is the eigrp log-neighbor-warnings configuration command:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#router eigrp 55
Router1(config-router)#eigrp log-neighbor-warnings 300
Router1(config-router)#exit
Router1(config)#end
Router1#
Discussion
When a neighbor relationship is lost, you also lose all of the routing entries for that neighbor. And the effects of this lost routing information are often felt throughout the network. Therefore, it can be extremely useful to have a good log of neighbor change events for troubleshooting strange intermittent network problems. However, this feature also gives you a good way of looking for faults on links that don't have a way of telling you about loss of connectivity.
Two important examples of this are tunnels and LAN extensions. In many cases, when the network breaks, bringing down a tunnel, the two tunnel end points are unable to see the problem. Similarly, in a LAN extension service, the two end point routers are both connected to Layer 2 LAN switches that are then bridged to one another through some other medium such as ATM. The problem in this case is that the intermediate network between the switches can break, and neither router will see a problem because they are both connected to an active switch port. It's also important to note that EIGRP neighbor relationships can break just because of noisy or congested links.
Whatever the cause, one of the easiest ways to detect a connectivity problem in the hidden network is to configure EIGRP between the routers via this link. In some cases, this will be done on a separate EIGRP process ID number to make it easier to differentiate between normal network topology changes and these hidden network faults. If you log EIGRP neighbor changes and configure the routers to send their SYSLOG events to a central fault management server, as discussed in Chapter 18, you can get an instant alarm on these types of problems.
The log messages generated by the eigrp log-neighbor-changes command show not only that the neighbors have changed, but they also give you an indication of why they changed state. This command is enabled by default:
Oct 2 22:00:38: %DUAL-5-NBRCHANGE: IP-EIGRP 55: Neighbor 172.25.2.1 (Serial0.1) is up: new adjacency
Oct 2 22:03:23: %DUAL-5-NBRCHANGE: IP-EIGRP 55: Neighbor 172.25.2.1 (Serial0.1) is down: summary configured
Oct 2 22:03:23: %DUAL-5-NBRCHANGE: IP-EIGRP 55: Neighbor 172.25.2.1 (Serial0.1) is up: new adjacency
Oct 2 22:04:14: %DUAL-5-NBRCHANGE: IP-EIGRP 55: Neighbor 172.25.2.1 (Serial0.1) is down: manually cleared
Oct 2 22:04:19: %DUAL-5-NBRCHANGE: IP-EIGRP 55: Neighbor 172.25.2.1 (Serial0.1) is up: new adjacency
Oct 2 22:07:26: %DUAL-5-NBRCHANGE: IP-EIGRP 55: Neighbor 172.25.2.1 (Serial0.1) is down: peer restarted
Oct 2 22:07:27: %DUAL-5-NBRCHANGE: IP-EIGRP 55: Neighbor 172.25.2.1 (Serial0.1) is up: new adjacency
Oct 2 22:30:06: %DUAL-5-NBRCHANGE: IP-EIGRP 55: Neighbor 172.25.2.1 (Serial0.1) is down: holding time expired
Oct 2 22:30:38: %DUAL-5-NBRCHANGE: IP-EIGRP 55: Neighbor 172.25.2.1 (Serial0.1) is up: new adjacency
In this example, we have shown four different reasons for EIGRP to reset its neighbor relationships. Of these, only the last one, an expired holding time, is likely to indicate a network fault. Because this command is enabled by default, if you don't want to see these messages, perhaps because you aren't interested in monitoring your neighbors, or because you have some other method of doing so, you must disable it as follows:
Router1(config)#router eigrp 55
Router1(config-router)#no eigrp log-neighbor-changes
The log-neighbor-warnings command is also enabled by default. This command causes the router to display warning information about problems with neighbors. The most common such warning is the "not on common subnet" message:
Oct 2 22:32:22: IP-EIGRP(Default-IP-Routing-Table:55): Neighbor 192.168.100
.112 not on common subnet for FastEthernet0/0
This command accepts a numerical argument, which specifies how often the router should repeat these warning messages in seconds. By default, the router will issue these warning messages roughly every 15 seconds. In many networks, this is unnecessarily frequent, though, and could result in losing more important messages from your router's logging buffer. In the example in the Solution section of this recipe, we have changed the frequency to once every five minutes:
Router1(config)#router eigrp 55
Router1(config-router)#eigrp log-neighbor-warnings 300