Migrate EIGRP Configuration from Flexconfig to MC UI

Available Languages

Download Options

  • PDF     (197.0 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (233.8 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (253.8 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:May 10, 2023
Document ID:220449

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes what the behavior is after the upgrade to version 7.2, when EIGRP configuration is used in the MC/TD devices. 

    Prerequisites

    Requirements

    Cisco recommends that you have basic knowledge of these topics:

    • EIGRP Protocol

    • FlexConfig feature

    • Upgrade process

    Components Used

    This feature was introduced in version 7.1 per the release note of that version. This document uses these software and hardware versions:

    • SecureFirewall Management Center (MC) version 7.1.0 and 7.2.0

    • SecureFirewall Threat Defense (TD) version 7.1.0 and 7.2.0

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    Background Information

    Prior to version 7.2, EIGRP configuration was supported in Secure Firewall Threat Defense devices via Flexconfig. In version 7.2, you can now use the management center web interface to configure EIGRP.

    Notice for 7.3+:

    After version 7.3, this migration script is deprecated. Refer to this guide on how to use FlexConfig Migration to configure EIGRP:

    https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/730/management-center-device-config-73/flex-config.html#Cisco_Task.dita_380221ea-8356-4343-b852-609e61a69193

    Configurations

    Prior to version 7.2, the EIGRP configuration is done as follows:

    1. Create FlexConfig objects for EIGRP.

    Create FlexConfig Objects for EIGRP

    2. Assign the FlexConfig objects to the FlexConfig Policy. 

    Assign FelxConfig Objects to the FlexConfig Policy

    3. Finally, deploy this configuration to managed devices.

    The EIGRP configuration via TD CLI is visualized with show commands:

    firepower# show run router router eigrp 3  neighbor 10.40.2.2 interface OUTSIDE  network 10.40.2.0 255.255.255.0  

    firepower# show run | inc eigrp
     authentication key eigrp 3 ***** key-id 120
     authentication mode eigrp 3 md5
     hello-interval eigrp 3 60
     hold-time eigrp 3 60

    For this demonstration: Prior to the upgrade of the MC to version 7.2, the TD device has the previously shown EIGRP configuration. It was configured via FlexConfig.

    Once the MC is upgraded to version 7.2, an automatic deployment gets available post-upgrade process. (This is normal behavior.)

    After the deployment of this pending deployment post-upgrade, this warning appears:

    After Deployment of Pending Deployment Post-upgrade, this Warning Appears

    warning-icon

    Warning: FlexConfig Object includes commands for EIGRP that you can now configure and use the Threat Defense Routing policy. You must remove the objects and redo the configuration in the Threat Defense Routing policy (under Device Listing > Routing EIGRP).


    This first deployment post-upgrade of the MC to version 7.2 is successful and does not remove the EIGRP configuration from TD.

    Troubleshoot

    Navigate to System > Monitoring > Audit. An audit log was created for the migration of the EIGRP Flexconfig configuration.

    Audit Log Created for Migration of EGIRP FlexConfig Configuration

    Open the report to confirm which EIGRP configuration was migrated to the MC UI.  

    Open Report to Confirm Whcih EIGRP Comfiguration was Migrated to the MC UI

    Related Information

    Secure Firewall Management Center Device Configuration Guide, 7.2 | Migrating FlexConfig Policies

    Revision History

    Revision Publish Date Comments
    1.0
    10-May-2023
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Gabriel Cruz Tavira
      Cisco TAC Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products