Solved

DMVPN HUB Configuraion

Posted on 2014-10-18
7
1,054 Views
Last Modified: 2014-10-19
I have the topology shown in the screenshot and the configuration of each router.
However, I believe I am supposed to see information about DMVPN and/or NHRP on the HUB router which is R1, but it shows empty:

 
R1#sh dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
        N - NATed, L - Local, X - No Socket
        # Ent --> Number of NHRP entries with same NBMA peer
        NHS Status: E --> Expecting Replies, R --> Responding
        UpDn Time --> Up or Down Time for a Tunnel
==========================================================================


R1#sh ip nhrp

R1#

Open in new window

=====================
On R2 and R3, there is Information shown regarding DMVPN and NHRP:
R2#sh dmvpn
 
==========================================================================

Interface: Tunnel0, IPv4 NHRP Details

IPv4 NHS: 192.168.0.1  E
Type:Spoke, Total NBMA Peers (v4/v6): 1

# Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb    Target Network
----- --------------- --------------- ----- -------- ----- -----------------
    1    172.16.15.1     192.168.0.1  INTF    never    S     192.168.0.1/32


R2#

Open in new window

R2#sh ip nhrp
192.168.0.1/32 via 192.168.0.1
   Tunnel0 created 00:30:27, never expire
   Type: static, Flags:
   NBMA address: 172.16.15.1
R2#

Open in new window

R3#sh dmvpn
 ==========================================================================

Interface: Tunnel0, IPv4 NHRP Details

IPv4 NHS: 192.168.0.1  E
Type:Spoke, Total NBMA Peers (v4/v6): 1

# Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb    Target Network
----- --------------- --------------- ----- -------- ----- -----------------
    1    172.16.15.1     192.168.0.1  NHRP 00:18:07    S     192.168.0.1/32


R3#

Open in new window

R3#sh ip nhrp
192.168.0.1/32 via 192.168.0.1
   Tunnel0 created 00:18:53, never expire
   Type: static, Flags: used
   NBMA address: 172.16.15.1
R3#

Open in new window






DMVPN


 R1#sh run
Building configuration...

Current configuration : 1220 bytes
! Last configuration change at 08:19:20 UTC Sat Oct 18 2014
upgrade fpd auto
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
ip source-route
no ip icmp rate-limit unreachable
ip cef
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
redundancy
!
ip tcp synwait-time 5
!
interface Tunnel0
 ip address 192.168.0.1 255.255.255.0
 ip nhrp map multicast dynamic
 ip nhrp network-id 1
 tunnel source 172.16.15.1
 !
interface FastEthernet0/0
 ip address 172.16.15.1 255.255.255.0
 duplex auto
 speed auto
 !
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
 !
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 172.16.15.4
!
control-plane
 !
mgcp fax t38 ecm
mgcp behavior g729-variants static-pt
!
gatekeeper
 shutdown
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line vty 0 4
 login
!
end

R1#
==========================================

R4#sh run
Building configuration...

Current configuration : 1137 bytes
!
! Last configuration change at 07:56:41 UTC Sat Oct 18 2014
!
upgrade fpd auto
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
!
ip source-route
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
 
!
redundancy
!
!
ip tcp synwait-time 5
 
!
interface FastEthernet0/0
 ip address 172.16.15.4 255.255.255.0
 duplex auto
 speed auto
 !
!
interface FastEthernet0/1
 ip address 172.16.25.2 255.255.255.0
 duplex auto
 speed auto
 !
!
interface FastEthernet1/0
 ip address 172.16.35.3 255.255.255.0
 duplex full
 !
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
 
control-plane
 !
!
!
mgcp fax t38 ecm
mgcp behavior g729-variants static-pt
!
!
!
gatekeeper
 shutdown
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line vty 0 4
 login
!
end

R4#
===========================================================



R2#sh run
Building configuration...

Current configuration : 1288 bytes
!
! Last configuration change at 08:21:37 UTC Sat Oct 18 2014
!
upgrade fpd auto
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
!
ip source-route
no ip icmp rate-limit unreachable
ip cef
!
 
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
 
!
redundancy
!
!
ip tcp synwait-time 5
 
!
interface Tunnel0
 ip address 192.168.0.2 255.255.255.0
 ip nhrp map multicast 172.16.15.1
 ip nhrp map 192.168.0.1 172.16.15.1
 ip nhrp network-id 1
 ip nhrp nhs 192.168.0.1
 tunnel source 172.16.25.22
 !
!
interface FastEthernet0/0
 ip address 172.16.25.22 255.255.255.0
 duplex auto
 speed auto
 !
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
 !
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 172.16.25.2
 
!
control-plane
 
!
mgcp fax t38 ecm
mgcp behavior g729-variants static-pt
!
!
!
gatekeeper
 shutdown
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line vty 0 4
 login
!
end

R2#
=================================================



R3#sh run
Building configuration...

Current configuration : 1333 bytes
!
! Last configuration change at 08:27:03 UTC Sat Oct 18 2014
!
upgrade fpd auto
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
 
ip source-route
no ip icmp rate-limit unreachable
ip cef
 
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
 
!
redundancy
!
!
ip tcp synwait-time 5
 
!
interface Tunnel0
 ip address 192.168.0.3 255.255.255.0
 no ip redirects
 ip nhrp map multicast 172.16.15.1
 ip nhrp map 192.168.0.1 172.16.15.1
 ip nhrp network-id 1
 ip nhrp nhs 192.168.0.1
 tunnel source 172.16.35.33
 tunnel mode gre multipoint
 !
!
interface FastEthernet0/0
 ip address 172.16.35.33 255.255.255.0
 duplex auto
 speed auto
 !
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
 !
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 172.16.35.3
 
!
control-plane
 !
!
!
mgcp fax t38 ecm
mgcp behavior g729-variants static-pt
!
!
!
gatekeeper
 shutdown
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line vty 0 4
 login
!
end

R3#
==================================================

Open in new window

0
Comment
Question by:jskfan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 22

Assisted Solution

by:Jody Lemoine
Jody Lemoine earned 500 total points
ID: 40389529
You're missing "tunnel mode gre multipoint" on the tunnel interfaces of R1 and R2. Without that, the tunnel defaults to point-to-point GRE and won't work unless you give it a destination, which defeats the point of DMVPN. try making that change and let me know if it works any better.
0
 

Author Comment

by:jskfan
ID: 40389756
You are Correct!!
I see something different on R1 now

R1#sh dmvpn
 ==========================================================================

Interface: Tunnel0, IPv4 NHRP Details
Type:Hub, Total NBMA Peers (v4/v6): 2

# Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb    Target Network
----- --------------- --------------- ----- -------- ----- -----------------
    1   172.16.25.22     192.168.0.2    UP 00:00:39    D     192.168.0.2/32

    1   172.16.35.33     192.168.0.3    UP 00:02:19    D     192.168.0.3/32


R1#sh ip nhrp
192.168.0.2/32 via 192.168.0.2
   Tunnel0 created 00:00:50, expire 01:59:09
   Type: dynamic, Flags: unique registered
   NBMA address: 172.16.25.22
192.168.0.3/32 via 192.168.0.3
   Tunnel0 created 00:02:30, expire 01:57:29
   Type: dynamic, Flags: unique registered
   NBMA address: 172.16.35.33
R1#

Open in new window

0
 

Author Comment

by:jskfan
ID: 40389851
But I see R2 and R3 still goes through R1 to reach each other:

R2#ping 172.16.35.33

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.35.33, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/58/80 ms
R2#sh dmvpn
 ==========================================================================

Interface: Tunnel0, IPv4 NHRP Details

IPv4 NHS: 192.168.0.1 RE
Type:Spoke, Total NBMA Peers (v4/v6): 1

# Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb    Target Network
----- --------------- --------------- ----- -------- ----- -----------------
    1    172.16.15.1     192.168.0.1    UP 00:12:50    S     192.168.0.1/32
R2#

Open in new window




R3#ping 172.16.25.22

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.25.22, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/53/84 ms
R3#sh dm
R3#sh dmvpn
 ==========================================================================

Interface: Tunnel0, IPv4 NHRP Details

IPv4 NHS: 192.168.0.1 RE
Type:Spoke, Total NBMA Peers (v4/v6): 1

# Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb    Target Network
----- --------------- --------------- ----- -------- ----- -----------------
    1    172.16.15.1     192.168.0.1    UP 00:15:38    S     192.168.0.1/32

R3#

Open in new window

0
How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

 
LVL 22

Accepted Solution

by:
Jody Lemoine earned 500 total points
ID: 40390159
Those tests aren't actually going through R1 or through the DMVPN at all. They're going through your default route via R4 and returning the same way. Because you have no routing protocols or shortcut switching enabled on your DMVPN at this point, only the directly-connected 192.168.0.0/24 network will be reachable through it. If you want to test spoke-to-spoke reachability from R2, you need to ping 192.168.0.3 in order to keep the traffic within the tunnel. From R3, you need to ping 192.168.0.2.
0
 

Author Comment

by:jskfan
ID: 40390250
It worked after ping 192.168.0.x from R2 to R3 and back
R2#ping  192.168.0.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.3, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 100/110/124 ms

R2#sh dmvpn
 
Interface: Tunnel0, IPv4 NHRP Details

IPv4 NHS: 192.168.0.1 RE
Type:Spoke, Total NBMA Peers (v4/v6): 2

# Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb    Target Network
----- --------------- --------------- ----- -------- ----- -----------------
    1    172.16.15.1     192.168.0.1    UP 03:29:46    S     192.168.0.1/32

    1   172.16.35.33     192.168.0.3    UP 00:00:05    D     192.168.0.3/32

R2#

Open in new window


R3#ping 192.168.0.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 96/104/120 ms

R3#sh dmvpn
 
Interface: Tunnel0, IPv4 NHRP Details

IPv4 NHS: 192.168.0.1 RE
Type:Spoke, Total NBMA Peers (v4/v6): 2

# Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb    Target Network
----- --------------- --------------- ----- -------- ----- -----------------
    1    172.16.15.1     192.168.0.1    UP 03:31:56    S     192.168.0.1/32

    1   172.16.25.22     192.168.0.2    UP 00:00:34    D     192.168.0.2/32
R3#

Open in new window

0
 
LVL 22

Assisted Solution

by:Jody Lemoine
Jody Lemoine earned 500 total points
ID: 40390260
There you go! Now you have a working DMVPN. Next step is to start routing things through it.
0
 

Author Closing Comment

by:jskfan
ID: 40390718
Thanks for your help!!
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question