Shen
asked on
Tunnel Down
We have been trying to setup a tunnel between two routers.
Routers 1 is connected to Switch 1 through interface GigabitEthernet0/1 using a tunnel with source a subinterface (gig0/1.723). Router 2 is connected to this Switch 1 through port 8 with an ethernet cable. However the tunnel line protocol remains down. Could this be a recursive problem. What can we do?
I am attaching a file with the sections form each device that we changed.
Routers 1 is connected to Switch 1 through interface GigabitEthernet0/1 using a tunnel with source a subinterface (gig0/1.723). Router 2 is connected to this Switch 1 through port 8 with an ethernet cable. However the tunnel line protocol remains down. Could this be a recursive problem. What can we do?
I am attaching a file with the sections form each device that we changed.
To resolve tunnel recursive problem the easiest solution is use static route to tunnel destination.
Something like this:
Something like this:
interface Tunnel1
ip address 172.30.0.1 255.255.255.252
tunnel source 1.1.1.1
tunnel destination 2.2.2.2
!
interface FastEthernet0/0
ip address 192.168.0.1 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 192.168.0.2
ip route 2.2.2.2 255.255.255.255 192.168.0.2
ASKER
We have eigrp running on both routers. Please reference the file that I attached. We have other tunnels and they work. The only difference with this tunnel is that it is currently connected directly in our lab. When we get it to work, we will take the second router (router 2 in the file) to the site. I will have to wait until Monday to check the routers again ( shop closed until Monday). If I remember "show log" at one point was showing: ip source: ip (local), destination=ip encapsulation failed. Also "sh ip route" did not show any eigrp routes.
IF you can check the file attached can you see anything that could be a problem?
IF you can check the file attached can you see anything that could be a problem?
There is no attached file. But, anyway, static route will solve recursive routing problem. Static route can be more specific and have better AD than EIGRP.
You can find configuration example and explanation here:
The "%TUN-5-RECURDOWN" Error Message and Flapping EIGRP/OSPF/BGP Neighbors Over a GRE Tunnelhttps://www.experts-exchange.com/questions/29020805/Tunnel-Down.html#
You can find configuration example and explanation here:
The "%TUN-5-RECURDOWN" Error Message and Flapping EIGRP/OSPF/BGP Neighbors Over a GRE Tunnelhttps://www.experts-exchange.com/questions/29020805/Tunnel-Down.html#
ASKER
how can I see that I we have recursion? when we do a traceroute it just fails.
can we check what is going on with eigrp through maybe debug statements. The routing table is not showing any eigrp routes.
can we check what is going on with eigrp through maybe debug statements. The routing table is not showing any eigrp routes.
For recursive problem you will see message from above in logs
%TUN-5-RECURDOWN.......
If you are accessing via console you should see message in console since it is repeating itself.
Tunnel can be in up up state even if created with incorrect IP addresses or traffic is not properly natted etc...
Tunnel0 x.x.x.x YES manual up up <--- does not mean that tunnel is really functioning
Are you able to ping other side of tunnel?
%TUN-5-RECURDOWN.......
If you are accessing via console you should see message in console since it is repeating itself.
Tunnel can be in up up state even if created with incorrect IP addresses or traffic is not properly natted etc...
Tunnel0 x.x.x.x YES manual up up <--- does not mean that tunnel is really functioning
Are you able to ping other side of tunnel?
ASKER
i am console connected. Don't see any messages on the screen.
when i enter "show log"
only see tunnel source and destination. Don't see any errors
when i enter "show log"
only see tunnel source and destination. Don't see any errors
Then looks like you don't have recursive routing problem after all.
Most likely, bad configuration, NAT or routing problem is present.
Can you ping other side of tunnel?
Can you paste router configurations? If you can do so, please REMOVE sensitive configure parts in that case - IP addresses, passwords etc.
Most likely, bad configuration, NAT or routing problem is present.
Can you ping other side of tunnel?
Can you paste router configurations? If you can do so, please REMOVE sensitive configure parts in that case - IP addresses, passwords etc.
ASKER
I can only ping addresses within the routers. can't ping any address on the other side or the other router (either way)
we are not using nat for this.
partial configurations attached.
Tunnel-Configurations.txt
we are not using nat for this.
partial configurations attached.
Tunnel-Configurations.txt
Not sure what is point here, you are creating tunnel between two directly connected interfaces. :)
Beside not having much sense...
Is some interface shut (e.g R1 Gi0/1)?
Check your interface statuses (should be up up)
On router and switch
sh ip int brief
On switch
sh int status
Additionally, if you manually configure duplex and speed on one side make sure that you at least configure duplex on the other side. (but it is typical to configure speed too).
Interface fa0/7 should negotiated duplex half ( duplex mismatch).
:)
Beside not having much sense...
Is some interface shut (e.g R1 Gi0/1)?
Check your interface statuses (should be up up)
On router and switch
sh ip int brief
On switch
sh int status
Additionally, if you manually configure duplex and speed on one side make sure that you at least configure duplex on the other side. (but it is typical to configure speed too).
Interface fa0/7 should negotiated duplex half ( duplex mismatch).
:)
ASKER
when we see the tunnels working in our shop, we will move one of the router to another location. We are just testing the tunnel before to make sure they work.
last question:
when i do "show log" i see:
tunnel11: gre/ip encapsulated IP: (local), d=ip , len (124) encapsulation failed.
last question:
when i do "show log" i see:
tunnel11: gre/ip encapsulated IP: (local), d=ip , len (124) encapsulation failed.
tunnel11: gre/ip encapsulated IP: (local), d=ip , len (124) encapsulation failed. <--- That is one of the inside tunnel settings: phases, encryption and like.
Encapsulation failed - typically means that other side did not respond to ARP request so device that is creating frame do not have MAC address of neighboring device and can't encapsulate L3 packet with L2 header and trailer.
ASKER
can this encapsulation failure be fixed?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Did you try turning NAT Traversal ON (Advanced settings)