01-22-2019 09:39 AM
I am getting alarm Tunnel0 protocol "DOWN" interface periodically.
When i checked "Show ip int br" in Cisco ASR920, Tunnel0 interface showing status “up” and protocol “down”, how we can make this protocol “up”. Could any one Explain?
01-22-2019 10:33 AM
We do not know enough about your environment to give you good answers. Why it is protocol down will depend on how the tunnel is configured and so addressing how to bring it up will depend on understanding how it is configured and what causes it to be down. If it is a simple GRE tunnel configured with keepalives then there may be connectivity issues to the remote peer. But who is the peer and how to test would require knowledge of your network that we do not have. If it is a GRE tunnel with ipsec encryption then it may be down because of problems in negotiating encryption with the peer. If the tunnel is a VTI encrypted tunnel similar to the GRE ipsec configuration it may be issues with connectivity or issues in negotiating the encryption. Give us more information to work with and we will try to provide some answers.
HTH
Rick
01-22-2019 10:53 AM
Thanks Richard for the reply.
Routers are connected in a ring topology.
See the below running configuration. It may helpful.
ASR920-01#sh run
Building configuration...
Current configuration : 7513 bytes
!
version 15.6
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
no platform punt-keepalive disable-kernel-core
platform bfd-debug-trace 1
platform xconnect load-balance-hash-algo mac-ip-instanceid
platform tcam-parity-error enable
platform tcam-threshold alarm-frequency 1
!
hostname ASR920-01
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
logging buffered 64000 informational
!
no aaa new-model
facility-alarm critical exceed-action shutdown
!
ip vrf CCTV
rd 64520:101
mdt default 239.232.0.101
mdt data 239.232.101.0 0.0.0.255 threshold 1
mdt log-reuse
route-target export 64520:101
route-target import 64520:101
!
!
!
!
!
!
!
!
!
ip domain name xxxxxx
!
!
!
!
!
!
!
!
!
!
mpls label protocol ldp
mpls ldp graceful-restart
mpls ldp igp sync holddown 2000
!
!
multilink bundle-name authenticated
!
key chain ASR
key 1
key-string 7 023C2C4D5C5H54261E0612
accept-lifetime 01:00:00 Jun 14 2018 infinite
send-lifetime 01:00:00 Jun 14 2018 infinite
!
!
sdm prefer default
!
username ASR920 privilege 15 password 7 063502202156SDF41SDF30B
!
redundancy
!
!
!
!
!
transceiver type all
monitoring
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 10.255.2.4 255.255.255.255
isis tag 10
!
interface GigabitEthernet0/0/0
no ip address
media-type rj45
negotiation auto
!
interface GigabitEthernet0/0/1
no ip address
media-type rj45
negotiation auto
!
interface GigabitEthernet0/0/2
no ip address
media-type rj45
negotiation auto
!
interface GigabitEthernet0/0/3
no ip address
media-type rj45
negotiation auto
service instance 424 ethernet
encapsulation dot1q 4024
rewrite ingress tag pop 1 symmetric
xconnect 10.255.0.101 4024 encapsulation mpls
backup peer 10.255.0.102 4024
!
!
interface GigabitEthernet0/0/4
no ip address
media-type rj45
negotiation auto
!
interface GigabitEthernet0/0/5
description "CCTV"
ip vrf forwarding CCTV
ip address 10.1.2.30 255.255.255.248
ip pim sparse-dense-mode
ip igmp version 3
media-type rj45
power inline static max 30000
negotiation auto
!
interface GigabitEthernet0/0/6
no ip address
media-type rj45
negotiation auto
!
interface GigabitEthernet0/0/7
no ip address
media-type rj45
negotiation auto
!
interface GigabitEthernet0/0/8
no ip address
media-type sfp
negotiation auto
no keepalive
service instance 24 ethernet
encapsulation dot1q 1162-1164,1262-1264,1362-1364,1462-1464,3662-3664,3762-3764
rewrite ingress tag push dot1q 10 symmetric
xconnect 10.255.0.102 24 encapsulation mpls
!
!
interface GigabitEthernet0/0/9
no ip address
negotiation auto
!
interface GigabitEthernet0/0/10
no ip address
negotiation auto
!
interface GigabitEthernet0/0/11
no ip address
negotiation auto
!
interface TenGigabitEthernet0/0/12
no ip address
!
interface TenGigabitEthernet0/0/13
no ip address
!
interface TenGigabitEthernet0/0/14
description "sfdsdfsfg"
dampening
mtu 9216
ip address 10.0.20.89 255.255.255.252
ip router isis ACC-AGG
load-interval 30
no negotiation auto
mpls ip
mpls ldp igp sync delay 25
bfd interval 50 min_rx 50 multiplier 3
cdp enable
clns mtu 9000
isis circuit-type level-2-only
isis network point-to-point
isis authentication key-chain NDMC
!
interface TenGigabitEthernet0/0/15
description "dhvbhsdfdsgkjsbdfj "
dampening
mtu 9216
ip address 10.0.20.94 255.255.255.252
ip router isis ACC-AGG
load-interval 30
no negotiation auto
mpls ip
mpls ldp igp sync delay 25
bfd interval 50 min_rx 50 multiplier 3
cdp enable
clns mtu 9000
isis circuit-type level-2-only
isis network point-to-point
isis authentication key-chain NDMC
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
negotiation auto
!
router isis ASR-ACC
net 49.0020.0102.5500.2004.00
is-type level-2-only
authentication mode md5
authentication key-chain NDMC
ispf level-2
metric-style wide
fast-flood
set-overload-bit on-startup 360
max-lsp-lifetime 65535
lsp-refresh-interval 65000
spf-interval 5 50 200
prc-interval 5 50 200
lsp-gen-interval 5 50 200
no hello padding
log-adjacency-changes
fast-reroute per-prefix level-2 route-map FRR
fast-reroute remote-lfa level-2 mpls-ldp
passive-interface Loopback0
bfd all-interfaces
mpls ldp sync
!
router bgp 64520
bgp router-id 10.255.2.4
bgp log-neighbor-changes
bgp graceful-restart
no bgp default ipv4-unicast
neighbor AGG peer-group
neighbor AGG remote-as 64520
neighbor AGG password 7 0337560A141B6C6F471D00
neighbor AGG update-source Loopback0
neighbor 10.255.0.34 peer-group AGG
neighbor 10.255.0.43 peer-group AGG
!
address-family ipv4
network 10.0.20.88 mask 255.255.255.252
network 10.0.20.92 mask 255.255.255.252
network 10.255.2.4 mask 255.255.255.255
neighbor AGG send-community both
neighbor AGG send-label
neighbor 10.255.0.34 activate
neighbor 10.255.0.43 activate
maximum-paths ibgp 2
exit-address-family
!
address-family vpnv4
neighbor AGG send-community both
neighbor 10.255.0.34 activate
neighbor 10.255.0.43 activate
exit-address-family
!
address-family ipv4 mdt
neighbor 10.255.0.34 activate
neighbor 10.255.0.43 activate
exit-address-family
!
address-family ipv4 vrf CCTV
redistribute connected
exit-address-family
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip tftp source-interface TenGigabitEthernet0/0/15
ip ssh version 2
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
!
ip prefix-list AGG-LPBKS seq 5 permit 10.255.0.34/32
ip prefix-list AGG-LPBKS seq 10 permit 10.255.0.43/32
logging source-interface Loopback0
logging host 10.0.1.100
!
route-map FRR permit 10
match tag 10
!
route-map FRR permit 20
match ip address prefix-list AGG-LPBKS
!
snmp-server community NDMC RO
snmp-server community Smart-City RW
snmp-server trap-source Loopback0
snmp-server queue-length 1000
snmp-server enable traps snmp authentication linkdown linkup
snmp-server enable traps tty
snmp-server enable traps bfd
snmp-server enable traps bgp state-changes limited
snmp-server enable traps config
snmp-server enable traps ipmulticast
snmp-server enable traps isis
snmp-server enable traps ipsla
snmp-server enable traps memory bufferpeak
snmp-server enable traps entity-state
snmp-server enable traps fru-ctrl
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps cef resource-failure peer-state-change
snmp-server enable traps mpls rfc ldp
snmp-server enable traps mpls ldp session-up session-down
snmp-server enable traps bulkstat collection transfer
snmp-server enable traps rf
snmp-server enable traps vrfmib vrf-up vrf-down
snmp-server enable traps mpls vpn
snmp-server enable traps mpls rfc vpn
snmp-server host 10.0.1.10 version 2c ASR
snmp ifmib ifindex persist
mpls ldp router-id Loopback0 force
!
!
control-plane
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login local
transport input all
transport output all
!
!
!
!
!
!
end
01-22-2019 11:34 AM - edited 01-22-2019 11:35 AM
It is interesting that there is no configuration for tunnel0. I believe this is because the tunnel is created and used by the xconnect commands on Gig0/0/3 and Gig0/0/8. Can you post the output of show interface for the 3 interfaces tunnel0, Gig0/0/3, and Gig0/0/8? Perhaps that will provide some insight.
HTH
Rick
01-22-2019 07:22 PM
Richard,
It is a Access router in our topology not the CORE/AGG.
ASR920-01#sh interfaces tunnel0
Tunnel0 is up, line protocol is down
Hardware is Tunnel
Interface is unnumbered. Using address of Loopback0 (10.255.2.4)
MTU 17916 bytes, BW 100 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel linestate evaluation down - no IPv4 tunnel source address
Tunnel source UNKNOWN
Tunnel protocol/transport multi-GRE/IP
Key disabled, sequencing disabled
Checksumming of packets disabled
Tunnel TTL 255, Fast tunneling enabled
Tunnel transport MTU 1476 bytes
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input never, output never, output hang never
Last clearing of "show interface" counters 5d19h
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
ASR920-01#sh int gigabitEthernet 0/0/3
GigabitEthernet0/0/3 is up, line protocol is up
Hardware is 12xGE-4x10GE-FIXED, address is 700f.6aa4.9e03 (bia 700f.6aa4.9e03)
Description: "Connected To Access-Point"
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full Duplex, 1000Mbps, link type is auto, media type is RJ45
output flow-control is unsupported, input flow-control is on
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 9000 bits/sec, 9 packets/sec
5 minute output rate 2000 bits/sec, 2 packets/sec
9536643 packets input, 2751481434 bytes, 0 no buffer
Received 345 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 30493 multicast, 0 pause input
6656645 packets output, 6803693868 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
ASR920-01#sh int gigabitEthernet 0/0/8
GigabitEthernet0/0/8 is up, line protocol is up
Hardware is 12xGE-4x10GE-FIXED, address is 700f.6aa4.9e08 (bia 700f.6aa4.9e08)
Description: "Connected to xxxxx Small-Cell"
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not set
Full Duplex, 1000Mbps, link type is auto, media type is LX
output flow-control is unsupported, input flow-control is on
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 983000 bits/sec, 474 packets/sec
5 minute output rate 2573000 bits/sec, 619 packets/sec
335512018 packets input, 70176352710 bytes, 0 no buffer
Received 3189 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 7 multicast, 0 pause input
450542989 packets output, 162863523297 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
01-23-2019 05:58 AM
Thank you for posting the output. I believe that these 2 lines are significant
Tunnel linestate evaluation down - no IPv4 tunnel source address
Tunnel source UNKNOWN
I suspect that this reflects something in the configuration. But since you are not configuring the tunnel I am not sure how to fix it. Is this causing a problem? Or is it something you noticed and wanted to investigate?
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide