Solved: Re: DMVPN 3 Phase

Mlex1 · ‎07-18-2024

Hello every one here my all config, currently i can ping everywhere on my topology from everywhere, my question is i want check 3 phase working or not in my topology thanks in advance.

ISP config

interface GigabitEthernet0/0
ip address 172.16.0.100 255.255.255.0
!
interface GigabitEthernet0/1
ip address 172.16.1.100 255.255.255.0
no shut
!
interface GigabitEthernet0/2
ip address 172.16.2.100 255.255.255.0
no shut

HUb config

!
interface GigabitEthernet0/0
description TO-ISP1
ip address 172.16.0.1 255.255.255.0
!
interface GigabitEthernet0/1
ip address 192.168.0.1 255.255.255.0
!

interface Tunnel0
ip address 10.1.0.1 255.255.255.0
no ip redirects
ip nhrp network-id 1001
ip nhrp redirect
tunnel source 172.16.0.1
tunnel mode gre multipoint

!

router eigrp EIGRP
!
address-family ipv4 unicast autonomous-system 1
!
topology base
exit-af-topology
network 10.1.0.0 0.0.0.255
network 192.168.0.0
exit-address-family

!

ip route 0.0.0.0 0.0.0.0 172.16.0.100

!

SPOKE1 Config

!
interface GigabitEthernet0/0
ip address 172.16.1.1 255.255.255.0
!
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
!

interface Tunnel0
ip address 10.1.0.3 255.255.255.0
no ip redirects
ip nhrp authentication dmvpn
ip nhrp map 10.1.0.1 172.16.0.1
ip nhrp map multicast 172.16.0.1

ip nhrp shortcut
ip nhrp network-id 1001
ip nhrp nhs 10.1.0.1
tunnel source 172.16.1.1
tunnel mode gre multipoint
!

router eigrp EIGRP
!
address-family ipv4 unicast autonomous-system 1
!
topology base
exit-af-topology
network 10.1.0.0 0.0.0.255
network 192.168.1.0
exit-address-family

!
ip route 0.0.0.0 0.0.0.0 172.16.1.100
!

SPOKE2 Config

!

interface GigabitEthernet0/0
description TO-ISP1
ip address 172.16.2.1 255.255.255.0
!
interface GigabitEthernet0/1
ip address 192.168.2.1 255.255.255.0
!

interface Tunnel0
ip address 10.1.0.4 255.255.255.0
no ip redirects
ip nhrp authentication dmvpn
ip nhrp map 10.1.0.1 172.16.0.1
ip nhrp map multicast 172.16.0.1

ip nhrp shortcut
ip nhrp network-id 1001
ip nhrp nhs 10.1.0.1
tunnel source 172.16.2.1
tunnel mode gre multipoint
!

router eigrp EIGRP
!
address-family ipv4 unicast autonomous-system 1
!
topology base
exit-af-topology
network 10.1.0.0 0.0.0.255
network 192.168.2.0
exit-address-family

!

ip route 0.0.0.0 0.0.0.0 172.16.2.100

Спрашивай все что хочешь

MHM Cisco World · ‎07-18-2024

Hun tunnel need one more command

Ip nhrp map multicast dynamic

How can you check phaseIII

Ping from lan in spoke to lan in other spoke

Do

Debug ip nhrp

See if hub send redirect

Check rib see if there is % with prefix

% meaning the next hop is modify by hub

MHM

View solution in original post

MHM Cisco World · ‎07-18-2024

Hun tunnel need one more command

Ip nhrp map multicast dynamic

How can you check phaseIII

Ping from lan in spoke to lan in other spoke

Do

Debug ip nhrp

See if hub send redirect

Check rib see if there is % with prefix

% meaning the next hop is modify by hub

MHM

Mlex1 · ‎07-18-2024

maybe it bug on eve-ng program ping successful from LAN hub to everywhere, but from SPOKE's ping unsuccessful full just lan network, tunnels ip add ping successful

Спрашивай все что хочешь

Mlex1 · ‎07-18-2024

everything is ok thank you i understand my mistake

now i see on rib % and also 3 phase woed H

show ip route

S* 0.0.0.0/0 [1/0] via 172.16.1.100
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C 10.1.0.0/24 is directly connected, Tunnel0
L 10.1.0.3/32 is directly connected, Tunnel0
H 10.1.0.4/32 is directly connected, 00:07:32, Tunnel0
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.1.0/24 is directly connected, GigabitEthernet0/0
L 172.16.1.1/32 is directly connected, GigabitEthernet0/0
D 192.168.0.0/24 [90/76805120] via 10.1.0.1, 00:01:14, Tunnel0
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet0/1
L 192.168.1.1/32 is directly connected, GigabitEthernet0/1
D % 192.168.2.0/24 [90/102405120] via 10.1.0.1, 00:01:14, Tunnel0

Спрашивай все что хочешь

Mlex1 · ‎07-18-2024

mmm from lan network can't ping lan netwroкk SPOKE2,

I'll figure out what the problem after work type the result

Спрашивай все что хочешь

MHM Cisco World · ‎07-18-2024

Under eigrp address family

Add

No split horizon

Since we use eigrp'

This need for all spoke and hub

MHM

paul driver · ‎07-21-2024

Hello
Apart from enabling the suggested multicast on the Hub(NHS) it seems you are also missing authentication, and disabling split-horizon on the hub tunnel.

Lastly strongly suggest NOT to use tunnel 0-1 etc use a high tunnel number (higher the better) this way any other routing process that create tunnels automatically ( like PIM) can do and you wont run into any duplication issues.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul