Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
867
Views
5
Helpful
1
Replies

DMVPN is not coming UP! @secondary router

Go to solution
prabinchand
Level 1
Level 1

‎01-16-2022 11:07 PM - last edited on ‎01-18-2022 12:20 AM by Community Manager

I am trying to form dmvpn between HEAD-OFFICE (primary and secondary router) & BRANCH but dmvpn is up only with HEAD-OFFICE-PRIMARY router & BRANCH router. NO any dmvpn is formed between HO-SECONDARY router. The config & topology is attached below:

NOTE: no any config it done on ISP SWTICH, it is just a layer 2 switch.

 

CONFIGURATION:

HEADOFFICE-PRIMARY:

HEAD-OFFICE-PRIMARY(config)#do sh run
Building configuration...

Current configuration : 1756 bytes
!
! Last configuration change at 11:33:35 UTC Mon Jan 17 2022
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname HEAD-OFFICE-PRIMARY
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
interface Tunnel1
description ***PRIMARY - TUNNEL****
ip address 50.50.50.1 255.255.255.248
no ip redirects
ip nhrp authentication SECURE
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 123456
!
interface Tunnel2
description ***SECONDARY -TUNNEL***
ip address 60.60.60.1 255.255.255.248
no ip redirects
ip nhrp authentication SECURE2
ip nhrp map multicast dynamic
ip nhrp network-id 2
tunnel source FastEthernet1/1
tunnel mode gre multipoint
tunnel key 456456
!
interface FastEthernet0/0
description ***PRIMARY ISP***
ip address 1.1.1.1 255.255.255.248
speed auto
duplex auto
!
interface FastEthernet0/1
ip address 192.168.10.1 255.255.255.0
standby 1 ip 192.168.10.10
standby 1 priority 110
standby 1 preempt
speed auto
duplex auto
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
description ***SECONDARY ISP***
ip address 2.2.2.1 255.255.255.248
speed auto
duplex auto
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

HEADOFFICE-SECONDARY:


HEAD-OFFICE-SECONDAR(config)#do sh run
Building configuration...

Current configuration : 1668 bytes
!
! Last configuration change at 12:25:02 UTC Mon Jan 17 2022
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname HEAD-OFFICE-SECONDARY
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
interface Tunnel1
ip address 50.50.50.3 255.255.255.248
no ip redirects
ip nhrp authentication SECURE
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 123456
!
interface Tunnel2
description ***SECONDARY -TUNNEL***
ip address 60.60.60.3 255.255.255.248
no ip redirects
ip nhrp authentication SECURE2
ip nhrp map multicast dynamic
ip nhrp network-id 2
tunnel source FastEthernet1/1
tunnel mode gre multipoint
tunnel key 456456
!
interface FastEthernet0/0
ip address 1.1.1.3 255.255.255.248
speed auto
duplex auto
!
interface FastEthernet0/1
ip address 192.168.10.2 255.255.255.0
standby 1 ip 192.168.10.10
standby 1 preempt
speed auto
duplex auto
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
description ***SEDONDARY - ISP***
ip address 2.2.2.3 255.255.255.248
speed auto
duplex auto
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end




BRANCH:

BRANCH(config)#do sh run
Building configuration...

Current configuration : 2170 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname BRANCH
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback1
ip address 192.168.100.100 255.255.255.255
!
interface Tunnel1
description ***PRIMARY - TUNNEL***
ip address 50.50.50.2 255.255.255.248
no ip redirects
ip nhrp authentication SECURE
ip nhrp map multicast dynamic
ip nhrp map multicast 1.1.1.1
ip nhrp map 50.50.50.1 1.1.1.1
ip nhrp map 50.50.50.3 1.1.1.3
ip nhrp map multicast 1.1.1.3
ip nhrp network-id 1
ip nhrp nhs 50.50.50.1
ip nhrp nhs 1.1.1.1
ip nhrp nhs 1.1.1.3 priority 1
ip nhrp nhs cluster 1 max-connections 1
ip nhrp nhs fallback 2
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 123456
!
interface Tunnel2
description ***SECONDARY - TUNNEL ***
ip address 60.60.60.2 255.255.255.248
no ip redirects
ip nhrp authentication SECURE2
ip nhrp map multicast 2.2.2.1
ip nhrp map 60.60.60.1 2.2.2.1
ip nhrp map 60.60.60.3 2.2.2.3
ip nhrp map multicast 2.2.2.3
ip nhrp network-id 2
ip nhrp nhs 60.60.60.1
ip nhrp nhs 2.2.2.1
ip nhrp nhs 2.2.2.3 priority 1
ip nhrp nhs cluster 1 max-connections 1
ip nhrp nhs fallback 2
tunnel source FastEthernet1/1
tunnel mode gre multipoint
tunnel key 456456
!
interface FastEthernet0/0
description ***PRIMARY -ISP***
ip address 1.1.1.2 255.255.255.248
speed auto
duplex auto
!
interface FastEthernet0/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
description ***SECONDARY -ISP***
ip address 2.2.2.2 255.255.255.248
speed auto
duplex auto
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end





Preview file
35 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP

‎01-17-2022 01:59 AM - last edited on ‎01-18-2022 12:35 AM by Community Manager

Hello,

 

at first glance, I would say the NHS mappings on your branch router are wrong. You need to map to the tunnel IP addresses, not the physical interfaces. Make the changes marked in bold:

 

interface Tunnel1
description ***PRIMARY - TUNNEL***
ip address 50.50.50.2 255.255.255.248
no ip redirects
ip nhrp authentication SECURE
ip nhrp map multicast dynamic
ip nhrp map multicast 1.1.1.1
ip nhrp map 50.50.50.1 1.1.1.1
ip nhrp map 50.50.50.3 1.1.1.3
ip nhrp map multicast 1.1.1.3
ip nhrp network-id 1
ip nhrp nhs 50.50.50.1
--> no ip nhrp nhs 1.1.1.1
--> no ip nhrp nhs 1.1.1.3 priority 1
ip nhrp nhs cluster 1 max-connections 1
ip nhrp nhs fallback 2
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 123456
!
interface Tunnel2
description ***SECONDARY - TUNNEL ***
ip address 60.60.60.2 255.255.255.248
no ip redirects
ip nhrp authentication SECURE2
ip nhrp map multicast 2.2.2.1
ip nhrp map 60.60.60.1 2.2.2.1
ip nhrp map 60.60.60.3 2.2.2.3
ip nhrp map multicast 2.2.2.3
ip nhrp network-id 2
ip nhrp nhs 60.60.60.1
--> no ip nhrp nhs 2.2.2.1
--> no ip nhrp nhs 2.2.2.3 priority 1
ip nhrp nhs cluster 1 max-connections 1
ip nhrp nhs fallback 2
tunnel source FastEthernet1/1
tunnel mode gre multipoint
tunnel key 456456

View solution in original post

1 Reply 1

Go to solution
Georg Pauwen
VIP
VIP

‎01-17-2022 01:59 AM - last edited on ‎01-18-2022 12:35 AM by Community Manager

Hello,

 

at first glance, I would say the NHS mappings on your branch router are wrong. You need to map to the tunnel IP addresses, not the physical interfaces. Make the changes marked in bold:

 

interface Tunnel1
description ***PRIMARY - TUNNEL***
ip address 50.50.50.2 255.255.255.248
no ip redirects
ip nhrp authentication SECURE
ip nhrp map multicast dynamic
ip nhrp map multicast 1.1.1.1
ip nhrp map 50.50.50.1 1.1.1.1
ip nhrp map 50.50.50.3 1.1.1.3
ip nhrp map multicast 1.1.1.3
ip nhrp network-id 1
ip nhrp nhs 50.50.50.1
--> no ip nhrp nhs 1.1.1.1
--> no ip nhrp nhs 1.1.1.3 priority 1
ip nhrp nhs cluster 1 max-connections 1
ip nhrp nhs fallback 2
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 123456
!
interface Tunnel2
description ***SECONDARY - TUNNEL ***
ip address 60.60.60.2 255.255.255.248
no ip redirects
ip nhrp authentication SECURE2
ip nhrp map multicast 2.2.2.1
ip nhrp map 60.60.60.1 2.2.2.1
ip nhrp map 60.60.60.3 2.2.2.3
ip nhrp map multicast 2.2.2.3
ip nhrp network-id 2
ip nhrp nhs 60.60.60.1
--> no ip nhrp nhs 2.2.2.1
--> no ip nhrp nhs 2.2.2.3 priority 1
ip nhrp nhs cluster 1 max-connections 1
ip nhrp nhs fallback 2
tunnel source FastEthernet1/1
tunnel mode gre multipoint
tunnel key 456456
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card