Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
938
Views
0
Helpful
3
Replies

DMVPN - prevent spoke to spoke through HUB

jmattbullen
Level 1
Level 1

‎08-07-2015 06:16 AM - edited ‎03-05-2019 02:01 AM

I have a phase 1 dmvpn setup with around 600 remote sites.  We run BGP over the hub and advertise a default route.  Is there any way other than an ACL on the hub to prevent spoke to spoke communication through the hub?  That ACL is getting quite large and my gut tells me there should be an easier way.

 

Thanks

Labels:
0 Helpful
3 Replies 3

Mark Malone
VIP Alumni
VIP Alumni

‎08-07-2015 06:49 AM

If you were using eigrp as the igp you could enable split-horizon prevent the spokes from knowing anything about each other
 

0 Helpful

jmattbullen
Level 1
Level 1
In response to Mark Malone

‎08-07-2015 07:29 AM

the spokes already don't know about each other.  but they get a default route so they send packets to the hub and the hub knows about the other network.

0 Helpful

paul driver
VIP
VIP
In response to jmattbullen

‎08-08-2015 01:20 AM

Hello

Basically you are wanting to do the opposite of what dmvpn is designed to to!

I am assuming your hub is dynamically multicasting and doesn't  have 600 static  nhrp.  mapping?

I was thinking a possibly use a bgp peer group and ip as path filter lists and apply It outbound prohibiting the spoke ASN's and advertising only local prefiixs and external routes..

 

 

 

 

 

res

paul

 

 

 

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card