Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
729
Views
5
Helpful
3
Replies

DMVPN Spokes not receiving LAN updates from other Spokes

Go to solution
TeaclC676
Level 1
Level 1

‎05-07-2022 09:05 AM - last edited on ‎05-15-2022 11:56 PM by Community Manager

Troubleshooting a lab using DMVPN phase 3 single hub and two spokes. Spokes R2 and R3 can form dynamic NHRP tunnels to each other and both have EIGRP neighborship with the hub router. Both spokes have a Loopback network being advertised in the same EIGRP AS but neither spoke is receiving the loopback network of the other spoke.

 

The hub has Spoke R1 and Spoke R2's loopback IPs in it's routing table. My first thought was split-horizon was doing it's magic but I have verified split-horizon is disabled. I've tried to manually reset neighbor adjacencies and bounce the tunnel interfaces but the spokes are still not receiving the loopback networks from each other. Any insight is appreciated, thank you!

 

Configs below:

 


HUB R1
!
vrf definition INTERNET
!
address-family ipv4
exit-address-family
!
!
crypto ikev2 proposal IKEV2-PROPOSAL
encryption aes-cbc-256
integrity sha256 sha384
group 20 24
!
crypto ikev2 policy IKEV2-POLICY
match fvrf any
proposal IKEV2-PROPOSAL
!
crypto ikev2 keyring HUB-90
peer HUB-900
address 0.0.0.0 0.0.0.0
pre-shared-key SOSIT123
!
!
crypto ikev2 profile HUB-IKEV2-PROFILE
match fvrf any
match identity remote address 0.0.0.0
authentication remote pre-share
authentication local pre-share
keyring local HUB-90
lifetime 7200
dpd 30 5 periodic
!
!
crypto ipsec transform-set HUB-TRANS esp-aes 256 esp-sha-hmac
mode tunnel
!
crypto ipsec profile IPSEC-PROFILE-HUB-900
set transform-set HUB-TRANS
set ikev2-profile HUB-IKEV2-PROFILE
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Tunnel100
ip address 10.10.10.1 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 115
no ip split-horizon eigrp 115
ip nhrp authentication P@55w0rd
ip nhrp map multicast dynamic
ip nhrp network-id 100
ip nhrp registration no-unique
ip nhrp redirect
no ip split-horizon
ip tcp adjust-mss 1360
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 123
tunnel vrf INTERNET
tunnel protection ipsec profile IPSEC-PROFILE-HUB-900
!
interface FastEthernet0/0
description To ISP Router
vrf forwarding INTERNET
ip address 172.16.1.2 255.255.255.0
speed auto
duplex full

!
router eigrp NET_LAN
!
address-family ipv4 unicast autonomous-system 115
!
topology base
exit-af-topology
network 1.1.1.1 0.0.0.0
network 10.10.10.0 0.0.0.255
exit-address-family
!
router ospf 15 vrf INTERNET
router-id 1.1.1.1
network 172.16.0.0 0.0.255.255 area 0
!


Spoke R2 


!
vrf definition INTERNET
!
address-family ipv4
exit-address-family
!
!
crypto ikev2 proposal IKEV2-PROPOSAL
encryption aes-cbc-256
integrity sha256 sha384
group 20 24
!
crypto ikev2 policy IKEV2-POLICY
match fvrf any
proposal IKEV2-PROPOSAL
!
crypto ikev2 keyring HUB-90
peer HUB-900
address 0.0.0.0 0.0.0.0
pre-shared-key SOSIT123
!
!
crypto ikev2 profile HUB-IKEV2-PROFILE
match fvrf any
match identity remote address 0.0.0.0
authentication remote pre-share
authentication local pre-share
keyring local HUB-90
lifetime 7200
dpd 30 5 periodic
!
!
!
ip tcp synwait-time 5
!
!
!
crypto ipsec transform-set HUB-TRANS esp-aes 256 esp-sha-hmac
mode tunnel
!
crypto ipsec profile IPSEC-PROFILE-HUB-900
set transform-set HUB-TRANS
set ikev2-profile HUB-IKEV2-PROFILE
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Tunnel200
ip address 10.10.10.2 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication P@55w0rd
ip nhrp map 10.10.10.1 172.16.1.2
ip nhrp map multicast 172.16.1.2
ip nhrp network-id 100
ip nhrp nhs 10.10.10.1
ip nhrp shortcut
ip tcp adjust-mss 1360
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 123
tunnel vrf INTERNET
tunnel protection ipsec profile IPSEC-PROFILE-HUB-900
!
interface FastEthernet0/0
description To ISP Router
vrf forwarding INTERNET
ip address 172.16.2.2 255.255.255.0
speed auto
duplex full
!
!
router eigrp LAN_NET
!
address-family ipv4 unicast autonomous-system 115
!
topology base
exit-af-topology
network 2.0.0.0
network 2.2.2.2 0.0.0.0
network 10.10.10.0 0.0.0.255
exit-address-family
!
router ospf 15 vrf INTERNET
router-id 2.2.2.2
network 172.16.0.0 0.0.255.255 area 0
!
i




Spoke R3

!
vrf definition INTERNET
!
address-family ipv4
exit-address-family
!
!
!
crypto ikev2 proposal IKEV2-PROPOSAL
encryption aes-cbc-256
integrity sha256 sha384
group 20 24
!
crypto ikev2 policy IKEV2-POLICY
match fvrf any
proposal IKEV2-PROPOSAL
!
crypto ikev2 keyring HUB-90
peer HUB-900
address 0.0.0.0 0.0.0.0
pre-shared-key SOSIT123
!
!
!
crypto ikev2 profile HUB-IKEV2-PROFILE
match fvrf any
match identity remote address 0.0.0.0
authentication remote pre-share
authentication local pre-share
keyring local HUB-90
lifetime 7200
dpd 30 5 periodic

!
crypto ipsec transform-set HUB-TRANS esp-aes 256 esp-sha-hmac
mode tunnel
!
crypto ipsec profile IPSEC-PROFILE-HUB-900
set transform-set HUB-TRANS
set ikev2-profile HUB-IKEV2-PROFILE
!
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Tunnel300
ip address 10.10.10.3 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication P@55w0rd
ip nhrp map multicast 172.16.1.2
ip nhrp map 10.10.10.1 172.16.1.2
ip nhrp network-id 100
ip nhrp nhs 10.10.10.1
ip nhrp shortcut
ip tcp adjust-mss 1360
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 123
tunnel vrf INTERNET
tunnel protection ipsec profile IPSEC-PROFILE-HUB-900
!
interface FastEthernet0/0
description To ISP Router
vrf forwarding INTERNET
ip address 172.16.3.2 255.255.255.0
speed auto
duplex full
!
!
router eigrp LAN_NET
!
address-family ipv4 unicast autonomous-system 115
!
topology base
exit-af-topology
network 3.3.3.3 0.0.0.0
network 10.10.10.0 0.0.0.255
exit-address-family
!
router ospf 15 vrf INTERNET
router-id 3.3.3.3
network 172.16.0.0 0.0.255.255 area 0

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
TeaclC676
Level 1
Level 1

‎05-07-2022 12:41 PM - last edited on ‎05-16-2022 12:00 AM by Community Manager

***Solution***

So upon further inspection I realized that with named EIGRP, the "no ip split-horizon" command needs to be applied under the address family interface configuration. Once I applied this to the hub, R3 and R2 began accepting the Lo0 networks into their topology table.

 

 

router eigrp NET_LAN
!
address-family ipv4 unicast autonomous-system 115
!
af-interface Tunnel100
no next-hop-self
no split-horizon
exit-af-interface
!
topology base
exit-af-topology
network 1.1.1.1 0.0.0.0
network 10.10.10.0 0.0.0.255
exit-address-family

View solution in original post

0 Helpful
3 Replies 3

Go to solution
MHM Cisco World
VIP
VIP

‎05-07-2022 09:20 AM - last edited on ‎05-16-2022 12:30 AM by Community Manager 

crypto ikev2 profile HUB-IKEV2-PROFILE
match fvrf any

<- since you config FVRF then you need IKEv2 match it in profile and policy.

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎05-07-2022 11:21 AM - last edited on ‎05-15-2022 11:59 PM by Community Manager

Hello,

 

add the static routes below (use the next hop IP addresses you have actually configured on the intermediate router, I used .1 addresses).

 

HUB R1




ip route vrf INTERNET 0.0.0.0 0.0.0.0 172.16.1.1




Spoke R2




ip route vrf INTERNET 0.0.0.0 0.0.0.0 172.16.2.1




Spoke R3




ip route vrf INTERNET 0.0.0.0 0.0.0.0 172.16.3.1
0 Helpful

Go to solution
TeaclC676
Level 1
Level 1

‎05-07-2022 12:41 PM - last edited on ‎05-16-2022 12:00 AM by Community Manager

***Solution***

So upon further inspection I realized that with named EIGRP, the "no ip split-horizon" command needs to be applied under the address family interface configuration. Once I applied this to the hub, R3 and R2 began accepting the Lo0 networks into their topology table.

 

 

router eigrp NET_LAN
!
address-family ipv4 unicast autonomous-system 115
!
af-interface Tunnel100
no next-hop-self
no split-horizon
exit-af-interface
!
topology base
exit-af-topology
network 1.1.1.1 0.0.0.0
network 10.10.10.0 0.0.0.255
exit-address-family
0 Helpful
Customers Also Viewed These Support Documents