03-25-2009 09:25 AM - edited 03-04-2019 04:05 AM
hi
I am configuring a Multpoint GRE DMVPN on the Hub 3845 running 12.4.9 T code and on the remote 1811 running 12.4.15 T8 code.
the issue i run into is that when i shutdown the Multipoint Tunnel on the hub end the remote does not re establish dmvpn as long as the keepalive is configured on the remote tunnel. Once removed it comes on instanly. I have included part of th configs. any help is appreciated.
HUB
interface Tunnel20
ip address 1.1.1.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp map multicast dynamic
ip nhrp network-id 2
ip nhrp cache non-authoritative
ip ospf dead-interval 60
keepalive 10 5
cdp enable
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
tunnel key 20
tunnel protection ipsec profile test
end
Remote
interface Tunnel20
ip address 1.1.1.2 255.255.255.0
ip mtu 1400
ip nhrp map multicast 192.129.155.9
ip nhrp map 1.1.1.1 192.129.155.9
ip nhrp network-id 2
ip nhrp nhs 1.1.1.1
cdp enable
tunnel source FastEthernet0
tunnel destination 192.129.155.9
tunnel key 20
tunnel protection ipsec profile test
keepalive 10 5
end
03-25-2009 10:24 AM
Hello Dwayne,
DMVPN are usually deployed using a dynamic routing protocol like OSPF or EIGRP.
I would suggest you to use EIGRP or OSPF instead of tunnel keepalive.
see
http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/DMVPN_1.html#wp37110
Hope to help
Giuseppe
03-25-2009 11:09 AM
Keepalives is not supported on DMVPN.
03-26-2009 07:39 PM
The keepalive 10 5 is not support, you can us e the folowing
You can change to ip nhrp holdtime=#xxx
Changes the number of seconds that NHRP NBMA addresses are advertised as valid in authoritative NHRP responses.
â¢The seconds argument specifies the time in seconds that NBMA addresses are advertised as valid in positive authoritative NHRP responses. The recommended value ranges from 300 seconds to 600 seconds.
03-27-2009 08:46 AM
thanks for your reply. I did reconfigure to OSPF and used the command holdtime like you suggested. However when i shut down the hub gre multipoint end shouldn't the remote NOT have the following information when i do the show ip nhrp command or am i using the wrong command to verify that the nbma address has dropped
sho ip nhrp
10.224.10.1/32 via 10.224.10.1, Tunnel2 created 00:22:42, never expire
Type: static, Flags:
NBMA address: 64.x.x.x
thanks
03-28-2009 12:12 PM
.
03-28-2009 12:20 PM
So you have the ip nhrp configuration at both the Hub router
ip nhrp holdtime ### "Where this parameter changes the number of seconds that NHRP NBMA addresses are advertised as valid in authoritative NHRP responses.
and at the Spoke routers as well?
03-28-2009 12:40 PM
Under the Hub configuration
Interface Tunnel#
ip nhrp holdtime 600
Under the Spoke configuration
Interface Tunnel#
ip nhrp holdtime 300.
one last note: under the OSPF configuration do you have it configured to make sure that the hub router will be the Designated Router (DR) for the IPsec+mGRE network.
You can do this by
1. Setting the Hub configuration
under the Tunnl interface
ip ospf priority 2
under the spoke(s) configuration
Under the Tunnel configuration
ip ospf priority 0
03-28-2009 12:49 PM
One last note: nhrp aythentication doesnt seem to be configured
Hub router
Interface Tunnel #
ip nhrp authentication abc123
Spoke router
Interface Tunnel #
ip nhrp authentication abc123
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide