12-07-2021 03:31 AM - last edited on 12-10-2021 10:13 AM by Translator
NOTE: Topology is attached below.
i am doing dmvpn from HUB to SPOKE2. hub-standby & hub-active has 1 tunnel each whereas SPOKE2 also has 1 tunnel but with 2 nhs [172.16.10.1/24 & 172.16.10.2/24] pointing towards HUB routers.
I have used EIGRP between HUB routers & SPOKE2. Both HUB routers know path for 192.168.20.0/24 via tunnel-1 but from SPOKE2 router, it has 2 path to reach 192.168.10.0/24...
SPOKE2: D 192.168.10.0/24 [90/26882560] via 172.16.10.2, 00:02:08, Tunnel1
[90/26882560] via 172.16.10.1, 00:02:08, Tunnel1
Now,
my main point is, SPOKE2 router must know the path 192.168.10.0/24 via tunnel1 [172.16.10.1] as primary path and [172.16.10.2] as secondary path.
BUT how to do it? by tuning EIGRP
SPOKE 2 ROUTE :
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.1.1.0/24 is directly connected, FastEthernet0/0
L 1.1.1.4/32 is directly connected, FastEthernet0/0
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.10.0/24 is directly connected, Tunnel1
L 172.16.10.3/32 is directly connected, Tunnel1
D 192.168.10.0/24 [90/26882560] via 172.16.10.2, 00:02:08, Tunnel1
[90/26882560] via 172.16.10.1, 00:02:08, Tunnel1
192.168.20.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.20.0/24 is directly connected, FastEthernet0/1
L 192.168.20.1/32 is directly connected, FastEthernet0/1
HUB-ACTIVE ROUTE:
S* 0.0.0.0/0 [1/0] via 192.168.10.3
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.1.1.0/24 is directly connected, FastEthernet0/0
L 1.1.1.1/32 is directly connected, FastEthernet0/0
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.10.0/24 is directly connected, Tunnel1
L 172.16.10.1/32 is directly connected, Tunnel1
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, FastEthernet0/1
L 192.168.10.1/32 is directly connected, FastEthernet0/1
D 192.168.20.0/24 [90/26882560] via 172.16.10.3, 00:03:01, Tunnel1
S 192.168.60.0/24 [1/0] via 1.1.1.3
HUB-STANDBY ROUTE:
S* 0.0.0.0/0 [1/0] via 192.168.10.3
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.1.1.0/24 is directly connected, FastEthernet0/0
L 1.1.1.2/32 is directly connected, FastEthernet0/0
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.10.0/24 is directly connected, Tunnel1
L 172.16.10.2/32 is directly connected, Tunnel1
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, FastEthernet0/1
L 192.168.10.2/32 is directly connected, FastEthernet0/1
D 192.168.20.0/24 [90/26882560] via 172.16.10.3, 00:02:46, Tunnel1
S 192.168.60.0/24 [1/0] via 1.1.1.3
CONFIGURATION:
HUB-ACTIVE:
!
!
redundancy
!
!
ip tcp synwait-time 5
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
crypto isakmp key FORISP1 address 1.1.1.3
!
!
crypto ipsec transform-set ISP1SET esp-3des esp-md5-hmac
!
crypto map ISP1MAP 1 ipsec-isakmp
set peer 1.1.1.3
set transform-set ISP1SET
match address 100
!
!
!
!
!
!
interface Tunnel1
ip address 172.16.10.1 255.255.255.0
no ip redirects
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source FastEthernet0/0
tunnel mode gre multipoint
!
!
interface FastEthernet0/0
ip address 1.1.1.1 255.255.255.0
duplex auto
speed auto
standby 2 ip 1.1.1.5
standby 2 priority 110
standby 2 preempt
standby 2 name WAN-INT
crypto map ISP1MAP redundancy WAN-INT
!
!
interface FastEthernet0/1
ip address 192.168.10.1 255.255.255.0
duplex auto
speed auto
standby 1 ip 192.168.10.5
standby 1 priority 110
standby 1 preempt
standby 1 name INLAN
!
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
!
interface FastEthernet1/1
no ip address
shutdown
duplex auto
speed auto
!
!
!
router eigrp 1
network 172.16.10.0 0.0.0.255
network 192.168.10.0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 192.168.10.3
ip route 192.168.60.0 255.255.255.0 1.1.1.3
!
access-list 100 permit ip 192.168.50.0 0.0.0.255 192.168.60.0 0.0.0.255
nls resp-timeout 1
cpd cr-id 1
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
mgcp fax t38 ecm
mgcp behavior g729-variants static-pt
!
!
!
gatekeeper
shutdown
!
HUB-STANDBY:
!
!
redundancy
!
!
ip tcp synwait-time 5
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
crypto isakmp key FORISP1 address 1.1.1.3
!
!
crypto ipsec transform-set ISP1SET esp-3des esp-md5-hmac
!
crypto map ISP1MAP 1 ipsec-isakmp
set peer 1.1.1.3
set transform-set ISP1SET
match address 100
!
!
!
!
!
!
interface Tunnel1
ip address 172.16.10.2 255.255.255.0
no ip redirects
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source FastEthernet0/0
tunnel mode gre multipoint
!
!
interface FastEthernet0/0
ip address 1.1.1.2 255.255.255.0
duplex auto
speed auto
standby 2 ip 1.1.1.5
standby 2 preempt
standby 2 name WAN-INT
crypto map ISP1MAP redundancy WAN-INT
!
!
interface FastEthernet0/1
ip address 192.168.10.2 255.255.255.0
duplex auto
speed auto
standby 1 ip 192.168.10.5
standby 1 preempt
standby 1 name INLAN
!
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
!
interface FastEthernet1/1
no ip address
shutdown
duplex auto
speed auto
!
!
!
router eigrp 1
network 172.16.10.0 0.0.0.255
network 192.168.10.0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 192.168.10.3
ip route 192.168.60.0 255.255.255.0 1.1.1.3
!
access-list 100 permit ip 192.168.50.0 0.0.0.255 192.168.60.0 0.0.0.255
nls resp-timeout 1
cpd cr-id 1
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
mgcp fax t38 ecm
mgcp behavior g729-variants static-pt
!
!
!
gatekeeper
shutdown
!
SPOKE2:
!
redundancy
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
interface Tunnel1
ip address 172.16.10.3 255.255.255.0
no ip redirects
ip nhrp map 172.16.10.2 1.1.1.2
ip nhrp map 172.16.10.1 1.1.1.1
ip nhrp map multicast 1.1.1.2
ip nhrp map multicast 1.1.1.1
ip nhrp network-id 1
ip nhrp nhs 172.16.10.1
ip nhrp nhs 172.16.10.2
tunnel source FastEthernet0/0
tunnel mode gre multipoint
!
!
interface FastEthernet0/0
ip address 1.1.1.4 255.255.255.0
duplex auto
speed auto
!
!
interface FastEthernet0/1
ip address 192.168.20.1 255.255.255.0
duplex auto
speed auto
!
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
!
interface FastEthernet1/1
no ip address
shutdown
duplex auto
speed auto
!
!
!
router eigrp 1
network 172.16.10.0 0.0.0.255
network 192.168.20.0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
nls resp-timeout 1
cpd cr-id 1
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
mgcp fax t38 ecm
mgcp behavior g729-variants static-pt
!
!
!
gatekeeper
shutdown
!
Solved! Go to Solution.
12-08-2021 03:19 AM - last edited on 12-10-2021 10:16 AM by Translator
Hello,
I guess what you want to achieve is NHS redundancy/failover ? You could use NHS clusters on the spoke:
ip nhrp nhs 172.16.10.1 priority 1 cluster 1
ip nhrp nhs 172.16.10.2 priority 2 cluster 1
ip nhrp nhs fallback 5
12-08-2021 11:10 PM
i installed ios version 15.2 , and now it worked..
Thank you so much sir,
12-08-2021 03:19 AM - last edited on 12-10-2021 10:16 AM by Translator
Hello,
I guess what you want to achieve is NHS redundancy/failover ? You could use NHS clusters on the spoke:
ip nhrp nhs 172.16.10.1 priority 1 cluster 1
ip nhrp nhs 172.16.10.2 priority 2 cluster 1
ip nhrp nhs fallback 5
12-08-2021 06:15 AM - edited 12-08-2021 06:58 AM
12-08-2021 07:38 AM - last edited on 12-10-2021 10:19 AM by Translator
Hello,
with your current configuration, what is the output of:
show dmvpn
Which devices and IOS versions are you using ?
12-08-2021 08:30 PM - last edited on 12-10-2021 10:20 AM by Translator
HELLO SIR,
OUTPUT IS ATTACHED BELOW:
IOS VERSION :
SPOKE2#show version
Cisco IOS Software, 7200 Software (C7200-ADVIPSERVICESK9_LI-M), Version 15.0(1)M, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 30-Sep-09 07:48 by prod_rel_team
ROM: ROMMON Emulation Microcode
BOOTLDR: 7200 Software (C7200-ADVIPSERVICESK9_LI-M), Version 15.0(1)M, RELEASE SOFTWARE (fc2)
SPOKE2 uptime is 7 minutes
System returned to ROM by unknown reload cause - suspect boot_data[BOOT_COUNT] 0x0, BOOT_COUNT 0, BOOTDATA 19
System image file is "tftp://255.255.255.255/unknown"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco 7206VXR (NPE400) processor (revision A) with 491520K/32768K bytes of memory.
Processor board ID 4279256517
R7000 CPU at 150MHz, Implementation 39, Rev 2.1, 256KB L2 Cache
6 slot VXR midplane, Version 2.1
Last reset from power-on
PCI bus mb0_mb1 (Slots 0, 1, 3 and 5) has a capacity of 600 bandwidth points.
Current configuration on bus mb0_mb1 has a total of 800 bandwidth points.
The set of PA-2FE, PA-POS-2OC3, and I/O-2FE qualify for "half
bandwidth points" consideration, when full bandwidth point counting
results in oversubscription, under the condition that only one of the
two ports is used. With this adjustment, current configuration on bus
mb0_mb1 has a total of 400 bandwidth points.
This configuration is within the PCI bus capacity and is supported
under the above condition.
PCI bus mb2 (Slots 2, 4, 6) has a capacity of 600 bandwidth points.
Current configuration on bus mb2 has a total of 0 bandwidth points
This configuration is within the PCI bus capacity and is supported.
Please refer to the following document "Cisco 7200 Series Port Adaptor
Hardware Configuration Guidelines" on Cisco.com <http://www.cisco.com>
for c7200 bandwidth points oversubscription and usage guidelines.
4 FastEthernet interfaces
509K bytes of NVRAM.
8192K bytes of Flash internal SIMM (Sector size 256K).
Configuration register is 0x2102
12-08-2021 11:10 PM
i installed ios version 15.2 , and now it worked..
Thank you so much sir,
12-08-2021 11:55 PM
Hello,
thanks for the update, glad that you got it to work. The other option would have been two tunnels on the spoke.
12-09-2021 12:26 AM - last edited on 12-10-2021 10:24 AM by Translator
hello sir,
but got new problem "Tunnel, retry limit exceed" when i advertise tunnel and LAN netwokr using EIGRP.
please help sir,
NOTE: error is attached below.
CONFIGURATION:
SPOKE2
!
!
interface Tunnel1
ip address 172.16.10.3 255.255.255.0
no ip redirects
no ip split-horizon eigrp 1
ip nhrp map multicast 1.1.1.1
ip nhrp map multicast 1.1.1.2
ip nhrp map 172.16.10.1 1.1.1.1
ip nhrp map 172.16.10.2 1.1.1.2
ip nhrp network-id 1
ip nhrp holdtime 10
ip nhrp nhs 172.16.10.1 priority 1 cluster 1
ip nhrp nhs 172.16.10.2 priority 2 cluster 1
ip nhrp nhs cluster 1 max-connections 1
ip nhrp nhs fallback 5
tunnel source FastEthernet0/0
tunnel mode gre multipoint
!
interface Tunnel2
ip address 125.25.25.3 255.255.255.0
no ip redirects
no ip split-horizon eigrp 1
ip nhrp map multicast 2.2.2.1
ip nhrp map multicast 2.2.2.2
ip nhrp map 125.25.25.1 2.2.2.1
ip nhrp map 125.25.25.2 2.2.2.2
ip nhrp network-id 2
ip nhrp nhs 125.25.25.1 priority 1 cluster 2
ip nhrp nhs 125.25.25.2 priority 2 cluster 2
ip nhrp nhs cluster 2 max-connections 1
ip nhrp nhs fallback 5
delay 6000
tunnel source FastEthernet1/1
tunnel mode gre multipoint
!
interface FastEthernet0/0
ip address 1.1.1.4 255.255.255.0
speed auto
duplex auto
!
interface FastEthernet0/1
ip address 192.168.20.1 255.255.255.0
speed auto
duplex auto
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
ip address 2.2.2.4 255.255.255.0
speed auto
duplex auto
!
!
router eigrp 1
network 125.25.25.0 0.0.0.255
network 172.16.10.0 0.0.0.255
network 192.168.20.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
-----------------------------------------------------------------------------------------------
HUB-ACTIVE
!
ip tcp synwait-time 5
!
!
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
crypto isakmp key FORISP1 address 1.1.1.3
crypto isakmp key FORISP2 address 2.2.2.3
!
!
crypto ipsec transform-set ISP1SET esp-3des esp-md5-hmac
mode tunnel
crypto ipsec transform-set ISP2SET esp-3des esp-md5-hmac
mode tunnel
!
!
!
crypto map ISP1MAP 1 ipsec-isakmp
set peer 1.1.1.3
set transform-set ISP1SET
match address 100
!
crypto map ISP2MAP 2 ipsec-isakmp
set peer 2.2.2.3
set transform-set ISP2SET
match address 100
!
!
!
!
!
interface Tunnel1
ip address 172.16.10.1 255.255.255.0
no ip redirects
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source FastEthernet0/0
tunnel mode gre multipoint
!
interface Tunnel2
ip address 125.25.25.1 255.255.255.0
no ip redirects
ip nhrp map multicast dynamic
ip nhrp network-id 2
delay 60000
tunnel source FastEthernet1/1
tunnel mode gre multipoint
!
interface FastEthernet0/0
ip address 1.1.1.1 255.255.255.0
standby 2 ip 1.1.1.5
standby 2 priority 110
standby 2 preempt
standby 2 name WAN-INT
speed auto
duplex auto
crypto map ISP1MAP redundancy WAN-INT
!
interface FastEthernet0/1
ip address 192.168.10.1 255.255.255.0
standby 1 ip 192.168.10.5
standby 1 priority 110
standby 1 preempt
standby 1 name INLAN
speed auto
duplex auto
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
description ***ISP-2-SECONDARY***
ip address 2.2.2.1 255.255.255.0
standby 3 ip 2.2.2.5
standby 3 priority 110
standby 3 preempt
standby 3 name wlan2
speed auto
duplex auto
crypto map ISP2MAP redundancy wlan2
!
!
router eigrp 1
network 125.25.25.0 0.0.0.255
network 172.16.10.0 0.0.0.255
network 192.168.10.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.10.3
ip route 192.168.60.0 255.255.255.0 1.1.1.3
ip route 192.168.60.0 255.255.255.0 2.2.2.3 10
!
access-list 100 permit ip 192.168.50.0 0.0.0.255 192.168.60.0 0.0.0.255
!
!
-----------------------------------------------------------------------------------------------
HUB-STANDBY
!
ip tcp synwait-time 5
!
!
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
crypto isakmp key FORISP1 address 1.1.1.3
crypto isakmp key FORISP2 address 2.2.2.3
!
!
crypto ipsec transform-set ISP1SET esp-3des esp-md5-hmac
mode tunnel
crypto ipsec transform-set ISP2SET esp-3des esp-md5-hmac
mode tunnel
!
!
!
crypto map ISP1MAP 1 ipsec-isakmp
set peer 1.1.1.3
set transform-set ISP1SET
match address 100
!
crypto map ISP2MAP 2 ipsec-isakmp
set peer 2.2.2.3
set transform-set ISP2SET
match address 100
!
!
!
!
!
interface Tunnel1
ip address 172.16.10.2 255.255.255.0
no ip redirects
no ip split-horizon eigrp 1
ip nhrp map multicast dynamic
ip nhrp network-id 1
delay 7000
tunnel source FastEthernet0/0
tunnel mode gre multipoint
!
interface Tunnel2
ip address 125.25.25.2 255.255.255.0
no ip redirects
no ip split-horizon eigrp 1
ip nhrp map multicast dynamic
ip nhrp network-id 2
delay 8000
tunnel source FastEthernet1/1
tunnel mode gre multipoint
!
interface FastEthernet0/0
ip address 1.1.1.2 255.255.255.0
standby 2 ip 1.1.1.5
standby 2 preempt
standby 2 name WAN-INT
speed auto
duplex auto
crypto map ISP1MAP redundancy WAN-INT
!
interface FastEthernet0/1
ip address 192.168.10.2 255.255.255.0
standby 1 ip 192.168.10.5
standby 1 preempt
standby 1 name INLAN
speed auto
duplex auto
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
description ***ISP-2-SECONDARY***
ip address 2.2.2.2 255.255.255.0
standby 3 ip 2.2.2.5
standby 3 preempt
standby 3 name wlan2
speed auto
duplex auto
crypto map ISP2MAP redundancy wlan2
!
!
router eigrp 1
network 125.25.25.0 0.0.0.255
network 172.16.10.0 0.0.0.255
network 192.168.10.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.10.3
ip route 192.168.60.0 255.255.255.0 1.1.1.3
ip route 192.168.60.0 255.255.255.0 2.2.2.3 10
!
access-list 100 permit ip 192.168.50.0 0.0.0.255 192.168.60.0 0.0.0.255
!
!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide