cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1032
Views
0
Helpful
5
Replies

Issue with VRF on DMVPN

subba1881
Level 1
Level 1

Hi,

 

I have an issue with our branch DMVPN. I am fist time here, so please bear with me about the method I am asking question.

 

Following are set :

We have Hub and Spoke DMVPN setup.

There are many Spoke has been setup without vrf and it is all working fine.

These setup are using ADSL PPOE to ISP.

when we setup with VRF, It seems the VRF is not working. (When we removed the VRF, seems  DMVPN start to work as in normal scenario.

For VRF we set all necessary config.

Tunnel & Physical (Fa4) setup fine.

We have a static route point to ISP that works when VRF removed.

 

Under Tunnel interface we have :"tunnel vrf xxxxx" command

Under Physical outside facing interface we have "ip vrf forwarding xxxxx

I could confirm MTU setting and MTU mss setting fine (As it can work without VRF).

 

My question is, Is there we need anything additional to ask ISP to configure or add (Route) to support our VRF?.

if you have time let me understand what could be happening and why.

 

Thanks for your help.

 

Moor

 

 

5 Replies 5

Hello

"There are many Spoke has been setup without vrf and it is all working fine"

Do you have both the hub/spoke physical/tunnel interfaces in the same VRF or just the spoke ina VRF?


It may be you need to add a route into the vrf table to point to the global route table for a nexthop

example:
ip route vrf VRF 0.0.0.0 0.0.0.0 x.x.x.x global  ( x.x.x.x = next hop towards hub nhrp NBMA address)
 

Can you post your config of the NHRP NHS/NHC and route tables - (vrf and global please)

res

Paul

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hi Paul,

 

Thanks for your time and effort in helping. Below are the config for your info. Kindly advise. Thanks. Also note that I am running with ADSL to Telco on PPPOE. The router I am using Cisco C881/K9.

 

Thanks again.

 

-----------------------------

!
ip vrf Test1-out
rd 100:1
!
crypto keyring ring vrf Test1-out
pre-shared-key address 0.0.0.0 0.0.0.0 key XXXXXX
!
!
interface Tunnel0
description *** TUNNEL TO HUB ***
ip address 10.251.210.12 255.255.252.0
no ip redirects
ip mtu 1400
ip tcp adjust-mss 1250
ip nhrp authentication ECLVPN
ip nhrp map 10.251.210.1 205.196.95.155
ip nhrp map multicast 205.196.95.155
ip nhrp map 10.251.210.2 205.196.95.156
ip nhrp map multicast 205.196.95.156
ip nhrp network-id 100001
ip nhrp holdtime 360
ip nhrp nhs 10.251.210.1
ip nhrp nhs 10.251.210.2
ip nhrp registration no-unique
keepalive 20 3
delay 1000
qos pre-classify
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key 100001
tunnel vrf Test1-out
tunnel protection ipsec profile XXXXXX
!
!
interface GigabitEthernet0/0
 Desc  *** DMVPN:  OUT INTERNET
 ip vrf forwarding Test1-out
 ip address 122.181.248.12 255.255.255.0
 duplex auto
 speed auto
!
!
ip route vrf Test1-out 0.0.0.0 0.0.0.0 122.181.248.1
!

-------------------------------

 

Hello

"when we setup with VRF, It seems the VRF is not working. (When we removed the VRF, seems  DMVPN start to work as in normal scenario."

Does the nhrp hub have vrf enabled?

Can you try the following:

no ip route vrf Test1-out 0.0.0.0 0.0.0.0 122.181.248.1
ip route 122.181.248.12 255.255.255.255 GigabitEthernet0/0
ip route vrf Test1-out 0.0.0.0 0.0.0.0 122.181.248.1 global

sh ip route | be Ga
sh ip route vrf-Test1 | be Ga
Sh dmvpn
sh ip nhrp detail

 

res

Paul

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hi Paul,

 

Again thanks for your time and the great help. Appreciated. I am about to get in doing the config as Telcon on site to connect the line. (Doing Remote).

 

"Does the nhrp hub have vrf enabled?"

 

Yes Paul it is. We have other sites (Old) currently running with VRF. I have encounter this problem specically when Telco Assign IP from /24 subnet rather then the small one such as adjacent ip we get from /29

 

Thanks and much appreciated.

 


 

Hello

 

I dont see NHRP being the issue here, more than the routing as the cause.

From your config, it looks like you have dual dmvpnhub sites and running nhrp phase 2.

However your static rounting doesnt look correct for VRF, I see a single default route set to the global routing table, but nothing for the vrf-hence when you take of vrf the DMVPN establishes and works.
 

Try the suggestion i previous posted and see if that helps

res

Paul



 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Review Cisco Networking for a $25 gift card