Solved: Re: Mystery Tunnel Interfaces on 2921 Router

Zubair.Sayed_2 · ‎05-13-2011

Hi All,

I need some help.

For some reason it seems we have 3 Tunnel interfaces on the router, not sure how it got there but we are unable to delete them or configure them.

They seem to take the loopback ip as source and if I delete the loopback interface it chooses another IP.

Output from sh ip int brief, not sure where it gets those IP's from as well.

Tunnel0                    172.16.0.1      YES unset up                    up
Tunnel1                    172.16.0.1      YES unset up                    up
Tunnel2                    172.16.0.1      YES unset up                    up

See below when I try to enter interface config mode:

Router1(config)#int tunnel 0
% This interface cannot be modified

Any suggestions or help will be appreciated.

Regards

Z

Fabrizio Pedracini · ‎05-13-2011

Hi Zubair,

this is due to WCCP. You have WCCP for service 61 and 62 so my guess is you have an optimizer appliance (like WAAS) talking WCCP with this router. The tunnel interfaces are the result of WCCP using GRE encapsulation to redirect the traffic to the WAN optimizers.

you can find more info here:

https://supportforums.cisco.com/docs/DOC-15782

thanks,

Fabrizio

View solution in original post

Calin C. · ‎05-13-2011

What IOS version are you using? Is (was) there any vpn configuration on the router?

Cheers,

Calin

Zubair.Sayed_2 · ‎05-13-2011

Hi,

IOS: c2900-universalk9-mz.SPA.151-3.T.bin

There shouldnt be any VPN config, how do I check?

Thanks

Z

Calin C. · ‎05-13-2011

you could check the running config:

show run

from CLI

or you could check for specific keywords:

show run | i crypto

show run | i tunnel

If you don't know how to check, paste here the output of show run command and we'll check. Please remove sensitive information (public IP address, passwords if in clear mode ...)

Cheers,

Calin

Zubair.Sayed_2 · ‎05-13-2011

Here is the output:

Router1#sh run | incl crypto
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-3443541981
crypto pki certificate chain TP-self-signed-3443541981

Router1#sh run | incl tunnel
Router1#

Seems like there is some crypto config,

Florin Barhala · ‎05-13-2011

You better post entire config so we can see what is really happening.

Zubair.Sayed_2 · ‎05-13-2011

Attached...

Calin C. · ‎05-13-2011

That's very strange...no tunnel interface in running config. Maybe some bug in IOS...I'll check and let you know if I find something.

Calin

Fabrizio Pedracini · ‎05-13-2011

Hi Zubair,

this is due to WCCP. You have WCCP for service 61 and 62 so my guess is you have an optimizer appliance (like WAAS) talking WCCP with this router. The tunnel interfaces are the result of WCCP using GRE encapsulation to redirect the traffic to the WAN optimizers.

you can find more info here:

https://supportforums.cisco.com/docs/DOC-15782

thanks,

Fabrizio

Zubair.Sayed_2 · ‎05-13-2011

Thanks Fabrizio,

That would be correct yes, we are using Cisco WAAS and ofcourse this has not happened before and using the older routers. This router has been installed recently in the environment due to upgrades and hence we were not aware of this interfaces being created.

So tell me, do we just ignore them?

PS: Thanks for the link, very helpful.

Regards

Zubair

Fabrizio Pedracini · ‎05-13-2011

Hi Zubair,

WCCP creates those tunnels for its own use hence you can ignore them as long at the WCCP redirection is working.

cheers,

Fabrizio

jpoplawski · ‎11-20-2014

I didn't have Loopback's configured so it choose the next available IP. Once this interface dropped, we lost WCCP to our WAAS and down went the TCP traffic.

Question, it WAAS worked successfully with loopbacks configured on your routers?