Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
624
Views
0
Helpful
1
Replies

show dmvpn, ip nhrp redirect and ip nhrp shortcut

JustasP
Level 1
Level 1

‎01-23-2022 10:56 PM

Hello. I seem to be having issues with my DMVPN configuration not being able to be set to phase 3.

I am unable to execute the commands "ip nhrp redirect" on my hub router and "ip nhrp shortcut" on my spokes. Also, the terminal doesn't seem to recognize the command "show dmvpn". Below are the configurations for my router and one of the spokes. What could be the issue?

My HUB router:

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1_hub
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set MYSET esp-aes esp-sha-hmac
!
crypto ipsec profile PROFILE
set transform-set MYSET
!
!
!
!
!
interface Loopback0
ip address 10.1.0.1 255.255.255.0
!
interface Tunnel0
bandwidth 1000
ip address 10.123.0.1 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 1
ip nhrp authentication cisco123
ip nhrp map multicast dynamic
ip nhrp network-id 5
ip tcp adjust-mss 1360
no ip split-horizon eigrp 1
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 6
tunnel protection ipsec profile PROFILE
!
interface FastEthernet0/0
ip address 23.0.0.1 255.255.255.0
duplex half
!
interface FastEthernet1/0
no ip address
shutdown
duplex half
!
interface FastEthernet2/0
no ip address
shutdown
duplex half
!
!
router eigrp 1
network 10.0.0.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 23.0.0.5
ip route 10.1.0.0 255.255.255.0 Loopback0
!
no ip http server
no ip http secure-server
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

My spoke router:

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2_spoke
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set MYSET esp-aes esp-sha-hmac
!
crypto ipsec profile PROFILE
set transform-set MYSET
!
!
!
!
!
interface Loopback0
ip address 10.2.0.2 255.255.255.0
!
interface Tunnel0
bandwidth 1000
ip address 10.123.0.2 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication cisco123
ip nhrp map multicast 23.0.0.1
ip nhrp map 10.123.0.1 23.0.0.1
ip nhrp network-id 5
ip nhrp nhs 10.123.0.1
ip tcp adjust-mss 1360
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 6
tunnel protection ipsec profile PROFILE
!
interface FastEthernet0/0
ip address 42.0.0.89 255.255.255.0
duplex half
!
interface FastEthernet1/0
no ip address
shutdown
duplex half
!
interface FastEthernet2/0
no ip address
shutdown
duplex half
!
!
router eigrp 1
network 10.0.0.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 42.0.0.5
!
no ip http server
no ip http secure-server
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎01-24-2022 02:18 AM

what is the error getting when you try to add that command ?

show version will help also look feature navigator of IOS - its been Long i have works 12.X  code.

 

For best DMVPN functionality, it is recommended that you run the latest Cisco IOS software Release 12.4 mainline,12.4T, or 12.2(18)SXF.

 

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dmvpn/configuration/12-4t/sec-conn-dmvpn-12-4t-book/sec-conn-dmvpn-dmvpn.html

 

feature navigator :

 

https://cfnng.cisco.com/

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card