- Cisco Community
- Technology and Support
- Networking
- Routing
- Re: %TUN-5-RECURDOWN: 0 temporarily disabled due to recursive routing
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
%TUN-5-RECURDOWN: 0 temporarily disabled due to recursive routing
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-20-2020 11:58 PM
Hello Professionals,
could somebody help me on this below error. As soon as I enter the network command in eigrp i am getting this error. below the is the entire configuration and topology attached. Please guide me what am I doing wrong here in routing.
BRA-R1(config)#router eigrp 1
BRA-R1(config-router)#network 10.1.1.0 0.0.0.255
BRA-R1(config-router)#network 10.2.2.0 0.0.0.7
BRA-R1(config-router)#
%DUAL-5-NBRCHANGE: IP-EIGRP 1: Neighbor 10.2.2.1 (Tunnel0) is up: new adjacency
%ADJ-5-PARENT: Midchain parent maintenance for IP midchain out of 0 65E900C0 - looped chain attempting to stack
%TUN-5-RECURDOWN: 0 temporarily disabled due to recursive routing
%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down
%DUAL-5-NBRCHANGE: IP-EIGRP 1: Neighbor 10.2.2.1 (Tunnel0) is down: interface down
============================================================================
BRA-R1(config-router)#
Config:
BRA-R1#sh running-config
Building configuration...
Current configuration : 2857 bytes
!
version 15.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname BRA-R1
!
!
!
!
!
ip dhcp pool DATA
network 10.1.1.0 255.255.255.0
default-router 10.1.1.254
dns-server 10.1.1.100
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
!
crypto isakmp policy 20
encr aes
authentication pre-share
group 2
!
crypto isakmp key cisco123 address 1.1.1.1
crypto isakmp key admin123 address 2.2.2.2
!
!
!
crypto ipsec transform-set tf-set esp-aes esp-sha-hmac
!
crypto map crymap 10 ipsec-isakmp
set peer 1.1.1.1
set transform-set tf-set
match address VPN
!
crypto map crymap 20 ipsec-isakmp
set peer 2.2.2.2
set transform-set tf-set
match address VPN
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface Tunnel0
ip address 10.2.2.3 255.255.255.248
mtu 1476
tunnel source Serial0/1/0
tunnel destination 1.1.1.1
!
!
interface Tunnel1
ip address 10.3.3.2 255.255.255.248
mtu 1476
tunnel source Serial0/1/0
tunnel destination 2.2.2.2
!
!
interface GigabitEthernet0/0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0/0.10
encapsulation dot1Q 10
ip address 10.1.1.254 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/1/0
ip address 5.5.5.1 255.255.255.252
ip nat outside
crypto map crymap
!
interface Serial0/1/1
no ip address
clock rate 2000000
shutdown
!
interface GigabitEthernet0/2/0
switchport mode access
switchport nonegotiate
!
interface GigabitEthernet0/2/1
switchport mode access
switchport nonegotiate
!
interface GigabitEthernet0/2/2
switchport mode access
switchport nonegotiate
!
interface GigabitEthernet0/2/3
switchport mode access
switchport nonegotiate
!
interface Vlan1
no ip address
shutdown
!
router eigrp 1
network 10.1.1.0 0.0.0.255
!
ip nat inside source list USER-DATA interface Serial0/1/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 5.5.5.2
!
ip flow-export version 9
!
!
ip access-list extended VPN
permit ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
permit ip 10.1.1.0 0.0.0.255 172.16.2.0 0.0.0.255
permit ip 10.1.1.0 0.0.0.255 172.16.3.0 0.0.0.255
permit ip 10.1.1.0 0.0.0.255 172.16.4.0 0.0.0.255
permit ip 10.1.1.0 0.0.0.255 172.27.0.0 0.0.255.255
permit ip 172.16.1.0 0.0.0.255 10.1.1.0 0.0.0.255
permit ip 172.16.2.0 0.0.0.255 10.1.1.0 0.0.0.255
permit ip 172.16.3.0 0.0.0.255 10.1.1.0 0.0.0.255
permit ip 172.16.4.0 0.0.0.255 10.1.1.0 0.0.0.255
permit ip 172.27.0.0 0.0.255.255 10.1.1.0 0.0.0.255
permit gre 5.5.5.0 0.0.0.3 1.1.1.0 0.0.0.3
permit gre 5.5.5.0 0.0.0.3 2.2.2.0 0.0.0.3
deny ip any any
ip access-list standard USER-DATA
permit 10.1.1.0 0.0.0.255
deny any
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
BRA-R1#
Edge-1:
Config:
Edge-1#sh running-config
Building configuration...
Current configuration : 4000 bytes
!
version 15.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Edge-1
!
!
!
!
!
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
!
crypto isakmp key cisco123 address 5.5.5.1
!
!
!
crypto ipsec transform-set tf-set esp-aes esp-sha-hmac
!
crypto map crymap 10 ipsec-isakmp
set peer 5.5.5.1
set transform-set tf-set
match address VPN
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface Tunnel0
ip address 10.2.2.1 255.255.255.248
mtu 1476
tunnel source GigabitEthernet0/0/1
tunnel destination 5.5.5.1
!
!
interface GigabitEthernet0/0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0/0.1
encapsulation dot1Q 1 native
ip address 192.168.10.2 255.255.255.248
ip nat inside
standby 1 ip 192.168.10.1
standby 1 priority 150
standby 1 preempt
!
interface GigabitEthernet0/0/0.10
encapsulation dot1Q 10
ip address 172.16.1.1 255.255.255.0
ip helper-address 172.27.0.254
ip helper-address 172.27.0.253
ip nat inside
standby 1 ip 172.16.1.254
standby 1 priority 150
standby 1 preempt
!
interface GigabitEthernet0/0/0.20
encapsulation dot1Q 20
ip address 172.16.2.1 255.255.255.0
ip helper-address 172.27.0.254
ip helper-address 172.27.0.253
ip nat inside
standby 1 ip 172.16.2.254
standby 1 priority 150
standby 1 preempt
!
interface GigabitEthernet0/0/0.30
encapsulation dot1Q 30
ip address 172.16.3.1 255.255.255.0
ip helper-address 172.27.0.254
ip helper-address 172.27.0.253
ip nat inside
standby 1 ip 172.16.3.254
standby 1 priority 150
standby 1 preempt
!
interface GigabitEthernet0/0/0.40
encapsulation dot1Q 40
ip address 172.16.4.1 255.255.255.0
ip helper-address 172.27.0.254
ip helper-address 172.27.0.253
ip nat inside
standby 1 ip 172.16.4.254
standby 1 priority 150
standby 1 preempt
!
interface GigabitEthernet0/0/0.50
encapsulation dot1Q 50
ip address 172.27.0.1 255.255.0.0
ip helper-address 172.27.0.254
ip helper-address 172.27.0.253
ip nat inside
standby 1 ip 172.27.0.50
standby 1 priority 150
standby 1 preempt
!
interface GigabitEthernet0/0/1
ip address 1.1.1.1 255.255.255.252
ip nat outside
duplex auto
speed auto
crypto map crymap
!
interface GigabitEthernet0/1/0
switchport mode access
switchport nonegotiate
!
interface GigabitEthernet0/1/1
switchport mode access
switchport nonegotiate
!
interface GigabitEthernet0/1/2
switchport mode access
switchport nonegotiate
!
interface GigabitEthernet0/1/3
switchport mode access
switchport nonegotiate
!
interface Serial0/2/0
ip address 192.168.20.1 255.255.255.252
!
interface Serial0/2/1
no ip address
clock rate 2000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
router eigrp 1
network 192.168.10.0 0.0.0.7
network 192.168.20.0 0.0.0.3
network 1.1.1.0 0.0.0.3
network 10.2.2.0 0.0.0.7
!
ip nat inside source list USER-DATA interface GigabitEthernet0/0/1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 1.1.1.2
!
ip flow-export version 9
!
!
ip access-list extended VPN
permit ip 172.16.1.0 0.0.0.255 10.1.1.0 0.0.0.255
permit ip 172.16.2.0 0.0.0.255 10.1.1.0 0.0.0.255
permit ip 172.16.3.0 0.0.0.255 10.1.1.0 0.0.0.255
permit ip 172.16.4.0 0.0.0.255 10.1.1.0 0.0.0.255
permit ip 172.27.0.0 0.0.255.255 10.1.1.0 0.0.0.255
permit ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
permit ip 10.1.1.0 0.0.0.255 172.16.2.0 0.0.0.255
permit ip 10.1.1.0 0.0.0.255 172.16.3.0 0.0.0.255
permit ip 10.1.1.0 0.0.0.255 172.16.4.0 0.0.0.255
permit ip 10.1.1.0 0.0.0.255 172.27.0.0 0.0.255.255
permit gre 1.1.1.0 0.0.0.3 5.5.5.0 0.0.0.3
deny ip any any
ip access-list standard USER-DATA
permit 172.16.1.0 0.0.0.255
permit 172.16.2.0 0.0.0.255
permit 172.16.3.0 0.0.0.255
permit 172.16.4.0 0.0.0.255
permit 192.168.1.0 0.0.0.3
permit 192.168.2.0 0.0.0.3
permit 192.168.10.0 0.0.0.7
permit 192.168.20.0 0.0.0.3
deny any
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
Edge-1#
Edge-2:
config:
Edge-2#sh running-config
Building configuration...
Current configuration : 3769 bytes
!
version 15.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Edge-2
!
!
!
!
!
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
!
crypto isakmp key admin123 address 5.5.5.1
!
!
!
crypto ipsec transform-set tf-set esp-aes esp-sha-hmac
!
crypto map crymap 10 ipsec-isakmp
set peer 5.5.5.1
set transform-set tf-set
match address VPN
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface Tunnel0
ip address 10.3.3.1 255.255.255.248
mtu 1476
tunnel source GigabitEthernet0/0/1
tunnel destination 5.5.5.1
!
!
interface GigabitEthernet0/0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0/0.1
encapsulation dot1Q 1 native
ip address 192.168.10.3 255.255.255.248
ip nat inside
standby 1 ip 192.168.10.1
standby 1 preempt
!
interface GigabitEthernet0/0/0.10
encapsulation dot1Q 10
ip address 172.16.1.2 255.255.255.0
ip helper-address 172.27.0.254
ip helper-address 172.27.0.253
ip nat inside
standby 1 ip 172.16.1.254
standby 1 preempt
!
interface GigabitEthernet0/0/0.20
encapsulation dot1Q 20
ip address 172.16.2.2 255.255.255.0
ip helper-address 172.27.0.254
ip helper-address 172.27.0.253
ip nat inside
standby 1 ip 172.16.2.254
standby 1 preempt
!
interface GigabitEthernet0/0/0.30
encapsulation dot1Q 30
ip address 172.16.3.2 255.255.255.0
ip helper-address 172.27.0.254
ip helper-address 172.27.0.253
ip nat inside
standby 1 ip 172.16.3.254
standby 1 preempt
!
interface GigabitEthernet0/0/0.40
encapsulation dot1Q 40
ip address 172.16.4.2 255.255.255.0
ip helper-address 172.27.0.254
ip helper-address 172.27.0.253
ip nat inside
standby 1 ip 172.16.4.254
standby 1 preempt
!
interface GigabitEthernet0/0/0.50
encapsulation dot1Q 50
ip address 172.27.0.2 255.255.0.0
ip helper-address 172.27.0.254
ip helper-address 172.27.0.253
ip nat inside
standby 1 ip 172.27.0.50
standby 1 preempt
!
interface GigabitEthernet0/0/1
ip address 2.2.2.2 255.255.255.252
ip nat outside
duplex auto
speed auto
crypto map crymap
!
interface Serial0/1/0
ip address 192.168.20.2 255.255.255.252
clock rate 2000000
!
interface Serial0/1/1
no ip address
clock rate 2000000
shutdown
!
interface GigabitEthernet0/2/0
switchport mode access
switchport nonegotiate
!
interface GigabitEthernet0/2/1
switchport mode access
switchport nonegotiate
!
interface GigabitEthernet0/2/2
switchport mode access
switchport nonegotiate
!
interface GigabitEthernet0/2/3
switchport mode access
switchport nonegotiate
!
interface Vlan1
no ip address
shutdown
!
router eigrp 1
network 192.168.10.0 0.0.0.7
network 2.2.2.0 0.0.0.3
!
ip nat inside source list USER-DATA interface GigabitEthernet0/0/1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 2.2.2.1
!
ip flow-export version 9
!
!
ip access-list extended VPN
permit ip 172.16.1.0 0.0.0.255 10.1.1.0 0.0.0.255
permit ip 172.16.2.0 0.0.0.255 10.1.1.0 0.0.0.255
permit ip 172.16.3.0 0.0.0.255 10.1.1.0 0.0.0.255
permit ip 172.16.4.0 0.0.0.255 10.1.1.0 0.0.0.255
permit ip 172.27.0.0 0.0.255.255 10.1.1.0 0.0.0.255
permit ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
permit ip 10.1.1.0 0.0.0.255 172.16.2.0 0.0.0.255
permit ip 10.1.1.0 0.0.0.255 172.16.3.0 0.0.0.255
permit ip 10.1.1.0 0.0.0.255 172.27.0.0 0.0.255.255
permit gre 2.2.2.0 0.0.0.3 5.5.5.0 0.0.0.3
deny ip any any
ip access-list standard USER-DATA
permit 172.16.1.0 0.0.0.255
permit 172.16.2.0 0.0.0.255
permit 172.16.3.0 0.0.0.255
permit 172.16.4.0 0.0.0.255
permit 192.168.1.0 0.0.0.3
permit 192.168.2.0 0.0.0.3
permit 192.168.10.0 0.0.0.7
permit 192.168.20.0 0.0.0.3
deny any
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
Edge-2#
- Labels:
-
Routing Protocols
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-21-2020 12:14 AM
Hello,
on the BRA-R1 router, add the networks below to your EIGRP:
network 10.2.2.0 0.0.0.7
network 10.3.3.0 0.0.0.7
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-21-2020 12:31 AM
Hello @thameem01 ,
>> %TUN-5-RECURDOWN: 0 temporarily disabled due to recursive routing
The issue is caused by the command network 10.2.2.0 0.0.7 in router eigrp mode.
This error means that the tunnel source and destination addresses are advertised over the tunnel itself causing the tunnel to become instable and to be put in down state.
There are two possible options:
a) if address plan allows it you need to filter outbond the advertisements of the source/destination networks over the tunnel interface
b) I think it is better: you use a different protocol over the tunnel or at least a different EIGRP process with a different EIGRP autonoumous system number.
The idea is to use a second routing process over the p2p GRE tunnel and to advertise over then tunnel some subnets that are not advertised on the already existing EIGRP process.
In this way the tunnel is used for traffic betweeen customer networks not advertised on EIGRP 1 process.
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide