Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1602
Views
10
Helpful
9
Replies

unstable eigrp neighbour (up & down interfaces continuously)

prabinchand
Level 1
Level 1

‎12-12-2021 11:09 PM

 

Hello respected engineers,

i am facing the issue from past 13 days, but cannot find the actual solution.


SCENERIO: I have 2 hub (hub-standby , hub-active) and 2 spoke (spoke1 , spoke2) but for now i'm only concerned about spoke2. I have establish the neighbour using EIGRP on hub-standby , hub-active, spoke2 each router has 2 tunnels therefore i had advertised the tunnel & LAN network on EIGRP so that they can communicate dynamically.


ERROR (HUB-Standby): *Dec 13 12:01:12.519: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 172.16.10.3 (Tunnel1) is down: retry limit exceeded

ERROR (SPOKE2): *Dec 13 11:48:25.331: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 125.25.25.2 (Tunnel2) is down: retry limit exceeded

&

fortunately, no any errors is displayed on HUB-Active.

 

 

CONFIGURATION:

SPOKE2

!
ip tcp synwait-time 5
!
!
interface Tunnel1
ip address 172.16.10.3 255.255.255.0
no ip redirects
no ip split-horizon eigrp 1
ip nhrp map multicast 1.1.1.1
ip nhrp map multicast 1.1.1.2
ip nhrp map 172.16.10.1 1.1.1.1
ip nhrp map 172.16.10.2 1.1.1.2
ip nhrp network-id 1
ip nhrp holdtime 10
ip nhrp nhs 172.16.10.1 priority 1 cluster 1
ip nhrp nhs 172.16.10.2 priority 2 cluster 1
ip nhrp nhs cluster 1 max-connections 1
ip nhrp nhs fallback 5
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 1111
!
interface Tunnel2
ip address 125.25.25.3 255.255.255.0
no ip redirects
no ip split-horizon eigrp 1
ip nhrp map multicast 2.2.2.1
ip nhrp map multicast 2.2.2.2
ip nhrp map 125.25.25.1 2.2.2.1
ip nhrp map 125.25.25.2 2.2.2.2
ip nhrp network-id 2
ip nhrp nhs 125.25.25.1 priority 1 cluster 2
ip nhrp nhs 125.25.25.2 priority 2 cluster 2
ip nhrp nhs cluster 2 max-connections 1
ip nhrp nhs fallback 5
tunnel source FastEthernet1/1
tunnel mode gre multipoint
tunnel key 2222
!
interface FastEthernet0/0
ip address 1.1.1.4 255.255.255.0
speed auto
duplex auto
!
interface FastEthernet0/1
ip address 192.168.20.1 255.255.255.0
speed auto
duplex auto
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
ip address 2.2.2.4 255.255.255.0
speed auto
duplex auto
!
!
router eigrp 1
network 125.25.25.0 0.0.0.255
network 172.16.10.0 0.0.0.255
network 192.168.20.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!


HUB-ACTIVE

!
!
!
ip tcp synwait-time 5
!
!
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
crypto isakmp key FORISP1 address 1.1.1.3
crypto isakmp key FORISP2 address 2.2.2.3
!
!
crypto ipsec transform-set ISP1SET esp-3des esp-md5-hmac
mode tunnel
crypto ipsec transform-set ISP2SET esp-3des esp-md5-hmac
mode tunnel
!
!
!
crypto map ISP1MAP 1 ipsec-isakmp
set peer 1.1.1.3
set transform-set ISP1SET
match address 100
!
crypto map ISP2MAP 2 ipsec-isakmp
set peer 2.2.2.3
set transform-set ISP2SET
match address 100
!
!
!
!
!
interface Tunnel1
description ***FOR-isp-1-primary-***
ip address 172.16.10.1 255.255.255.0
no ip redirects
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 1111
!
interface Tunnel2
description ***FOR-isp-2-secondary-***
ip address 125.25.25.1 255.255.255.0
no ip redirects
ip nhrp map multicast dynamic
ip nhrp network-id 2
delay 6000
tunnel source FastEthernet1/1
tunnel mode gre multipoint
tunnel key 2222
!
interface FastEthernet0/0
ip address 1.1.1.1 255.255.255.0
standby 2 ip 1.1.1.5
standby 2 priority 110
standby 2 preempt
standby 2 name WAN-INT
speed auto
duplex auto
crypto map ISP1MAP redundancy WAN-INT
!
interface FastEthernet0/1
ip address 192.168.10.1 255.255.255.0
standby 1 ip 192.168.10.5
standby 1 priority 110
standby 1 preempt
standby 1 name INLAN
speed auto
duplex auto
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
description ***ISP-2-SECONDARY***
ip address 2.2.2.1 255.255.255.0
standby 3 ip 2.2.2.5
standby 3 priority 110
standby 3 preempt
standby 3 name wlan2
speed auto
duplex auto
crypto map ISP2MAP redundancy wlan2
!
!
router eigrp 1
network 125.25.25.0 0.0.0.255
network 172.16.10.0 0.0.0.255
network 192.168.10.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.10.3
ip route 192.168.60.0 255.255.255.0 1.1.1.3
ip route 192.168.60.0 255.255.255.0 2.2.2.3 10
!
access-list 100 permit ip 192.168.50.0 0.0.0.255 192.168.60.0 0.0.0.255
!
!
!
control-plane
!
!

HUB-STANDBY

!
!
!
ip tcp synwait-time 5
!
!
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
crypto isakmp key FORISP1 address 1.1.1.3
crypto isakmp key FORISP2 address 2.2.2.3
!
!
crypto ipsec transform-set ISP1SET esp-3des esp-md5-hmac
mode tunnel
crypto ipsec transform-set ISP2SET esp-3des esp-md5-hmac
mode tunnel
!
!
!
crypto map ISP1MAP 1 ipsec-isakmp
set peer 1.1.1.3
set transform-set ISP1SET
match address 100
!
crypto map ISP2MAP 2 ipsec-isakmp
set peer 2.2.2.3
set transform-set ISP2SET
match address 100
!
!
!
!
!
interface Tunnel1
description description ***FOR-isp-1-primary-***
ip address 172.16.10.2 255.255.255.0
no ip redirects
no ip split-horizon eigrp 1
ip nhrp map multicast dynamic
ip nhrp network-id 1
delay 7000
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 1111
!
interface Tunnel2
description ***FOR-isp-2-secondary-***
ip address 125.25.25.2 255.255.255.0
no ip redirects
no ip split-horizon eigrp 1
ip nhrp map multicast dynamic
ip nhrp network-id 2
delay 8000
tunnel source FastEthernet1/1
tunnel mode gre multipoint
tunnel key 2222
!
interface FastEthernet0/0
ip address 1.1.1.2 255.255.255.0
standby 2 ip 1.1.1.5
standby 2 preempt
standby 2 name WAN-INT
speed auto
duplex auto
crypto map ISP1MAP redundancy WAN-INT
!
interface FastEthernet0/1
ip address 192.168.10.2 255.255.255.0
standby 1 ip 192.168.10.5
standby 1 preempt
standby 1 name INLAN
speed auto
duplex auto
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
description ***ISP-2-SECONDARY***
ip address 2.2.2.2 255.255.255.0
standby 3 ip 2.2.2.5
standby 3 preempt
standby 3 name wlan2
speed auto
duplex auto
crypto map ISP2MAP redundancy wlan2
!
!
router eigrp 1
network 125.25.25.0 0.0.0.255
network 172.16.10.0 0.0.0.255
network 192.168.10.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.10.3
ip route 192.168.60.0 255.255.255.0 1.1.1.3
ip route 192.168.60.0 255.255.255.0 2.2.2.3 10
!
access-list 100 permit ip 192.168.50.0 0.0.0.255 192.168.60.0 0.0.0.255
!
!
!
control-plane
!
!

 

Preview file
72 KB
0 Helpful
9 Replies 9

Georg Pauwen
VIP
VIP

‎12-12-2021 11:59 PM

Hello,

 

I think the only way to get an answer is to replicate the lab. This looks like a GNS3 lab ?

 

Either way, provide the full running configurations of all devices in your topology, and put descriptions on the interfaces (such as Link to Interface X on Device Y) so we know what is connected to what...

0 Helpful

prabinchand
Level 1
Level 1
In response to Georg Pauwen

‎12-13-2021 12:30 AM

yes sir, it is in gns3.

Note: no any config is done on L2-switch

CONFIGURATION

INTERNET

Building configuration...

Current configuration : 1065 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname INTERNET
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.0
!
interface FastEthernet0/0
ip address 10.10.10.1 255.255.255.0
speed auto
duplex auto
!
interface FastEthernet0/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
no ip address
shutdown
speed auto
duplex auto
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.10.10.2
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

!

EXTERNAL-ROUTER

Current configuration : 1212 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname EXTERNAL-ROUTER
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.10.10.2 255.255.255.0
ip nat outside
speed auto
duplex auto
!
interface FastEthernet0/1
ip address 192.168.30.1 255.255.255.0
ip nat inside
speed auto
duplex auto
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
no ip address
shutdown
speed auto
duplex auto
!
ip nat inside source list NAT interface FastEthernet0/0 overload
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.30.2
ip route 3.3.3.0 255.255.255.0 10.10.10.1
!
ip access-list standard NAT
permit any
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

HUB-STANDBY

Building configuration...

Current configuration : 2709 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname HUB-STANDBY
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
crypto isakmp key FORISP1 address 1.1.1.3
crypto isakmp key FORISP2 address 2.2.2.3
!
!
crypto ipsec transform-set ISP1SET esp-3des esp-md5-hmac
mode tunnel
crypto ipsec transform-set ISP2SET esp-3des esp-md5-hmac
mode tunnel
!
!
!
crypto map ISP1MAP 1 ipsec-isakmp
set peer 1.1.1.3
set transform-set ISP1SET
match address 100
!
crypto map ISP2MAP 2 ipsec-isakmp
set peer 2.2.2.3
set transform-set ISP2SET
match address 100
!
!
!
!
!
interface Tunnel1
description description ***FOR-isp-1-primary-***
ip address 172.16.10.2 255.255.255.0
no ip redirects
no ip split-horizon eigrp 1
ip nhrp map multicast dynamic
ip nhrp network-id 1
delay 7000
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 1111
!
interface Tunnel2
description ***FOR-isp-2-secondary-***
ip address 125.25.25.2 255.255.255.0
no ip redirects
no ip split-horizon eigrp 1
ip nhrp map multicast dynamic
ip nhrp network-id 2
delay 8000
tunnel source FastEthernet1/1
tunnel mode gre multipoint
tunnel key 2222
!
interface FastEthernet0/0
ip address 1.1.1.2 255.255.255.0
standby 2 ip 1.1.1.5
standby 2 preempt
standby 2 name WAN-INT
speed auto
duplex auto
crypto map ISP1MAP redundancy WAN-INT
!
interface FastEthernet0/1
ip address 192.168.10.2 255.255.255.0
standby 1 ip 192.168.10.5
standby 1 preempt
standby 1 name INLAN
speed auto
duplex auto
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
description ***ISP-2-SECONDARY***
ip address 2.2.2.2 255.255.255.0
standby 3 ip 2.2.2.5
standby 3 preempt
standby 3 name wlan2
speed auto
duplex auto
crypto map ISP2MAP redundancy wlan2
!
!
router eigrp 1
network 125.25.25.0 0.0.0.255
network 172.16.10.0 0.0.0.255
network 192.168.10.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.10.3
ip route 192.168.60.0 255.255.255.0 1.1.1.3
ip route 192.168.60.0 255.255.255.0 2.2.2.3 10
!
access-list 100 permit ip 192.168.50.0 0.0.0.255 192.168.60.0 0.0.0.255
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

HUB-ACTIVE

Building configuration...

Current configuration : 2698 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname HUB-ACTIVE
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
crypto isakmp key FORISP1 address 1.1.1.3
crypto isakmp key FORISP2 address 2.2.2.3
!
!
crypto ipsec transform-set ISP1SET esp-3des esp-md5-hmac
mode tunnel
crypto ipsec transform-set ISP2SET esp-3des esp-md5-hmac
mode tunnel
!
!
!
crypto map ISP1MAP 1 ipsec-isakmp
set peer 1.1.1.3
set transform-set ISP1SET
match address 100
!
crypto map ISP2MAP 2 ipsec-isakmp
set peer 2.2.2.3
set transform-set ISP2SET
match address 100
!
!
!
!
!
interface Tunnel1
description ***FOR-isp-1-primary-***
ip address 172.16.10.1 255.255.255.0
no ip redirects
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 1111
!
interface Tunnel2
description ***FOR-isp-2-secondary-***
ip address 125.25.25.1 255.255.255.0
no ip redirects
ip nhrp map multicast dynamic
ip nhrp network-id 2
delay 6000
tunnel source FastEthernet1/1
tunnel mode gre multipoint
tunnel key 2222
!
interface FastEthernet0/0
ip address 1.1.1.1 255.255.255.0
standby 2 ip 1.1.1.5
standby 2 priority 110
standby 2 preempt
standby 2 name WAN-INT
speed auto
duplex auto
crypto map ISP1MAP redundancy WAN-INT
!
interface FastEthernet0/1
ip address 192.168.10.1 255.255.255.0
standby 1 ip 192.168.10.5
standby 1 priority 110
standby 1 preempt
standby 1 name INLAN
speed auto
duplex auto
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
description ***ISP-2-SECONDARY***
ip address 2.2.2.1 255.255.255.0
standby 3 ip 2.2.2.5
standby 3 priority 110
standby 3 preempt
standby 3 name wlan2
speed auto
duplex auto
crypto map ISP2MAP redundancy wlan2
!
!
router eigrp 1
network 125.25.25.0 0.0.0.255
network 172.16.10.0 0.0.0.255
network 192.168.10.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.10.3
ip route 192.168.60.0 255.255.255.0 1.1.1.3
ip route 192.168.60.0 255.255.255.0 2.2.2.3 10
!
access-list 100 permit ip 192.168.50.0 0.0.0.255 192.168.60.0 0.0.0.255
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

L3-SW

Building configuration...

Current configuration : 2483 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname L3-sw
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
vtp file nvram:vlan.dat

!
!
ip tcp synwait-time 5
!
!
!
!
!
interface FastEthernet1/0
switchport access vlan 10
duplex full
speed 100
!
interface FastEthernet1/1
switchport access vlan 10
duplex full
speed 100
!
interface FastEthernet1/2
no switchport
ip address 192.168.40.1 255.255.255.0
duplex full
speed 100
!
interface FastEthernet1/3
duplex full
speed 100
!
interface FastEthernet1/4
duplex full
speed 100
!
interface FastEthernet1/5
duplex full
speed 100
!
interface FastEthernet1/6
duplex full
speed 100
!
interface FastEthernet1/7
duplex full
speed 100
!
interface FastEthernet1/8
duplex full
speed 100
!
interface FastEthernet1/9
duplex full
speed 100
!
interface FastEthernet1/10
duplex full
speed 100
!
interface FastEthernet1/11
duplex full
speed 100
!
interface FastEthernet1/12
duplex full
speed 100
!
interface FastEthernet1/13
duplex full
speed 100
!
interface FastEthernet1/14
duplex full
speed 100
!
interface FastEthernet1/15
no switchport
ip address 192.168.30.2 255.255.255.0
duplex full
speed 100
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 192.168.10.3 255.255.255.0
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.10.5
ip route 3.3.3.0 255.255.255.0 192.168.30.1
ip route 192.168.50.0 255.255.255.0 192.168.40.2
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
banner exec ^C

***************************************************************
This is a normal Router with a SW module inside (NM-16ESW)
It has been preconfigured with hard coded speed and duplex

To create vlans use the command "vlan database" from exec mode
After creating all desired vlans use "exit" to apply the config

To view existing vlans use the command "show vlan-switch brief"

Warning: You are using an old IOS image for this router.
Please update the IOS to enable the "macro" command!
***************************************************************

^C
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end

INTERNAL ROUTER

Building configuration...

Current configuration : 1034 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname INTERNAL-ROUTER
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.40.2 255.255.255.0
speed auto
duplex auto
!
interface FastEthernet0/1
ip address 192.168.50.1 255.255.255.0
speed auto
duplex auto
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
no ip address
shutdown
speed auto
duplex auto
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.40.1
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

SPOKE2

Building configuration...

Current configuration : 2089 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname SPOKE2
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
interface Tunnel1
ip address 172.16.10.3 255.255.255.0
no ip redirects
no ip split-horizon eigrp 1
ip nhrp map multicast 1.1.1.1
ip nhrp map multicast 1.1.1.2
ip nhrp map 172.16.10.1 1.1.1.1
ip nhrp map 172.16.10.2 1.1.1.2
ip nhrp network-id 1
ip nhrp holdtime 10
ip nhrp nhs 172.16.10.1 priority 1 cluster 1
ip nhrp nhs 172.16.10.2 priority 2 cluster 1
ip nhrp nhs cluster 1 max-connections 1
ip nhrp nhs fallback 5
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 1111
!
interface Tunnel2
ip address 125.25.25.3 255.255.255.0
no ip redirects
no ip split-horizon eigrp 1
ip nhrp map multicast 2.2.2.1
ip nhrp map multicast 2.2.2.2
ip nhrp map 125.25.25.1 2.2.2.1
ip nhrp map 125.25.25.2 2.2.2.2
ip nhrp network-id 2
ip nhrp nhs 125.25.25.1 priority 1 cluster 2
ip nhrp nhs 125.25.25.2 priority 2 cluster 2
ip nhrp nhs cluster 2 max-connections 1
ip nhrp nhs fallback 5
tunnel source FastEthernet1/1
tunnel mode gre multipoint
tunnel key 2222
!
interface FastEthernet0/0
ip address 1.1.1.4 255.255.255.0
speed auto
duplex auto
!
interface FastEthernet0/1
ip address 192.168.20.1 255.255.255.0
speed auto
duplex auto
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
ip address 2.2.2.4 255.255.255.0
speed auto
duplex auto
!
!
router eigrp 1
network 125.25.25.0 0.0.0.255
network 172.16.10.0 0.0.0.255
network 192.168.20.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

SPOKE1

Building configuration...

Current configuration : 1692 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname SPOKE1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
crypto isakmp key FORISP1 address 1.1.1.5
crypto isakmp key FORISP2 address 2.2.2.5
!
!
crypto ipsec transform-set ISP2SET esp-3des esp-md5-hmac
mode tunnel
crypto ipsec transform-set ISP1SET esp-3des esp-md5-hmac
mode tunnel
!
!
!
crypto map ISP1MAP 1 ipsec-isakmp
set peer 1.1.1.5
set transform-set ISP1SET
match address 100
!
crypto map ISP2MAP 2 ipsec-isakmp
set peer 2.2.2.5
set transform-set ISP2SET
match address 100
!
!
!
!
!
interface FastEthernet0/0
ip address 1.1.1.3 255.255.255.0
speed auto
duplex auto
crypto map ISP1MAP
!
interface FastEthernet0/1
ip address 192.168.60.1 255.255.255.0
speed auto
duplex auto
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
ip address 2.2.2.3 255.255.255.0
speed auto
duplex auto
crypto map ISP2MAP
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 1.1.1.5
ip route 0.0.0.0 0.0.0.0 2.2.2.5 10
!
access-list 100 permit ip 192.168.60.0 0.0.0.255 192.168.50.0 0.0.0.255
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

 

 

Preview file
104 KB
0 Helpful

Georg Pauwen
VIP
VIP
In response to prabinchand

‎12-13-2021 12:49 AM

Hello,

 

I'll lab this up in GNS3, it will take several hours to do so. Will get back with you...

MHM Cisco World
VIP
VIP

‎12-13-2021 05:10 AM

Dib-DMVPN-hub-and-spoke-1.png
Design is wrong, you need SLB router for the DMVPN to work with HSRP otherwise the Spoke is connect to one Hub and other Hub face eigrp. 
please see the above topology.

prabinchand
Level 1
Level 1
In response to MHM Cisco World

‎12-13-2021 06:07 AM

I didn't get what u want to say.

here in my topology, i used L2-switch as Internet Service Provider

0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni

‎12-13-2021 09:16 AM

Hello,

ERROR (HUB-Standby): *Dec 13 12:01:12.519: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 172.16.10.3 (Tunnel1) is down: retry limit exceeded

ERROR (SPOKE2): *Dec 13 11:48:25.331: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 125.25.25.2 (Tunnel2) is down: retry limit exceeded

The above error message seems like you don't have "Q count" zero at any of the locations as HUB or SPOKE. It is known behavior while you are hitting with a virtualization bug.  If it is a real network then you are facing underlay issue. 

My suggestion is to restart devices that are responsible for underlay as switches or routers.  if you are using any Layer 2 switch Image as Layer 3 switch or routing in your GNS then run a "no ip cef" command on a switch as well. 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

prabinchand
Level 1
Level 1
In response to Deepak Kumar

‎12-13-2021 09:01 PM

Sorry sir,

but it didn't worked for me. Still it showing the same error.

0 Helpful

paul driver
VIP
VIP

‎12-13-2021 05:08 PM

Hello

Can the NHS/NHC ping each others peering address, Are the nexhop ip addresses of the peers actual the physical interfaces or do they differ?

 

Lastly make these changes also:
NHC
interface Tunnelx
ip split-horizon eigrp x

 

NHS
interface Tunnel x
no ip split-horizon eigrp x
no ip next-hop-self eigrp x


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

prabinchand
Level 1
Level 1
In response to paul driver

‎12-13-2021 09:02 PM - edited ‎12-13-2021 10:55 PM

yes sir, SPOKE2 & HUB-ACTIVE NHS/NHC can ping each others BUT SPOKE2 isnt able to ping HUB-STANDBY NHS\NHC.

Also i have tried what u said..

 

but no result, still showing the same error.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card