07-10-2024 02:31 AM
Hello,
I have a problem with tunnel interface, I cannot use the physical interface, and if I configure it, the tunnel will not work.
While if I use Loopback, the tunnel works! Whether it is for data or control.
cEdge - Cisco Catalyst 8300 and 8200
Thanks,
07-10-2024 02:54 AM
Can you post the configuration for using the physical interface?
07-10-2024 03:11 AM
Hi Torbjørn,
interface Tunnel1
ip unnumbered TenGigabitEthernet0/1/0
tunnel source TenGigabitEthernet0/1/0
tunnel mode sdwan
sdwan
interface TenGigabitEthernet0/1/0
tunnel-interface
encapsulation ipsec
color mpls restrict
allow-service all
allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
allow-service sshd
no allow-service netconf
no allow-service ntp
allow-service ospf
no allow-service stun
allow-service https
no allow-service snmp
no allow-service bfd
07-10-2024 03:15 AM
Loopback as tunnel
interface Tunnel1
ip unnumbered Loopback0
tunnel source Loopback0
tunnel mode sdwan
sdwan
interface Loopback0
tunnel-interface
encapsulation ipsec
color mpls restrict
allow-service all
allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
allow-service sshd
no allow-service netconf
no allow-service ntp
allow-service ospf
no allow-service stun
allow-service https
no allow-service snmp
no allow-service bfd
07-10-2024 03:34 AM
Ip unnumbered same as tunnel source? I dont run tunnel before with same config but I dont think this will work.
Add ip to tunnel any IP and check
MHM
07-10-2024 03:36 AM
Hi,
Can you explain to me more please
Thanks,
07-10-2024 03:49 AM
How many layers in sdwan two underlying and overlaying
By use tunnel ip unnumbered same as tunnel source how can router know this traffic for which layer.
MHM
07-10-2024 07:06 AM
Hi,
show run interface te0/1/0
show sdwan control local-properties
show sdwan control connections
share above outputs when tunnel is configured for physical interface
07-10-2024 08:24 AM
Hi Kanan,
KM4-cEdge02#show run interface TenGigabitEthernet 0/1/0
Building configuration...
Current configuration : 254 bytes
!
interface TenGigabitEthernet0/1/0
description MPLS Interface
ip address 192.168.103.101 255.255.255.252
no ip redirects
ip ospf network point-to-point
ip ospf mtu-ignore
ip ospf 1 area 0
load-interval 30
negotiation auto
arp timeout 1200
end
!
KM4-cEdge02#show sdwan control local-properties
personality vedge
sp-organization-name LITC
organization-name LITC
root-ca-chain-status Installed
root-ca-crl-status Not-Installed
certificate-status Installed
certificate-validity Valid
certificate-not-valid-before Jan 19 10:16:06 2024 GMT
certificate-not-valid-after Aug 9 20:58:26 2099 GMT
enterprise-cert-status Not Applicable
enterprise-cert-validity Not Applicable
enterprise-cert-not-valid-before Not Applicable
enterprise-cert-not-valid-after Not Applicable
dns-name 10.251.1.232
site-id 16
domain-id 1
protocol dtls
tls-port 0
system-ip 10.0.0.101
enterprise-serial-num No certificate installed
token -NA-
keygen-interval 1:00:00:00
retry-interval 0:00:00:19
no-activity-exp-interval 0:00:00:20
dns-cache-ttl 0:00:02:00
port-hopped TRUE
time-since-last-port-hop 0:00:00:07
embargo-check success
device-role edge-router
region-id-set N/A
number-vbond-peers 0
number-active-wan-interfaces 2
NAT TYPE: E -- indicates End-point independent mapping
A -- indicates Address-port dependent mapping
N -- indicates Not learned
Note: Requires minimum two vbonds to learn the NAT type
PUBLIC PUBLIC PRIVATE PRIVATE PRIVATE MAX RESTRICT/ LAST SPI TIME NAT VM
INTERFACE IPv4 PORT IPv4 IPv6 PORT VS/VM COLOR STATE CNTRL CONTROL/ LR/LB CONNECTION REMAINING TYPE CON REG
STUN PRF IDs
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Loopback1 192.168.102.201 12406 192.168.102.201 :: 12406 1/1 default up 2 no/yes/no No/No 0:00:00:11 0:08:59:26 N 5 Default
TenGigabitEthernet0/1/0 192.168.103.101 12426 192.168.103.101 :: 12426 0/0 mpls up 2 yes/yes/no No/No 0:00:00:12 0:05:24:28 N 5 Default
!
KM4-cEdge02#sh sdwan control connections
PEER PEER CONTROLLER
PEER PEER PEER SITE DOMAIN PEER PRIV PEER PUB GROUP
TYPE PROT SYSTEM IP ID ID PRIVATE IP PORT PUBLIC IP PORT ORGANIZATION LOCAL COLOR PROXY STATE UPTIME ID
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
vsmart dtls 10.0.0.3 16 1 10.251.1.231 13046 10.251.1.231 13046 LITC default No up 1:03:01:58 0
vbond dtls 0.0.0.0 0 0 10.251.1.232 12346 10.251.1.232 12346 LITC default - up 1:03:02:01 0
vmanage dtls 10.0.0.1 16 0 10.251.1.230 13046 10.251.1.230 13046 LITC default No up 1:03:01:20 0
07-10-2024 08:42 AM
using Loopback
KM4-cEdge02#show sdwan bfd sessions
SOURCE TLOC REMOTE TLOC DST PUBLIC DST PUBLIC DETECT TX
SYSTEM IP SITE ID STATE COLOR COLOR SOURCE IP IP PORT ENCAP MULTIPLIER INTERVAL(msec UPTIME TRANSITIONS
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
10.0.0.103 17 up mpls mpls 192.168.102.101 192.168.102.103 12386 ipsec 7 1000 0:00:14:36 0
10.0.0.102 17 up mpls mpls 192.168.102.101 192.168.103.109 12406 ipsec 7 1000 0:00:14:32 0
10.0.0.102 17 up default default 192.168.102.201 192.168.102.202 12386 ipsec 7 1000 0:00:14:30 2
10.0.0.103 17 up default default 192.168.102.201 192.168.102.203 12426 ipsec 7 1000 0:06:53:32 2
10.0.0.105 18 up default default 192.168.102.201 192.168.102.205 12386 ipsec 7 1000 0:00:14:35 2
10.0.0.106 18 up default default 192.168.102.201 192.168.102.206 12346 ipsec 7 1000 0:00:14:36 0
KM4-cEdge02#show sdwan control connections
PEER PEER CONTROLLER
PEER PEER PEER SITE DOMAIN PEER PRIV PEER PUB GROUP
TYPE PROT SYSTEM IP ID ID PRIVATE IP PORT PUBLIC IP PORT ORGANIZATION LOCAL COLOR PROXY STATE UPTIME ID
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
vsmart dtls 10.0.0.3 16 1 10.251.1.231 13046 10.251.1.231 13046 LITC mpls No up 0:00:14:59 0
vsmart dtls 10.0.0.3 16 1 10.251.1.231 13046 10.251.1.231 13046 LITC default No up 1:03:18:55 0
vbond dtls 0.0.0.0 0 0 10.251.1.232 12346 10.251.1.232 12346 LITC mpls - up 0:00:15:01 0
vbond dtls 0.0.0.0 0 0 10.251.1.232 12346 10.251.1.232 12346 LITC default - up 1:03:18:58 0
vmanage dtls 10.0.0.1 16 0 10.251.1.230 13046 10.251.1.230 13046 LITC default No up 1:03:18:17 0
KM4-cEdge02#show sdwan control local-properties
personality vedge
sp-organization-name LITC
organization-name LITC
root-ca-chain-status Installed
root-ca-crl-status Not-Installed
certificate-status Installed
certificate-validity Valid
certificate-not-valid-before Jan 19 10:16:06 2024 GMT
certificate-not-valid-after Aug 9 20:58:26 2099 GMT
enterprise-cert-status Not Applicable
enterprise-cert-validity Not Applicable
enterprise-cert-not-valid-before Not Applicable
enterprise-cert-not-valid-after Not Applicable
dns-name 10.251.1.232
site-id 16
domain-id 1
protocol dtls
tls-port 0
system-ip 10.0.0.101
token -NA-
keygen-interval 1:00:00:00
retry-interval 0:00:00:19
no-activity-exp-interval 0:00:00:20
dns-cache-ttl 0:00:02:00
port-hopped TRUE
time-since-last-port-hop 0:00:15:30
embargo-check success
device-role edge-router
region-id-set N/A
number-vbond-peers 2
INDEX IP PORT
-----------------------------------------------------
0 10.251.1.232 12346
1 10.251.1.232 12346
number-active-wan-interfaces 2
NAT TYPE: E -- indicates End-point independent mapping
A -- indicates Address-port dependent mapping
N -- indicates Not learned
Note: Requires minimum two vbonds to learn the NAT type
PUBLIC PUBLIC PRIVATE PRIVATE PRIVATE MAX RESTRICT/ LAST SPI TIME NAT VM
INTERFACE IPv4 PORT IPv4 IPv6 PORT VS/VM COLOR STATE CNTRL CONTROL/ LR/LB CONNECTION REMAINING TYPE CON REG
STUN PRF IDs
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Loopback1 192.168.102.201 12406 192.168.102.201 :: 12406 1/1 default up 2 no/yes/no No/No 0:00:00:04 0:08:40:32 N 5 Default
Loopback0 192.168.102.101 12386 192.168.102.101 :: 12386 1/0 mpls up 2 yes/yes/no No/No 0:00:00:14 0:11:44:34 N 5 Default
07-10-2024 10:58 AM
Are you sure that your controllers have route to this IP - 192.168.103.101 ? Looks like, you have underlay routing issue. Dont you have ospf prefix-suppression in configuration or ospf routing process?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide