05-20-2022 10:55 AM
Somehow I am not understanding the scant documentation on setting default routes for multiple circuits in VPN 0. It works for me with more than one circuit if they all are static IPs with static next hops. It works for a single circuit with DHCP. However, I can't figure out how to get things working with two circuits when one is DHCP and the other is static. If the VPN template is configured with an IPv4 route of 0.0.0.0/0 set to DHCP, the DHCP circuit works. If it is set to a next hop for the static IP circuit, that one works and the DHCP doesn't. How do we configure it properly so both circuits have a default route and the overlay connections come up for both?
Solved! Go to Solution.
05-27-2022 03:56 PM
It is now working, after re-trying the configuration suggested by TAC. I thought I had tried that configuration, but maybe I didn't or there was something in the order of the different configurations tried that messed it up, or it didn't get pushed.
What is working is setting the 0.0.0.0/0 default route in the VPN 0 template under IPv4 route to use next hop, and setting a device specific variable for the value of the next hop IP. Then, in the VPN Ethernet interface template for the DHCP interface, set the DHCP admin distance to 1 as a global setting. This is a precaution as that is the default setting also, but I wanted to make sure. Finally, do make sure the device template is pushed to the device, which can be done by changing the device values and just following through the steps again to apply the template. Ended up with this.
sh ip ro
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
& - replicated local route overrides by connected
Gateway of last resort is 173.48.130.1 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 173.48.130.1
[1/0] via 50.214.194.26
50.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 50.214.194.24/30 is directly connected, GigabitEthernet0/0/1
L 50.214.194.25/32 is directly connected, GigabitEthernet0/0/1
173.48.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 173.48.130.0/24 is directly connected, GigabitEthernet0/0/0
L 173.48.130.213/32 is directly connected, GigabitEthernet0/0/0
05-21-2022 11:27 PM
Can you share your template configuration or edge configuration to double check issue?
05-23-2022 01:55 PM
Originally we tried having the DHCP default route configured under IPv4 route, and then added a device specific route prefix which we then tried configuring for the default route through the static default gateway of the static circuit. That removed the DHCP default when pushed to the device.
A TAC engineer suggest just having the default distance in the interface template for the DHCP circuit, and putting the static configuration in the IPv4 route in the VPN template. I'm pretty sure we tried that, but we will try it again when we can schedule a maintenance window with the site to work on it.
05-27-2022 03:56 PM
It is now working, after re-trying the configuration suggested by TAC. I thought I had tried that configuration, but maybe I didn't or there was something in the order of the different configurations tried that messed it up, or it didn't get pushed.
What is working is setting the 0.0.0.0/0 default route in the VPN 0 template under IPv4 route to use next hop, and setting a device specific variable for the value of the next hop IP. Then, in the VPN Ethernet interface template for the DHCP interface, set the DHCP admin distance to 1 as a global setting. This is a precaution as that is the default setting also, but I wanted to make sure. Finally, do make sure the device template is pushed to the device, which can be done by changing the device values and just following through the steps again to apply the template. Ended up with this.
sh ip ro
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
& - replicated local route overrides by connected
Gateway of last resort is 173.48.130.1 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 173.48.130.1
[1/0] via 50.214.194.26
50.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 50.214.194.24/30 is directly connected, GigabitEthernet0/0/1
L 50.214.194.25/32 is directly connected, GigabitEthernet0/0/1
173.48.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 173.48.130.0/24 is directly connected, GigabitEthernet0/0/0
L 173.48.130.213/32 is directly connected, GigabitEthernet0/0/0
05-22-2022 04:04 PM
Hi,
please, share "show ip route" when you have both static and DHCP configuration. In autonomous mode of IOS XE you have different AD value for dhcp learned gateway / next-hop. Most probably, it is the same for SD-WAN too. Just check what AD value has dhcp learned gateway, if it is other than 1 (which is default AD for static) you need to set the same AD for static (or 1 for DHCP if this setup is available).
HTH,
05-23-2022 01:48 PM
This is for controller mode, so it needs to be configured via templates.
11-03-2023 01:45 AM - edited 11-03-2023 03:01 AM
It works, keep in mind, while testing, static and DHCP must be form different subnets.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide