cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1110
Views
20
Helpful
9
Replies

Route Summary Advice

Patrick McHenry
Level 4
Level 4

Hi,

Our Home user routers are aquiring some pretty big routing tables and I would like to minimze them and also minimize the amount of routes be advertised back to the Main Campus. In a dynamips lab, I've done my summarizing only on the Georgia and Merrimack Headend routers. Is this the way I should be going about the summarization or, is their a more elegant way?

Thanks, Pat.

DMVPN Summary Routes.png

My configs on the headends look like so:

Merrimack Router:

interface FastEthernet0/1

ip address 172.20.68.1 255.255.255.0

ip summary-address eigrp 99 192.168.0.0 255.255.248.0 5

duplex auto

speed auto

!

router ospf 1

log-adjacency-changes

summary-address 10.1.0.0 255.255.248.0

redistribute static

redistribute eigrp 99 metric-type 1 subnets route-map EIGRP2OSPF

network 10.3.8.0 0.0.0.255 area 0

network 172.20.2.0 0.0.0.3 area 0

!

router eigrp 99

redistribute ospf 1 metric 100000 1 255 1 1500 route-map OSPF2EIGRP

network 172.20.68.0 0.0.0.255

no auto-summary

!

Show Output of Main Campus:

     172.20.0.0/16 is variably subnetted, 3 subnets, 2 masks

C       172.20.1.0/30 is directly connected, FastEthernet0/0

C       172.20.2.0/30 is directly connected, FastEthernet0/1

O E1    172.20.68.0/24 [110/30] via 172.20.2.2, 00:32:30, FastEthernet0/1

                       [110/30] via 172.20.1.2, 00:32:30, FastEthernet0/0

C    192.168.4.0/24 is directly connected, Loopback4

C    192.168.5.0/24 is directly connected, Loopback5

     10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

O E1    10.1.0.0/21 [110/30] via 172.20.2.2, 00:32:30, FastEthernet0/1

                    [110/30] via 172.20.1.2, 00:32:30, FastEthernet0/0

O E1    10.3.68.0/24 [110/30] via 172.20.2.2, 00:32:30, FastEthernet0/1

                     [110/30] via 172.20.1.2, 00:32:30, FastEthernet0/0

C    192.168.0.0/24 is directly connected, Loopback0

C    192.168.1.0/24 is directly connected, Loopback1

C    192.168.2.0/24 is directly connected, Loopback2

C    192.168.3.0/24 is directly connected, Loopback3

O E1 192.168.0.0/21 [110/30] via 172.20.2.2, 00:32:31, FastEthernet0/1

                    [110/30] via 172.20.1.2, 00:32:31, FastEthernet0/0

Show Outout of Home User:

   172.20.0.0/16 is variably subnetted, 3 subnets, 2 masks

D EX    172.20.1.0/30 [170/281856] via 172.20.68.1, 00:32:59, FastEthernet0/1

                      [170/281856] via 10.3.68.1, 00:32:59, FastEthernet0/0

D EX    172.20.2.0/30 [170/281856] via 172.20.68.1, 00:32:59, FastEthernet0/1

                      [170/281856] via 10.3.68.1, 00:32:59, FastEthernet0/0

C       172.20.68.0/24 is directly connected, FastEthernet0/1

     10.0.0.0/8 is variably subnetted, 8 subnets, 2 masks

C       10.1.3.0/24 is directly connected, Loopback3

C       10.1.2.0/24 is directly connected, Loopback2

C       10.1.1.0/24 is directly connected, Loopback1

C       10.1.0.0/24 is directly connected, Loopback0

D EX    10.1.0.0/21 [170/281856] via 172.20.68.1, 00:32:59, FastEthernet0/1

                    [170/281856] via 10.3.68.1, 00:32:59, FastEthernet0/0

C       10.1.5.0/24 is directly connected, Loopback5

C       10.1.4.0/24 is directly connected, Loopback4

C       10.3.68.0/24 is directly connected, FastEthernet0/0

D    192.168.0.0/21 [90/281856] via 172.20.68.1, 00:33:01, FastEthernet0/1

                    [90/281856] via 10.3.68.1, 00:33:01, FastEthernet0/0

9 Replies 9

Reza Sharifi
Hall of Fame
Hall of Fame

Hi Pat,

EIGRP by default advertise to the network level when you don't have the summary command configured  So, if you remove

no auto-summary

from you EIGRP config, the 192.168.0.0 255.255.248.0 will be summarized and advertised as 192.168.0.0 255.255.0.0 (default)

If you advertise 2.2.2.0/24, EIGRP by default advertises it as 2.0.0.0/8

HTH

Ya but, this is just a lab. In our real network, there are alot of 172.20.0.0 networks at the Main Campus location. That might screw up the routing as the tunnel interfaces for the remote routers have 172.20.68.? addresses.Auto summary will advertise 172.20.0.0 /16 to the Main Campus but, the remote branches also have an address in that classfull range.

Reza,

If I plan to do summarization is this the router I should do it on. Should I consider summarizing advertisments from the branches and the Main Campus instead of the Headends or do you think summarizing at the Headends is appropriate?

Thanks, Pat.

Hi Patrick,

take a look at this:http://blog.ioshints.info/2010/10/solution-eigrp-summarization-breaks.html

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Alain,

Thanks for the doc.

So, if I perform the summaries I suggested, I would be breaking any spoke to spoke routes and all data would go to the Hubs first then, to the spokes?

Also,

I don't have "no ip next-hop-self eigrp 1" configured on the tunnel interfaces of the Hub routers.

Does this mean I don't have spoke to spoke communication and all traffic is going to the Hubs first?

I believe we are using Phase 3 DMVPN but can't be sure - How do I confirm?

interface Tunnel0

bandwidth 20000

ip address 172.20.68.1 255.255.252.0

no ip redirects

ip mtu 1400

no ip split-horizon eigrp 99

ip flow ingress

ip flow egress

ip pim sparse-dense-mode

ip nhrp authentication XXXXXXX

ip nhrp map multicast dynamic

ip nhrp network-id 301

ip nhrp redirect

ip tcp adjust-mss 1360

delay 1000

qos pre-classify

tunnel source GigabitEthernet0/0/1

tunnel mode gre multipoint

tunnel key 1000

tunnel protection ipsec profile cvo-profile

end

Thanks, Pat.

Hi,

yes you would be blocking spoke to spoke communication with EIGRP alone.

you should have no ip next-hop-self eigrp 99  which is your AS not 1 here.

To confirm you go through the hub just do a traceroute.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Alain,

Router1#traceroute 172.16.0.185

Type escape sequence to abort.

Tracing the route to 172.16.0.185

VRF info: (vrf in name/id, vrf out name/id)

  1 172.20.68.1 60 msec

    10.3.68.1 100 msec

    172.20.68.1 72 msec

  2 10.3.68.26 112 msec

    172.20.68.26 160 msec *

I guess it is going to the Hubs first.

Router1#show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 192.168.0.1 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 192.168.0.1
      1.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C        1.0.0.0/8 is directly connected, GigabitEthernet2/0
L        1.1.1.1/32 is directly connected, GigabitEthernet2/0
D EX     1.1.1.11/32 [170/2816256] via 172.20.68.1, 1d12h, Tunnel0
                     [170/2816256] via 10.3.68.1, 1d12h, Tunnel1
D EX     1.1.1.12/32 [170/2816256] via 172.20.68.1, 1d12h, Tunnel0
                     [170/2816256] via 10.3.68.1, 1d12h, Tunnel1

So, if I was using spoke to spoke communication the next hop would be the default route?

Would the fact that we could be using Phase 3 change any of this?

Thanks, Pat

Hi,

to test it your traceroute should be for a  host address belonging to a subnet advertised by spoke and sourcing it from

a subnet advertised by the spoke on which you perform the traceroute.

you are doing load-sharing across 2 tunnels here, is it what you want to do ?   Is r1 a spoke router?

Could you post all configs from hubs and spokes and the topology file for gns3.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Alain,

Yes, Router1 is a spoke router.

HUB ROUTER


sh run br
Building configuration...

Current configuration : 5153 bytes
!
! Last configuration change at 07:46:25 EDT Fri Oct 26 2012 by USER

! NVRAM config last updated at 07:52:40 EDT Fri Oct 26 2012 by USER

version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname MK-1001-VPN1
!
boot-start-marker
boot system flash:asr1001-universalk9.03.04.02.S.151-3.S2.bin
boot system bootflash:asr1001-universalk9.03.04.02.S.151-3.S2.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
logging buffered 1000000
!
aaa new-model
!
!
aaa group server radius acs
server-private 172.20.64.50 auth-port 1812 acct-port 1813 key XXXXXX
!
aaa authentication login default local
aaa authorization network pkiaaa group acs
!
!
!
!
!
aaa session-id common
clock timezone EST -5 0
clock summer-time EDT recurring
!
!
!
ip domain name XXX.int
ip host mk-wan 172.20.64.8
ip host mk-vpn 172.20.64.102
ip host cvo-cs 172.20.64.103
ip host ap-3750 10.3.5.10
ip host ap-wan 172.20.1.110
ip host ap-3945 10.3.4.30
ip host ap-vpn 10.3.5.100
ip host ap-2960 10.3.5.11
ip host ap-asa 10.3.5.101
ip host br-wan 172.20.1.30
ip host mk-3750 172.20.64.9
ip host mk-3945 10.20.64.30
ip host mk-pki 172.20.64.103
ip name-server 172.20.9.14
ip name-server 172.20.9.15
ip multicast-routing distributed
!
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!

!
username User privilege 15 secret 4 XXX
username User privilege 15 secret 4 XXX
username User privilege 15 secret 4 XXX
!
redundancy
mode none
!
!
!
!
!
ip ftp username XXX
ip ftp password XXX
ip tftp source-interface GigabitEthernet0/0/0
!
!
!
crypto isakmp policy 1
encr aes 256
crypto isakmp keepalive 10
crypto isakmp nat keepalive 10
!
!
crypto ipsec transform-set t1 esp-aes 256 esp-sha-hmac
mode transport require
!
crypto ipsec profile cvo-profile
set transform-set t1
!
!
!
!
!
!
interface Tunnel0
bandwidth 20000
ip address 172.20.68.1 255.255.252.0
no ip redirects
ip mtu 1400
no ip split-horizon eigrp 99
ip flow ingress
ip flow egress
ip pim sparse-dense-mode
ip nhrp authentication XXX
ip nhrp map multicast dynamic
ip nhrp network-id 301
ip nhrp redirect
ip tcp adjust-mss 1360
delay 1000
qos pre-classify
tunnel source GigabitEthernet0/0/1
tunnel mode gre multipoint
tunnel key 1000
tunnel protection ipsec profile cvo-profile
!
interface GigabitEthernet0/0/0
ip address 172.20.64.102 255.255.255.0
negotiation auto
!
interface GigabitEthernet0/0/1
description Connection to PCC Internet
ip address "PUCBLIC IP" 255.255.255.128
ip flow ingress
ip flow egress
negotiation auto
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/3
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
negotiation auto
!
!
router eigrp 99
network 172.20.68.0 0.0.3.255
redistribute ospf 1 metric 100000 1 255 1 1500 route-map OSPF2EIGRP
!
router ospf 1
router-id 172.20.64.102
redistribute eigrp 99 metric-type 1 subnets route-map EIGRP2OSPF
network 172.20.64.0 0.0.0.255 area 0
!
ip forward-protocol nd
!
ip flow-export source Tunnel0
ip flow-export destination 172.20.8.211 9995
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 "PUBLIC IP"
!
logging 172.20.8.211
access-list 60 remark - Solarwinds only
access-list 60 remark - SNMP RO ACL
access-list 60 permit 172.20.8.211
access-list 60 deny   any log
cdp run
!
route-map EIGRP2OSPF deny 10
match tag 110
!
route-map EIGRP2OSPF permit 20
set tag 90
!
route-map OSPF2EIGRP deny 10
match tag 90
!
route-map OSPF2EIGRP permit 20
set tag 110
!
snmp-server community pccadmin RO 60
snmp-server location HQ
!
!
!
control-plane
!
!
!
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 0 0
privilege level 15
transport input ssh
line vty 5 15
exec-timeout 0 0
privilege level 15
transport input ssh
!
ntp server 172.20.8.108

end

------------------------------------------------------------------------------------------------------

SPOKE ROUTER

Building configuration...

Current configuration : 11721 bytes
!
! Last configuration change at 09:32:51 EST-DST Fri Oct 26 2012 by USER

! NVRAM config last updated at 09:41:49 EST-DST Fri Oct 26 2012 by USER

! NVRAM config last updated at 09:41:49 EST-DST Fri Oct 26 2012 by USER

version 15.1
parser config cache interface
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime show-timezone
service timestamps log datetime msec localtime show-timezone year
service password-encryption
!
hostname marchess
!
boot-start-marker
boot system flash c880data-universalk9-mz.151-4.M3.bin
boot-end-marker
!
!
logging buffered 4096 informational
enable secret 5 XXX
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
!
memory-size iomem 10
clock timezone EST -5 0
clock summer-time EST-DST recurring
service-module wlan-ap 0 bootimage unified
crypto pki token default removal timeout 0
!

!
ip nbar custom cuva udp 5445 
!
!
ip dhcp pool corp-pool
import all
network 172.16.0.24 255.255.255.248
domain-name pcc.int
option 150 ip 10.20.64.42 10.20.64.40 10.3.4.40
dns-server 172.20.9.14 8.8.8.8
default-router 172.16.0.25
!
ip dhcp pool guest-pool
import all
network 192.168.68.0 255.255.255.0
default-router 192.168.68.1
!
!
ip cef
no ip bootp server
no ip domain lookup
ip domain name XXX.int
ip multicast-routing
ip inspect log drop-pkt
ip inspect name cvo-inspect tcp router-traffic
ip inspect name cvo-inspect udp router-traffic
ip inspect name cvo-inspect realaudio
ip inspect name cvo-inspect rtsp
ip inspect name cvo-inspect tftp
ip inspect name cvo-inspect ftp
ip inspect name cvo-inspect h323
ip inspect name cvo-inspect netshow
ip inspect name cvo-inspect streamworks
ip inspect name cvo-inspect esmtp
ip inspect name cvo-inspect skinny
ip inspect name cvo-inspect sip
ip inspect name cvo-inspect sip-tls
ip inspect name voice skinny
ip inspect name voice sip
ip inspect name voice sip-tls
ip inspect name voice h323
ip inspect name voice tftp
ip inspect name voice dns
no ip igmp snooping
no ipv6 cef
!
!
multilink bundle-name authenticated
parameter-map type inspect global
log dropped-packets enable
password encryption aes
license udi pid CISCO881GW-GN-A-K9 sn FTX1546000V
!
!

username User privilege 15 secret 5 XXX
!
!
!
!
controller Cellular 0
!
ip ftp source-interface Vlan10
ip tftp source-interface Vlan10
ip ssh time-out 60
ip ssh source-interface Vlan10
ip scp server enable
!
class-map match-any internetwork_control
match access-group name isakmp_acl
match ip precedence 7
match ip precedence 6
class-map match-all non_voip
match access-group name non_voip_traffic_acl
class-map match-any discover_signaling
match protocol skinny
match protocol sip
class-map match-any call_setup
match ip dscp cs3
match ip precedence 3
class-map match-any discover_video
match protocol cuva
match protocol rtp video
class-map match-any discover_voip
match protocol rtp payload-type "0"
match protocol rtp payload-type "18"
match protocol rtp audio
class-map match-any video
match ip precedence 2
match ip dscp cs2
class-map match-any voice
match access-group name voice_acl
match ip dscp ef
match ip precedence 5
!
!
policy-map voice_and_video
class call_setup
bandwidth 32
class internetwork_control
  bandwidth 32
class voice
  priority 128
class video
  priority 460
class class-default
policy-map shaper
class class-default
  shape average 1500000
  service-policy voice_and_video
policy-map mark_incoming_traffic
class discover_voip
  set dscp ef
class discover_signaling
  set dscp cs3
class discover_video
  set dscp cs2
class non_voip
  set dscp default
!
!
!
crypto isakmp policy 1
encr aes 256
crypto isakmp keepalive 10
crypto isakmp nat keepalive 10
!
!
crypto ipsec transform-set t1 esp-aes 256 esp-sha-hmac
mode transport require
!
crypto ipsec profile cvo
set transform-set t1
!
!
!
!
!
!
interface Tunnel0
description DMVPN phase 3 - Connection to HUB
bandwidth 1000
ip address 172.20.68.6 255.255.252.0
no ip redirects
ip mtu 1400
ip pim sparse-dense-mode
ip nhrp authentication XXX
ip nhrp map 172.20.68.1 "PUBLIC IP"
ip nhrp map multicast "PUBLIC IP"
ip nhrp network-id 301
ip nhrp holdtime 300
ip nhrp nhs 172.20.68.1
ip nhrp registration no-unique
ip nhrp shortcut
ip nhrp redirect
ip tcp adjust-mss 1360
load-interval 30
delay 1000
qos pre-classify
tunnel source FastEthernet4
tunnel mode gre multipoint
tunnel key 1000
tunnel protection ipsec profile cvo shared
!
interface Tunnel1
description DMVPN phase 3 - Connection to HUB

bandwidth 1000
ip address 10.3.68.6 255.255.252.0
no ip redirects
ip mtu 1400
ip pim sparse-dense-mode
ip nhrp authentication XXX
ip nhrp map multicast "PUBLIC IP"
ip nhrp map 10.3.68.1 "PUBLIC IP"
ip nhrp network-id 302
ip nhrp holdtime 300
ip nhrp nhs 10.3.68.1
ip nhrp registration no-unique
ip nhrp shortcut
ip nhrp redirect
ip tcp adjust-mss 1360
load-interval 30
delay 1000
qos pre-classify
tunnel source FastEthernet4
tunnel mode gre multipoint
tunnel key 1001
tunnel protection ipsec profile cvo shared
!
interface FastEthernet0
switchport access vlan 10
switchport voice vlan 30
no ip address
spanning-tree portfast
!
interface FastEthernet1
switchport access vlan 10
switchport voice vlan 30
no ip address
spanning-tree portfast
!
interface FastEthernet2
switchport access vlan 10
switchport voice vlan 30
no ip address
spanning-tree portfast
!
interface FastEthernet3
switchport access vlan 10
switchport voice vlan 30
no ip address
spanning-tree portfast
!
interface FastEthernet4
description $ES_WAN$$FW_OUTSIDE$
ip address dhcp
ip access-group fw_acl in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
service-policy output shaper
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan10
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport trunk native vlan 10
switchport mode trunk
no ip address
!
interface Cellular0
no ip address
encapsulation ppp
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
description Corporate Access
ip address 172.16.0.25 255.255.255.248
no ip redirects
no ip unreachables
ip nat inside
ip inspect cvo-inspect in
ip virtual-reassembly in
ip tcp adjust-mss 1360
no autostate
service-policy input mark_incoming_traffic
!
interface Vlan20
description Guest Access
ip address 192.168.68.1 255.255.255.0
ip nat inside
ip inspect cvo-inspect in
ip virtual-reassembly in
ip policy route-map pbr
no autostate
!
interface Vlan30
description Corporate Voice
ip unnumbered Vlan10
ip access-group allow_skinny_acl in
ip inspect voice in
no autostate
service-policy input mark_incoming_traffic
!
!
router eigrp 99
network 10.3.68.0 0.0.3.255
network 172.16.0.24 0.0.0.7
network 172.20.68.0 0.0.3.255
eigrp router-id 172.16.0.25
!
ip forward-protocol nd
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip http client source-interface Vlan10
!
!
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source list nat_acl interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 192.168.1.1 254
ip route 0.0.0.0 0.0.0.0 192.168.1.1 254
ip route "PUBLIC IP" 255.255.255.255 dhcp
ip route "PUBLIC IP" 255.255.255.255 dhcp
ip route "PUBLIC IP" 255.255.255.255 dhcp
ip route 0.0.0.0 0.0.0.0 dhcp
!
ip access-list extended allow_skinny_acl
permit udp any any range bootps bootpc
permit icmp any any
permit udp any any eq domain
permit udp any any eq tftp
permit tcp any any eq 2000
permit udp any any range 16384 32767
permit udp any any eq 5445
permit udp any any range 2326 2373
permit tcp any any eq www
permit tcp any any eq 443
permit tcp any eq www any
permit tcp any eq 443 any
permit udp any any eq 5060
permit tcp any any eq 5060
permit tcp any any eq 2445
permit tcp any any eq 8080
permit tcp any any eq 8443
ip access-list extended fw_acl
permit icmp any any
permit udp any any eq bootpc
permit udp any any eq domain
permit udp any any eq isakmp
permit udp any any eq non500-isakmp
permit esp any any
permit udp host 192.43.244.18 any eq ntp
permit tcp host 65.199.155.103 any
ip access-list extended guest_acl
permit ip 192.168.68.0 0.0.0.255 any
ip access-list extended isakmp_acl
permit udp any any eq isakmp
ip access-list extended nat_acl
permit ip 172.16.0.24 0.0.0.7 any
permit ip 192.168.68.0 0.0.0.255 any
ip access-list extended non_voip_traffic_acl
permit ip any any
ip access-list extended voice_acl
permit udp any any range 16384 32767
!
ip radius source-interface Vlan10
kron policy-list SaveConfig
cli write
!
logging source-interface Vlan10
logging 172.20.8.211
logging 172.20.25.44
access-list 60 remark == SNMP RO ACL
access-list 60 remark -Solarwinds
access-list 60 permit 172.20.8.211
access-list 60 deny   any log
access-list 199 permit ip host 172.20.25.44 host 172.16.0.28
access-list 199 permit ip host 172.16.0.28 host 172.20.25.44
!
!
!
!
route-map pbr permit 10
match ip address guest_acl
set ip next-hop dynamic dhcp
!
snmp-server community XXX RO
snmp-server location HQ
!
!
!
control-plane
!
alias exec configuration terminal wr memory
banner login ^C
************************************************************************
AUTHORIZED USE ONLY / CONFIDENTIAL INFORMATION
This system is for use by authorized personnel only. Individuals using this system without authority, or in excess of their authority, are subject to disciplinary action up to and including termination.
As set forth in the company's electronic communications policy, the company may monitor the use of this system at any time. Each employee, by continuing the use of the system, expressly represents that they understand the policy and consent to such monitoring.
In the event monitoring discloses unauthorized or improper use of the system, monitoring personnel will forward such information to management.
Information available through the use of the system is proprietary and for company business only. Such information may be confidential and may not be used or disclosed, whether in electronic or hard copy form, except as approved by management.
Improper access or use of the system, or improper disclosure of confidential information may result in disciplinary action up to and including termination.
************************************************************************
^C
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
line 3
no exec
line vty 0 4
length 0
transport input ssh
!
ntp server 192.43.244.18 iburst
ntp server 172.20.8.108 source Vlan10 iburst
end

Thanks, Pat.

Alain,

I'm not sure if you knew this or not but, we are using Phase 3. If you to the end of the doc you poseted - specifically the questions, you'll see that it is mentioned that by using phase 3, you are able to summarize without losing spoke to spoke communication. This is what I got from it and from further reading. I beleive that is the big difference between phase 2 and phase 3. Phase 2 is not as scalable for this reason. I've confirmed I believe that at this point, we do have spoke to spkoe communication.

Spoke#ping 172.16.0.49(another spoke)

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.0.49, timeout is 2 seconds:

!!!!!

Spoke#sh ip nhrp

172.16.0.49/32 via 10.3.68.3

   Tunnel1 created 00:00:05, expire 00:04:56

   Type: dynamic, Flags: router

   NBMA address: 75.213.243.255(I believe this proves that I now have the NBMA address for the other spoke and can send packets directly)

I will test after summarizing as well.

Thanks, Pat.

Review Cisco Networking for a $25 gift card