Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1540
Views
0
Helpful
0
Replies

DMVPN backup tunnel won't fail back over

Xavier Lloyd
Level 1
Level 1

‎05-08-2012 08:41 AM - edited ‎02-21-2020 06:03 PM

Hi folks,

I have an issue where I have a DMVPN set up with EIGRP. I have a secondary tunnel configured with one of the spokes in the primary tunnel is the hub of the secondary tunnel. Here are the configurations I have:

Router A

ROUTER_A#sh run int t0
Building configuration...
Current configuration : 533 bytes
!
interface Tunnel0
 bandwidth 8000
 ip address 10.x.x.12 255.255.255.240
 no ip redirects
 ip mtu 1446
 no ip next-hop-self eigrp 1
 ip flow ingress
 ip flow egress
 ip nhrp authentication cisco123
 ip nhrp map multicast dynamic
 ip nhrp network-id 8
 ip nhrp holdtime 600
 ip nhrp redirect
 no ip route-cache cef
 no ip route-cache
 ip tcp adjust-mss 1446
 no ip split-horizon eigrp 1
 delay 1
 tunnel source GigabitEthernet0/0
 tunnel mode gre multipoint
 tunnel key 67132
 tunnel protection ipsec profile strong_prof shared
 !
end
ROUTER_A#sh run int t1
Building configuration...
Current configuration : 577 bytes
!
interface Tunnel1
 bandwidth 4000
 ip address 10.x.x.66 255.255.255.240
 no ip redirects
 ip mtu 1446
 ip flow ingress
 ip flow egress
 ip nhrp authentication cisco123
 ip nhrp map 10.x.x.65 63.245.66.202
 ip nhrp map multicast 63.245.66.202
 ip nhrp network-id 18
 ip nhrp holdtime 600
 ip nhrp nhs 10.x.x.65
 ip nhrp shortcut
 ip nhrp redirect
 ip virtual-reassembly
 ip tcp adjust-mss 1446
 no ip split-horizon eigrp 2
 delay 2000
 shutdown
 tunnel source GigabitEthernet0/0
 tunnel mode gre multipoint
 tunnel key 12133
 tunnel protection ipsec profile strong_prof2
 !
end
ROUTER_A#sh run | sec router eigrp
router eigrp 1
 network 10.x.x.0 0.0.0.15
 network 10.3.0.0 0.0.0.255
router eigrp 2
 network 10.x.x.64 0.0.0.15
 network 10.3.0.0 0.0.0.255

Router B

ROUTER_B#sh run int t0
Building configuration...
Current configuration : 608 bytes
!
interface Tunnel0
 bandwidth 8000
 ip address 10.x.x.11 255.255.255.240
 no ip redirects
 ip mtu 1446
 ip flow ingress
 ip flow egress
 ip nhrp authentication cisco123
 ip nhrp map multicast 81.91.242.68
 ip nhrp map 10.x.x.12 81.91.242.68
 ip nhrp network-id 8
 ip nhrp holdtime 600
 ip nhrp nhs 10.x.x.12
 ip nhrp shortcut
 ip nhrp redirect
 ip virtual-reassembly
 no ip route-cache cef
 no ip route-cache
 ip tcp adjust-mss 1446
 no ip split-horizon eigrp 1
 delay 1
 tunnel source FastEthernet0/0/0
 tunnel mode gre multipoint
 tunnel key 67132
 tunnel protection ipsec profile strong_prof shared
 !
end
ROUTER_B#sh run int t1
Building configuration...
Current configuration : 521 bytes
!
interface Tunnel1
 bandwidth 4000
 ip address 10.x.x.65 255.255.255.240
 no ip redirects
 ip mtu 1446
 no ip next-hop-self eigrp 2
 ip flow ingress
 ip flow egress
 ip nhrp authentication cisco123
 ip nhrp map multicast dynamic
 ip nhrp network-id 18
 ip nhrp holdtime 600
 ip nhrp redirect
 ip virtual-reassembly
 ip tcp adjust-mss 1446
 no ip split-horizon eigrp 2
 delay 2000
 shutdown
 tunnel source FastEthernet0/0/0
 tunnel mode gre multipoint
 tunnel key 12133
 tunnel protection ipsec profile strong_prof2
 !
end
ROUTER_B#sh run | sec router eigrp
router eigrp 1
 network 10.x.x.0 0.0.0.15
 redistribute static route-map static_to_eigrp
router eigrp 2
 network 10.x.x.64 0.0.0.15
 redistribute static route-map static_to_eigrp

Router C/D/E

ROUTER_C#sh run int t0
Building configuration...
Current configuration : 550 bytes
!
interface Tunnel0
 bandwidth 8000
 ip address 10.x.x.13 255.255.255.240
 no ip redirects
 ip mtu 1446
 ip flow ingress
 ip nhrp authentication cisco123
 ip nhrp map 10.x.x.12 81.91.242.68
 ip nhrp map multicast 81.91.242.68
 ip nhrp network-id 8
 ip nhrp holdtime 600
 ip nhrp nhs 10.x.x.12
 ip nhrp shortcut
 ip nhrp redirect
 ip virtual-reassembly
 ip tcp adjust-mss 1446
 no ip split-horizon eigrp 1
 delay 1
 tunnel source FastEthernet0/0/1
 tunnel mode gre multipoint
 tunnel key 67132
 tunnel protection ipsec profile strong_prof shared
 !
end
ROUTER_C#sh run int t1
Building configuration...
Current configuration : 560 bytes
!
interface Tunnel1
 bandwidth 4000
 ip address 10.x.x.67 255.255.255.240
 no ip redirects
 ip mtu 1446
 ip flow ingress
 ip nhrp authentication cisco123
 ip nhrp map multicast 63.245.66.202
 ip nhrp map 10.x.x.65 63.245.66.202
 ip nhrp network-id 18
 ip nhrp holdtime 600
 ip nhrp nhs 10.x.x.65
 ip nhrp shortcut
 ip nhrp redirect
 ip virtual-reassembly
 ip tcp adjust-mss 1446
 no ip split-horizon eigrp 2
 delay 2000
 shutdown
 tunnel source FastEthernet0/0/1
 tunnel mode gre multipoint
 tunnel key 12133
 tunnel protection ipsec profile strong_prof2
 !
end
ROUTER_C#sh run | sec router eigrp
router eigrp 1
 network 10.x.x.0 0.0.0.15
 network 10.4.0.0 0.0.0.255
 redistribute static route-map STATIC_TO_OSPF
router eigrp 2
 network 10.x.x.64 0.0.0.15
 network 10.4.0.0 0.0.0.255
 redistribute static route-map STATIC_TO_OSPF

Now what happens is that when I shut down the tunnel0 interface on RouterA, everything fails over to the tunnel1 interfaces. When I bring back up the tunnel0 on RouterA, everything keeps using the tunnel1 interfaces. When I check show ip nhrp detail and sh ip eigrp topology/neighbours, its as if the other tunnel interface doesn't exist anymore.

How can I get this to fail back over properly. I thought of something just now that isn't configured the way I have it in my diagram. Router A is configured as a spoke in the backup tunnels. Do you think that this could have been the source of my problem? I can't test this until tomorrow morning as the maintenance window is gone but I'd appreciate any ideas until then

Cheers,

Xavier

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents