cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
749
Views
8
Helpful
19
Replies

dmvpn hub has no nhrp info, spoke is stuck in NHRP

dgawaya1
Level 1
Level 1

Hello, 
My Dmvpn hub doesn't have any nhrp state, yet the spoke is stuch in NHRP 

The hub config is here 

dgawaya1_1-1716257110731.png

The spoke config is here 

dgawaya1_2-1716257416262.png

I will appreciate your help 




 




1 Accepted Solution

Accepted Solutions

@dgawaya1 thats correct, I did say to configure that a couple of days ago.

You need to define the custom vrf, otherwise the router will use the global routing table to establish the tunnel to the peer. Glad it's working.

View solution in original post

19 Replies 19

Share

Debug dmvpn detail 

From both spoke abd hub

MHM

dgawaya1
Level 1
Level 1

The debug is not yielding anything at the moment. However, I have got some show logging for u 
/////Hub //////

May 21 04:03:08.488: NHRP: Rejecting addr type 1
May 21 04:03:08.488: NHRP: Adding all static maps to cache
May 21 04:03:08.488: NHRP: Created instance PDB for vrf: VRF-TUNNEL2(0x5)
May 21 04:03:08.543: NHRP: Local NBMA address for interface Tunnel1, changed to 1.1.1.1 from 1.1.1.1
May 21 04:03:08.543: NHRP: Tunnel1: Tunnel mode changed from
May 21 04:03:08.543: NHRP-ERROR: Destroying nhrp map list
May 21 04:03:08.543: NHRP: if_up: Tunnel1 proto NHRP_IPv4
May 21 04:03:08.543: NHRP: Unable to send Registration - no NHSes configured
May 21 04:03:08.543: NHRP: if_up: Tunnel1 proto NHRP_IPv6
May 21 04:03:08.543: NHRP: Tunnel1: NHRP not enabled for NHRP_IPv6
May 21 04:03:08.543: NHRP: if_up: Tunnel1 proto UNKNOWN
May 21 04:03:08.543: NHRP: Tunnel1: NHRP not enabled for UNKNOWN
May 21 04:03:09.122: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
May 21 04:03:09.122: NHRP: if_up: Tunnel0 proto 'NHRP_IPv4'
May 21 04:03:09.123: NHRP: Registration with Tunnels Decap Module succeeded
May 21 04:03:09.123: NHRP: Adding all static maps to cache
May 21 04:03:09.123: NHRP: Unable to send Registration - no NHSes configured
May 21 04:03:09.337: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up
May 21 04:03:09.338: NHRP: if_up: Tunnel1 proto 'NHRP_IPv4'
May 21 04:03:09.338: NHRP: Registration with Tunnels Decap Module succeeded
May 21 04:03:09.338: NHRP: Adding all static maps to cache
May 21 04:03:09.338: NHRP: Unable to send Registration - no NHSes configured
May 21 04:03:10.123: NHRP: Unable to send Registration - no NHSes configured


//// Spoke/////
May 21 05:13:33.924: NHRP: Encapsulation succeeded. Sending NHRP Control Packet NBMA Address: 1.1.1.1
May 21 05:13:33.924: NHRP: 136 bytes out Tunnel1
May 21 05:13:53.517: NHRP: Setting retrans delay to 64 for nhs dst 172.16.0.1
May 21 05:13:53.517: NHRP: Attempting to send packet through interface Tunnel0 via DEST dst 172.16.0.1
May 21 05:13:53.517: NHRP: Send Registration Request via Tunnel0 vrf: VRF-TUN1(0x4), packet size: 108
May 21 05:13:53.517: src: 172.16.0.2, dst: 172.16.0.1
May 21 05:13:53.517: NHRP: Encapsulation succeeded. Sending NHRP Control Packet NBMA Address: 11.11.11.0
May 21 05:13:53.517: NHRP: 136 bytes out Tunnel0
May 21 05:14:22.877: NHRP: No SNMP node found to add requestID
May 21 05:14:22.877: NHRP: Attempting to send packet through interface Tunnel0 via DEST dst 172.16.0.1
May 21 05:14:22.877: NHRP: Send Registration Request via Tunnel0 vrf: VRF-TUN1(0x4), packet size: 108
May 21 05:14:22.877: src: 172.16.0.2, dst: 172.16.0.1
May 21 05:14:22.877: NHRP: Encapsulation succeeded. Sending NHRP Control Packet NBMA Address: 11.11.11.0
May 21 05:14:22.877: NHRP: 136 bytes out Tunnel0
May 21 05:14:22.877: NHRP: Resetting retransmit due to hold-timer for 172.16.0.1
May 21 05:14:23.425: NHRP: Setting retrans delay to 64 for nhs dst 192.168.0.1
May 21 05:14:23.425: NHRP: Attempting to send packet through interface Tunnel1 via



correct the NHRP network id, there is mismatch 

MHM

I have corrected the network-id, thanks. issue still remains. I have two Cisco 8300 routers Im trying to configure this network below. I have created two vrfs per router; Spokes on one router while hubs on the other.  

dgawaya1_0-1716356613373.jpeg

 

please share all config let me check it

all include the routing

MHM

@MHM Cisco World this is how the devices are connected. "FID-TEST" is an Arista switch while SYD1 has hub vrfs and SYD2 has spoke vrfs. I have ospf configured for connectivity purposes. Please see attched for the configs 

dgawaya1_0-1716430167771.png

 

R1#show running-config
!
ip vrf CLOUD1
rd 10:10
!
ip vrf INTER1
rd 1:1
!
interface Tunnel0
ip vrf forwarding CLOUD1
ip address 5.0.0.1 255.255.255.0
no ip redirects
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 5
tunnel vrf INTER1
!
interface FastEthernet0/0
ip vrf forwarding INTER1
ip address 100.0.0.1 255.255.255.0
duplex full
!
router eigrp DMVPN
!
address-family ipv4 unicast vrf CLOUD1 autonomous-system 5
!
topology base
exit-af-topology
network 5.0.0.0 0.0.0.255
exit-address-family
!
router ospf 100 vrf INTER1
network 100.0.0.0 0.0.0.255 area 0
!
end

//////////////////////////////////////////////////////////////////////////////////////////

R2#show run
R2#show running-config
!
ip vrf CLOUD1
rd 20:20
!
ip vrf INTER1
rd 2:2
!
interface Tunnel0
ip vrf forwarding CLOUD1
ip address 5.0.0.2 255.255.255.0
no ip redirects
ip nhrp map 5.0.0.1 100.0.0.1
ip nhrp map multicast 100.0.0.1
ip nhrp network-id 1
ip nhrp nhs 5.0.0.1
tunnel source FastEthernet1/1
tunnel mode gre multipoint
tunnel key 5
tunnel vrf INTER1
!
interface FastEthernet1/1
ip vrf forwarding INTER1
ip address 110.0.0.2 255.255.255.0
speed auto
duplex auto
!
router eigrp DMVPN
!
address-family ipv4 unicast vrf CLOUD1 autonomous-system 5
!
topology base
exit-af-topology
network 5.0.0.0 0.0.0.255
exit-address-family
!
router ospf 100 vrf INTER1
network 110.0.0.0 0.0.0.255 area 0
!
end

Screenshot (486).png

I make this LAB using two VRF 
one for INTER for Underlaying and other CLOUD for DMVPN 
I separate the IGP for DMVPN and underlaying 
MHM

Thanks, 
I'm a little bit lost but let me take some time to understand this and lab it. I will update u

OK let give you some point 
there are two VRF
1- the VRF for tunnel source 
this VRF for underlaying 

2- the VRF for tunnel itself 


interface FastEthernet1/1
ip vrf forwarding INTER1
ip address 110.0.0.2 255.255.255.0
speed auto
duplex auto
!
interface Tunnel0
ip vrf forwarding CLOUD1
ip address 5.0.0.2 255.255.255.0
no ip redirects
ip nhrp map 5.0.0.1 100.0.0.1
ip nhrp map multicast 100.0.0.1
ip nhrp network-id 1
ip nhrp nhs 5.0.0.1
tunnel source FastEthernet1/1
tunnel mode gre multipoint
tunnel key 5
tunnel vrf INTER1
!
router ospf 100 vrf INTER1
network 110.0.0.0 0.0.0.255 area 0
!
router eigrp DMVPN
!
address-family ipv4 unicast vrf CLOUD1 autonomous-system 5
!
topology base
exit-af-topology
network 5.0.0.0 0.0.0.255
exit-address-family


So can I use same VRF for both ? Yes you can but then it have no meaning to have VRF at all, put all your config in global. 

can I use Global for tunnel source and VRF for tunnel itself ? Yes you can

can I use Global for tunnel itself and VRF for tunnel source? Yes you can 

I make config in color when you decide to remove one VRF only check the config relate to it modify it to be in global

MHM

@dgawaya1 @MHM Cisco World FYI, network-id is locally significant and can be different. It makes sense to align, but it is not necessary they be te same. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dmvpn/configuration/xe-16/sec-conn-dmvpn-xe-16-book/sec-conn-dmvpn-dmvpn.html

 

@dgawaya1 is a custom VRF defined under the tunnel source interface Gig0/0/0? If so you need to configure:-

interface tunnel 0
 tunnel vrf <VRFNAME>

You would also need to define "match fvrf <VRFNAME>" under the IKEV2 policy and the IKEV2 profile.

yes, g0/0/0 is under the custom vrf. I have not yet configured ipsec. Just DMVPN for now

@dgawaya1 ok, configure the tunnel interface as suggested - "tunnel vrf <vrfname>" otherwise the router will use the global routing table to route to the peer and the tunnel fail to establish.