05-20-2024 07:11 PM
Hello,
My Dmvpn hub doesn't have any nhrp state, yet the spoke is stuch in NHRP
The hub config is here
The spoke config is here
I will appreciate your help
Solved! Go to Solution.
05-23-2024 02:40 AM
@dgawaya1 thats correct, I did say to configure that a couple of days ago.
You need to define the custom vrf, otherwise the router will use the global routing table to establish the tunnel to the peer. Glad it's working.
05-20-2024 09:01 PM - edited 05-20-2024 09:41 PM
Share
Debug dmvpn detail
From both spoke abd hub
MHM
05-20-2024 10:17 PM
The debug is not yielding anything at the moment. However, I have got some show logging for u
/////Hub //////
May 21 04:03:08.488: NHRP: Rejecting addr type 1
May 21 04:03:08.488: NHRP: Adding all static maps to cache
May 21 04:03:08.488: NHRP: Created instance PDB for vrf: VRF-TUNNEL2(0x5)
May 21 04:03:08.543: NHRP: Local NBMA address for interface Tunnel1, changed to 1.1.1.1 from 1.1.1.1
May 21 04:03:08.543: NHRP: Tunnel1: Tunnel mode changed from
May 21 04:03:08.543: NHRP-ERROR: Destroying nhrp map list
May 21 04:03:08.543: NHRP: if_up: Tunnel1 proto NHRP_IPv4
May 21 04:03:08.543: NHRP: Unable to send Registration - no NHSes configured
May 21 04:03:08.543: NHRP: if_up: Tunnel1 proto NHRP_IPv6
May 21 04:03:08.543: NHRP: Tunnel1: NHRP not enabled for NHRP_IPv6
May 21 04:03:08.543: NHRP: if_up: Tunnel1 proto UNKNOWN
May 21 04:03:08.543: NHRP: Tunnel1: NHRP not enabled for UNKNOWN
May 21 04:03:09.122: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
May 21 04:03:09.122: NHRP: if_up: Tunnel0 proto 'NHRP_IPv4'
May 21 04:03:09.123: NHRP: Registration with Tunnels Decap Module succeeded
May 21 04:03:09.123: NHRP: Adding all static maps to cache
May 21 04:03:09.123: NHRP: Unable to send Registration - no NHSes configured
May 21 04:03:09.337: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up
May 21 04:03:09.338: NHRP: if_up: Tunnel1 proto 'NHRP_IPv4'
May 21 04:03:09.338: NHRP: Registration with Tunnels Decap Module succeeded
May 21 04:03:09.338: NHRP: Adding all static maps to cache
May 21 04:03:09.338: NHRP: Unable to send Registration - no NHSes configured
May 21 04:03:10.123: NHRP: Unable to send Registration - no NHSes configured
//// Spoke/////
May 21 05:13:33.924: NHRP: Encapsulation succeeded. Sending NHRP Control Packet NBMA Address: 1.1.1.1
May 21 05:13:33.924: NHRP: 136 bytes out Tunnel1
May 21 05:13:53.517: NHRP: Setting retrans delay to 64 for nhs dst 172.16.0.1
May 21 05:13:53.517: NHRP: Attempting to send packet through interface Tunnel0 via DEST dst 172.16.0.1
May 21 05:13:53.517: NHRP: Send Registration Request via Tunnel0 vrf: VRF-TUN1(0x4), packet size: 108
May 21 05:13:53.517: src: 172.16.0.2, dst: 172.16.0.1
May 21 05:13:53.517: NHRP: Encapsulation succeeded. Sending NHRP Control Packet NBMA Address: 11.11.11.0
May 21 05:13:53.517: NHRP: 136 bytes out Tunnel0
May 21 05:14:22.877: NHRP: No SNMP node found to add requestID
May 21 05:14:22.877: NHRP: Attempting to send packet through interface Tunnel0 via DEST dst 172.16.0.1
May 21 05:14:22.877: NHRP: Send Registration Request via Tunnel0 vrf: VRF-TUN1(0x4), packet size: 108
May 21 05:14:22.877: src: 172.16.0.2, dst: 172.16.0.1
May 21 05:14:22.877: NHRP: Encapsulation succeeded. Sending NHRP Control Packet NBMA Address: 11.11.11.0
May 21 05:14:22.877: NHRP: 136 bytes out Tunnel0
May 21 05:14:22.877: NHRP: Resetting retransmit due to hold-timer for 172.16.0.1
May 21 05:14:23.425: NHRP: Setting retrans delay to 64 for nhs dst 192.168.0.1
May 21 05:14:23.425: NHRP: Attempting to send packet through interface Tunnel1 via
05-20-2024 11:07 PM
correct the NHRP network id, there is mismatch
MHM
05-21-2024 10:44 PM
I have corrected the network-id, thanks. issue still remains. I have two Cisco 8300 routers Im trying to configure this network below. I have created two vrfs per router; Spokes on one router while hubs on the other.
05-21-2024 11:34 PM
please share all config let me check it
all include the routing
MHM
05-22-2024 07:09 PM
@MHM Cisco World this is how the devices are connected. "FID-TEST" is an Arista switch while SYD1 has hub vrfs and SYD2 has spoke vrfs. I have ospf configured for connectivity purposes. Please see attched for the configs
05-22-2024 11:26 PM
R1#show running-config
!
ip vrf CLOUD1
rd 10:10
!
ip vrf INTER1
rd 1:1
!
interface Tunnel0
ip vrf forwarding CLOUD1
ip address 5.0.0.1 255.255.255.0
no ip redirects
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 5
tunnel vrf INTER1
!
interface FastEthernet0/0
ip vrf forwarding INTER1
ip address 100.0.0.1 255.255.255.0
duplex full
!
router eigrp DMVPN
!
address-family ipv4 unicast vrf CLOUD1 autonomous-system 5
!
topology base
exit-af-topology
network 5.0.0.0 0.0.0.255
exit-address-family
!
router ospf 100 vrf INTER1
network 100.0.0.0 0.0.0.255 area 0
!
end
//////////////////////////////////////////////////////////////////////////////////////////
R2#show run
R2#show running-config
!
ip vrf CLOUD1
rd 20:20
!
ip vrf INTER1
rd 2:2
!
interface Tunnel0
ip vrf forwarding CLOUD1
ip address 5.0.0.2 255.255.255.0
no ip redirects
ip nhrp map 5.0.0.1 100.0.0.1
ip nhrp map multicast 100.0.0.1
ip nhrp network-id 1
ip nhrp nhs 5.0.0.1
tunnel source FastEthernet1/1
tunnel mode gre multipoint
tunnel key 5
tunnel vrf INTER1
!
interface FastEthernet1/1
ip vrf forwarding INTER1
ip address 110.0.0.2 255.255.255.0
speed auto
duplex auto
!
router eigrp DMVPN
!
address-family ipv4 unicast vrf CLOUD1 autonomous-system 5
!
topology base
exit-af-topology
network 5.0.0.0 0.0.0.255
exit-address-family
!
router ospf 100 vrf INTER1
network 110.0.0.0 0.0.0.255 area 0
!
end
05-22-2024 11:27 PM
I make this LAB using two VRF
one for INTER for Underlaying and other CLOUD for DMVPN
I separate the IGP for DMVPN and underlaying
MHM
05-23-2024 01:03 AM
Thanks,
I'm a little bit lost but let me take some time to understand this and lab it. I will update u
05-23-2024 01:24 AM
OK let give you some point
there are two VRF
1- the VRF for tunnel source
this VRF for underlaying
2- the VRF for tunnel itself
interface FastEthernet1/1
ip vrf forwarding INTER1
ip address 110.0.0.2 255.255.255.0
speed auto
duplex auto
!
interface Tunnel0
ip vrf forwarding CLOUD1
ip address 5.0.0.2 255.255.255.0
no ip redirects
ip nhrp map 5.0.0.1 100.0.0.1
ip nhrp map multicast 100.0.0.1
ip nhrp network-id 1
ip nhrp nhs 5.0.0.1
tunnel source FastEthernet1/1
tunnel mode gre multipoint
tunnel key 5
tunnel vrf INTER1
!
router ospf 100 vrf INTER1
network 110.0.0.0 0.0.0.255 area 0
!
router eigrp DMVPN
!
address-family ipv4 unicast vrf CLOUD1 autonomous-system 5
!
topology base
exit-af-topology
network 5.0.0.0 0.0.0.255
exit-address-family
So can I use same VRF for both ? Yes you can but then it have no meaning to have VRF at all, put all your config in global.
can I use Global for tunnel source and VRF for tunnel itself ? Yes you can
can I use Global for tunnel itself and VRF for tunnel source? Yes you can
I make config in color when you decide to remove one VRF only check the config relate to it modify it to be in global
MHM
05-22-2024 12:15 AM
@dgawaya1 @MHM Cisco World FYI, network-id is locally significant and can be different. It makes sense to align, but it is not necessary they be te same. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dmvpn/configuration/xe-16/sec-conn-dmvpn-xe-16-book/sec-conn-dmvpn-dmvpn.html
05-21-2024 09:00 AM
@dgawaya1 is a custom VRF defined under the tunnel source interface Gig0/0/0? If so you need to configure:-
interface tunnel 0
tunnel vrf <VRFNAME>
You would also need to define "match fvrf <VRFNAME>" under the IKEV2 policy and the IKEV2 profile.
05-21-2024 04:30 PM
yes, g0/0/0 is under the custom vrf. I have not yet configured ipsec. Just DMVPN for now
05-21-2024 09:54 PM - edited 05-21-2024 11:10 PM
@dgawaya1 ok, configure the tunnel interface as suggested - "tunnel vrf <vrfname>" otherwise the router will use the global routing table to route to the peer and the tunnel fail to establish.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide