cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
629
Views
0
Helpful
7
Replies

DMVPN phase 3

Richard Tapp
Level 1
Level 1

Our DMVPN phase 3 was configured a long time ago and I have just been looking at an issue.

 

If a spoke is configured as 'ip nhrp redirect' Will it act as a hub ? All our spokes (over 100) have this command.

 

One thing I see quite a lot in 'show dmvpn' is host IPs from other sites. Like this -

 

UNKNOWN 10.84.14.142 NHRP never IX 10.84.14.142/32
UNKNOWN 10.84.14.165 NHRP never IX 10.84.14.165/32
UNKNOWN 10.84.14.169 NHRP never IX 10.84.14.169/32
UNKNOWN 10.84.14.170 NHRP never IX 10.84.14.170/32

7 Replies 7

@Richard Tapp no the spokes won't act as a hub, because the spoke routers are configured with the NHS and NBMA addresses of the actual hub.

Thanks Rob, but coud this be why we are seeing lots of these messages ?

 

UNKNOWN 10.84.14.170 NHRP never IX 10.84.14.170/32

balaji.bandi
Hall of Fame
Hall of Fame

Can you post hub side config and 1 spoke side config to understand the issue here.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

HUB

interface Tunnel0

 bandwidth 102400

 ip address 10.105.0.1 255.255.0.0

 no ip redirects

 no ip proxy-arp

 ip mtu 1400

 no ip split-horizon eigrp 10

 ip nhrp authentication cccccccccc

 ip nhrp map 10.105.0.2 xx.xx.xx.xx

 ip nhrp map multicast xx.xx.xx.xx

 ip nhrp network-id 1

 ip nhrp nhs 10.105.0.2

 ip nhrp redirect

  tunnel source GigabitEthernet0/0

 tunnel mode gre multipoint

 tunnel key xxxxxxx

 tunnel protection ipsec profile yyyyyyyy

 

Spoke

interface Tunnel10

ip address 10.105.5.4 255.255.0.0

 no ip redirects

 no ip proxy-arp

 ip mtu 1400

 ip nhrp authentication ccccccccc

 ip nhrp map 10.105.0.1 xx.xx.xx.xx

 ip nhrp map multicast xx.xx.xx.xx

 ip nhrp network-id 1

 ip nhrp holdtime 900

 ip nhrp nhs 10.105.0.1

 ip nhrp redirect

 ip nhrp shortcut

 zone-member security DMVPN

 ip tcp adjust-mss 1250

 delay 100

 tunnel source GigabitEthernet0/0/1

 tunnel mode gre multipoint

 tunnel key xxxxxxxxx

 tunnel protection ipsec profile yyyyyyyyy

 

Why you want spoke to be hub?

Mike.Cifelli
VIP Alumni
VIP Alumni

If a spoke is configured as 'ip nhrp redirect' Will it act as a hub ? All our spokes (over 100) have this command.

-I am with @Rob Ingram on this one.  That command will not make any of your spokes act as the hub.  The hub is determined via the ip nhs server command.  In regard to phase3, nhrp indication messages are used to inform spokes of better paths via nhrp redirect command.  On your spokes you would enable nhrp shortcut.  The redirect command is essentially triggering the hub to tell the spoke there is a better path & here is the route, and the shortcut command triggers the spoke to accept this redirect route and install the shortcut.

HUB

interface Tunnel0

 ip address 10.105.0.1 255.255.0.0<-OK

 ip nhrp map 10.105.0.2 xx.xx.xx.xx<- no need since it HUB

 ip nhrp map multicast xx.xx.xx.xx<- change to be map multicast dynamic 

 ip nhrp ohs 10.105.0.2<- no need since it HUB

!

Spoke

interface Tunnel10

ip address 10.105.5.4 255.255.0.0<-OK

 ip nhrp map 10.105.0.1 xx.xx.xx.xx<-OK

 ip nhrp map multicast xx.xx.xx.xx<-OK

 ip nhrp ohs 10.105.0.1<-OK

 

this change must be config UNLESS you have two Hub and this one is redundancy for first one, are you use this design ? if yes then 
add the 
Spoke

ip nhrp map 10.105.0.1 y.y.y.y

 ip nhrp map multicast y.y.y.y

 ip nhrp ohs 10.105.0.2


try this and see result.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: