Solved: DMVPN Problem

sel18 · ‎04-16-2021

Hello,

I have a lab configured on dmvpn with eigrp, but on the hub i can't view any spoke and on the spoke there are the ip of the Hub but with a state : NHRP ( configuration below)

there are anyone here can help me please to make the state up.

HUB:

interface Tunnel1
ip address 172.16.0.8 255.255.255.0
no ip redirects
ip mtu 1476
ip nhrp authentication DMVPN
ip nhrp network-id 1
ip nhrp holdtime 100
ip nhrp nhs 172.16.0.8
ip nhrp redirect
ip tcp adjust-mss 1436
tunnel source 192.168.10.2
tunnel mode gre multipoint

Spoke:

interface Tunnel1
ip address 172.16.0.9 255.255.255.0
no ip redirects
ip mtu 1476
ip nhrp authentication DMVPN
ip nhrp map 172.16.0.8 192.168.10.2
ip nhrp map multicast 192.168.10.2
ip nhrp network-id 1
ip nhrp holdtime 100
ip nhrp nhs 172.16.0.8
ip nhrp shortcut
ip tcp adjust-mss 1436
tunnel source 192.168.11.2
tunnel mode gre multipoint

HUB

Router#sh dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
T1 - Route Installed, T2 - Nexthop-override
C - CTS Capable
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================

SPOKE

Router#sh dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
T1 - Route Installed, T2 - Nexthop-override
C - CTS Capable
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================

Interface: Tunnel1, IPv4 NHRP Details
Type:Spoke, NHRP Peers:1,

# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 192.168.10.2 172.16.0.8 NHRP 00:38:07 S

--------------------

EIGRP

HUB:

router eigrp DMVPN
!
address-family ipv4 unicast autonomous-system 1
!
topology base
exit-af-topology
network 123.0.0.0
network 123.8.8.8 0.0.0.0
network 172.16.0.0
exit-address-family
!

Spoke

router eigrp DMVPN
!
address-family ipv4 unicast autonomous-system 1
!
topology base
exit-af-topology
network 123.9.9.9 0.0.0.0
network 172.16.0.0
exit-address-family
!

sel18 · ‎04-29-2021

@Emma Corry

i found the solution

first check the mpls config and be sure that #sh mpls ldp nei is right

then check the ospf config and the redistribute of bgp and ospf in all the router

then check in the PE #sh ip bgp all sum or #sh ip bgp all is correct and the state is up.

this is what i did and now it's working.

View solution in original post

Rob Ingram · ‎04-16-2021

@sel18

Can the router's ping each others external/outside interface IP address?

You dont' appear to have any ipsec configuration, so I assume you are testing without? Can you turn on nhrp debugs on both routers and provide the output for review.

sel18 · ‎04-16-2021

Thank you for your response,

No, they can't ping each other

I try it without ipsec

Rob Ingram · ‎04-16-2021

@sel18

If you cannot ping the outside/external IP address then I assume you don't have your routing configured correctly. Without connectivity to the outside interface IP address you'll be unlikely to establish a DMVPN tunnel.

Check the default route on both routers.

I assume this is a lab, please show your topology.

Provide the full configuration and output of "show ip route" from the devices.

sel18 · ‎04-16-2021

@rob

for the HUB;

Router#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

123.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 123.8.8.0/24 is directly connected, Loopback0
L 123.8.8.8/32 is directly connected, Loopback0
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.0.0/24 is directly connected, Tunnel1
L 172.16.0.8/32 is directly connected, Tunnel1
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/30 is directly connected, GigabitEthernet0/0
L 192.168.10.2/32 is directly connected, GigabitEthernet0/0

for the spoke1

Router#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

123.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 123.9.9.0/24 is directly connected, Loopback0
L 123.9.9.9/32 is directly connected, Loopback0
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.0.0/24 is directly connected, Tunnel1
L 172.16.0.9/32 is directly connected, Tunnel1
192.168.11.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.11.0/30 is directly connected, GigabitEthernet0/0
L 192.168.11.2/32 is directly connected, GigabitEthernet0/0

Rob Ingram · ‎04-16-2021

The hub doesn't have a route for 192.168.11.0/24 network, which is the source for the Spoke.

The spoke doesn't have a route for the 192.168.10.0/24 network, which is the source for Hub.

Either define a default route on both routers or define a static route for the /24 networks.

sel18 · ‎04-16-2021

@rob

please did you have any other suggestion, if it is possible i want to try it without default route or static route !

PS: i used EIGRP named

Rob Ingram · ‎04-16-2021

You need basic routing in place, a default route or a specific static route to the other routers /24 network.

EIGRP would be used to learn routes through the VPN tunnel.....but you need to establish the VPN first, you need to configure a route.

sel18 · ‎04-16-2021

@rob

sorry but why i should use /24 network ? i used all the interfaces network as /30 network

just the tunnel ip /24 but the source for the hub and the spoke /30

Rob Ingram · ‎04-16-2021

@sel18

Yes, I meant the Gi0/0 interface network (192.168.10.0 and 192.168.11.0) of the other router, so /30 not /24.

What reason do you have for not defining a default route?

Once you can route to the other router's outside/external IP address, you should be able to establish the tunnel, then you should form the EIGRP adjacency (through the tunnel).

sel18 · ‎04-16-2021

@rob

thank you for your time

but sorry the interface for the R8(hub) and the R9(spoke) is already /30

i didn't understand you where is the /24 and how i can fixe it !

about the default route, did u mean that must be between r8 and r9 !

Rob Ingram · ‎04-16-2021

I was referring to having a route to the other routers /30 network. The hub doesn't know how to route to the outside interface of the spoke and the spoke doesn't know how to route to the outside interface of the hub. If you had a default route on each router you would not need to have a specific route for the other routers /30 network.

The hub needs a route to 192.168.11.0/30 (spoke network) use "ip route 192.168.11.0 255.255.255.252 192.168.10.1"

The spoke needs a route to 192.168.10.0/30 (hub network) use "ip route 192.168.10.0 255.255.255.252 192.168.11.1"

sel18 · ‎04-16-2021

@rob

thank you,

I add the default route and I redefine the tunnel but nothing change ( the state still nhrp for the spoke and nothing show for the hub)

must add another confige ?

Rob Ingram · ‎04-16-2021

So the hub and spoke router's can now ping each other? Ping 192.168.11.2 from the hub.

If they can ping each other, "shut" the tunnel interface on the spoke to clear the nhrp state and then "no shut" to bring the tunnel up again.

If that still doesn't work provide some output and debugs to help us assist you better.

sel18 · ‎04-16-2021

no they can't ping for each other !