cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1566
Views
5
Helpful
6
Replies

DMVPN phase 3 questions

Brent Rockburn
Level 2
Level 2

My first question is this

IS phase 3 supported on a 7206VXR running

(C7200-ADVENTERPRISEK9-M), Version 12.4(20)T1 ???

And if it does is this the correct config for the HUB tunnel

interface Tunnel10

description Primary INT for DMVPN

bandwidth 100000

ip address xxx.xxx.xxx.xxx xxx.xxx.x.x

no ip redirects

ip mtu 1400

no ip next-hop-self eigrp 1

ip nhrp authentication xxxxx

ip nhrp map multicast dynamic

ip nhrp network-id xxx

ip nhrp holdtime 300

ip nhrp nhs xxx.xxx.xx.xxx

ip nhrp shortcut

ip nhrp redirect

ip virtual-reassembly

ip tcp adjust-mss 1360

no ip split-horizon eigrp 100

tunnel source GigabitEthernet0/1

tunnel mode gre multipoint

tunnel key xxxx

tunnel protection ipsec profile xxxx shared

Or should I remove the "no ip next-hop-self eigrp 1"

6 Replies 6

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Brent,

configuration looks like fine

the right command should be

no ip next-hop-self eigrp 100

if 100 is the EIGRP AS number in use

this command is used to provide spoke to spoke dynamic tunnel setup

FN

http://www.cisco.com/go/fn')">www.cisco.com/go/fn

platform 7200

release 12.4T

12.420T1

advanced services

provides

DMVPN - Hub Support by QoS Class

DMVPN Manageability Enhancements

Hope to help

Giuseppe

Hey Giuseppe thanks for the quick reply, but if I'm trying to go to DMVPN phase 3 should I remove the "no ip next-hop-self eigrp 100" entry from the tunnel interface?

From what I've read there are two opinions on it.

Thanks,

Brent

Hello Brent,

I'm not sure what you mean with DMVPN phase3.

However, without that command when using EIGRP spoke to spoke dynamic tunnels cannot be setup.

see for example

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6660/ps6811/prod_white_paper0900aecd804c363f.html

So the choice depends on what you want to achieve:

if all traffic has to go through hub/central site remove the command

if you want to offload direct spoke to spoke traffic on dynamic tunnels keep it

Hope to help

Giuseppe

Hello Brent,

thanks for the link it is very good.

at the end of the document there is a link to Cisco site about migration from phase 2 to phase3

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6660/ps6808/prod_white_paper0900aecd8055c34e_ps6658_Products_White_Paper.html

the explanation is very clear about NHRP redirect message, introduction of prefixes and prefixes lengths in NHRP messages.

if you move to phase3 you don't need that command anymore see

To enable NHRP shortcut switching:

• All spokes need to have the commands ip nhrp shortcut and the ip nhrp redirect added to their tunnel interfaces. For the hubs use only ip nhrp redirect.

• For EIGRP, in the hub side only:

- Remove: no ip next-hop-self eigrp from the hub tunnel configuration

- Leave: no ip split-horizon eigrp in the hub tunnel configuration

- Add as needed: ip summary-address eigrp 5

Hope to help

Giuseppe

Yeah, I read that and thought to myself .. hmmmm I better get a second opinion LOL

Thanks a ton

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco