Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
288
Views
2
Helpful
7
Replies

DMVPN EIGRP Spokes not forming dynamically with eachother

hfakoor222
Spotlight
Spotlight

‎03-27-2024 10:27 AM - edited ‎03-27-2024 10:35 AM

Just doing lab, cannot get DMVPN spoke to spoke communication, 1 hub , 2 spokes,

 

 

I tried shutting the tunnels down/up didn't work


!
interface Tunnel0
ip address 192.168.1.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication ccnp
ip nhrp map 192.168.1.254 10.10.255.254
ip nhrp map multicast 10.10.255.254
ip nhrp network-id 1
ip nhrp holdtime 300
ip nhrp nhs 192.168.1.254
ip nhrp shortcut
ip tcp adjust-mss 1360
tunnel source Ethernet0/1
tunnel mode gre multipoint
tunnel key 100
tunnel protection ipsec profile abcd

 

2024-03-11 23_11_40-Window.png

Spoke 2:


!
crypto isakmp policy 5
hash md5
authentication pre-share
crypto isakmp key cisco address 0.0.0.0
!
!
crypto ipsec transform-set ccnp esp-3des
mode transport
crypto ipsec df-bit clear
!
crypto ipsec profile abcd
set transform-set ccnp
!
!
interface Tunnel0
ip address 192.168.1.2 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication ccnp
ip nhrp map multicast 10.10.255.254
ip nhrp map 192.168.1.254 10.10.255.254
ip nhrp network-id 1
ip nhrp holdtime 300
ip nhrp nhs 192.168.1.254
ip nhrp shortcut
ip tcp adjust-mss 1360
tunnel source Ethernet0/1
tunnel mode gre multipoint
tunnel key 100
tunnel protection ipsec profile abcd

crypto ipsec df-bit clear

show dmvpn:

2024-03-11 23_11_40-Window.png

 

 

I thought gre multipoint wouldve made spoke to spoke communication OK

 

Debug of smvpn all all /errors/ packets on Spoke #1 shows no issue. The tunnels simply aren't communicati

*ng

 

 

 

 

Labels:
0 Helpful
7 Replies 7

MHM Cisco World
VIP
VIP

‎03-27-2024 10:29 AM

Can I see

Show ip dmvpn details 

MHM

0 Helpful

hfakoor222
Spotlight
Spotlight

‎03-27-2024 10:51 AM - edited ‎03-27-2024 10:51 AM

Interestingly enough I got it to work after trying to force pinging the other side of the tunnel......

Notice it was ARPing

2024-03-11 23_11_40-Window.png

 

2024-03-11 23_11_40-Window.png

 

MHM Cisco World
VIP
VIP
In response to hfakoor222

‎03-27-2024 10:53 AM

Sure if there is no interest traffic there is no Dynamic tunnel between two spokes. 

The config is OK. 

MHM

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to hfakoor222

‎03-27-2024 02:18 PM

Hello @hfakoor222 ,

verify on the HUB router mGRE tunnel interface that you have

no ip eigrp <ASN> next-hop self

Your Spoke1, Spoke2 tunnel config looks like fine.

Hope to help

Giuseppe

 

MHM Cisco World
VIP
VIP
In response to Giuseppe Larosa

‎03-27-2024 02:21 PM

I 100% sure I see this command and no IP split in his config

@hfakoor222 did you change config?...?

MHM

0 Helpful

hfakoor222
Spotlight
Spotlight

‎03-27-2024 02:20 PM

I'm redoing the lab just to make sure. I figured the ping acted like an nhrp registration for other side of tunnel.

0 Helpful

MHM Cisco World
VIP
VIP
In response to hfakoor222

‎03-27-2024 02:32 PM

This way you can not know you need to go deep

Return to your first config (include no split and no next hop)

WR config 

Close the lab and open again (to remove all crypto and route add) 

Do this command 

Debug nhrp packet  <- in spokes and hub

Ping from Lan to Lan of spokes 

 

Know you will see redirect and shortcut nhrp message 

MHM

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card