Each has a VTI interace. VTI works great, i'm running ospf across it which also is working well. My problem is that if i shut down the ethernet interface (through software or unplugging) on router A, the tunnel interface on router B remains in up/up state. Even after a period of 30 minutes. Router B can't ping or pass any traffic across the tunnel, but it's still up/up. This causes a problem with ospf routing updates and some static floating routes.
Is there a timer or something to force the tunnel go to up/down or down/down after X seconds withotu activity? I'm already using ospf dead-timers to get my routing updates to work, but sine router B always thinks the tunnel is up...it continues to pass traffic over the downed tunnel interface wich ends up in a black hole.
I have read your description of the problem several times and I am puzzled by parts of it. You seem to be saying that you are running OSPF over the VTI tunnel (which should be fine). And you seem to be saying that if you shut down or disable the interface on one peer then the other peer does not notice that there is a problem. I do not understand how that could happen. If the other end of the tunnel is disabled or is down then how are OSPF hello messages getting through? If the OSPF hello messages are not getting through then OSPF should mark the neighbor as dead and should remove all routes learned from that neighbor. Are you saying that the OSPF neighbor stays up even when the interface is disabled or is down?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :