DMVPN Hub Router QoS
Hello DMVPN Experts,
As we knew DMVPN Hub routers can have per-tunnel QoS configuration for the spokes.
But I am not sure the QoS configuration for the Hub site itself. I assume it should be seperated from the per-tunnel QoS and the service-policy should be applied at the physical WAN interfaces and tunnel interfaces? Need help please. Some sample configuration would be appreciated.
Thanks
Cedar
Hi Joseph,
I am afraid I am having a bit difficulty to understand and would like to hear more if you don't mind.
We are on the same page that Per-Tunnel QoS let the spokes to control the traffics toward the hub site, which is considered inbound traffic from the WAN/Tunnel interfaces of hub router point of view. However, in order to control the inbound and/or outbound traffic of the WAN/Tunnel interfaces of the hub router, how should we configure seperate QoS configuration other than Per-Tunnel QoS templates, if we should?
Here is what I know so far based on ASR1000 document.
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dmvpn/configuration/xe-3s/asr1000/sec-conn-dmvpn-xe-3s-asr1000-book/sec-conn-dmvpn-per-tunnel-qos.html
Restrictions for Per-Tunnel QoS for DMVPN
• The class default shaper with the QoS service policy on a physical interface that is applied to the DMVPN tunnel does not support point-to-point generic routing encapsulation (GRE) tunnels, shaper on physical interfaces, and shaper on VLAN/subinterfaces.
• QoS on a physical interface is limited only to the class default shaper on the physical interface. No other QoS configurations on the physical interface are supported when two separate QoS policies are applied to the physical and tunnel interfaces.
• Addition of a QoS policy with a class default shaper on a physical interface is not supported when multiple QoS policies are utilized.
• You can attach a per-tunnel QoS policy on the tunnel only in the egress direction.
• The class default shaper policy map on the main interface must be applied before the tunnel policy map is applied.
• The class default shaper policy map must contain only the class class-default and shape commands.
• The main interface policy map is checked for validity only when a QoS service policy is applied on the tunnel interface. The main interface policy map is not checked during a tunnel move or modification.
• Adding new classes or features to the main interface policy map is not supported. Doing so, however, will not be blocked.
After reading the above document, my understanding is that
1. We could have seperate policy map for physical WAN interface.
2. The policy-map for the physical WAN interface is limited to a class default shaper only.
3. The policy-map for physical WAN interface must be applied at the physical WAN interface before the tunnel policy-maps are applied at the tunnel interface.
But I am not 100% sure if it's correct.
Thanks,
Cedar
Similar Messages
-
Any docs regarding best practices for placement of DMVPN Hub router. Should it be placed behind firewall, in a DMZ off of firewall or in parallel to firewall.
Thanks in advance for any input.Paul,
Check out Cisco Validated Design Solutions for best practices. Especially, the one for "Secure WAN".
http://www.cisco.com/en/US/netsol/ns744/networking_solutions_program_home.html
http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns744/networking_solutions_products_genericcontent0900aecd805f65bf.html
Regards,
Arul
*Pls rate if it helps* -
Replacing the DMVPN hub router
We are replacing our current 2921 router, Version 15.2(4)M2, with a 3925 Version 15.2(4)M6. It is the DMVPN hub router for 6 spoke routers. We cut and pasted the configuration from the old router to the new. We confirmed internet connectivity from clients on the inside. But none of the DMVPN tunnels will set up. As we were in a very short maintenance window we did not have a lot of time to troubleshoot and had to revert to the old router. Is there some procedure we need to implement to force the tunnels to come up?
Because you are changing the Hardware and copy past the config. Spokes will not re register themselves at HUB until you reset them again. Then they will register themselves again in the NHRP table at the new HUB..
-
we are getting new sip trunks put in and in order for the provider to put them in the Providor put in a router to control all web traffic so they can QOS the voice that means our VPN routers will go behind the nat barrier. but when i switched the routers interface to the natted address the DMVPN tunnels would not build. there is a nat translation to the routers so the external(route-able) IP did not change. the IPsec tunnels did come up just fine. just the few DMVPN connected tunnels did not.
if issue a "sh DMVPN" the Peer NBMA Addr shows up as 0.0.0.0 while the Peer Tunnel addr is what it should be, also the attrb is "X"
Tunnel source i have set to the interface, and the key is set to "crypto isakmp key "my key" address 0.0.0.0 0.0.0.0 no-xauth"
i am at a loss on why this was not working. keep in mind this is the HUB router and not the Spoke.Here is some additional infor to help
hub config:
interface Tunnel0
bandwidth 512
ip address "hubtunnelIP" 255.255.255.0
no ip redirects
ip nhrp authentication "XXX"
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
tunnel protection ipsec profile net1
crypto isakmp key "My Key" address 0.0.0.0 0.0.0.0 no-xauth
crypto ipsec transform-set "mytransfromset" esp-des esp-md5-hmac
mode transport
crypto ipsec profile net1
set transform-set "mytransformset"
Spoke config:
crypto isakmp key "My Key" address "Remote IP" "remote SM" no-xauth
crypto ipsec transform-set "mytransformset" esp-des esp-md5-hmac
mode tunnel
crypto ipsec nat-transparency spi-matching
crypto ipsec profile net1
set transform-set "mytransformset"
interface Tunnel0
bandwidth 512
ip address "spoketunnelIP" 255.255.255.0
no ip redirects
ip nhrp authentication "XXX"
ip nhrp map multicast "Remote IP"
ip nhrp map "hubtunnelIP" "Remote IP"
ip nhrp network-id 1
ip nhrp nhs "hubtunnelIP"
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
tunnel protection ipsec profile net1 shared -
DMVPN Hub router with static NAT
Hi everyone,
I'm trying to setup a lab enviroment to stablish a DMVPN. I have two routers CISCO 2811, IOS version 12.4(3j). I need to configure those routers to stablish a DMVPN. For the spoke router, I have have an ISP that provides dynamic addressing. For the hub router, I have a public static IP address assignde by the ISP. But I have a Watchguard firewall in the middle doing static 1-to-1 NAT for that address. Now the questions are:
1) Can I stablish the DMVPN between the routers with that firewall in the middle?
2) In case it is possible, what will the physical hub address be? And is there something I need to change on the firewall configuration?
3) In case it isn't possible, what other options do I have to stablish a VPN tunnel between the routers in those conditions?
Is there is anything else you need to know to understand the situation, please ask. I haven't configure neither of the routers yet, because I think I need to be sure of these concepts first. Thanks for any help you could bring.
Gustavo!
-
DMVPN Design: Multi-Hub, Router Per-Tunnel QoS
Some DMVPN questions:
1) A site I've worked with has about 7 hubs and 5 spokes. This looks at best a bit odd to me. The Cisco design docs all have at most 2 hub sites. Is more than 2 DMVPN hub sites a good idea / bad idea? Pros / cons / drawbacks? I've googled this topic heavily, found little.
2) If two sites are DMVPN hub sites that have NHRP map statements for each other, can they both be doing the Per-Tunnel QoS feature to get some QoS shaping towards each other?
3) What is recommended for DMVPN QoS in general? And for a spoke site where the hub site is doing the Per-Tunnel QoS? Just put some QoS on the physical link?Ray,
There could be multiple reasons for it not to function, the config on hub seems just fine, we'd need to inspect the spokes and check (most likely) in debugs if correct group is being sent from spoke.
Also coexistance of other service-policy etc etc.
The feature is quite simple (some level of simplification), spoke says he is in group X when registering, hub assigns this NHRP mapping a service-policy.
M. -
DMVPN Configuration with ASA 5510 In Front of Cisco 877-K9 HUB Router
Hi Guys,
I'm in a mess, I have Cisco 877-K9 router which sits behind an ASA 5510 FW.
The Design :
Cisco 877-K9 DSL router (DSL with Static IP) ( DMVPN HUB )
||
ASA 5510 Firewall (Outside INT with Static IP / Inside INT LAN) (PAT & ACL)
||
Switch
||
LAN
Now my problem is, My Dmvpn configuration works just fine, I'm able to ping from my Cisco 877 to any Spoke & vise versa.
I'm also able to Ping from my LAN to any Spoke Tunnel IP, but Im not able to ping any LAN IP at Spoke site nor am I able to ping my LAN from any Spoke site.
I've googled alot but have come at designs where the ASA's are behind the Cisco Routers and not infront.
Any help in this regards is highly appreciated. I really need this to work. Attached are the config files....
Thanks,
Aj.Thanks to both of you guys for replying. I should've been more descriptive in my initial post, but just thought of getting more ideas.
All the troubleshooting was done before posting the problem, and to clearify the things, Please find below the results.
1) what RProtocol r u using?
a) It's OSPF
2) if ur using OSPF, try show ip route on the hub and spoke to verify the hub/spoke routes are learned via OSPF
a) I did the "show ip route" and bothe the HUB and Spokes get their routes defined
(on the HUB if I used "network 192.9.201.0 255.255.255.0 area 0" I coudln't get routes advertised on spokes)
(I changed to "redistribute static subnests" and I was able to get Hub routes advertised")
3) are your tunnels config correctly? try show crypto ipsec sa
a) They are as they should be and "show crypto ipsec sa" comes up with proper in/out encrypted data
4) on your hub'spoke do a debug ip icmp
a) Did that as well, and If I do a debug on a Spoke and ping from my HUB to that spoke on the tunnel IP, I get proper src/dest results, but If I ping from HUB to Spoke on a client IP behind the Spoke, It pings but does not show any result on the Spoke debug.
I'm able to ping all the Spoke's Tunnel IPs and clients behind the Spokes from the HUB router, but not from either the ASA nor the clients on my LAN.
Additional to the info above, Please also note :
I did notice something that, from my HUB router, which is also my DSL Modem, I'm unable to ping any clients behind the ASA.
So I guess I'm stuck on the point that My Cisco HUB is unable to talk to my LAN, If I can get the HUB to talk to the internal LAN, I would be able to ping clients on LAN from any Spoke or clients behind Spokes.
From HUB router I'm able to ping clients behind Spokes.
Does that give any Ideas ?
Thanks in Advance.
Aj. -
Running DMVPN Hub and Spoke on same router?
My client has a project in which traffic flow is hierarchial in nature. Using DMVPNs, the design is for a "center" router to be a DMVPN spoke to the cloud above it, and a DMVPN Hub to the cloud below it. I have tried to lab this up, but no success. I initially build the center router as a DMVPN spoke to teh upper cloud and all is well. As soon as I had the second tunnel config (as the DMVPN hub to the lower cloud), the first tunnel goes down and my EIGRP flaps. Im running EIGRP across the DMVPN tunnels. The two DMVPN clouds are using different network IDs and are running separate EIGRP routing instances.
I can post configs if desired - just wanted to see if anyone is doing this or knows whether it is possible.
JeffHi,
I know it is possible using two DMVPN clouds, but it seems that you need DMVPN phase 3 in this situation. This is suitable for the hierarchical model you want. Take a look at the following link
http://www.cisco.com/en/US/partner/prod/collateral/iosswrel/ps6537/ps6586/ps6660/ps6808/prod_white_paper0900aecd8055c34e_ps6658_Products_White_Paper.html
Hope this helps. -
DMVPN Hub on HSRP standby router
I was wondering if a DMVPN Hub was able to provide redundancy on an HSRP standby router.
I currently have an active tunnel to the standby, but am unable to update EIGRP..
Thank You in adavnce..Check GRE keepalives is enabled or not, if enabled remove that, then check the routing updates.
Check whether you allowed ESP, UDP 500, UDP 4500 and GRE on your access-list.
Also Adjust the MTU size, using the cmd ?ip tcp adjust-mss 1360?
Try these links:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_white_paper09186a008018983e.shtml#eigrp
http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a0080087026.html -
DMVPN per tunnel QOS. show policy-map multipoint not working
Hi All,
I have a DMVPN hub which is a 1841 with image c1841-advsecurityk9-mz.151-4.M1.bin .
I have been using DMVPN and its awesome but now trying to get the QOS sorted out and having issues.
I have configured the interface like so.
interface Tunnel1
ip address 10.255.255.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication xxx
ip nhrp map multicast dynamic
ip nhrp map group ADSL1 service-policy output ADSL1
ip nhrp network-id 1
ip nhrp redirect
ip tcp adjust-mss 1360
no ip split-horizon
ip ospf 1 area 0
tunnel source Loopback0
tunnel mode gre multipoint
tunnel key 1
tunnel path-mtu-discovery
tunnel protection ipsec profile VPN
end
policy-map ADSL1
class class-default
shape average 1000000
service-policy Classes
policy-map Classes
class Silver
bandwidth percent 25
fair-queue
class Gold
bandwidth percent 50
fair-queue
class Scavanger
bandwidth percent 5
class class-default
fair-queue
The output of show dmvpn detail shows it has applied the QOS rule.
NG-SR-WE-RT-2#show dmvpn detail
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================
Interface Tunnel1 is up/up, Addr. is 10.255.255.1, VRF ""
Tunnel Src./Dest. addr: 10.32.0.100/MGRE, Tunnel VRF ""
Protocol/Transport: "multi-GRE/IP", Protect "VPN"
Interface State Control: Disabled
Type:Hub, Total NBMA Peers (v4/v6): 1
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb Target Network
1 x.x.x.x 10.255.255.2 UP 1d18h D 10.255.255.2/32
NHRP group: ADSL1
Output QoS service-policy applied: ADSL1
but my router cannot run show policy-map multipoint... it doesnt come up with a tab but i can write it in by hand. Even when i write it in by hand it outputs blank.
I cut the ADSL1 shape down to 512k and it didnt take affect so i dont think the qos is working at all.
Is my feature set too low?
Cheers,
SimonRay,
There could be multiple reasons for it not to function, the config on hub seems just fine, we'd need to inspect the spokes and check (most likely) in debugs if correct group is being sent from spoke.
Also coexistance of other service-policy etc etc.
The feature is quite simple (some level of simplification), spoke says he is in group X when registering, hub assigns this NHRP mapping a service-policy.
M. -
DMVPN: HUB's behind a LoadBalancer and Spoke-Spoke communication
Hallo,
we are planning a scaling DMVPN network for around 2000 spokes.
Is it possible to install the HUB's behind a Load Balancer so that they are reachable only through 1 VIP address and ALSO the possibility of a direkt spoke-spoke communication when needed?
I only found Phase 2 and SLB for HUBs but
without a spoke-spoke communication.
http://www.cisco.com/application/pdf/en/us/guest/products/ps6658/c1161/cdccont_0900aecd80313ca3.pdf
see page 13 there is what we like to have but with the extension of spoke-spoke communication.
regards
KarlheinzI have been waiting for Cisco to get the spoke-spoke functionality working for this DMVPN HUBs behind load balancer environment. The traditional DMVPN with multiple HUBs does not really scale well, plus it is not very stable routing and NHRP wise.
Would you care to tell more about your solution. As far as I know on a HUB you cannot have one tunnel for spoke to HUB connections and the other just for HUB-HUB, the NHRP requests from the spokes to find out about the other spoke public IP will not be forwarded between the tunnel interfaces on the HUB -
DMVPN Hub and Spoke behind NAT device
Hi All,
I have seen many documents stating about DMVPN Hub behind NAT or DMVPN Spoke behind NAT.
But My case i involve in both situation.
1) HUB have a Load Balancer (2 WAN Link) ISP A & B
2) Spoke have Load Balancer (2 WAN Link) ISP A & B
Now the requirement is Spoke ISP A Tunnel to HUB ISP A. Spoke ISP B tunnel to HUB ISP B
So total of two DMVPN tunnel from spoke to hub, and i will use EIGRP and PBR to select path.
As I know at HUB site, LB must do Static NAT for HUB router IP, so spoke will point to it as tunnel destination address. At spoke LB, i will do policy route to reach HUB ISP A IP via Spoke ISP A link, HUB ISP B IP via Spoke ISP B link.
HUB and Spoke have to create 2 tunnel with two different network ID but using same source interface.
The Tunnel destination IP at spoke router is not directly belongs to HUB router. Its hold by HUB LB , and forwarded to HUB router by Static NAT.
Any problem will face with this setup? Any guide?
Sample config at HUB.
interface Tunnel0
bandwidth 1000
ip address 172.16.1.1 255.255.255.0
ip mtu 1440
ip nhrp authentication cisco123
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp holdtime 600
delay 1000
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 0
tunnel protection ipsec profile cisco
interface Tunnel1
bandwidth 1000
ip address 172.17.1.1 255.255.255.0
ip mtu 1440
ip nhrp authentication cisco123
ip nhrp map multicast dynamic
ip nhrp network-id 2
ip nhrp holdtime 600
delay 1000
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 1
tunnel protection ipsec profile cisco
Spoke Config
interface Tunnel0
bandwidth 1000
ip address 172.16.1.2 255.255.255.0
ip mtu 1440
ip nhrp authentication cisco123
ip nhrp map 172.16.1.1 199.1.1.1
ip nhrp network-id 1
ip nhrp holdtime 300
ip nhrp nhs 172.16.1.1
delay 1000
tunnel source FastEthernet0/0
tunnel destination 199.1.1.1
tunnel key 0
tunnel protection ipsec profile cisco
interface Tunnel1
bandwidth 1000
ip address 172.17.1.2 255.255.255.0
ip mtu 1440
ip nhrp authentication cisco123
ip nhrp map 172.17.1.1 200.1.1.1
ip nhrp network-id 2
ip nhrp holdtime 300
ip nhrp nhs 172.17.1.1
delay 1500
tunnel source FastEthernet0/0
tunnel destination 200.1.1.1
tunnel key 1
tunnel protection ipsec profile ciscoHi Marcin,
thanks for your reply. The NAT was set up in a way it was/is just to simulate the spoke to be behind NAT device.
About AH and ESP, you are correct there... this was actually my issue. I should have used pure ESP. At the end, TAC actually assisted me with this. Before I called TAC, i did notice the following. ISAKMP traffic was NATed to 3.3.3.3, as expected. Anything after that, did not work and it has to with NAT and AH. Traffic was no longer NATed so the hub, saw the traffic come from 2.2.2.2 rather than 3.3.3.3, you can also see that in the error message you have pointed out. I also saw it in my packet captures. That caught my eye and i started troubleshooting it. I did not understand that AH can't be NATed, Below is TAC's explanation. All is good now. Thanks
. Essentially, it comes down to the fact that AH will encapsulate the entire IP packet (hence why it is the outermost header) with the exception of a few mutable fields, including the DSCP/ToS, ECN, flags, fragment offset, TTL, and the header checksum. Since the source/destination IP addresses & port numbers are actually protected by the AH integrity checking, this means that a device performing a NAT operation on the packet will alter these IP header fields and effectively cause the hub router to drop the packet due to AH failure.
Conversely, ESP traffic is able to properly traverse NAT because it doesn't include the IP header addresses & ports in its integrity check. In addition, ESP doesn't need to be the outermost header of the packet in order to work, which is why devices will attach an outer UDP/4500 header on the traffic going over NAT." -
Can somebody please send me a known working snippet of ASA config to support a DMVPN hub NAT'd behind an ASA. I tried for 2 days even with TAC and I was finally forced to put my DMVPN Hub out on the Internet with the IOS FW.
Basically the issue I was seeing was that ISAKMP would almost complete at the spoke, try to go to QM_IDLE and then start the ISAKMP process over. Tried different code revs, etc. The ASA is running 8.0.3. Works great as long as the ASA was not in the path.
Any help is appreciated.Hey there I am trying to do the same type of setup with a 3845 behind an ASA5510/Sec plus and I am getting similar results.
I have access-lists permitting:
- ESP, ISAKMP, GRE, and 4500 to the router on the inside.
Have you made in head way to a solution? -
DMVPN Default routes (over internet and over tunnel)
Hello all,
I want to implement a DMVPN (using OSPF) solution in which all routers are connected to the internet and all of then have dynamic IP addresses (except hub). Because of this each router have a default gateway pointing to the ISP IP address.
With this solution I want a spoke to skope topology and I also want all customer internet traffic to go via central site. The problem is that I need a defaut route to reach other spokes and this way traffic to internet via central site does not use the tunnel.
Is there any feature that alow to overcome this situation?
Regards,
João CarvalhoAbsolutely. You can do this easily with VRF Lite. Configure a separate VRF for your customer, place the tunnel interface and the customer's VLAN into the VRF and run your OSPF process within the VRF. This allows the router's global routing table to keep a default gateway to the ISP, but lets you define the customer's default gateway as the DMVPN hub. I have a dual-hub DMVPN network with a couple of hundred sites using exactly this approach.
-
I have one Hub Router, I have 2 ISPs and would like to set it up as a dual hub. I have configured two tunnel interfaces on the hubs and spokes, set the ipsec profile to shared, etc.
What i was trying to do was route-map the traffic for the two tunnel interfaces out of the relevant interfaces and came up with the following:
route-map ROUTE-DMVPN permit 10
match interface Tunnel1
set ip default next-hop xxxxx
route-map ROUTE-DMVPN permit 20
match interface Tunnel2
set ip default next-hop xxxxx
and then set that as a local policy route-map on the router.
The first section matches packets and works, the second does not. Is what I am trying to do possible? Or Do I need to be more sophisticated in my design?
Thanks in advance!OK, here is something I came up really fast in my lab.
Note that it does NOT contain best practices or some required configurations and is only meant to show a concept.
Here is the situation
hub ===== two links ==== "ISP" -----one link ---- spoke
hub physical:
10.1.1.0/24 (ISP1)
10.2.2.0/24 (ISP2)
spoke physical:
10.3.3.0/24
two DMVPN clouds:
172.16.1.0/24
172.16.2.0/24
Hub lan:
99.99.99.0/24
spoke lan:
88.88.88.0/24
Hub configuration:
interface Ethernet0/0 ip address 10.1.1.1 255.255.255.0interface Ethernet1/0 ip vrf forwarding ISP2 ip address 10.2.2.1 255.255.255.0interface Ethernet2/0 ip address 99.99.99.1 255.255.255.0interface Tunnel1 ip address 172.16.1.1 255.255.255.0 no ip redirects ip nhrp map multicast dynamic ip nhrp network-id 1 ip nhrp server-only delay 1000 tunnel source Ethernet0/0 tunnel mode gre multipoint tunnel key 1endinterface Tunnel2 ip address 172.16.2.1 255.255.255.0 no ip redirects ip nhrp map multicast dynamic ip nhrp network-id 2 delay 2000 tunnel source Ethernet1/0 tunnel mode gre multipoint tunnel key 2 tunnel vrf ISP2endrouter eigrp 100 network 99.99.99.0 0.0.0.255 network 172.16.1.0 0.0.0.255router eigrp 101 network 99.99.99.0 0.0.0.255 network 172.16.2.0 0.0.0.255ip route 0.0.0.0 0.0.0.0 10.1.1.254
ip route vrf ISP2 0.0.0.0 0.0.0.0 10.2.2.254
Spoke config:
interface Ethernet0/0 ip address 10.3.3.1 255.255.255.0endinterface Tunnel1 ip address 172.16.1.2 255.255.255.0 no ip redirects ip nhrp map multicast 10.1.1.1 ip nhrp map 172.16.1.1 10.1.1.1 ip nhrp network-id 1 ip nhrp nhs 172.16.1.1 delay 1000 tunnel source Ethernet0/0 tunnel mode gre multipoint tunnel key 1endrouter eigrp 100 network 88.88.88.0 0.0.0.255 network 172.16.1.0 0.0.0.255router eigrp 101 network 88.88.88.0 0.0.0.255 network 172.16.2.0 0.0.0.255
Some outputs:
spoke#sh ip eigrp topology 99.99.99.0/24EIGRP-IPv4 Topology Entry for AS(100)/ID(172.16.2.2) for 99.99.99.0/24 State is Passive, Query origin flag is 1, 1 Successor(s), FD is 25881600 Descriptor Blocks: 172.16.1.1 (Tunnel1), from 172.16.1.1, Send flag is 0x0 Composite metric is (25881600/281600), route is Internal Vector metric: Minimum bandwidth is 100 Kbit Total delay is 11000 microseconds Reliability is 255/255 Load is 1/255 Minimum MTU is 1472 Hop count is 1 Originating router is 172.16.2.1EIGRP-IPv4 Topology Entry for AS(101)/ID(172.16.2.2) for 99.99.99.0/24 State is Passive, Query origin flag is 1, 0 Successor(s), FD is 4294967295 Descriptor Blocks: 172.16.2.1 (Tunnel2), from 172.16.2.1, Send flag is 0x0 Composite metric is (26137600/281600), route is Internal Vector metric: Minimum bandwidth is 100 Kbit Total delay is 21000 microseconds Reliability is 255/255 Load is 1/255 Minimum MTU is 1472 Hop count is 1 Originating router is 172.16.2.1spoke#sh ip nhrp detail
172.16.1.1/32 via 172.16.1.1
Tunnel1 created 00:16:33, never expire
Type: static, Flags: used
NBMA address: 10.1.1.1
172.16.2.1/32 via 172.16.2.1
Tunnel2 created 00:16:33, never expire
Type: static, Flags: used
NBMA address: 10.2.2.1
spoke#
and
hub#sh ip eigrp topology 88.88.88.0/24EIGRP-IPv4 Topology Entry for AS(100)/ID(172.16.2.1) for 88.88.88.0/24 State is Passive, Query origin flag is 1, 1 Successor(s), FD is 25881600 Descriptor Blocks: 172.16.1.2 (Tunnel1), from 172.16.1.2, Send flag is 0x0 Composite metric is (25881600/281600), route is Internal Vector metric: Minimum bandwidth is 100 Kbit Total delay is 11000 microseconds Reliability is 255/255 Load is 1/255 Minimum MTU is 1472 Hop count is 1 Originating router is 172.16.2.2EIGRP-IPv4 Topology Entry for AS(101)/ID(172.16.2.1) for 88.88.88.0/24 State is Passive, Query origin flag is 1, 0 Successor(s), FD is 4294967295 Descriptor Blocks: 172.16.2.2 (Tunnel2), from 172.16.2.2, Send flag is 0x0 Composite metric is (26137600/281600), route is Internal Vector metric: Minimum bandwidth is 100 Kbit Total delay is 21000 microseconds Reliability is 255/255 Load is 1/255 Minimum MTU is 1472 Hop count is 1 Originating router is 172.16.2.2hub#show ip nhrp detail
172.16.1.2/32 via 172.16.1.2
Tunnel1 created 00:16:09, expire 01:43:50
Type: dynamic, Flags: unique registered
NBMA address: 10.3.3.1
172.16.2.2/32 via 172.16.2.2
Tunnel2 created 00:16:09, expire 01:43:50
Type: dynamic, Flags: unique registered
NBMA address: 10.3.3.1
Maybe you are looking for
-
I thought if I made up a playlist and chose to burn it as MP3 it would just happen. Even after I choose to convert the songs to MP3 I am left with the same message, Only files that are already in MP3 CD format may be burned to an MP3 CD. Is this real
-
How can I get a DVD ROM Driver for My Portege
I have acquired a Toshiba external DVD Rom type PA3246E and Realplayer says I need the native driver for the DVD topay movies. Anyone know where/what I should download. V
-
Custom Icon / Marker / Point-style on Graph
Is there a way I can use a custom icon (or point-style) on a graph or chart? I want to place a series of points on an XY-Graph but I don't want to use any of the built-in point styles, I want to use a .gif file I have. I have toyed with the idea of
-
Authentication Failed to 2008 NPS from Cisco IOS VPN
I'm trying to authenticate VPN connections to a Windows 2008 NPS Radius server. Local authentication works fine. Here are cisco configs: aaa new-model aaa authentication login default local aaa authentication login VPNauth group radius local aaa auth
-
Why doesn't ANYTHING appear in the firefox window when i open it?
Firefox opens up EMPTY. Black screen. Minimize/Expand/Close buttons still there. Nothing else. Clicking in the upper portion reveals that the buttons still EXIST but if i say, found "options" and clicked it, i get a new and utterly useless popup wind