DMVPN Phase 2 Basic Configuration

In the first lesson about DMVPN we discussed the basics of multipoint GRE and NHRP. The second lesson was a basic configuration of DMVPN phase 1. This time i’ll explain how you can configure DMVPN phase 2. Once we have a basic configuration then we can try to run RIP, EIGRP, OSPF and BGP on top of it.

The configuration of DMVPN phase 1 and 2 is similar except for two key items:

  • The spoke routers will now use multipoint GRE interfaces instead of point-to-point GRE interfaces.
  • We don’t configure a manual destination anymore on the spoke routers.

That’s it, those two changes make the difference between running DMVPN phase 1 or 2.  Let’s take a look at the configuration, here’s the topology we will use:

dmvpn-example-topology

Above we have one hub router and two spoke routers. We use 192.168.123.0/24 as the underlay network and 172.16.123.0/24 as the overlay network.

Configuration

In the first lesson about DMVPN we discussed the basics of multipoint GRE and NHRP. The second lesson was a basic configuration of DMVPN phase 1. This time i'll explain how you can configure DMVPN phase 2. Once we have a basic configuration then we can try to run RIP, EIGRP, OSPF and BGP on top of i



Let’s start with the hub configuration:

Hub(config)#interface Tunnel0
Hub(config-if)#ip address 172.16.123.1 255.255.255.0
Hub(config-if)#ip nhrp authentication DMVPN
Hub(config-if)#ip nhrp map multicast dynamic
Hub(config-if)#ip nhrp network-id 1
Hub(config-if)#tunnel source GigabitEthernet0/1
Hub(config-if)#tunnel mode gre multipoint
Hub(config-if)#end

The configuration of the hub above is exactly the same as in DMVPN phase 1, no changes here. Let’s look at the spoke routers:

Spoke1(config)#interface Tunnel0
Spoke1(config-if)#ip address 172.16.123.2 255.255.255.0
Spoke1(config-if)#ip nhrp authentication DMVPN
Spoke1(config-if)#ip nhrp map 172.16.123.1 192.168.123.1
Spoke1(config-if)#ip nhrp map multicast 192.168.123.1
Spoke1(config-if)#ip nhrp network-id 1
Spoke1(config-if)#ip nhrp nhs 172.16.123.1
Spoke1(config-if)#tunnel source GigabitEthernet0/1
Spoke1(config-if)#tunnel mode gre multipoint
Spoke2(config)#interface Tunnel0
Spoke2(config-if)#ip address 172.16.123.3 255.255.255.0
Spoke2(config-if)#ip nhrp authentication DMVPN
Spoke2(config-if)#ip nhrp map 172.16.123.1 192.168.123.1
Spoke2(config-if)#ip nhrp map multicast 192.168.123.1
Spoke2(config-if)#ip nhrp network-id 1
Spoke2(config-if)#ip nhrp nhs 172.16.123.1
Spoke2(config-if)#tunnel source GigabitEthernet0/1
Spoke2(config-if)#tunnel mode gre multipoint

The configuration above is exactly the same as in DMVPN phase 1 except for two commands:

  • We removed the tunnel destination command.
  • We added the tunnel mode command to use GRE multipoint.

That’s it! We now have a DMVPN phase 2 network. Let’s verify our work…

Verification

First we should check if the hub has received some NHRP registrations from the spoke routers:

Hub#show dmvpn 
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
        N - NATed, L - Local, X - No Socket
        T1 - Route Installed, T2 - Nexthop-override
        C - CTS Capable
        # Ent --> Number of NHRP entries with same NBMA peer
        NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
        UpDn Time --> Up or Down Time for a Tunnel
==========================================================================

Interface: Tunnel0, IPv4 NHRP Details 
Type:Hub, NHRP Peers:2, 

 # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
     1 192.168.123.2      172.16.123.2    UP 00:09:48     D
     1 192.168.123.3      172.16.123.3    UP 00:09:56     D

Above we see two registrations with the NBMA and tunnel addresses of our spoke routers. Let’s use the same command on the spoke routers:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 660 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

510 Sign Ups in the last 30 days

satisfaction-guaranteed
100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: , ,


Forum Replies

  1. Hi !

    Now i am on this , i get this debug message

    Packet received via GigabitEthernet1/0, not configured for NHRPsrc 192.168.123.3 dst 192.168.123.1
    *Dec 20 16:38:12.083: NHRP: Pak out GigabitEthernet1/0 would leave logical NBMA network

    I have tried with giga int as source also…but the same. I was wodering if it is the platform i am using in GNS3

  2. Hello Rene,

    I was wondering if you would help with the following?
    This was configured in GNS3, and I used the same IP addressing you have here. Well for the most part.
    I can’t figure out why I keep getting the “retry limit exceeded” message below.

    Hub# debug nhrp
    *Nov 29 21:19:02.135: NHRP: Receive Registration Request via Tunnel0 vrf 0, packet size: 105
    *Nov 29 21:19:02.135: NHRP: netid_in = 1, to_us = 1
    *Nov 29 21:19:02.139: NHRP: Adding Tunnel Endpoints (VPN: 172.16.123.2, NBMA: 192.168.123.5)
    *Nov 29 21:19:02.139: NHRP: Cache already has a subblock node att
    ... Continue reading in our forum

  3. Joel,
    Does it keep bouncing back and forth between “retry exceeded” then having a new adjacency? If so, this is usually indicative of EIGRP trying to use the tunnel to discover the tunnel endpoints themselves (so it becomes a recursive logic problem). We won’t know for sure until we see your config, though.

  4. Hello Rene,
    I’m trying to complete the DMVPN Phase 1 Basic Config in my home lab using your configuration steps and the diagram from the lesson. I don’t understand how you have two connections coming into the hub router using the same interface. I appear to have a cabling issue. As of now I can only get one of the spokes registered with the hub but not both sides. Please advise, thanks.

    Willie Brown

  5. Hello Rob,
    based on your previous post you are misunderstanding concept of different phases.

    • Hub is configured with “tunnel mode gre multipoint” in every DMVPN Phase (1, 2, 3).
    • Spokes are configured differently based on Phase you want to go with.
      Phase 1 is configured with “tunnel destination ip” on spokes. In DMVPN Phase 1 traffic between spokes goes always through the hub. This is definition of Phase 1.
      Phase 2 is configured with “tunnel mode gre multipoint” on spokes. Phase 2 allows direct spoke to spoke communication, thus traffic does not need to go throu
    ... Continue reading in our forum

17 more replies! Ask a question or join the discussion by visiting our Community Forum