Lesson Contents
In the first DMVPN lesson we discussed the basics and the three different phases. I also showed you how to create a basic DMVPN phase 1 configuration. In this lesson we’ll use that basic configuration and configure EIGRP on top of it. Here’s the topology we will use:
Each router has a loopback interface with an IP address that we’ll advertise in EIGRP.
Configuration
Tunnel interfaces
Here is the tunnel configuration of the hub and spoke routers:
Hub(config)#interface Tunnel0
Hub(config-if)#ip address 172.16.123.1 255.255.255.0
Hub(config-if)#ip nhrp authentication DMVPN
Hub(config-if)#ip nhrp map multicast dynamic
Hub(config-if)#ip nhrp network-id 1
Hub(config-if)#tunnel source GigabitEthernet0/1
Hub(config-if)#tunnel mode gre multipointSpoke1(config)#interface Tunnel0
Spoke1(config-if)#ip address 172.16.123.2 255.255.255.0
Spoke1(config-if)#ip nhrp authentication DMVPN
Spoke1(config-if)#ip nhrp map 172.16.123.1 192.168.123.1
Spoke1(config-if)#ip nhrp map multicast 192.168.123.1
Spoke1(config-if)#ip nhrp network-id 1
Spoke1(config-if)#ip nhrp nhs 172.16.123.1
Spoke1(config-if)#tunnel source GigabitEthernet0/1
Spoke1(config-if)#tunnel destination 192.168.123.1Spoke2(config)#interface Tunnel0
Spoke2(config-if)#ip address 172.16.123.3 255.255.255.0
Spoke2(config-if)#ip nhrp authentication DMVPN
Spoke2(config-if)#ip nhrp map 172.16.123.1 192.168.123.1
Spoke2(config-if)#ip nhrp map multicast 192.168.123.1
Spoke2(config-if)#ip nhrp network-id 1
Spoke2(config-if)#ip nhrp nhs 172.16.123.1
Spoke2(config-if)#tunnel source GigabitEthernet0/1
Spoke2(config-if)#tunnel destination 192.168.123.1Let’s do some quick checks to verify that the tunnels are working correctly:
Hub#show dmvpn | begin 192.168.123.
1 192.168.123.2 172.16.123.2 UP 00:22:37 D
1 192.168.123.3 172.16.123.3 UP 00:00:32 DWe see two NHRP registrations on the hub, let’s do a quick ping:
Hub#ping 172.16.123.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.123.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 6/6/8 msHub#ping 172.16.123.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.123.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/6/9 msNo issues here…let’s configure EIGRP.
EIGRP
Let’s advertise all networks:
Hub(config)#router eigrp 123
Hub(config-router)#network 1.1.1.1 0.0.0.0
Hub(config-router)#network 172.16.123.0 0.0.0.255
Hub(config-router)#no auto-summary Spoke1(config)#router eigrp 123
Spoke1(config-router)#network 172.16.123.0 0.0.0.255
Spoke1(config-router)#network 2.2.2.2 0.0.0.0
Spoke1(config-router)#no auto-summarySpoke2(config)#router eigrp 123
Spoke2(config-router)#network 172.16.123.0 0.0.0.255
Spoke2(config-router)#network 3.3.3.3 0.0.0.0
Spoke2(config-router)#no auto-summary Let’s make sure we see two neighbors on the hub:
Hub#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(123)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 172.16.123.3 Tu0 11 00:00:31 13 1434 0 4
0 172.16.123.2 Tu0 13 00:01:02 82 1434 0 4So far so good, let’s check our routing tables:
Hub#show ip route eigrp
2.0.0.0/32 is subnetted, 1 subnets
D 2.2.2.2 [90/27008000] via 172.16.123.2, 00:01:16, Tunnel0
3.0.0.0/32 is subnetted, 1 subnets
D 3.3.3.3 [90/27008000] via 172.16.123.3, 00:00:48, Tunnel0The hub router has two entries, the next hop IP addresses are the tunnel addresses of spoke 1 and 2. When we want to resolve them, we’ll have to check the information in the NHRP cache:
Hub#show dmvpn | begin Hub
Type:Hub, NHRP Peers:2, </code>
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 192.168.123.2 172.16.123.2 UP 00:30:11 D
1 192.168.123.3 172.16.123.3 UP 00:21:28 DThis is how the hub is able to reach both spoke routers. What about the spoke routers?
Spoke1#show ip route eigrp
1.0.0.0/32 is subnetted, 1 subnets
D 1.1.1.1 [90/27008000] via 172.16.123.1, 00:01:27, Tunnel0Spoke2#show ip route eigrp
1.0.0.0/32 is subnetted, 1 subnets
D 1.1.1.1 [90/27008000] via 172.16.123.1, 00:01:01, Tunnel0Like RIP, EIGRP is a distance vector routing protocol so we have split horizon issues. The spoke routers don’t see each other’s networks. Let’s fix this for now:
Hi !
I am thinking to lab it up to try it to work. Anything that i should think of when a start with the nbma ? do you just have a switch between the interfaces ?
Hi Oskar,
I just used a switch to connect the routers to each other. It doesn’t matter much as long as they can reach each others NBMA addresses then you will be fine.
Rene
Hi !
I work out the lab and it work. Great lab, now i want to put on some ipsec . I will try this for my CCNP security…
/Thanks Oskar
Hi,
If the tunnel interfaces are in same network why did you advertised again in EIGRP?
Thanks
Sims,
The network statement for the tunnel interface is telling EIGRP to use that interface to send and accept EIGRP packets. This is necessary in order to form EIGRP neighbor relationships between the hub and spokes.