Simplified Networking
  • Home
  • Technology VoD!
    • Cisco >
      • Route & Switch / Enterprise Infrastructure
  • Technology Breakdowns!
    • Route&Switch/Ent. Infra. >
      • L2 Technologies
      • L3 Technologies
      • VPN Technologies
      • Services >
        • IOS - Dynamic NAT
        • HSRP - IPv4 Setup
        • HSRP - Priority and Preemption
    • Service Provider >
      • IGPs (Interior Gateway Protocols)
      • First Hop Redundancy >
        • HSRP (Hot Standby Router Protocol) >
          • HSRP - IOS/IOS XE Setup
          • HSRP - IOS XR Setup
      • BGP (Border Gateway Protocol)
      • Inter AS Multicast (MSDP)
      • Intra-AS MPLS
      • Inter-AS MPLS
    • Security >
      • IOS Firewall
      • ASA Firewall
      • FirePOWER Threat Defense >
        • FTD - FTD NGFW Device Setup and FMC Integration
      • VPNs >
        • PKI
        • Site to Site VPNs
        • Remote Access VPNs >
          • IOS Remote Access
          • ASA Remote Access
    • Data Center >
      • Nexus 9000v >
        • Nexus 9000v - Enabling Features
        • Nexus 9000v - VLANs and Trunks
        • Nexus 9000v - LACP Port Channels
        • Nexus 9000v - vPC (Virtual Port Channel)
        • Nexus 9000v - OSPFv2
        • Nexus 9000v - VXLAN - Ingress Replication Flood and Learn
        • Nexus 9000v - IP Multicast
        • Nexus 9000v - VxLAN - Multicast Flood and Learn
        • Nexus 9000v - VxLAN - BGP EVPN with Multicast
        • Nexus 9000v - VxLAN - BGP EVPN w/Ingress Replication
        • Nexus 9000v - VxLAN - Inter-VxLAN Routing with BGP EVPN
        • Nexus 9000v - VXLAN - External Routing
      • Nexus 7000v
    • Palo Alto

​IWAN - VRF Aware DMVPN Phase 3 over Internet and MPLS

Picture
This lab example is to setup the DMVPN tunnels over both transport on the applicable routers.



CSR3
interface Tunnel1
 ip address 172.16.1.3 255.255.255.0
 no ip redirects
 ip nhrp authentication cisco123
 ip nhrp network-id 1
 ip nhrp redirect
 tunnel source GigabitEthernet1.1031
 tunnel mode gre multipoint
 tunnel key 1
 tunnel vrf INET
!
router eigrp IWAN
 !
 address-family ipv4 unicast autonomous-system 1
  !
  af-interface Tunnel1
   no split-horizon
  exit-af-interface
  !
  topology base
  exit-af-topology
  network 10.1.0.0 0.0.255.255
  network 172.16.1.0 0.0.0.255
 exit-address-family



CSR4
interface Tunnel2
 ip address 172.16.2.4 255.255.255.0
 no ip redirects
 ip nhrp authentication cisco123
 ip nhrp network-id 2
 ip nhrp redirect
 tunnel source GigabitEthernet1.1024
 tunnel mode gre multipoint
 tunnel key 2
 tunnel vrf MPLS
!
router eigrp IWAN
 !
 address-family ipv4 unicast autonomous-system 1
  !
  af-interface Tunnel1
   no split-horizon
  exit-af-interface
  !
  topology base
  exit-af-topology
  network 10.1.0.0 0.0.255.255
  network 172.16.2.0 0.0.0.255
 exit-address-family




CSR9
interface Tunnel1
 ip address 172.16.1.9 255.255.255.0
 no ip redirects
 ip nhrp authentication cisco123
 ip nhrp network-id 1
 ip nhrp nhs 172.16.1.3 nbma 103.1.3.3 multicast
 tunnel source GigabitEthernet1.1091
 tunnel mode gre multipoint
 tunnel key 1
 tunnel vrf INET
!
router eigrp IWAN
 !
 address-family ipv4 unicast autonomous-system 1
  !
  af-interface Tunnel1
   no split-horizon
  exit-af-interface
  !
  topology base
  exit-af-topology
  network 10.3.0.0 0.0.255.255
  network 172.16.1.0 0.0.0.255
 exit-address-family




CSR10
interface Tunnel2
 ip address 172.16.2.10 255.255.255.0
 no ip redirects
 ip nhrp authentication cisco123
 ip nhrp network-id 2
 ip nhrp nhs 172.16.2.4 nbma 10.2.4.4 multicast
 tunnel source GigabitEthernet1.1021
 tunnel mode gre multipoint
 tunnel key 2
 tunnel vrf MPLS
!
router eigrp IWAN
 !
 address-family ipv4 unicast autonomous-system 1
  !
  af-interface Tunnel1
   no split-horizon
  exit-af-interface
  !
  topology base
  exit-af-topology
  network 10.3.0.0 0.0.255.255
  network 172.16.2.0 0.0.0.255
 exit-address-family



CSR11
interface Tunnel1
 ip address 172.16.1.11 255.255.255.0
 no ip redirects
 ip nhrp authentication cisco123
 ip nhrp network-id 1
 ip nhrp nhs 172.16.1.3 nbma 103.1.3.3 multicast
 tunnel source GigabitEthernet1.1111
 tunnel mode gre multipoint
 tunnel key 1
 tunnel vrf INET
!
interface Tunnel2
 ip address 172.16.2.11 255.255.255.0
 no ip redirects
 ip nhrp authentication cisco123
 ip nhrp network-id 2
 ip nhrp nhs 172.16.2.4 nbma 10.2.4.4 multicast
 tunnel source GigabitEthernet1.1021
 tunnel mode gre multipoint
 tunnel key 2
 tunnel vrf MPLS
!
router eigrp IWAN
 !
 address-family ipv4 unicast autonomous-system 1
  !
  af-interface Tunnel1
   no split-horizon
  exit-af-interface
  !
  topology base
  exit-af-topology
  network 10.4.0.0 0.0.255.255
​  network 172.16.1.0 0.0.0.255
  network 172.16.2.0 0.0.0.255

 exit-address-family




CSR12
interface Tunnel2
 bandwidth 100000
 ip address 172.16.2.12 255.255.255.0
 no ip redirects
 ip nhrp authentication cisco123
 ip nhrp network-id 2
 ip nhrp nhs 172.16.2.4 nbma 10.2.4.4 multicast
 tunnel source GigabitEthernet1.1022
 tunnel mode gre multipoint
 tunnel key 2
 tunnel vrf MPLS
!
interface Tunnel1
 ip address 172.16.1.12 255.255.255.0
 no ip redirects
 ip nhrp authentication cisco123
 ip nhrp network-id 1
 ip nhrp nhs 172.16.1.3 nbma 103.1.3.3 multicast
 tunnel source GigabitEthernet1.1121
 tunnel mode gre multipoint
 tunnel key 1
 tunnel vrf INET
!
router eigrp IWAN
 !
 address-family ipv4 unicast autonomous-system 1
  !
  af-interface Tunnel1
   no split-horizon
  exit-af-interface
  !
  topology base
  exit-af-topology
  network 10.5.0.0 0.0.255.255
  network 172.16.1.0 0.0.0.255
  network 172.16.2.0 0.0.0.255

 exit-address-family




CSR3#show dmvpn detail 
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
        N - NATed, L - Local, X - No Socket
        T1 - Route Installed, T2 - Nexthop-override
        C - CTS Capable, I2 - Temporary
        # Ent --> Number of NHRP entries with same NBMA peer
        NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
        UpDn Time --> Up or Down Time for a Tunnel
==========================================================================

Interface Tunnel1 is up/up, Addr. is 172.16.1.3, VRF "" 
   Tunnel Src./Dest. addr: 103.1.3.3/Multipoint, Tunnel VRF "INET"
   Protocol/Transport: "multi-GRE/IP", Protect "DMVPN" 
   Interface State Control: Disabled
   nhrp event-publisher : Disabled
Type:Hub, Total NBMA Peers (v4/v6): 3

# Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb    Target Network
----- --------------- --------------- ----- -------- ----- -----------------
    1 109.1.9.9            172.16.1.9    UP 01:26:22     D      172.16.1.9/32
    1 111.1.11.11         172.16.1.11    UP 01:26:26     D     172.16.1.11/32
    1 112.1.12.12         172.16.1.12    UP 01:26:12     D     172.16.1.12/32



CSR4#show dmvpn  detail 
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
        N - NATed, L - Local, X - No Socket
        T1 - Route Installed, T2 - Nexthop-override
        C - CTS Capable, I2 - Temporary
        # Ent --> Number of NHRP entries with same NBMA peer
        NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
        UpDn Time --> Up or Down Time for a Tunnel
==========================================================================

Interface Tunnel2 is up/up, Addr. is 172.16.2.4, VRF "" 
   Tunnel Src./Dest. addr: 10.2.4.4/Multipoint, Tunnel VRF "MPLS"
   Protocol/Transport: "multi-GRE/IP", Protect "DMVPN" 
   Interface State Control: Disabled
   nhrp event-publisher : Disabled
Type:Hub, Total NBMA Peers (v4/v6): 3

# Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb    Target Network
----- --------------- --------------- ----- -------- ----- -----------------
    1 10.2.10.10          172.16.2.10    UP 01:26:20     D     172.16.2.10/32
    1 10.2.11.11          172.16.2.11    UP 01:26:26     D     172.16.2.11/32
    1 10.2.12.12          172.16.2.12    UP 01:27:03     D     172.16.2.12/32​
Powered by Create your own unique website with customizable templates.
  • Home
  • Technology VoD!
    • Cisco >
      • Route & Switch / Enterprise Infrastructure
  • Technology Breakdowns!
    • Route&Switch/Ent. Infra. >
      • L2 Technologies
      • L3 Technologies
      • VPN Technologies
      • Services >
        • IOS - Dynamic NAT
        • HSRP - IPv4 Setup
        • HSRP - Priority and Preemption
    • Service Provider >
      • IGPs (Interior Gateway Protocols)
      • First Hop Redundancy >
        • HSRP (Hot Standby Router Protocol) >
          • HSRP - IOS/IOS XE Setup
          • HSRP - IOS XR Setup
      • BGP (Border Gateway Protocol)
      • Inter AS Multicast (MSDP)
      • Intra-AS MPLS
      • Inter-AS MPLS
    • Security >
      • IOS Firewall
      • ASA Firewall
      • FirePOWER Threat Defense >
        • FTD - FTD NGFW Device Setup and FMC Integration
      • VPNs >
        • PKI
        • Site to Site VPNs
        • Remote Access VPNs >
          • IOS Remote Access
          • ASA Remote Access
    • Data Center >
      • Nexus 9000v >
        • Nexus 9000v - Enabling Features
        • Nexus 9000v - VLANs and Trunks
        • Nexus 9000v - LACP Port Channels
        • Nexus 9000v - vPC (Virtual Port Channel)
        • Nexus 9000v - OSPFv2
        • Nexus 9000v - VXLAN - Ingress Replication Flood and Learn
        • Nexus 9000v - IP Multicast
        • Nexus 9000v - VxLAN - Multicast Flood and Learn
        • Nexus 9000v - VxLAN - BGP EVPN with Multicast
        • Nexus 9000v - VxLAN - BGP EVPN w/Ingress Replication
        • Nexus 9000v - VxLAN - Inter-VxLAN Routing with BGP EVPN
        • Nexus 9000v - VXLAN - External Routing
      • Nexus 7000v
    • Palo Alto