DMVPN 建立不通,第一步就是檢查物理接口直接是否可以ping通,在檢查其他的, 排錯思路!!
R20# ping 192.0.2.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.0.2.20, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/5/25 ms
R20# ping 192.0.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.0.2.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R20# ping 192.0.2.2 so
R20# ping 192.0.2.2 source 192.0.2.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.0.2.2, timeout is 2 seconds:
Packet sent with a source address of 192.0.2.20
.....
Success rate is 0 percent (0/5)
R20# ping 192.0.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.0.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R20# ping 192.0.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.0.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R20#
R20#show ip ro
R20#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.100.0.0/24 is directly connected, Tunnel0
L 10.100.0.20/32 is directly connected, Tunnel0
192.0.2.0/32 is subnetted, 2 subnets
C 192.0.2.1 is directly connected, Dialer1
C 192.0.2.20 is directly connected, Dialer1
R20#
R20#
R20#show ru
R20#show run
R20#show running-config | sec ip route
R20#
R20#
R20#show running-config | sec route
R20#
R20#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R20(config)#
R20(config)#end
R20#show run
R20#show running-config
*Sep 11 06:02:27.739: %SYS-5-CONFIG_I: Configured from console by console
R20#show running-config
hostname R20
no ip domain lookup
ip cef
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
crypto isakmp key CCIE address 0.0.0.0
!
!
crypto ipsec transform-set CCIEXFROM esp-aes
mode transport
!
crypto ipsec profile DMVPNPROFILE
set transform-set CCIEXFROM
!
!
interface Tunnel0
ip address 10.100.0.20 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication CCIE
ip nhrp map 10.100.0.1 192.0.2.2
ip nhrp map multicast 192.0.2.2
ip nhrp network-id 200
ip nhrp holdtime 300
ip nhrp nhs 10.100.0.1
ip nhrp shortcut
ip tcp adjust-mss 1360
tunnel source Dialer1
tunnel mode gre multipoint
tunnel protection ipsec profile DMVPNPROFILE
!
interface Ethernet0/0
no ip address
pppoe enable group global
pppoe-client dial-pool-number 1
interface Dialer1
ip address negotiated
ip mtu 1492
encapsulation ppp
dialer pool 1
ppp chap hostname Jamesons-R20
ppp chap password 0 CCIE
!
ip forward-protocol nd
R20#
R20# conf t
Enter configuration commands, one per line. End with CNTL/Z.
R20(config)#
R20(config)#ip route 192.0.2.0 255.255.255.0 dialer 1 ----------------發現少配置了一個靜態路由,導致物理接口之間不通,最後導致dmvpn也是建立不起來的,加上靜態路由就好了。
R20(config)#end
R20#wr
Building configuration...
[OK]
R20#wr
Building configuration...
[OK]
R20#
*Sep 11 06:03:03.707: %SYS-5-CONFIG_I: Configured from console by console
R20#show ip ro
R20#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.100.0.0/24 is directly connected, Tunnel0
L 10.100.0.20/32 is directly connected, Tunnel0
192.0.2.0/24 is variably subnetted, 3 subnets, 2 masks
S 192.0.2.0/24 is directly connected, Dialer1
C 192.0.2.1/32 is directly connected, Dialer1
C 192.0.2.20/32 is directly connected, Dialer1
R20#
R20#
R20#tr
R20#traceroute 10.100.0.21 os
R20#traceroute 10.100.0.21 o
R20#traceroute 10.100.0.21 so
R20#traceroute 10.100.0.21 source 10.100.0.20
Type escape sequence to abort.
Tracing the route to 10.100.0.21
VRF info: (vrf in name/id, vrf out name/id)
1 10.100.0.1 6 msec 5 msec 3 msec
2 10.100.0.21 40 msec * 6 msec
R20#
R20#
R20#traceroute 10.100.0.21 source 10.100.0.20
Type escape sequence to abort.
Tracing the route to 10.100.0.21
VRF info: (vrf in name/id, vrf out name/id)
1 10.100.0.21 6 msec * 6 msec
R20#traceroute 10.100.0.21 source 10.100.0.20
Type escape sequence to abort.
Tracing the route to 10.100.0.21
VRF info: (vrf in name/id, vrf out name/id)
1 10.100.0.21 6 msec * 6 msec
R20#
R20#
R20#
R20#
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.0.2.20, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/5/25 ms
R20# ping 192.0.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.0.2.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R20# ping 192.0.2.2 so
R20# ping 192.0.2.2 source 192.0.2.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.0.2.2, timeout is 2 seconds:
Packet sent with a source address of 192.0.2.20
.....
Success rate is 0 percent (0/5)
R20# ping 192.0.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.0.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R20# ping 192.0.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.0.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R20#
R20#show ip ro
R20#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.100.0.0/24 is directly connected, Tunnel0
L 10.100.0.20/32 is directly connected, Tunnel0
192.0.2.0/32 is subnetted, 2 subnets
C 192.0.2.1 is directly connected, Dialer1
C 192.0.2.20 is directly connected, Dialer1
R20#
R20#
R20#show ru
R20#show run
R20#show running-config | sec ip route
R20#
R20#
R20#show running-config | sec route
R20#
R20#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R20(config)#
R20(config)#end
R20#show run
R20#show running-config
*Sep 11 06:02:27.739: %SYS-5-CONFIG_I: Configured from console by console
R20#show running-config
hostname R20
no ip domain lookup
ip cef
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
crypto isakmp key CCIE address 0.0.0.0
!
!
crypto ipsec transform-set CCIEXFROM esp-aes
mode transport
!
crypto ipsec profile DMVPNPROFILE
set transform-set CCIEXFROM
!
!
interface Tunnel0
ip address 10.100.0.20 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication CCIE
ip nhrp map 10.100.0.1 192.0.2.2
ip nhrp map multicast 192.0.2.2
ip nhrp network-id 200
ip nhrp holdtime 300
ip nhrp nhs 10.100.0.1
ip nhrp shortcut
ip tcp adjust-mss 1360
tunnel source Dialer1
tunnel mode gre multipoint
tunnel protection ipsec profile DMVPNPROFILE
!
interface Ethernet0/0
no ip address
pppoe enable group global
pppoe-client dial-pool-number 1
interface Dialer1
ip address negotiated
ip mtu 1492
encapsulation ppp
dialer pool 1
ppp chap hostname Jamesons-R20
ppp chap password 0 CCIE
!
ip forward-protocol nd
R20#
R20# conf t
Enter configuration commands, one per line. End with CNTL/Z.
R20(config)#
R20(config)#ip route 192.0.2.0 255.255.255.0 dialer 1 ----------------發現少配置了一個靜態路由,導致物理接口之間不通,最後導致dmvpn也是建立不起來的,加上靜態路由就好了。
R20(config)#end
R20#wr
Building configuration...
[OK]
R20#wr
Building configuration...
[OK]
R20#
*Sep 11 06:03:03.707: %SYS-5-CONFIG_I: Configured from console by console
R20#show ip ro
R20#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.100.0.0/24 is directly connected, Tunnel0
L 10.100.0.20/32 is directly connected, Tunnel0
192.0.2.0/24 is variably subnetted, 3 subnets, 2 masks
S 192.0.2.0/24 is directly connected, Dialer1
C 192.0.2.1/32 is directly connected, Dialer1
C 192.0.2.20/32 is directly connected, Dialer1
R20#
R20#
R20#tr
R20#traceroute 10.100.0.21 os
R20#traceroute 10.100.0.21 o
R20#traceroute 10.100.0.21 so
R20#traceroute 10.100.0.21 source 10.100.0.20
Type escape sequence to abort.
Tracing the route to 10.100.0.21
VRF info: (vrf in name/id, vrf out name/id)
1 10.100.0.1 6 msec 5 msec 3 msec
2 10.100.0.21 40 msec * 6 msec
R20#
R20#
R20#traceroute 10.100.0.21 source 10.100.0.20
Type escape sequence to abort.
Tracing the route to 10.100.0.21
VRF info: (vrf in name/id, vrf out name/id)
1 10.100.0.21 6 msec * 6 msec
R20#traceroute 10.100.0.21 source 10.100.0.20
Type escape sequence to abort.
Tracing the route to 10.100.0.21
VRF info: (vrf in name/id, vrf out name/id)
1 10.100.0.21 6 msec * 6 msec
R20#
R20#
R20#
R20#
主題: DMVPN中“包治百病”的‘大招’---shutdown --no shutdown ---tunnel 接口Dear Bruce ---------進過 Bruce 實驗驗證,確實 有效, 很管用,[DMVPN大招]DMVPN中“包治百病”的‘大招’---shutdown --no shutdown ---tunnel 接口在配置DMVPN的過程中,很可能出現配置完全正確,但是測試結果異常的現象。這個時候就可以使用如下的“”大招“”來解決問題。請注意,配置DMVPN出現不可預期的問題比較常見,但是一般都能使用下面的辦法來解決,當然前提是配置沒有問題。步驟1: 關閉所有站點的隧道接口;R17(config)#interface tunnel 0 ---------HubR17(config-if)#shutdownR18(config)#interface tunnel 0 ------Spoke1R18(config-if)#shutdownR19(config)#interface tunnel 0 -----Spoke2R19(config-if)#shutdown步驟2: 從中心站點開始打開各個站點的隧道接口;----以中心站點到分支站點的順序 逐次打開隧道接口;R17(config)#interface tunnel 0 ---------HubR17(config-if)#no shutdownR18(config)#interface tunnel 0 ------Spoke1R18(config-if)#no shutdownR19(config)#interface tunnel 0 -----Spoke2R19(config-if)#no shutdown如果確實配置沒有問題,那麼這個時候DMVPN就應該能夠正常工作了。-----------------R19#ping 10.18.19.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.18.19.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R19# ---------------------------------------------shutdown 接口和 no shutdown 接口配置之後的對比。R19#ping 10.18.19.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.18.19.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 9/9/10 ms
R19#ping 10.18.19.18
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.18.19.18, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 17/19/22 ms
R19#ping 10.18.19.19
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.18.19.19, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 17/20/25 ms
R19#
R19#