[c-nsp] DMVPN -- IP / Tunnel Source change on remote site problems
Eric Cables
ecables at gmail.com
Fri Nov 21 14:09:10 EST 2008
Hopefully someone here can provide some insight into the problem I'm seeing..
I recently tried to migrate a remote site from one WAN interface to
another (Serial0/0/0 -> Fast0/1 -- shared Eth handoff), and ran into
problems where the NHRP mapping would never update. The remote
router, an 1800, has a dual cloud configuration. I was going to
migrate Tunnel1 first by adding a more specific route out the new
Fast0/1 interface, establish the tunnel, then failover to it.
I went through the steps of adding the new route, and updating the
tunnel source from Serial0/0/0 to Fast0/1. Next I shut/no shut the
Tunnel1 interface, hoping that everything would start fresh, using the
new tunnel source. Unfortunately traffic was never able to function
over Tunnel1, and when looking at the headend I did not see the new
NHRP mapping show up, instead I only saw these messages:
Nov 21 10:56:49.478 PST: NHRP: Setting cache expiry for x.x.x.x to 5000
Nov 21 10:58:40.097 PST: NHRP: MACADDR: if_in null netid-in 0 if_out
Tunnel1 netid-out 25
The ISAKMP SA appeared functional:
x.x.x.x x.x.x.x QM_IDLE 4083 0 ACTIVE
I tried bouncing the remote site Tunnel1 interface multiple times,
cleaing NHRP & ISAKMP SA IDs on both the headend & remote side, but
nothing worked. Finally out of frustration I bounced the Tunnel
interface on the headend, and sure enough everything started to
function. The new NHRP mapping was created, and routing protocols
re-established their adjacencies. Luckily this is a new DMVPN cloud,
so I was able to bounce the headend Tunnel interface, but if I had
multiple sites live this would not have been feasible.
Can anyone provide any insight into what happened? What auxiliary
command could I have typed, (other than shut/no shut on the headend
tunnel), to have brought this up?
Thanks..
-- Eric Cables
More information about the cisco-nsp
mailing list