TS---DMVPN 建立不通,第一步就是检查物理接口直接是否可以ping通,在检查其他的, 排错思路!!
来源:互联网 发布:美林数据股份有限公司 编辑:程序博客网 时间:2024/04/30 16:38
DMVPN 建立不通,第一步就是检查物理接口直接是否可以ping通,在检查其他的, 排错思路!!
R20# ping 192.0.2.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.0.2.20, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/5/25 ms
R20# ping 192.0.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.0.2.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R20# ping 192.0.2.2 so
R20# ping 192.0.2.2 source 192.0.2.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.0.2.2, timeout is 2 seconds:
Packet sent with a source address of 192.0.2.20
.....
Success rate is 0 percent (0/5)
R20# ping 192.0.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.0.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R20# ping 192.0.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.0.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R20#
R20#show ip ro
R20#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.100.0.0/24 is directly connected, Tunnel0
L 10.100.0.20/32 is directly connected, Tunnel0
192.0.2.0/32 is subnetted, 2 subnets
C 192.0.2.1 is directly connected, Dialer1
C 192.0.2.20 is directly connected, Dialer1
R20#
R20#
R20#show ru
R20#show run
R20#show running-config | sec ip route
R20#
R20#
R20#show running-config | sec route
R20#
R20#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R20(config)#
R20(config)#end
R20#show run
R20#show running-config
*Sep 11 06:02:27.739: %SYS-5-CONFIG_I: Configured from console by console
R20#show running-config
hostname R20
no ip domain lookup
ip cef
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
crypto isakmp key CCIE address 0.0.0.0
!
!
crypto ipsec transform-set CCIEXFROM esp-aes
mode transport
!
crypto ipsec profile DMVPNPROFILE
set transform-set CCIEXFROM
!
!
interface Tunnel0
ip address 10.100.0.20 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication CCIE
ip nhrp map 10.100.0.1 192.0.2.2
ip nhrp map multicast 192.0.2.2
ip nhrp network-id 200
ip nhrp holdtime 300
ip nhrp nhs 10.100.0.1
ip nhrp shortcut
ip tcp adjust-mss 1360
tunnel source Dialer1
tunnel mode gre multipoint
tunnel protection ipsec profile DMVPNPROFILE
!
interface Ethernet0/0
no ip address
pppoe enable group global
pppoe-client dial-pool-number 1
interface Dialer1
ip address negotiated
ip mtu 1492
encapsulation ppp
dialer pool 1
ppp chap hostname Jamesons-R20
ppp chap password 0 CCIE
!
ip forward-protocol nd
R20#
R20# conf t
Enter configuration commands, one per line. End with CNTL/Z.
R20(config)#
R20(config)#ip route 192.0.2.0 255.255.255.0 dialer 1 ----------------发现少配置了一个静态路由,导致物理接口之间不通,最后导致dmvpn也是建立不起来的,加上静态路由就好了。
R20(config)#end
R20#wr
Building configuration...
[OK]
R20#wr
Building configuration...
[OK]
R20#
*Sep 11 06:03:03.707: %SYS-5-CONFIG_I: Configured from console by console
R20#show ip ro
R20#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.100.0.0/24 is directly connected, Tunnel0
L 10.100.0.20/32 is directly connected, Tunnel0
192.0.2.0/24 is variably subnetted, 3 subnets, 2 masks
S 192.0.2.0/24 is directly connected, Dialer1
C 192.0.2.1/32 is directly connected, Dialer1
C 192.0.2.20/32 is directly connected, Dialer1
R20#
R20#
R20#tr
R20#traceroute 10.100.0.21 os
R20#traceroute 10.100.0.21 o
R20#traceroute 10.100.0.21 so
R20#traceroute 10.100.0.21 source 10.100.0.20
Type escape sequence to abort.
Tracing the route to 10.100.0.21
VRF info: (vrf in name/id, vrf out name/id)
1 10.100.0.1 6 msec 5 msec 3 msec
2 10.100.0.21 40 msec * 6 msec
R20#
R20#
R20#traceroute 10.100.0.21 source 10.100.0.20
Type escape sequence to abort.
Tracing the route to 10.100.0.21
VRF info: (vrf in name/id, vrf out name/id)
1 10.100.0.21 6 msec * 6 msec
R20#traceroute 10.100.0.21 source 10.100.0.20
Type escape sequence to abort.
Tracing the route to 10.100.0.21
VRF info: (vrf in name/id, vrf out name/id)
1 10.100.0.21 6 msec * 6 msec
R20#
R20#
R20#
R20#
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.0.2.20, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/5/25 ms
R20# ping 192.0.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.0.2.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R20# ping 192.0.2.2 so
R20# ping 192.0.2.2 source 192.0.2.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.0.2.2, timeout is 2 seconds:
Packet sent with a source address of 192.0.2.20
.....
Success rate is 0 percent (0/5)
R20# ping 192.0.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.0.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R20# ping 192.0.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.0.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R20#
R20#show ip ro
R20#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.100.0.0/24 is directly connected, Tunnel0
L 10.100.0.20/32 is directly connected, Tunnel0
192.0.2.0/32 is subnetted, 2 subnets
C 192.0.2.1 is directly connected, Dialer1
C 192.0.2.20 is directly connected, Dialer1
R20#
R20#
R20#show ru
R20#show run
R20#show running-config | sec ip route
R20#
R20#
R20#show running-config | sec route
R20#
R20#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R20(config)#
R20(config)#end
R20#show run
R20#show running-config
*Sep 11 06:02:27.739: %SYS-5-CONFIG_I: Configured from console by console
R20#show running-config
hostname R20
no ip domain lookup
ip cef
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
crypto isakmp key CCIE address 0.0.0.0
!
!
crypto ipsec transform-set CCIEXFROM esp-aes
mode transport
!
crypto ipsec profile DMVPNPROFILE
set transform-set CCIEXFROM
!
!
interface Tunnel0
ip address 10.100.0.20 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication CCIE
ip nhrp map 10.100.0.1 192.0.2.2
ip nhrp map multicast 192.0.2.2
ip nhrp network-id 200
ip nhrp holdtime 300
ip nhrp nhs 10.100.0.1
ip nhrp shortcut
ip tcp adjust-mss 1360
tunnel source Dialer1
tunnel mode gre multipoint
tunnel protection ipsec profile DMVPNPROFILE
!
interface Ethernet0/0
no ip address
pppoe enable group global
pppoe-client dial-pool-number 1
interface Dialer1
ip address negotiated
ip mtu 1492
encapsulation ppp
dialer pool 1
ppp chap hostname Jamesons-R20
ppp chap password 0 CCIE
!
ip forward-protocol nd
R20#
R20# conf t
Enter configuration commands, one per line. End with CNTL/Z.
R20(config)#
R20(config)#ip route 192.0.2.0 255.255.255.0 dialer 1 ----------------发现少配置了一个静态路由,导致物理接口之间不通,最后导致dmvpn也是建立不起来的,加上静态路由就好了。
R20(config)#end
R20#wr
Building configuration...
[OK]
R20#wr
Building configuration...
[OK]
R20#
*Sep 11 06:03:03.707: %SYS-5-CONFIG_I: Configured from console by console
R20#show ip ro
R20#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.100.0.0/24 is directly connected, Tunnel0
L 10.100.0.20/32 is directly connected, Tunnel0
192.0.2.0/24 is variably subnetted, 3 subnets, 2 masks
S 192.0.2.0/24 is directly connected, Dialer1
C 192.0.2.1/32 is directly connected, Dialer1
C 192.0.2.20/32 is directly connected, Dialer1
R20#
R20#
R20#tr
R20#traceroute 10.100.0.21 os
R20#traceroute 10.100.0.21 o
R20#traceroute 10.100.0.21 so
R20#traceroute 10.100.0.21 source 10.100.0.20
Type escape sequence to abort.
Tracing the route to 10.100.0.21
VRF info: (vrf in name/id, vrf out name/id)
1 10.100.0.1 6 msec 5 msec 3 msec
2 10.100.0.21 40 msec * 6 msec
R20#
R20#
R20#traceroute 10.100.0.21 source 10.100.0.20
Type escape sequence to abort.
Tracing the route to 10.100.0.21
VRF info: (vrf in name/id, vrf out name/id)
1 10.100.0.21 6 msec * 6 msec
R20#traceroute 10.100.0.21 source 10.100.0.20
Type escape sequence to abort.
Tracing the route to 10.100.0.21
VRF info: (vrf in name/id, vrf out name/id)
1 10.100.0.21 6 msec * 6 msec
R20#
R20#
R20#
R20#
主题: DMVPN中“包治百病”的‘大招’---shutdown --no shutdown ---tunnel 接口Dear Bruce ---------进过 Bruce 实验验证,确实 有效, 很管用,[DMVPN大招]DMVPN中“包治百病”的‘大招’---shutdown --no shutdown ---tunnel 接口在配置DMVPN的过程中,很可能出现配置完全正确,但是测试结果异常的现象。这个时候就可以使用如下的“”大招“”来解决问题。请注意,配置DMVPN出现不可预期的问题比较常见,但是一般都能使用下面的办法来解决,当然前提是配置没有问题。步骤1: 关闭所有站点的隧道接口;R17(config)#interface tunnel 0 ---------HubR17(config-if)#shutdownR18(config)#interface tunnel 0 ------Spoke1R18(config-if)#shutdownR19(config)#interface tunnel 0 -----Spoke2R19(config-if)#shutdown步骤2: 从中心站点开始打开各个站点的隧道接口;----以中心站点到分支站点的顺序 逐次打开隧道接口;R17(config)#interface tunnel 0 ---------HubR17(config-if)#no shutdownR18(config)#interface tunnel 0 ------Spoke1R18(config-if)#no shutdownR19(config)#interface tunnel 0 -----Spoke2R19(config-if)#no shutdown如果确实配置没有问题,那么这个时候DMVPN就应该能够正常工作了。-----------------R19#ping 10.18.19.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.18.19.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R19# ---------------------------------------------shutdown 接口和 no shutdown 接口配置之后的对比。R19#ping 10.18.19.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.18.19.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 9/9/10 ms
R19#ping 10.18.19.18
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.18.19.18, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 17/19/22 ms
R19#ping 10.18.19.19
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.18.19.19, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 17/20/25 ms
R19#
R19#
0 0
- DMVPN 建立不通,第一步就是检查物理接口直接是否可以ping通,在检查其他的, 排错思路!!
- TS---DMVPN 建立不通,第一步就是检查物理接口直接是否可以ping通,在检查其他的, 排错思路!!
- 检查集群内节点是否能ping通的脚本
- 检查是否PING 通 并同步时间
- Ping其他电脑ping不通的解决方法
- 检查能否ping通
- java简单ping其他Ip是否可以ping通
- 在Ubuntu 14.04 64bit中永久添加DNS的方法;虚拟机与windows互相都可以ping通,但是ubuntu 就是ping不通www.baidu.com;找了N久,最后找到有效的办法
- ping:检查网络是否连通的Dos命令
- 局域网内,ping IP可以ping的通,ping主机名ping不通解决办法
- 解决ping的IP 但是ping 不通域名的问题 或者请求找不到主机 请检查该名称
- 检查app的activity是否在当前
- 检查一个单词是否为其他字符串的子串
- 有些IP可以ping通,有些IP ping不通,别人无法ping通你的IP
- 如何检查防火墙引起的端口不通
- linux 网络 PING IP可以通,ping域名ping不通
- 物理机与虚拟机在同一网段ping不通的原因
- 检查进程是否在运行
- Android 开发中的坑
- SpringMVC整合Mybatis+Maven+Bootstrap的简单Demo
- 2017.1.13【初中部 GDKOI】模拟赛B组 天黑黑 题解
- oracle job 每分钟执行一次
- DOM4J解析xml
- TS---DMVPN 建立不通,第一步就是检查物理接口直接是否可以ping通,在检查其他的, 排错思路!!
- React-Native实战系列
- SqlServer2000中附加数据库的时候出现错误9003的解决
- Codecraft-17 and Codeforces Round #391 (Div. 1 + Div. 2, combined) -- B. Bash's Big Day (唯一分解定理)
- 奖券数目
- Android SVG图片制作
- 关于java内部类
- TabLayout设置标签分割线
- SpringMVC集成springfox-swagger2构建restful API
