Cisco DMVPN With DHCP Failure
With Cisco’s DMVPN it should be a snap to pickup your router and move it to a new site…at least it was previously for my client. The difference was, they were statically configured before, and now they are DHCP.
Cisco Dynamic Multipoint VPN is a system where by you plug in, and remote sites will dial back to a hub site, create a tunnel, then encrypt the tunnel. Everything is done automatically…so why did it fail when switching to DHCP.
When the tunnel interface was enabled, everything flapped up and down. Connectivity was shot through the tunnel as well as regular internet access.
I first looked at the log on their router:
1 2 3 4
000573: Dec 28 2015 13:33:21.669 CST: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.5.250.1 (Tunnel0) is down: holding time expired 000574: Dec 28 2015 13:33:49.926 CST: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.5.250.1 (Tunnel0) is up: new adjacency 000575: Dec 28 2015 13:34:09.846 CST: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.5.250.1 (Tunnel0) is down: Peer goodbye received 000576: Dec 28 2015 13:34:13.026 CST: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 10.5.250.1 (Tunnel0) is up: new adjacency
As soon as the tunnel interface came up “Tunnel0”, EIGRP started going bananas. I was thinking…what would make EIGRP flap as well as connectivity to go crazy?
When the tunnel establishes it starts to learn routes from the the tunnel interface…perhaps it is getting a default route. That can’t be the issue, right, because our DHCP learned default route should have preference, right…WRONG.
By default the DHCP learned default route has an administrative distance of 254 as evidenced when issuing a show ip route command:
S* 0.0.0.0/0 [254/0] via 126.96.36.199
Since EIGRP has an AD of 90, when that default route comes it is is installed into the route table in place of our DHCP learned default. This then breaks our internet connectivity and the tunnel fails, which then repeats the cycle. It worked before because they were statically configuring default which has an AD of 1.
Cisco has a special command for just such an issue:
ip dhcp-client default-router distance X
X can be a value of 1 – 255. I chose 1 since that is consistent with a static route.
After you enter the command you have to shut/no shut the interface to have the default route be relearned. As soon as it is it acquires the new AD we set.
S* 0.0.0.0/0 [1/0] via 188.8.131.52
After that I enabled the tunnel interface, everything came up and all was right with the world.
Good luck and God’s speed little networkers!