dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
867
carltonp
join:2014-08-20

carltonp

Member

[Config] Cisco Backup Tunnel Interface Won't Go Into Standby

09-50-07--jm···250.3.19
6,504 bytes
(09-50-07--jmsam-argentina02-mpls.routers.matthey.com(10.250.3.191).txt)
Hello Community,

I have configured Tunnel Interface 201 to use backup interface tunnel 200. However, when issue the show command show ip interface brief Tunnel 200 shows up up instead of:

Tunnel200 10.252.0.165 YES NVRAM standby mode down

Can someone please explain why? And help resolve this issue

Configs attached

Cheers

cpatte7372
HELLFIRE
MVM
join:2009-11-25

HELLFIRE

MVM

Posting up as plaintext for better readability

jmsam-argentina01#show run 
Building configuration...
 
Current configuration : 8685 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname jmsam-argentina01
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 [snip]
enable password barlow1
!
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ if-authenticated 
!
!
aaa session-id common
clock timezone EST -5
clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 1:00
!
dot11 syslog
no ip source-route
!
!
ip cef
!
!
no ip domain lookup
ip domain name yourdomain.com
ip host JM_MW_MGMT 192.168.151.191
ip name-server 198.6.100.25
ip name-server 198.6.100.38
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
!
!
!
username carlton secret 5 [snip]
archive
 log config
  hidekeys
! 
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 10.252.0.161 255.255.255.252
!
interface Loopback1
 description MPLS Failover Loopback
 ip address 10.250.5.1 255.255.255.255
!
interface Tunnel0
 no ip address
!
interface Tunnel101
 description Tunnel to JMSAM-Brasil01
 bandwidth 1536
 ip address 10.252.3.6 255.255.255.252
 ip hello-interval eigrp 65100 10
 ip hold-time eigrp 65100 180
 ip tcp adjust-mss 1340
 no ip mroute-cache
 delay 70000
 tunnel source xx.xx.xx.xx.
 tunnel destination 200.178.56.238
 crypto map JMAT-VPN
!
interface Tunnel102
 description Tunnel to jmeu-london-colo02
 bandwidth 1536
 ip address 10.9.249.158 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip hello-interval eigrp 65100 10
 ip hold-time eigrp 65100 180
 ip virtual-reassembly
 ip tcp adjust-mss 1340
 ip summary-address eigrp 65100 0.0.0.0 0.0.0.0 5
 no ip mroute-cache
 delay 70000
 keepalive 4 6
 tunnel source xx.xx.xx.xx
 tunnel destination xx.xx.xx.xx
 crypto map JMAT-VPN
!
interface Tunnel200
 description Tunnel to jmna-wayne01
 bandwidth 1536
 ip address 10.252.0.165 255.255.255.252
 ip mtu 1380
 ip flow ingress
 ip hello-interval eigrp 65100 10
 ip hold-time eigrp 65100 180
 ip summary-address eigrp 65100 0.0.0.0 0.0.0.0 5
 qos pre-classify
 keepalive 4 6
 tunnel source xx.xx.xx.xx
 tunnel destination x.xx.xx.xx
 crypto map JMAT-VPN
!
interface Tunnel201
 description Trigger tunnel to Wayne01
 backup interface Tunnel200
 ip address 10.252.3.162 255.255.255.252
 keepalive 5 3
 tunnel source Loopback1
 tunnel destination 10.252.0.177
!
interface FastEthernet0/0
 description Inside Interface to ASA firewall
 ip address 192.168.191.35 255.255.255.224
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
 no cdp enable
 standby 2 ip 192.168.191.33
 standby 2 priority 110
 standby 2 preempt
 no mop enabled
!
interface FastEthernet0/1
 description Interface to ISP
 ip address xx.xx.xx.xx 255.255.255.248
 ip access-group ALLOWED-TRAFFIC-FROM-INTERNET-FASTETHERNET0/1 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
 no cdp enable
 no mop enabled
 crypto map JMAT-VPN
!
interface Dialer1
 no ip address
!
router eigrp 65100
 redistribute static metric 1500 1000 255 1 1500 route-map static-to-eigrp
 network 10.0.0.0
 network 192.168.191.32 0.0.0.31
 no auto-summary
 no eigrp log-neighbor-changes
!
no ip http server
no ip http secure-server
!
ip flow-cache timeout active 1
ip flow-export source Loopback0
ip flow-export version 5
ip flow-export destination 192.168.151.176 2055
!
ip nat inside source list 1 interface FastEthernet0/1 overload
ip tacacs source-interface Loopback1
!
access-list 1 permit 192.168.0.0 0.0.255.255
access-list 10 permit 58.84.235.133
access-list 10 permit 81.136.214.30
access-list 10 permit 121.98.128.38
access-list 10 remark VTY ACCESS
access-list 10 permit 10.0.0.0 0.255.255.255
access-list 10 permit 192.168.0.0 0.0.255.255
access-list 10 permit 202.37.48.0 0.0.3.255
access-list 11 remark TELNET-BLOCK
access-list 11 deny   any log
access-list 16 remark connected-networks
access-list 16 permit 192.168.170.0 0.0.0.255
access-list 17 permit 0.0.0.255
dialer-list 1 protocol ip permit
!
!
!
!
route-map rip-to-eigrp permit 10
 match ip address 17
!
route-map static-to-eigrp permit 10
 match tag 222
!
route-map connected permit 10
 match ip address 16
!
!
snmp-server community public RO
snmp-server community jm RO
snmp-server community JM RO
snmp-server community JMGCABNS RW
snmp-server enable traps tty
snmp-server host 192.168.151.154 [snip]
tacacs-server host 192.168.1.222
tacacs-server directed-request
tacacs-server key [snip]
!
control-plane
!
!
!
!
mgcp fax t38 ecm
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
line aux 0
line vty 0 4
 password barlow1
!
scheduler allocate 20000 1000
no process cpu extended
no process cpu autoprofile hog
end
 

jmsam-argentina01#show ip int brie
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            192.168.191.35  YES NVRAM  up                    up      
FastEthernet0/1            200.26.114.178  YES NVRAM  up                    up      
NVI0                       192.168.191.35  YES unset  up                    up      
SSLVPN-VIF0                unassigned      NO  unset  up                    up      
Dialer1                    unassigned      YES NVRAM  up                    up      
Loopback0                  10.252.0.161    YES NVRAM  up                    up      
Loopback1                  10.250.5.1      YES NVRAM  up                    up      
Tunnel0                    unassigned      YES NVRAM  up                    down    
Tunnel101                  10.252.3.6      YES NVRAM  up                    up      
Tunnel102                  10.9.249.158    YES NVRAM  up                    up      
Tunnel200                  10.252.0.165    YES NVRAM  up                    up      
Tunnel201                  10.252.3.162    YES NVRAM  up                    down    
jmsam-argentina01#
 

So if I got this right, Tunnel 201 should be the primary / in use; if it goes down, Tunnel 200 should go active?
If so, I think the clue's right in your "sh ip int bri" output

Tunnel200                  10.252.0.165    YES NVRAM  up                    up      
Tunnel201                  10.252.3.162    YES NVRAM  up                    down    
 

Read here -- "The router must detect that the primary interface line protocol is down for it to activate the backup link."

I haven't done "backup interfaces" since my CCNA lab days... I'm wondering if IP-SLA and OER isn't a better way to do this...

My 00000010bits

Regards