Terry,
On number 3. The hub should have ip next-hop-self. Which is the default command. This makes sure the next hop is known via the hub which it will have a CEF entry for. If you change the default behavior then the route will be known via a next-hop that will not be in the RIB thus an incomplete entry in the CEF Table. The purpose of Phase 3 is to prevent traffic from being sub-optimally process switched. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Technical Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: [email protected] [mailto:[email protected]] On Behalf Of Terry Little (terlittl) Sent: Monday, April 05, 2010 10:58 AM To: CCIE Sec Subject: [OSL | CCIE_Security] DMVPN Phase 3 Clarification OK, Phase 3 is all about the ip nhrp redirect and ip nhrp shortcut commands. And I am pretty sure that I understand it all, but wanted a bit of confirmation. 1. The shortcut command is REQUIRED on the spokes, optional on the hub. I can't figure out what it would do on the hub, but it doesn't hurt anything. 2. The redirect command is REQUIRED on the hub, recommended on the spokes. Leaving it off the spokes doesn't break anything, it just leaves some routes in a complex DMVPN network sub-optimal. 3. Finally, the must not have "NO next-hop-self" or else the spoke to spoke tunnels do not get built. It still works, but the traffic is via the hub. Did I miss anything?? Terry Little [email protected] Phone: +1 425 468 1057 Mobile: +1 425 894 4109 Cisco Systems, Inc. Network Consulting Engineer World Wide Security Services Practice Cisco.com - http://www.cisco.com This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. For corporate legal information go to: http://www.cisco.com/web/about/doing_business/legal/cri/index.html
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
