Configuring NHRP

Configure the Next Hop Resolution Protocol (NHRP) so that spokes can obtain the peer IP address of each other by exchanging NHRP Resolution Request and Reply packets.

Context

NHRP enables a source spoke on a public network to dynamically obtain the public IP address of a destination spoke. When a spoke connects to a public network, it sends NHRP Registration Request packets to the hub using the public IP address of the outbound interface as the source IP address. The hub creates or updates NHRP mapping entries based on the packets received. Two spokes also exchange NHRP Resolution Request and Reply packets to create or update NHRP mapping entries.

Perform the following configurations on the hub and spokes.

Procedure

  • Configure Hub.
    1. Run system-view

      The system view is displayed.

    2. Run nhrp enable

      NHRP is enabled globally.

    3. Run interface tunnel interface-number

      The tunnel interface view is displayed.

    4. Run nhrp enable

      NHRP is enabled in the tunnel interface view.

    5. (Optional) Run nhrp network-id netId

      An NHRP domain is configured for the tunnel interface.

    6. Run nhrp entry multicast dynamic

      Dynamically registered branch devices can be added to the NHRP multicast member table.

    7. Run nhrp authentication [ hash { sha2-256 | sha2-384 | sha2-512 } ] cipher authenString

      An authentication string is configured for NHRP negotiation.

    8. (Optional) Run nhrp entry holdtime holdtime

      The hold time of NHRP mapping entries is set.

      After the hold time elapses, the NHRP mapping entries age.

    9. (Optional) Run nhrp redirect

      The NHRP redirection function is enabled.

      This configuration is required only when the DSVPN shortcut mode is used.

    10. Run commit

      The configuration is committed.

  • Configure spokes.
    1. Run system-view

      The system view is displayed.

    2. Run nhrp enable

      NHRP is enabled globally.

    3. Run interface tunnel interface-number

      The tunnel interface view is displayed.

    4. Run nhrp enable

      NHRP is enabled in the tunnel interface view.

    5. (Optional) Run nhrp network-id netId

      An NHRP domain is configured for the tunnel interface.

    6. (Optional) Run nhrp shortcut

      The NHRP shortcut function is enabled.

    7. Run nhrp entry multicast dynamic

      Dynamically registered branch devices can be added to the NHRP multicast member table.

    8. Run nhrp entry protocol-address nbma-address [ register ]
    9. (Optional) Run nhrp registration no-unique

      The device is enabled to send NHRP packets with the no-unique flag to instruct the remote device to use NHRP mapping entries to overwrite the conflicting NHRP peer entries during NHRP registration.

    10. Run nhrp authentication [ hash { sha2-256 | sha2-384 | sha2-512 } ] cipher authenString

      An NHRP authentication string is set.

      If the NHRP authentication string is set on the hub, it must also be configured on the spokes.

    11. (Optional) Run nhrp registration interval regInterval

      The NHRP registration interval is set.

    12. (Optional) Run nhrp entry holdtime holdtime

      The hold time of NHRP mapping entries is set.

      After the hold time elapses, the NHRP mapping entries can age.

    13. Run commit

      The configuration is committed.

Parent Topic: Configuring DSVPN
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >