Answers: GRE Tunnel 1

certskills
By certskills April 27, 2016 09:05

Configuring a static GRE tunnel, before adding the IPsec encryption, takes just a few commands. Have you mastered those commands yet? If not, check out the lab exercise first, and then come back here for the answer and some comments. Should take you about 5-10 minutes if you’ve already studied about GRE tunnels for your CCNA R&S exam.

Answers

Figure 1: Two Sites to be Connected Using a GRE Tunnel

 

Example 1: Edge1 Config

 

Example 2: Edge2 Config

 

Commentary

Generic Routing Encapsulation (GRE) tunnels provide a basic building block used to create many services. In its most basic form, a statically-configured GRE tunnel lets an engineer connect two remote sites to each other, while using some other IP network between the sites. Not only that, the GRE Tunnel hides the addressing and subnets of the enterprise from the IP network used between the sites. Additionally, the GRE tunnel traffic can be encrypted, keeping the enterprise’s packets private as they pass over that other IP network that sits between the two sites.

This lab asked you to create a manual site-to-site GRE tunnel. The lab creates a fake Internet between the two sites, using a simple Ethernet connection. That simple connection uses IP network 192.0.2.0, while the enterprise uses private IP networks that begin with 192.168.

The lab suggested to create the tunnel between routers Edge1 and Edge2, and to configure the tunnel to refer to the source interfaces. A GRE tunnel’s source and destination IP addresses need to be from the IP network between the two routers, so in this case, both Edge1 and Edge2 needed to use their G0/1 interfaces as the tunnel source; both use the tunnel source gigabitethernet0/1 command.

For the tunnel destination, the lab asked you to decide what to use. The key concept here is that if Edge1 uses a particular address as the tunnel source, router Edge2 needs to refer to that same IP address as its tunnel destination. As a result:

  • Edge1’s tunnel source is G0/1, with address 192.0.2.1, so Edge2 uses the tunnel destination 192.0.2.1
  • Edge2’s tunnel source is G0/1, with address 192.0.2.2, so Edge1 uses the tunnel destination 192.0.2.2

So far, the configuration mentioned in this commentary section is enough to create a tunnel, but it does not yet support the forwarding of IPv4 packets. To do that, each tunnel interface needs an IPv4 address configured. The figure shows that the tunnel interface on Edge1 should be configured with the 192.168.3.1, with mask 255.255.255.0; to configure this use the ip address 192.168.3.1 255.255.255.0 command. Router Edge2’s tunnel interface similarly needs an use the ip address 192.168.3.2 255.255.255.0 command. Note that the two IP addresses are in the same subnet, because the tunnel creates a point-to-point topology between routers Edge1 and Edge2.

Finally, the lab asked you to enable OSPF so that it works with the pre-configured OSPF process, and to enable OSPF with interface subcommands. That OSPF process uses process ID 10. Both routers use a command with the same syntax on their tunnel interfaces: the ip ospf 10 area 0 command.

Multi-area OSPF 2
GRE Tunnel 1
certskills
By certskills April 27, 2016 09:05
Write a comment

4 Comments

  1. Sir_yrwins September 9, 00:07

    wow… this is how i get working…
    edg1.
    config terminal
    interface loopback1
    ip address 1.1.1.1 255.255.255.255
    interface tunnel 0
    tunnel source gi 0/1
    ip address 192.168.3.1 255.255.255.0
    tunnuel source loopback1
    tunnel destination 2.2.2.2
    end
    router ospf 10
    network ip address 192.168.3.0 0.0.0.255 are 0

    edge2
    configure terminal
    interface loopback 2
    ip address 2.2.2.2 255.255.255.0
    end
    interface tunnel 0
    tunnel source gi 0/1
    ip address 192.168.3.2 255.255.255.0
    tunnel source loopback 2
    tunnel destination 1.1.1.1
    end
    route ospf 10
    network ip address 192.168.3.0 0.0.0.255 are 0

    Reply to this comment
    • certskills Author September 9, 07:12

      Hi,
      I’m good with your answer. It does stray a bit from the lab requirements, but for getting a GRE tunnel working, it looks good, other than possibly needing to add something so each router learns a route to the other router’s new loopback IP addresses. EG, a static route to 2.2.2.2 on Edge1 and vice versa.

      Reply to this comment
  2. Erjol October 1, 16:01

    Hi, the command “tunnel mode gre ip” is not needed to create the tunnel?
    thanks.

    Reply to this comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email

Subscribe

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Search

Categories