Interface and Hardware Component Command Reference, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
tunnel bandwidth through yellow
Downloads: This chapterpdf (PDF - 389.0KB) The complete bookPDF (PDF - 3.37MB) | Feedback

tunnel bandwidth through yellow

tunnel bandwidth through yellow

tunnel destination

To specify the destination for a tunnel interface, use the tunnel destination command in interface configuration mode. To remove the destination, use the no form of this command.

tunnel destination { host-name | ip-address | ipv6-address | dynamic }

no tunnel destination

Syntax Description

host-name

Name of the host destination.

ip-address

IP address of the host destination expressed in dotted decimal notation.

ipv6-address

IPv6 address of the host destination expressed in IPv6 address format.

dynamic

Applies the tunnel destination address dynamically to the tunnel interface.

Command Default

No tunnel interface destination is specified.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

10.0

This command was introduced.

12.3(7)T

This command was modified. The address field was modified to accept an ipv6-address argument to allow IPv6 nodes to be configured as a tunnel destination.

12.2(30)S

This command was integrated into Cisco IOS Release 12.2(30)S.

12.2(28)SB

This command was integrated into Cisco IOS Release 12.2(28)SB.

12.2(25)SG

This command was integrated into Cisco IOS Release 12.2(25)SG.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Cisco IOS XE Release 2.1

This command was introduced on Cisco ASR 1000 Series Routers.

15.1SY

This command was integrated into Cisco IOS Release 15.1SY.

Cisco IOS XE Release 3.7S

This command was modified. The dynamic keyword was added.

Usage Guidelines

You cannot configure two tunnels to use the same encapsulation mode with exactly the same source and destination addresses. The workaround is to create a loopback interface and configure the packet source off of the loopback interface. Refer to the Cisco IOS AppleTalk, ISO CLNS, and Novell IPX Configuration Guide for more information about AppleTalk Cayman tunneling.

Examples

Examples

Tunnel Destination Address for Cayman Tunnel

The following example shows how to configure the tunnel destination address for Cayman tunneling:

Device(config)# interface tunnel0
Device(config-if)# tunnel source ethernet0
Device(config-if)# tunnel destination 10.108.164.19
Device(config-if)# tunnel mode cayman

Examples

Tunnel Destination Address for Dynamic Tunnel

The following example shows how to set the tunnel destination address dynamically:

Device(config)# interface tunnel0
Device(config-if)# tunnel destination dynamic
Device(config-if)# *Nov 22 19:38:28.271: Tunnel notified destination change: dynamic is set
Device(config-if)# end
Device# show run interface tunnel0
Building configuration...

Current configuration : 63 bytes
!
interface Tunnel0
 no ip address
 tunnel source dynamic
 tunnel destination dynamic
end

If the tunnel destination address is configured to be set dynamically, you cannot configure the tunnel destination address without removing the dynamic configuration.

Device(config)# interface tunnel0
Device(config-if)# tunnel destination ethernet 0/0
Device(config-if)# end
Device# show run interface tunnel0
Building configuration...

Current configuration : 63 bytes
!
interface Tunnel0
 no ip address
 tunnel destination dynamic
end
Device# configure terminal
Device(config)# interface tunnel0
Device(config-if)# no tunnel destination


Examples

Tunnel Destination Address for GRE Tunneling

The following example shows how to configure the tunnel destination address for generic routing encapsulation (GRE) tunneling:

Device(config)# interface tunnel0
Device(config-if)# appletalk cable-range 4160-4160 4160.19
Device(config-if)# appletalk zone Engineering
Device(config-if)# tunnel source ethernet0
Device(config-if)# tunnel destination 10.108.164.19
Device(config-if)# tunnel mode gre ip

Examples

Tunnel Destination Address for IPv6 Tunnel

The following example shows how to configure the tunnel destination address for GRE tunneling of IPv6 packets:

Device(config)# interface Tunnel0
Device(config-if)# no ip address
Device(config-if)# ipv6 router isis 
Device(config-if)# tunnel source Ethernet0/0
Device(config-if)# tunnel destination 2001:0DB8:1111:2222::1/64
Device(config-if)# tunnel mode gre ipv6
Device(config-if)# exit
!
Device(config)# interface Ethernet0/0
Device(config-if)# ip address 10.0.0.1 255.255.255.0
Device(config-if)# exit
!
Device(config)# ipv6 unicast-routing
Device(config)# router isis 
Device(config)# net 49.0000.0000.000a.00

Related Commands

Command

Description

appletalk cable-range

Enables an extended AppleTalk network.

appletalk zone

Sets the zone name for the connected AppleTalk network.

tunnel mode

Sets the encapsulation mode for the tunnel interface.

tunnel source

Sets the source address of a tunnel interface.

tunnel mode

To set the encapsulation mode for the tunnel interface, use the tunnelmode command in interface configuration mode. To restore the default mode, use the no form of this command.

tunnel mode { aurp | cayman | dvmrp | eon | gre | gre multipoint | gre ipv6 | ipip [decapsulate-any] | ipsec ipv4 | iptalk | ipv6 | ipsec ipv6 | mpls | nos | rbscp }

no tunnel mode

Syntax Description

aurp

AppleTalk Update-Based Routing Protocol.

cayman

Cayman TunnelTalk AppleTalk encapsulation.

dvmrp

Distance Vector Multicast Routing Protocol.

eon

EON compatible Connectionless Network Protocol (CLNS) tunnel.

gre

Generic routing encapsulation (GRE) protocol. This is the default.

gre multipoint

Multipoint GRE (mGRE).

gre ipv6

GRE tunneling using IPv6 as the delivery protocol.

ipip

IP-over-IP encapsulation.

decapsulate-any

(Optional) Terminates any number of IP-in-IP tunnels at one tunnel interface.

This tunnel will not carry any outbound traffic; however, any number of remote tunnel endpoints can use a tunnel configured this way as their destination.

ipsec ipv4

Tunnel mode is IPSec, and the transport is IPv4.

iptalk

Apple IPTalk encapsulation.

ipv6

Static tunnel interface configured to encapsulate IPv6 or IPv4 packets in IPv6.

ipsec ipv6

Tunnel mode is IPSec, and the transport is IPv6.

mpls

Multiprotocol Label Switching (MPLS) encapsulation.

nos

KA9Q/NOS compatible IP over IP.

rbscp

Rate Based Satellite Control Protocol (RBSCP).

Command Default

The default is GRE tunneling.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

10.0

This command was introduced.

10.3

The aurp, dvmrp, and ipip keywords were added.

11.2

The optional decapsulate-any keyword was added.

12.2(13)T

The gremultipoint keyword was added.

12.3(7)T

The following keywords were added:

  • gre ipv6 to support GRE tunneling using IPv6 as the delivery protocol.
  • ipv6 to allow a static tunnel interface to be configured to encapsulate IPv6 or IPv4 packets in IPv6.
  • rbscp to support RBSCP.

12.3(14)T

The ipsecipv4 keyword was added.

12.2(18)SXE

The gremultipoint keyword added.

12.2(30)S

This command was integrated into Cisco IOS Release 12.2(30)S.

12.2(25)SG

This command was integrated into Cisco IOS Release 12.2(25)SG.

12.4(4)T

The ipsecipv6 keyword was added.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Cisco IOS XE Release 2.1

This command was introduced on Cisco ASR 1000 Series Routers.

15.1SY

This command was integrated into Cisco IOS Release 15.1SY.

Usage Guidelines

Source and Destination Address

You cannot have two tunnels that use the same encapsulation mode with exactly the same source and destination address. The workaround is to create a loopback interface and source packets off of the loopback interface.

Cayman Tunneling

Designed by Cayman Systems, Cayman tunneling implements tunneling to enable Cisco routers to interoperate with Cayman GatorBoxes. With Cayman tunneling, you can establish tunnels between two routers or between a Cisco router and a GatorBox. When using Cayman tunneling, you must not configure the tunnel with an AppleTalk network address.

DVMRP

Use DVMRP when a router connects to an mrouted (multicast) router to run DVMRP over a tunnel. You must configure Protocol Independent Multicast (PIM) and an IP address on a DVMRP tunnel.

GRE with AppleTalk

GRE tunneling can be done between Cisco routers only. When using GRE tunneling for AppleTalk, you configure the tunnel with an AppleTalk network address. Using the AppleTalk network address, you can ping the other end of the tunnel to check the connection.

Multipoint GRE

After enabling mGRE tunneling, you can enable the tunnelprotection command, which allows you to associate the mGRE tunnel with an IPSec profile. Combining mGRE tunnels and IPSec encryption allows a single mGRE interface to support multiple IPSec tunnels, thereby simplifying the size and complexity of the configuration.


Note


GRE tunnel keepalives configured using the keepalive command under a GRE interface are supported only on point-to-point GRE tunnels.


RBSCP

RBSCP tunneling is designed for wireless or long-distance delay links with high error rates, such as satellite links. Using tunnels, RBSCP can improve the performance of certain IP protocols, such as TCP and IPSec, over satellite links without breaking the end-to-end model.

IPSec in IPv6 Transport

IPv6 IPSec encapsulation provides site-to-site IPSec protection of IPv6 unicast and multicast traffic. This feature allows IPv6 routers to work as a security gateway, establishes IPSec tunnels between another security gateway router, and provides crypto IPSec protection for traffic from an internal network when being transmitting across the public IPv6 Internet. IPv6 IPSec is very similar to the security gateway model using IPv4 IPsec protection.

Examples

Examples

Cayman Tunneling

The following example shows how to enable Cayman tunneling:

Router(config
)
# interface tunnel 0
Router(config-if)# tunnel source ethernet 0
Router(config-if)# tunnel destination 10.108.164.19
Router(config-if)# tunnel mode cayman

Examples

GRE Tunneling

The following example shows how to enable GRE tunneling:

Router(config
)
# interface tunnel 0
Router(config-if)# appletalk cable-range 4160-4160 4160.19
Router(config-if)# appletalk zone Engineering
Router(config-if)# tunnel source ethernet0
Router(config-if)# tunnel destination 10.108.164.19
Router(config-if)# tunnel mode gre

Examples

IPSec in IPv4 Transport

The following example shows how to configure a tunnel using IPSec encapsulation with IPv4 as the transport mechanism:

Router(config)# cryptoipsecprofilePROF

Router(config ) #settransformtset

Router(config ) #interfaceTunnel0

Router(config -if) #ipaddress10.1.1.1255.255.255.0

Router(config -if) #tunnelmodeipsecipv4

Router(config -if) #tunnelsourceLoopback0

Router(config -if) #tunneldestination172.16.1.1

Router(config-if)# tunnel protection ipsec profile PROF

Examples

IPSec in IPv6 Transport

The following example shows how to configure an IPv6 IPSec tunnel interface:

Router(config)# interface tunnel 0 
Router(config-if)# ipv6 address 2001:0DB8:1111:2222::2/64 
Router(config-if)# tunnel destination 10.0.0.1
Router(config-if)# tunnel source Ethernet 0/0
Router(config-if)# tunnel mode ipsec ipv6
 
Router(config-if)# tunnel protection ipsec profile profile1

Examples

Multipoint GRE Tunneling

The following example shows how to enable mGRE tunneling:

interface Tunnel0
 bandwidth 1000
 ip address 10.0.0.1 255.255.255.0
! Ensures longer packets are fragmented before they are encrypted; otherwise, the ! receiving router would have to do the reassembly.
 ip mtu 1416
! Turns off split horizon on the mGRE tunnel interface; otherwise, EIGRP will not ! advertise routes that are learned via the mGRE interface back out that interface.
 no ip split-horizon eigrp 1
 no ip next-hop-self eigrp 1
 delay 1000
! Sets IPSec peer address to Ethernet interface’s public address.
 tunnel source Ethernet0
 tunnel mode gre multipoint
! The following line must match on all nodes that want to use this mGRE tunnel.
 tunnel key 100000
 tunnel protection ipsec profile vpnprof

Examples

RBSCP Tunneling

The following example shows how to enable RBSCP tunneling:

Router(config
)
# interface tunnel 0
Router(config-if)# tunnel source ethernet 0
Router(config-if)# tunnel destination 10.108.164.19
Router(config-if)# tunnel mode rbscp

Related Commands

Command

Description

appletalk cable-range

Enables an extended AppleTalk network.

appletalk zone

Sets the zone name for the connected AppleTalk network.

tunnel destination

Specifies the destination for a tunnel interface.

tunnel protection

Associates a tunnel interface with an IPSec profile.

tunnel source

Sets the source address of a tunnel interface.

tunnel source

To set the source address for a tunnel interface, use the tunnel source command in interface configuration mode. To remove the source address, use the no form of this command.

tunnel source { ip-address | ipv6-address | interface-type interface-number | dynamic }

no tunnel source

Syntax Description

dynamic

Applies the tunnel source address dynamically to the tunnel interface.

ip-address

Source IP address of packets in the tunnel.

  • In case of traffic engineering (TE) tunnels, the control packets are affected.

ipv6-address

Source IPv6 address of packets in the tunnel.

interface-type

Interface type.

interface-number

Port, connector, or interface card number. The numbers are assigned at the factory at the time of installation or when added to a system and can be displayed with the show interfaces command.

Command Default

No tunnel interface source address is set.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

10.0

This command was introduced.

12.3(7)T

The address field has been updated to accept an IPv6 address as the source address allowing an IPv6 node to be used as a tunnel source.

12.2(30)S

This command was integrated into Cisco IOS Release 12.2(30)S.

12.2(25)SG

This command was integrated into Cisco IOS Release 12.2(25)SG.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Cisco IOS XE Release 2.1

This command was integrated into Cisco IOS Release 2.1 and implemented on Cisco ASR 1000 Series Aggregation Services Routers.

15.1SY

This command was integrated into Cisco IOS Release 15.1SY.

Cisco IOS XE Release 3.7S

This command was modified. The dynamic keyword was added.

Usage Guidelines

The source address is either an explicitly defined IP address or the IP address assigned to the specified interface.

You cannot have two tunnels using the same encapsulation mode with exactly the same source and destination addresses. The workaround is to create a loopback interface and source packets from the loopback interface. This restriction is applicable only for generic routing encapsulation (GRE) tunnels. You can have more than one TE tunnel with the same source and destination addresses.

When using tunnels to Cayman boxes, you must set the tunnel source command to an explicit IP address on the same subnet as the Cayman box, and not the tunnel itself.

GRE tunnel encapsulation and deencapsulation for multicast packets are handled by the hardware. Each hardware-assisted tunnel must have a unique source. Hardware-assisted tunnels cannot share a source even if the destinations are different. You should use secondary addresses on loopback interfaces or create multiple loopback interfaces to ensure that the hardware-assisted tunnels do not share a source.

Examples

Examples

Cayman Tunnel Example

The following example shows how to set a tunnel source address for Cayman tunneling:

Device(config)# interface tunnel0
Device(config-if)# tunnel source ethernet0
Device(config-if)# tunnel destination 172.32.164.19
Device(config-if)# tunnel mode cisco1

Examples

Dynamic Tunnel Example

The following example shows how to set the tunnel source dynamically:

Device(config)# interface tunnel0
Device(config-if)# tunnel source dynamic
Device(config-if)# *Nov 22 19:38:28.271: Tunnel notified source change: dynamic is set
Device(config-if)# end
Device# show run interface tunnel0
Building configuration...

Current configuration : 63 bytes
!
interface Tunnel0
 no ip address
 tunnel source dynamic
end

If the tunnel source is configured to be set dynamically, you cannot configure the tunnel source address without removing the dynamic configuration.

Device(config)# interface tunnel0
Device(config-if)# tunnel source ethernet 0/0
Device(config-if)# *Nov 22 21:39:52.423: Tunnel notified source change: dynamic is set
*Nov 22 21:39:52.423: Tunnel notified source change, src ip 1.1.1.1
Device(config-if)# end
Device# show run interface tunnel0
Building configuration...

Current configuration : 63 bytes
!
interface Tunnel0
 no ip address
 tunnel source dynamic
end
Device# configure terminal
Device(config)# interface tunnel0
Device(config-if)# no tunnel source
Device(config-if)# *Nov 22 21:41:10.287: Tunnel notified source change: dynamic is not set

Examples

GRE Tunneling Example

The following example shows how to set a tunnel source address for GRE tunneling:

Device(config)# interface tunnel0
Device(config-if)# appletalk cable-range 4160-4160 4160.19
Device(config-if)# appletalk zone Engineering
Device(config-if)# tunnel source ethernet0
Device(config-if)# tunnel destination 172.32.164.19
Device(config-if)# tunnel mode gre ip

Examples

MPLS TE Tunnel Example

The following example shows how to set a tunnel source for a Multiprotocol Label Switching (MPLS) TE tunnel:

Device> enable 
Device# configure terminal 
Device(config)# interface tunnel 1 
Device(config-if)# ip unnumbered loopback0 
Device(config-if)# tunnel source loopback1 
Device(config-if)# tunnel mode mpls traffic-eng 
Device(config-if)# end

Related Commands

Command

Description

appletalk cable-range

Enables an extended AppleTalk network.

appletalk zone

Sets the zone name for the connected AppleTalk network.

tunnel destination

Specifies the destination for a tunnel interface.