tunnel destination through tunnel source

tunnel destination

To specify the destination for a tunnel interface, use the tunnel destination command in interface configuration mode. To remove the destination, use the no form of this command.

tunnel destination { host-name | ip-address | ipv6-address | dynamic }

no tunnel destination

Command Syntax for Cisco Catalyst 3850 Series Switches

tunnel destination ip-address

no tunnel destination

Syntax Description

host-name

Name of the host destination.

ip-address

IP address of the host destination expressed in dotted decimal notation.

ipv6-address

IPv6 address of the host destination expressed in IPv6 address format.

dynamic

Applies the tunnel destination address dynamically to the tunnel interface.

Command Default

No tunnel interface destination is specified.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

10.0

This command was introduced.

12.3(7)T

This command was modified. The address field was modified to accept an ipv6-address argument to allow IPv6 nodes to be configured as a tunnel destination.

12.2(30)S

This command was integrated into Cisco IOS Release 12.2(30)S.

12.2(28)SB

This command was integrated into Cisco IOS Release 12.2(28)SB.

12.2(25)SG

This command was integrated into Cisco IOS Release 12.2(25)SG.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Cisco IOS XE Release 2.1

This command was introduced on Cisco ASR 1000 Series Routers.

15.1SY

This command was integrated into Cisco IOS Release 15.1SY.

Cisco IOS XE Release 3.7S

This command was modified. The dynamic keyword was added.

15.4(2)S

This command was implemented on the Cisco ASR 901 Series Aggregation Services Router.

Usage Guidelines

You cannot configure two tunnels to use the same encapsulation mode with exactly the same source and destination addresses. The workaround is to create a loopback interface and configure the packet source off of the loopback interface. Refer to the Cisco IOS AppleTalk, ISO CLNS, and Novell IPX Configuration Guide for more information about AppleTalk Cayman tunneling.


Note

Only GRE tunneling is supported on Cisco Catalyst 3850 Series Switches.

Examples

The following example shows how to configure the tunnel destination address for Cayman tunneling: 

Device(config)# interface tunnel0
Device(config-if)# tunnel source ethernet0
Device(config-if)# tunnel destination 10.108.164.19
Device(config-if)# tunnel mode cayman

Examples

The following example shows how to set the tunnel destination address dynamically: 

Device(config)# interface tunnel0
Device(config-if)# tunnel destination dynamic
Device(config-if)# *Nov 22 19:38:28.271: Tunnel notified destination change: dynamic is set
Device(config-if)# end
Device# show run interface tunnel0
Building configuration...

Current configuration : 63 bytes
!
interface Tunnel0
 no ip address
 tunnel source dynamic
 tunnel destination dynamic
end

If the tunnel destination address is configured to be set dynamically, you cannot configure the tunnel destination address without removing the dynamic configuration. 

Device(config)# interface tunnel0
Device(config-if)# tunnel destination ethernet 0/0
Device(config-if)# end
Device# show run interface tunnel0
Building configuration...

Current configuration : 63 bytes
!
interface Tunnel0
 no ip address
 tunnel destination dynamic
end
Device# configure terminal
Device(config)# interface tunnel0
Device(config-if)# no tunnel destination

Examples

The following example shows how to configure the tunnel destination address for generic routing encapsulation (GRE) tunneling: 

Device(config)# interface tunnel0
Device(config-if)# appletalk cable-range 4160-4160 4160.19
Device(config-if)# appletalk zone Engineering
Device(config-if)# tunnel source ethernet0
Device(config-if)# tunnel destination 10.108.164.19
Device(config-if)# tunnel mode gre ip

The following example shows how to configure the logical Layer 3 GRE tunnel interface tunnel 2 in Global or non- VRF environment on Cisco Catalyst 3850 Series Switches: 

Device(config)# interface tunnel 2
Device(config-if)# ip address 100.1.1.1 255.255.255.0
Device(config-if)# tunnel source 10.10.10.1 
Device(config-if)# tunnel destination 10.10.10.2 
Device(config-if)# tunnel mode gre ip 
Device(config-if)# end

The following example shows how to configure the logical Layer 3 GRE tunnel interface tunnel 2 in VRF environment on Cisco Catalyst 3850 Series Switches. Use the vrf definition vrf-name and thevrf forwarding vrf-name commands to configure and apply VRF. 

Device(config)# vrf definition RED
Device(config-vrf)#  address-family ipv4
Device(config-vrf-af)# exit-address-family
Device(config-vrf)#  exit 
Device(config)# interface tunnel 2
Device(config)# vrf forwarding RED
Device(config-if)# ip address 100.1.1.1 255.255.255.0
Device(config-if)# tunnel source 10.10.10.1 
Device(config-if)# tunnel destination 10.10.10.2 
Device(config-if)# tunnel mode gre ip 
Device(config-if)# end

Examples

The following example shows how to configure the tunnel destination address for GRE tunneling of IPv6 packets: 

Device(config)# interface Tunnel0
Device(config-if)# no ip address
Device(config-if)# ipv6 router isis 
Device(config-if)# tunnel source Ethernet0/0
Device(config-if)# tunnel destination 2001:0DB8:1111:2222::1/64
Device(config-if)# tunnel mode gre ipv6
Device(config-if)# exit
!
Device(config)# interface Ethernet0/0
Device(config-if)# ip address 10.0.0.1 255.255.255.0
Device(config-if)# exit
!
Device(config)# ipv6 unicast-routing
Device(config)# router isis 
Device(config)# net 49.0000.0000.000a.00

Note

IPv6 GRE tunneling is not supported on Cisco Catalyst 3850 Series Switches.

Related Commands

Command

Description

appletalk cable-range

Enables an extended AppleTalk network.

appletalk zone

Sets the zone name for the connected AppleTalk network.

tunnel mode

Sets the encapsulation mode for the tunnel interface.

tunnel source

Sets the source address of a tunnel interface.

tunnel mode

To set the encapsulation mode for the tunnel interface, use the tunnel mode command in interface configuration mode. To return to the default mode, use the no form of this command.

tunnel mode { aurp | cayman | dvmrp | eon | ethernet gre { ipv4 | ipv6 } | gre | gre multipoint | gre ipv6 | ipip [decapsulate-any] | ipsec ipv4 | iptalk | ipv6 | ipsec ipv6 | mpls | nos | rbscp }

no tunnel mode

Command Syntax for Cisco Catalyst 3850 Series Switches

tunnel mode gre { ip | ipv6 }

no tunnel mode

Syntax Description

aurp

AppleTalk Update-Based Routing Protocol.

cayman

Cayman TunnelTalk AppleTalk encapsulation.

dvmrp

Distance Vector Multicast Routing Protocol (DMVRP).

ethernet gre ipv4

Ethernet over Generic Routing Encapsulation (GRE) IPv4.

ethernet gre ipv6

Ethernet over GRE IPv6.

eon

EON–compatible Connectionless Network Service (CLNS) tunnel.

gre

GRE protocol. This is the default.

gre multipoint

Multipoint GRE (mGRE).

gre ipv6

GRE tunneling using IPv6 as the delivery protocol.

ipip

IP-over-IP encapsulation.

decapsulate-any

(Optional) Terminates any number of IP-in-IP tunnels at one tunnel interface.

This tunnel will not carry any outbound traffic; however, any number of remote tunnel endpoints can use a tunnel configured this way as their destination.

ipsec ipv4

Tunnel mode is IPSec, and the transport is IPv4.

iptalk

Apple IPTalk encapsulation.

ipv6

Static tunnel interface configured to encapsulate IPv6 or IPv4 packets in IPv6.

ipsec ipv6

Tunnel mode is IPSec, and the transport is IPv6.

mpls

Multiprotocol Label Switching (MPLS) encapsulation.

nos

KA9Q/NOS–compatible IP over IP.

rbscp

Rate Based Satellite Control Protocol (RBSCP).

Command Default

The default is GRE tunneling.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

10.0

This command was introduced.

10.3

This command was modified. The aurp, dvmrp, and ipip keywords were added.

11.2

This command was modified. The optional decapsulate-any keyword was added.

12.2(13)T

This command was modified. The gre multipoint keyword was added.

12.3(7)T

This command was modified. The following keywords were added:

  • gre ipv6 to support GRE tunneling using IPv6 as the delivery protocol.

  • ipv6 to allow a static tunnel interface to be configured to encapsulate IPv6 or IPv4 packets in IPv6.

  • rbscp to support RBSCP.

12.3(14)T

This command was modified. The ipsec ipv4 keyword was added.

12.2(18)SXE

This command was modified. The gre multipoint keyword was added.

12.2(30)S

This command was integrated into Cisco IOS Release 12.2(30)S.

12.2(25)SG

This command was integrated into Cisco IOS Release 12.2(25)SG.

12.4(4)T

This command was modified. The ipsec ipv6 keyword was added.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Cisco IOS XE Release 2.1

This command was implemented on Cisco ASR 1000 Series Routers.

15.1SY

This command was integrated into Cisco IOS Release 15.1SY.

Cisco IOS XE Release 3.9S

This command was modified. The ethernet gre keyword was added.

Usage Guidelines

Source and Destination Address

You cannot have two tunnels that use the same encapsulation mode with exactly the same source and destination address. The workaround is to create a loopback interface and source packets off of the loopback interface.

Cayman Tunneling

Designed by Cayman Systems, Cayman tunneling enables tunneling to enable Cisco routers to interoperate with Cayman GatorBoxes. With Cayman tunneling, you can establish tunnels between two routers or between a Cisco router and a GatorBox. When using Cayman tunneling, you must not configure the tunnel with an AppleTalk network address.

DVMRP

Use DVMRP when a router connects to an mrouted (multicast) router to run DVMRP over a tunnel. You must configure Protocol Independent Multicast (PIM) and an IP address on a DVMRP tunnel.

Ethernet over GRE

Use Ethernet over GRE to send ethernet traffic from low-end resident gateways (RGs) or Customer Premises Equipment (CPE) to aggregation routers where Mobile Access Gateway (MAG) is enabled over GRE tunnels. The RGs and CPE can then provide mobility services to mobile nodes (MNs).

GRE with AppleTalk

GRE tunneling can be done between Cisco routers only. When using GRE tunneling for AppleTalk, you configure the tunnel with an AppleTalk network address. Using the AppleTalk network address, you can ping the other end of the tunnel to check the connection.

Multipoint GRE

After enabling mGRE tunneling, you can enable the tunnel protection command, which allows you to associate the mGRE tunnel with an IPSec profile. Combining mGRE tunnels and IPSec encryption allows a single mGRE interface to support multiple IPSec tunnels, thereby simplifying the size and complexity of the configuration.


Note

GRE tunnel keepalives configured using the keepalive command under a GRE interface are supported only on point-to-point GRE tunnels.

RBSCP

RBSCP tunneling is designed for wireless or long-distance delay links with high error rates, such as satellite links. Using tunnels, RBSCP can improve the performance of certain IP protocols, such as TCP and IPSec, over satellite links without breaking the end-to-end model.

IPsec in IPv6 Transport

IPv6 IPsec encapsulation provides site-to-site IPsec protection of IPv6 unicast and multicast traffic. This feature allows IPv6 routers to work as a security gateway, establishes IPsec tunnels to another security gateway router, and provides crypto IPsec protection for traffic from an internal network when it is transmitted across the public IPv6 Internet. IPv6 IPsec is very similar to the security gateway model using IPv4 IPsec protection.


Note

Only GRE tunneling is supported on Cisco Catalyst 3850 Series Switches.

Examples

The following example shows how to enable Cayman tunneling: 

Device(config)# interface tunnel 0
Device(config-if)# tunnel source ethernet 0
Device(config-if)# tunnel destination 10.108.164.19
Device(config-if)# tunnel mode cayman

Examples

The following example shows how to enable Ethernet over GRE tunneling for IPv6: 

Device(config)# interface tunnel 0
Device(config)# mac-address 0000.0000.00001
Device(config-if)# ip address 10.1.1.2 255.255.255.0
Device(config-if)# tunnel source Loopback0
Device(config-if)# tunnel mode gre ipv6
Device(config-if)# tunnel vlan 1023

Examples

The following example shows how to enable GRE tunneling: 

Device(config)# interface tunnel 0
Device(config-if)# appletalk cable-range 4160-4160 4160.19
Device(config-if)# appletalk zone Engineering
Device(config-if)# tunnel source ethernet0
Device(config-if)# tunnel destination 10.108.164.19
Device(config-if)# tunnel mode gre

The following example shows how to configure the logical Layer 3 GRE tunnel interface tunnel 2 in Global or non- VRF environment on Cisco Catalyst 3850 Series Switches: 

Device(config)# interface tunnel 2
Device(config-if)# ip address 100.1.1.1 255.255.255.0
Device(config-if)# tunnel source 10.10.10.1 
Device(config-if)# tunnel destination 10.10.10.2 
Device(config-if)# tunnel mode gre ip 
Device(config-if)# end

The following example shows how to configure the logical Layer 3 GRE tunnel interface tunnel 2 in VRF environment on Cisco Catalyst 3850 Series Switches. Use the vrf definition vrf-name and thevrf forwarding vrf-name commands to configure and apply VRF. 

Device(config)# vrf definition RED
Device(config-vrf)#  address-family ipv4
Device(config-vrf-af)# exit-address-family
Device(config-vrf)#  exit 
Device(config)# interface tunnel 2
Device(config)# vrf forwarding RED
Device(config-if)# ip address 100.1.1.1 255.255.255.0
Device(config-if)# tunnel source 10.10.10.1 
Device(config-if)# tunnel destination 10.10.10.2 
Device(config-if)# tunnel mode gre ip 
Device(config-if)# end

Note

IPv6 GRE tunneling is not supported on Cisco Catalyst 3850 Series Switches.

Examples

The following example shows how to configure a tunnel using IPsec encapsulation with IPv4 as the transport mechanism: 

Device (config)# crypto ipsec profile PROF
Device (config)# set transform tset
Device (config)# interface tunnel 0
Device (config-if)# ip address 10.1.1.1 255.255.255.0
Device (config-if)# tunnel mode ipsec ipv4
Device (config-if)# tunnel source loopback 0
Device (config-if)# tunnel destination 172.16.1.1

Examples

The following example shows how to configure an IPv6 IPsec tunnel interface: 

Device(config)# interface tunnel 0 
Device(config-if)# ipv6 address 2001:0DB8:1111:2222::2/64 
Device(config-if)# tunnel destination 10.0.0.1
Device(config-if)# tunnel source Ethernet 0/0
Device(config-if)# tunnel mode ipsec ipv6
Device(config-if)# tunnel protection ipsec profile profile1

Examples

The following example shows how to enable mGRE tunneling: 

interface Tunnel0
 bandwidth 1000
 ip address 10.0.0.1 255.255.255.0
! Ensures longer packets are fragmented before they are encrypted; otherwise, the ! receiving router would have to do the reassembly.
 ip mtu 1416
! Turns off split horizon on the mGRE tunnel interface; otherwise, EIGRP will not ! advertise routes that are learned via the mGRE interface back out that interface.
 no ip split-horizon eigrp 1
 no ip next-hop-self eigrp 1
 delay 1000
! Sets IPSec peer address to Ethernet interface’s public address.
 tunnel source Ethernet0
 tunnel mode gre multipoint
! The following line must match on all nodes that want to use this mGRE tunnel.
 tunnel key 100000
 tunnel protection ipsec profile vpnprof

Examples

The following example shows how to enable RBSCP tunneling: 

Device(config)# interface tunnel 0
Device(config-if)# tunnel source ethernet 0
Device(config-if)# tunnel destination 10.108.164.19
Device(config-if)# tunnel mode rbscp

Related Commands

Command

Description

appletalk cable-range

Enables an extended AppleTalk network.

appletalk zone

Sets the zone name for the connected AppleTalk network.

mac-address

Specifies a MAC address to use as the common router MAC address for interfaces on the active and standby chassis.

tunnel destination

Specifies the destination for a tunnel interface.

tunnel protection

Associates a tunnel interface with an IPsec profile.

tunnel source

Sets the source address of a tunnel interface.

tunnel vlan

Associates a VLAN ID for the Ethernet over GRE tunnel interface.

tunnel source

To set the source address for a tunnel interface, use the tunnel source command in interface configuration mode. To remove the source address, use the no form of this command.

tunnel source { ip-address | ipv6-address | interface-type interface-number | dynamic }

no tunnel source

Command Syntax for Cisco Catalyst 3850 Series Switches

tunnel source ip-address

no tunnel source

Syntax Description

dynamic

Applies the tunnel source address dynamically to the tunnel interface.

ip-address

Source IP address of packets in the tunnel.

  • In case of traffic engineering (TE) tunnels, the control packets are affected.

ipv6-address

Source IPv6 address of packets in the tunnel.

interface-type

Interface type.

interface-number

Port, connector, or interface card number. The numbers are assigned at the factory at the time of installation or when added to a system and can be displayed with the show interfaces command.

Command Default

No tunnel interface source address is set.

Command Modes

Interface configuration (config-if)

Command History

Release

Modification

10.0

This command was introduced.

12.3(7)T

The address field has been updated to accept an IPv6 address as the source address allowing an IPv6 node to be used as a tunnel source.

12.2(30)S

This command was integrated into Cisco IOS Release 12.2(30)S.

12.2(25)SG

This command was integrated into Cisco IOS Release 12.2(25)SG.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Cisco IOS XE Release 2.1

This command was integrated into Cisco IOS Release 2.1 and implemented on Cisco ASR 1000 Series Aggregation Services Routers.

15.1SY

This command was integrated into Cisco IOS Release 15.1SY.

Cisco IOS XE Release 3.7S

This command was modified. The dynamic keyword was added.

15.4(2)S

This command was implemented on the Cisco ASR 901 Series Aggregation Services Router.

Usage Guidelines

The source address is either an explicitly defined IP address or the IP address assigned to the specified interface.

You cannot have two tunnels using the same encapsulation mode with exactly the same source and destination addresses. The workaround is to create a loopback interface and source packets from the loopback interface. This restriction is applicable only for generic routing encapsulation (GRE) tunnels. You can have more than one TE tunnel with the same source and destination addresses.


Note

Only GRE tunneling is supported on Cisco Catalyst 3850 Series Switches.

When using tunnels to Cayman boxes, you must set the tunnel source command to an explicit IP address on the same subnet as the Cayman box, and not the tunnel itself.

GRE tunnel encapsulation and deencapsulation for multicast packets are handled by the hardware. Each hardware-assisted tunnel must have a unique source. Hardware-assisted tunnels cannot share a source even if the destinations are different. You should use secondary addresses on loopback interfaces or create multiple loopback interfaces to ensure that the hardware-assisted tunnels do not share a source.

Examples

The following example shows how to set a tunnel source address for Cayman tunneling: 

Device(config)# interface tunnel0
Device(config-if)# tunnel source ethernet0
Device(config-if)# tunnel destination 172.32.164.19
Device(config-if)# tunnel mode cisco1

Examples

The following example shows how to set the tunnel source dynamically: 

Device(config)# interface tunnel0
Device(config-if)# tunnel source dynamic
Device(config-if)# *Nov 22 19:38:28.271: Tunnel notified source change: dynamic is set
Device(config-if)# end
Device# show run interface tunnel0
Building configuration...

Current configuration : 63 bytes
!
interface Tunnel0
 no ip address
 tunnel source dynamic
end

If the tunnel source is configured to be set dynamically, you cannot configure the tunnel source address without removing the dynamic configuration. 

Device(config)# interface tunnel0
Device(config-if)# tunnel source ethernet 0/0
Device(config-if)# *Nov 22 21:39:52.423: Tunnel notified source change: dynamic is set
*Nov 22 21:39:52.423: Tunnel notified source change, src ip 1.1.1.1
Device(config-if)# end
Device# show run interface tunnel0
Building configuration...

Current configuration : 63 bytes
!
interface Tunnel0
 no ip address
 tunnel source dynamic
end
Device# configure terminal
Device(config)# interface tunnel0
Device(config-if)# no tunnel source
Device(config-if)# *Nov 22 21:41:10.287: Tunnel notified source change: dynamic is not set

Examples

The following example shows how to set a tunnel source address for GRE tunneling: 

Device(config)# interface tunnel0
Device(config-if)# appletalk cable-range 4160-4160 4160.19
Device(config-if)# appletalk zone Engineering
Device(config-if)# tunnel source ethernet0
Device(config-if)# tunnel destination 172.32.164.19
Device(config-if)# tunnel mode gre ip

The following example shows how to configure the logical Layer 3 GRE tunnel interface tunnel 2 in Global or non- VRF environment on Cisco Catalyst 3850 Series Switches: 

Device(config)# interface tunnel 2
Device(config-if)# ip address 100.1.1.1 255.255.255.0
Device(config-if)# tunnel source 10.10.10.1 
Device(config-if)# tunnel destination 10.10.10.2 
Device(config-if)# tunnel mode gre ip 
Device(config-if)# end

The following example shows how to configure the logical Layer 3 GRE tunnel interface tunnel 2 in VRF environment on Cisco Catalyst 3850 Series Switches. Use the vrf definition vrf-name and thevrf forwarding vrf-name commands to configure and apply VRF. 

Device(config)# vrf definition RED
Device(config-vrf)#  address-family ipv4
Device(config-vrf-af)# exit-address-family
Device(config-vrf)#  exit 
Device(config)# interface tunnel 2
Device(config)# vrf forwarding RED
Device(config-if)# ip address 100.1.1.1 255.255.255.0
Device(config-if)# tunnel source 10.10.10.1 
Device(config-if)# tunnel destination 10.10.10.2 
Device(config-if)# tunnel mode gre ip 
Device(config-if)# end

Note

IPv6 GRE tunneling is not supported on Cisco Catalyst 3850 Series Switches.

Examples

The following example shows how to set a tunnel source for a Multiprotocol Label Switching (MPLS) TE tunnel: 

Device> enable 
Device# configure terminal 
Device(config)# interface tunnel 1 
Device(config-if)# ip unnumbered loopback0 
Device(config-if)# tunnel source loopback1 
Device(config-if)# tunnel mode mpls traffic-eng 
Device(config-if)# end

Related Commands

Command

Description

appletalk cable-range

Enables an extended AppleTalk network.

appletalk zone

Sets the zone name for the connected AppleTalk network.

tunnel destination

Specifies the destination for a tunnel interface.