07-19-2007 12:48 PM - edited 03-03-2019 05:57 PM
Hiya,
I've setup three sites, two with simple DSL connections out to the internet, and all of them with an MPLS line to connect them together.
What I'm needing to get working is a GRE tunnel between the locations over the MPLS so that I can exchange OSPF routes. Basically I'm wanting the routers to forward all internet traffic out location A's DSL connection and if it's down go out another line at location B.
I can basically get all of that to work if I can get these GRE tunnels up (AT&T won't allow just plain OSPF updates through the MPLS lines they provide). The tunnels between location A and location B (1721 at A and a 2801 at B) work perfectly fine. It's only when I try to get a tunnel up from either of those two locations to location C (827 router) that it doesn't work.
I'm not sure if I've got things configured incorrectly, or whether the 827 router just isn't capable of doing GRE. Here's the relevant tunnel configs from each router:
Location A:
interface Tunnel0
ip address 172.18.1.2 255.255.255.0
keepalive 5 4
tunnel source Ethernet0
tunnel destination 192.168.2.1
!
interface Tunnel1
ip address 172.18.3.2 255.255.255.0
tunnel source Ethernet0
tunnel destination 192.168.3.1
!
interface Ethernet0
ip address 192.168.0.1 255.255.255.0
ip rip v2-broadcast
ip rip send version 2
ip rip receive version 2
ip ospf network broadcast
Location B:
interface Tunnel0
ip address 172.18.1.1 255.255.255.0
keepalive 5 4
tunnel source FastEthernet0/1
tunnel destination 192.168.0.1
!
interface Tunnel1
ip address 172.18.2.1 255.255.255.0
tunnel source 192.168.2.1
tunnel destination 192.168.3.1
interface FastEthernet0/1
ip address 192.168.2.1 255.255.255.0
ip helper-address 192.168.0.3
ip inspect Firewall in
duplex auto
speed auto
Location C:
interface Tunnel0
ip address 172.18.3.1 255.255.255.0
tunnel source Ethernet0
tunnel destination 192.168.0.1
!
interface Tunnel1
ip address 172.18.2.2 255.255.255.0
tunnel source 192.168.3.1
tunnel destination 192.168.2.1
!
interface Ethernet0
ip address 192.168.3.1 255.255.255.0
ip helper-address 192.168.0.3
ip flow ingress
ip flow egress
ip virtual-reassembly
no cdp enable
hold-queue 32 in
hold-queue 100 out
I tried taking the keepalives off of the tunnels going to location C just to see if it would bring the tunnel interface up/up. It'll report as up/up on the location B side, but all of location C's tunnels show up/down, even without keepalives set. Can anyone shed some light on this as I'm quickly running out of ideas.
TIA,
Mike
Solved! Go to Solution.
07-19-2007 02:03 PM
Mike
I checked on the Feature Navigator on the Cisco site and I find that the 827 support for GRE depends on the feature set that you are running (and since I do not know what version I can not yet speak whether it is version dependent). In the version that I checked (12.3(22)), the IP feature set (Base feature set) GRE does not show as supported. But in the IP PLUS feature set it does show as supported.
My guess is that your 827 is running the simple IP feature set and does not support GRE. I believe that if you upgrade the 827 to an IP PLUS image that you would get support for GRE.
Having written that, I do admit that I am a bit puzzled. If the feature were really not supported in that image I am surprised that it accepted the commands and did not generate some warning or error. My experience before has been that if I attempt to configure something not supported in that image that it does give messages about it.
So what image is the 827 running? And is a software upgrade possible?
HTH
Rick
07-19-2007 12:58 PM
Mike
I believe that your problem is IP connectivity. Probably the most important clue is that even with keepalives removed on router C the tunnels show as up/down. Without keepalive configured the default behavior of GRE tunnels is to show the tunnel as up/up if it has a valid route to the tunnel destination (not that the tunnel destination is necessarily reachable) and to show the tunnel as up/down if it does not have a valid route to the tunnel destination. I believe that router C does not have a valid route to the tunnel destinations.
The easy way to prove this is on router C to do an extended ping and in the extended ping to specify the tunnel destination address of one of the tunnels as the ping destination and to specify the Ethernet 0 (192.168.3.1) as the source. I expect that ping to fail. If it does troubleshoot your IP connectivity problem and if you solve it I believe that your tunnels will work.
HTH
Rick
07-19-2007 01:11 PM
The extended pings work, and all other sorts of traffic gets moved around in there just fine. I just can't get the GRE tunnels on the 827 up. Since the tunnel destinations are reachable, and it still shows up/down, what's that mean? Is the 827 just not capable? I've got a spare 1605 router that I've used before with GRE that I could swap it with. It's just that the 827 router is located a couple hours away from me and I don't necessarily want to drive out there if I can avoid it. :)
Thanks!
Mike
07-19-2007 02:03 PM
Mike
I checked on the Feature Navigator on the Cisco site and I find that the 827 support for GRE depends on the feature set that you are running (and since I do not know what version I can not yet speak whether it is version dependent). In the version that I checked (12.3(22)), the IP feature set (Base feature set) GRE does not show as supported. But in the IP PLUS feature set it does show as supported.
My guess is that your 827 is running the simple IP feature set and does not support GRE. I believe that if you upgrade the 827 to an IP PLUS image that you would get support for GRE.
Having written that, I do admit that I am a bit puzzled. If the feature were really not supported in that image I am surprised that it accepted the commands and did not generate some warning or error. My experience before has been that if I attempt to configure something not supported in that image that it does give messages about it.
So what image is the 827 running? And is a software upgrade possible?
HTH
Rick
07-19-2007 09:31 PM
Hi Rick
From my previous experience though some of the boxes supports GRE tunnel configs it gets into IP/IP mode instead of GRE mode.
The same can be verified using show interface tunnel x under which we can check out the tunnel mode...
If you have different modes on both the ends it wont come up..
regds
07-20-2007 09:19 AM
Ah, it was the IP vs. IP Plus issue. I put a new image on with IP Plus and my tunnels magically came up. It didn't give me any errors or warnings when setting up the tunnels on the old IOS, so it was perplexing.
Thank you so much for your help!
07-20-2007 09:43 AM
Mike
I am glad that you got it to work. It certainly is surprising that it accepted the commands without any sign of a problem if the code version did not support it. That would certainly be perplexing.
Thanks for using the rating system to indicate that your problem was resolved (and thanks for the rating). It makes the forum more useful when people can read of a problem (especially an unusual problem like this one) and can know that they will read a solution to the problem. I encourage you to continue your participation in the forum.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide