Unanswered Question
Jun 11th, 2008

Hi i m new to this cisco platform .. What the following configuration means

interface Tunnel1

description GRE - Mumbai

ip address

ip ospf network point-to-point

tunnel source FastEthernet0/0

tunnel destination

tunnel checksum

hold-queue 4096 out

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
shiva_ial Wed, 06/11/2008 - 05:11


This tunnel1 is an virtual interface created for GRE

source of the tunnel is fa0/0

and destination -tunnel ends

rate if it helps


vinothlb1 Thu, 06/12/2008 - 00:18

why do we need tunnel. how to configure both local and remote ends..

foxbatreco Thu, 06/12/2008 - 02:32

The configs gives a GRE tunnel to destination address is a sort of logical tunnel link between 2 locations.BOth ends will have to be specified with a source & destination for the tunnel to know where to enter and look for a particular end node.

Although this doesnt give security as gud as wat ipsec gives still it encapsulates the packets ..sort of IP within IP.

You can use tunnels to say connect ur 2 remote end offices located geographically @ different places and want to share/access variety of application either ways without goin all the way thru the internet.

the other end will have same config as above but the tunnel source will change to actual external interface u will use to route the packets out of ur network, also tunnel destination will change to the other ends external entry interface.

Also , u will need to put routes @ either ends pointing the path to your internal nodes.

say, ip route tunnel1

where is the other ends internal network and tunnel1 is the exit logical interface from where it can reach network on the other end.

Hope this clears your thoughts.

Pls rate/mark the post if it helps!!!

michael.leblanc Thu, 06/12/2008 - 08:52

When configuring routes, you usually need to overcome "recursive routing".

GRE is configured with, and knows of the tunnel endpoints, but sees the path to the far-side tunnel endpoint as being via the tunnel itself (recursive routing).

We need to provide an alternative (typically a static host route) that tells GRE to reach the far-side tunnel endpoint by way of a "physical" interface.

i.e.: reach the far-side tunnel endpoint aaa.bbb.ccc.ddd (on a different network) by way of our default gateway (next hop).


ip route 2

Usually, you will use dynamic routing protocols to populate the routing tables with routes to the far side network(s). So, " via tunnel1" would be a dynamically learned route, and not a static configured route.

Also, the tunnel endpoints do NOT have to be the external physical interface addresses. It is not uncommon to use Loopback interfaces as the GRE tunnel endpoints.

These addresses can be private addresses when GRE is encapsulated within IPSec (ESP Tunnel Mode) because the outermost IP header would be using globally routable external interface addresses.

michael.leblanc Wed, 06/11/2008 - 06:58

GRE is a tunneling protocol used to create virtual point-to-point links. It encapsulates network layer packets inside an IP tunneling packet. It is often used to extend dynamic routing (or other multicast traffic) between sites.

The mask, and the point-to-point portion of the "ip ospf network point-to-point" command suggest that you are running the GRE tunnel over a physical serial interface.

The tunnel source and destination convey the logical entry and exit points of the GRE tunnel. It is these addresses that will be used in the GRE encapsulation header.

Tunnel checksumming provides packet integrity for passenger protocols that don't provide integrity checking for themselves. With this feature enabled, the router will drop corrupted packets (i.e.: those with bad checksums).

vinothlb1 Thu, 06/12/2008 - 00:22

Thks for your reply.. why do we need tunnel? how will u configure in local and remote end?

michael.leblanc Thu, 06/12/2008 - 00:49

You'd have to look at the configuration to determine what traffic is being encapsulated by the tunnel to determine why it is in use at your site.

In our case, we are using GRE to encapsulate dynamic routing protocols between remote sites to extend the routing domain.

Multicast traffic is often the driving need.

E.G.: Standard IPSec configurations don't support multicast traffic, so the multicast traffic is encapsulated in GRE, which is then encapsulated within IPSec (usually ESP).

GRE may also be used to encapsulate non-IP traffic through an IP infrastructure).

If you want to know how to configure it, you might want to take a look at the configuration on your device, or download some GRE related documentation from the Cisco web site.


This Discussion