07-18-2008 06:18 AM - edited 03-03-2019 10:48 PM
Is GRE support on the 3560?
I will have two cisco ASA's between the 3560 and 2801 passing the GRE over IPSEC and also EIGRP traffic as well. is this possible? The plan is to route multicast PIM and multicast traffic across the GRE tunnel.
07-18-2008 07:11 AM
Yes, the 3560 supports GRE tunnels
Switch#sh ver | i IOS
Cisco IOS Software, C3550 Software (C3550-IPSERVICESK9-M), Version 12.2(25)SEC2, RELEASE SOFTWARE (fc1)
Switch#sh int | i Tun
Tunnel0 is up, line protocol is up
Hardware is Tunnel
Tunnel source 10.1.1.2 (Vlan1), destination 10.1.1.1, fastswitch TTL 255
Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled
Tunnel TTL 255
HTH,
__
Edison.
Please rate helpful posts
07-18-2008 07:29 AM
Hi, Edison Ortiz
look at your sh ver
3550 and 3560 have different hardware.
07-18-2008 07:36 AM
Good catch. I just grabbed a CCIE rack w/o noticing the hardware.
Let me test in a 3560...
07-18-2008 07:16 AM
edit I was going to say not but they may have added support in a later release
07-18-2008 07:35 AM
Hi Tim,
I was able to configure but the documentation says otherwise:
Q. Does the Cisco Catalyst 3560-E support generic routing encapsulation (GRE) tunneling?
A. No. The Cisco Catalyst 3560-E can switch "transient" GRE tunneled traffic in hardware at wire rate, but it cannot act as a GRE tunnel endpoint. Future support of GRE tunneling in software is possible
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps7078/prod_qas0900aecd805bacc7.html
Strange ...
___
Edison.
07-18-2008 07:21 AM
GRE is not supported on 3560 as well as on 3750. This is hardware limitation.
By the way GRE is supported in software on 3550.
Use a router instead.
07-18-2008 07:29 AM
Not sure why cisco would enable it on lower end switch like the 3550 and not on the 3560!
07-18-2008 07:30 AM
That makes more sense. I knew you could configure it on 3550 even though it very clearly says in the documentation that it is not supported. Never tried it on a 3560 since it says it is not supported and figured they patched it to not take the commands
07-18-2008 07:29 AM
Why don't you try
07-18-2008 07:35 AM
Good catch there a.alekseev.
Deserves a '5' rating ;-) Have rated '5'
07-18-2008 07:43 AM
i also get the output below on my 3560!
switch#sh int | i Tun
Tunnel10 is up, line protocol is down
Hardware is Tunnel
Tunnel source UNKNOWN
Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled
Tunnel TTL 255
07-18-2008 07:46 AM
switch#sh int | i Tun
Tunnel10 is up, line protocol is down
Hardware is Tunnel
Tunnel source UNKNOWN
Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled
Tunnel TTL 255
You need to specify the tunnel source and destination.
07-18-2008 07:46 AM
Sure does I tried it also. Even though the documentation clearly says it does not support the global command "interface tunnel"
Found this and I assume it applies to 3560 also
High CPU Utilization After Enabling GRE Tunnels
Generic Routing Encapsulation (GRE) tunnels are not supported on the Cisco Catalyst 3550 Switch. Even though the CLI commands are there to configure the GRE, it is not officially supported. Refer to the Unsupported VPN Configuration Commands section of Unsupported CLI Commands for Catalyst 3550 for this information. The reason for this is that the Cisco Catalyst 3550 Switch uses hardware-based Cisco Express Forwarding (CEF) switching. There is no method to CEF-switch GRE packets. GRE packets must be encapsulated by the software. The hardware does not have the capability to encapsulate the packets. Consequently, this traffic is processed or software switched. The process or software switched traffic can quickly cause the CPU to spike.
07-18-2008 07:50 AM
Good find Tim ! The problem is the feature is software driven hence not recommended or supported in 35xx.
__
Edison.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide