Currently I have problem running bridging over GRE tunnel.We are using cisco 3640 but somehow under tunnel 0, the is no 'bridge-group 1' command.We are trying to get the IOS that support the command under tunnel 0 but to no avail.Can someone help me ? Thanks
Are you trying to channel more ports over the tunnel? That is, in essence, what the bridge-group command is for.
To setup a tunnel with one interface you'll need at minimum:
!--- Tunnel interface 0
ip address 192.168.20.1 255.255.255.0
!--- Ip address of the gre tunnel interface 0
tunnel source Ethernet0
!--- Ip source of the tunnel. It's best to make this an
!--- interface with a public, routable IP address so that
!--- it's reachable from the other endpoint of the tunnel.
tunnel destination 188.8.131.52
!--- Ip destination of the tunnel. Make sure this is
!--- reachable via the "ping" command otherwise the
!--- tunnel will not be created properly.
ip address 184.108.40.206 255.255.255.0
Then on the other end, you'll have the same thing, but 220.127.116.11 will be the destination. You'll also need 192.168.0.2 as the other tunnel interface.
This is straight from Cisco and works in our production environment...
Currently I succesfully create the GRE tunnel but I want to test that both end have the same broadcast domain and I try to configure 'bridge-group 1' under
tunnel 0 but somehow it cannot works because my IOS doesn't support command bridge-group under tunnel 0 .
Thanks .So how am I going to solve my problem ? . OK, lets say I create tunnel and want the to do bridging over that tunnel , which tullel type that support bridging ? Really appreciate you reply on this matter.Thanks
i used to use "bridging over GRE tunnel" quite often (before the L2TPv3 was rolled out). It works, with some limitations:
1. CPU Utilization is heavy. as an example, on a 2621 you get a throughput of 2 Mb at 100% CPU utilization.
2. the command bridge-group x ist an officially unsupported command. if you enter ist in config mode, the IOS will reply with something like "This is an unsupported command", but nevertheless, the command is placed into the config.
3. very important: the spanning tree doen't work correctly. Even if a port is shown as blocked in the display of "show spann x", it isn't really. Therefore, to avoid potential spanning tree loops, you must carefully assign the costs per port in a way, that the blocked port is not the one on the GRE tunnel.
4. the command "show bridge x" doesn't display the packet counters for the GRE interface.
5. and finally, the BVI doesn't work in conmbination with "bridging over GRE tunnel".
To summarize, it works (try with a bridge-group other tan 1), but L2TPv3 is definitely the way to go. Hopefully, you'll find it in IOS 12.3T.
I read your post about "bridging over GRE tunnel", it works for me except one thing and I wonder if you know why : on one side I got DHCP client and a DHCP server (W2K) on the other side. But the client can't get an IP address lease from the DHCP server.
Are you seeing why ?
It's a hidden command. Even do, you might get a warning messasge stating this is obsolete and unsupported, it still technically a valid configuration. Legacy, but works.
Keep in mind there are better solutions for this kind of connections. But you can try it, it's simple anyways.
1. Create a Loopback intf. on both routers and ensure L3 connectivity between them.
2. Create bridge:
router(config)#bridge 1 protocol ieee
3. Create a GRE tunnel interface (dont configure IP's):
router(config)# interface tun0
router(config-if)# tun source loopback x
router(config-if)# tun destination <other router loopback ip>
router(config-if)# bridge-group 1
**This is a hidden cmd. You will get a warning message, but ignore it**
3. Attach Physical Interface to Bridge as well:
router(config)# interface Fa0/0
router(config-if)# bridge-group 1
4. Configure the Hosts IP addresses to be on the same IP Segment and validate communication between them.
You can try this on GNS3 as well. I made a diagram and a brief explanation at another thread, but really don't remember how to get to it.
Once again, this is legacy and there are better ways to achieve this. But for small implementations this is valid and easier. It also helps to understand the newer versions/enhancements to this as well.