I believe that the general answer to your question is that it is possible to send bridged traffic over a GRE tunnel. However this is not officially supported by Cisco. This means that the traffic might go across the tunnel but that if there is some problem Cisco is not obligated to do anything about the problem. I might do this in a lab situation. But I would be very reluctant to put production traffic into a "not supported" mechanism.
The configuration that you posted is using IRB and routing IP. Is there a physical interface with bridge-group 1 configured in addition to the tunnel? Is there non-routed (bridged) traffic - non IP traffic - going through this interface? If so I would expect it to go through the tunnel?
Many thanks for your help. I have attached 3 configs, SpokeA, Internet_Sim, and HubA.[Very basic]. I applied the bridge-group command on the WAN interfaces too but to no avail. Could you point me in the right direction of a config which does work? I understand Cisco may not support bridging over GRE but a working config may give me some idea of where I am going wrong.
There are a number of issues and ambiguities in the configs that you have posted.
- you are configuring IRB and specifying that IP is routed. So what traffic are you going to bridge?
- you have configured bridge-group only on the tunnel interface. For bridging to work there must be a bridge-group on at least 2 interfaces, an interface where the bridged traffic arrives and the interface where the bridged traffic exits.
- you have configured EIGRP 100 to run over the tunnel. But since it runs on no other interfaces it has nothing to advertise. What good is a dynamic routing protocol if it has nothing to advertise?
I see that you have configured keepalives on the GRE tunnel. Do the tunnels come up and stay up (do the keepalives work)?
Thanks for the info, the EIGRP is part of a legacy setup and I have now removed it. I?ve also removed IRB completely ? this is so I have a base setup and can work my way upwards. The keepalives do work, debugs are at the end of the HUB-A config.
I have looked at the new config files that you posted. I am glad to see the EIGRP and the IRB removed from the configs. I agree that establishing a base setup is good and you can work up from there. In that way I would suggest that you remove the crypto map from the physical interfaces in both routers. Lets take IPSec VPN out of the picture until you have bridging working and have the GRE tunnels working.
I notice on the spoke router that the FastEthernet0/0 is configured with no keepalive. I wonder why this is? Is there something connected on this port to generate traffic and to receive traffic? If not bridging will have a difficult time working.
These configs do seem to get us to the point where we have a basic config and this will allow us to focus on the fundamentals of getting bridged traffic over the GRE tunnels. In terms of the mechanics of the config and of syntax these are now configs that should work.
I believe that there is a conceptual question which we now need to address. In several of my previous posts I have asked questions that I now believe are central to the problem:
Is there non-routed (bridged) traffic - non IP traffic - going through this interface?
you are configuring IRB and specifying that IP is routed. So what traffic are you going to bridge?
I believe that the crux of the problem now is what traffic will be bridged? If you are routing IP then IP can not be bridged. So what traffic is there that will be bridged? If there were IPX traffic, or SNA traffic, or some other non-routed protocol traffic on the FastEthernet interface then I believe that it would be bridged and carried over the tunnel. But what traffic is there that should be bridged?
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...