cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6494
Views
44
Helpful
31
Replies

GRE tunnel between 3560 and cisco 2801

francisco_1
Level 7
Level 7

Is GRE support on the 3560?

I will have two cisco ASA's between the 3560 and 2801 passing the GRE over IPSEC and also EIGRP traffic as well. is this possible? The plan is to route multicast PIM and multicast traffic across the GRE tunnel.

31 Replies 31

Edison Ortiz
Hall of Fame
Hall of Fame

Yes, the 3560 supports GRE tunnels

Switch#sh ver | i IOS

Cisco IOS Software, C3550 Software (C3550-IPSERVICESK9-M), Version 12.2(25)SEC2, RELEASE SOFTWARE (fc1)

Switch#sh int | i Tun

Tunnel0 is up, line protocol is up

Hardware is Tunnel

Tunnel source 10.1.1.2 (Vlan1), destination 10.1.1.1, fastswitch TTL 255

Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled

Tunnel TTL 255

HTH,

__

Edison.

Please rate helpful posts

Hi, Edison Ortiz

look at your sh ver

3550 and 3560 have different hardware.

Good catch. I just grabbed a CCIE rack w/o noticing the hardware.

Let me test in a 3560...

tdrais
Level 7
Level 7

edit I was going to say not but they may have added support in a later release

Hi Tim,

I was able to configure but the documentation says otherwise:

Q. Does the Cisco Catalyst 3560-E support generic routing encapsulation (GRE) tunneling?

A. No. The Cisco Catalyst 3560-E can switch "transient" GRE tunneled traffic in hardware at wire rate, but it cannot act as a GRE tunnel endpoint. Future support of GRE tunneling in software is possible

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps7078/prod_qas0900aecd805bacc7.html

Strange ...

___

Edison.

a.alekseev
Level 7
Level 7

GRE is not supported on 3560 as well as on 3750. This is hardware limitation.

By the way GRE is supported in software on 3550.

Use a router instead.

Not sure why cisco would enable it on lower end switch like the 3550 and not on the 3560!

That makes more sense. I knew you could configure it on 3550 even though it very clearly says in the documentation that it is not supported. Never tried it on a 3560 since it says it is not supported and figured they patched it to not take the commands

rsgamage1
Level 3
Level 3

Good catch there a.alekseev.

Deserves a '5' rating ;-) Have rated '5'

i also get the output below on my 3560!

switch#sh int | i Tun

Tunnel10 is up, line protocol is down

Hardware is Tunnel

Tunnel source UNKNOWN

Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled

Tunnel TTL 255

switch#sh int | i Tun

Tunnel10 is up, line protocol is down

Hardware is Tunnel

Tunnel source UNKNOWN

Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled

Tunnel TTL 255

You need to specify the tunnel source and destination.

Sure does I tried it also. Even though the documentation clearly says it does not support the global command "interface tunnel"

Found this and I assume it applies to 3560 also

High CPU Utilization After Enabling GRE Tunnels

Generic Routing Encapsulation (GRE) tunnels are not supported on the Cisco Catalyst 3550 Switch. Even though the CLI commands are there to configure the GRE, it is not officially supported. Refer to the Unsupported VPN Configuration Commands section of Unsupported CLI Commands for Catalyst 3550 for this information. The reason for this is that the Cisco Catalyst 3550 Switch uses hardware-based Cisco Express Forwarding (CEF) switching. There is no method to CEF-switch GRE packets. GRE packets must be encapsulated by the software. The hardware does not have the capability to encapsulate the packets. Consequently, this traffic is processed or software switched. The process or software switched traffic can quickly cause the CPU to spike.

Good find Tim ! The problem is the feature is software driven hence not recommended or supported in 35xx.

__

Edison.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: