07-18-2008 06:18 AM - edited 03-03-2019 10:48 PM
Is GRE support on the 3560?
I will have two cisco ASA's between the 3560 and 2801 passing the GRE over IPSEC and also EIGRP traffic as well. is this possible? The plan is to route multicast PIM and multicast traffic across the GRE tunnel.
07-18-2008 07:58 AM
So that's what FN says if you search by feature.
07-18-2008 07:57 AM
-
07-18-2008 07:50 AM
i also get the output below on my 3560!
switch#sh int | i Tun
Tunnel10 is up, line protocol is down
Hardware is Tunnel
Tunnel source UNKNOWN
Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled
Tunnel TTL 255
07-18-2008 07:44 AM
Verified with 3560s this time :)
Rack1SW2#sh ver | i IOS
Cisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(25)SEE4, RELEASE SOFTWARE (fc1)
!
!
!
Rack1SW2#sh int | i Tun
Tunnel0 is up, line protocol is up
Hardware is Tunnel
Tunnel source 150.1.8.8 (Loopback0), destination 150.1.7.7, fastswitch TTL 255
Tunnel protocol/transport GRE/IP, key
disabled, sequencing disabled
Tunnel TTL 255
!
!
!
Rack1SW2#sh run | be Tunnel
interface Tunnel0
ip address 9.9.9.2 255.255.255.0
tunnel source Loopback0
tunnel destination 150.1.7.7
!
!
Verify that multicast actually works
Rack1SW2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack1SW2(config)#router eigrp 1
Rack1SW2(config-router)#net 9.9.9.2 255.255.255.0
Rack1SW2(config-router)#no aut
Rack1SW2(config-router)#end
Rack1SW2#
Rack9Pod1>1
[Resuming connection 1 to SW1 ... ]
3w
Rack1SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack1SW1(config)#router eigrp 1
Rack1SW1(config-router)#net 9.9.9.1 255.255.255.0
Rack1SW1(config-router)#end
Rack1SW1#
3w0d: %SYS-5-CONFIG_I: Configured from console by console
Rack1SW1#
3w0d: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 9.9.9.2 (Tunnel0) is up: new adjacency
Rack1SW1#sh ip eigrp ne
IP-EIGRP neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q Seq Type
(sec) (ms) Cnt Num
1 183.1.107.10 Fa0/14 14 1w3d 1 200 0 494
0 183.1.17.1 Fa0/1 13 1w4d 1 200 0 618
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq Type
(sec) (ms) Cnt Num
0 9.9.9.2 Tu0 14 00:00:15 764 5000 0 1
Rack1SW1#
07-18-2008 07:47 AM
So how reliable is the Cisco FN in situations like this ?
07-18-2008 08:01 AM
try to forward traffic through the tunnel
07-18-2008 08:10 AM
Rack1SW1#show ip route eigrp 1
91.0.0.0/24 is subnetted, 1 subnets
D 91.91.91.0 [90/297372416] via 9.9.9.2, 00:00:33, Tunnel0
Rack1SW1#ping 91.91.91.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 91.91.91.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 67/70/76 ms
Rack1SW1#telnet 91.91.91.2
Trying 91.91.91.2 ... Open
User Access Verification
Password:
07-18-2008 08:11 AM
Any impact on the CPU utilization?
07-18-2008 08:14 AM
I was routing 1 network.
I checked the CPU and showed no spike. Not sure how it would behave with a lot of traffic. Most likely, it will spike the CPU since packets will be processed switched.
Not a recommended solution but tunneling in the 3560 does work.
07-18-2008 08:20 AM
So the point here is whether it is 'usable' or not?
As most of the documents clearly indicated it is not recommended/fully support for "some" reason(CPU,etc).
Is this a generic rule for Catalyst 2XXX and 3XXX?
Are there any exceptions?
Edison: As a NCE would you suggest that Netpros rely on Cisco Feature Navigator?
07-18-2008 08:28 AM
Right, the feature works but not recommended due to hardware limitation.
The problem is that Cat3xxx shares a lot of the code from regular IOS routers and while the commands are available, the feature does not work. It comes to mind some QoS commands and ip accounting. While you can enter the commands in the CLI, they do nothing.
On this case, the tunnel actually works and transport data. In a pinch, you can configure a tunnel with a 3560 but I wouldn't recommend such design in a production environment. Large amount of data via the tunnel can result in a denial of service on the switch.
The Feature Navigator is a solid search engine. With that said, there are a lot of Cisco products out there and there are times when all the features/services aren't incorporated in the tool. Best bet is to double-check a feature/service by looking at the product's Release Notes.
HTH,
__
Edison.
07-18-2008 12:41 PM
Edison,
Great explanation !
Thanks for your valued thoughts and time..5+ :)
07-18-2008 09:07 AM
this is localy generated traffic...
07-18-2008 09:37 AM
interface Loopback91
ip address 91.91.91.2 255.255.255.0
interface Tunnel0
ip address 9.9.9.2 255.255.255.0
tunnel source Loopback0
tunnel destination 150.1.7.7
router eigrp 1
network 9.9.9.0 0.0.0.255
network 91.91.91.0 0.0.0.255
no auto-summary
Rack1SW2#sh ip eigrp neighbors tunnel 0
IP-EIGRP neighbors for process 100
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq Type
(sec) (ms) Cnt Num
0 9.9.9.1 Tu0 13 00:01:34 59 5000 0 3
Rack1SW2#
interface Tunnel0
ip address 9.9.9.1 255.255.255.0
tunnel source Loopback0
tunnel destination 150.1.8.8
router eigrp 1
network 9.9.9.0 0.0.0.255
no auto-summary
Rack1SW1#sh ip eigrp ne tunnel 0
IP-EIGRP neighbors for process 100
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq Type
(sec) (ms) Cnt Num
0 9.9.9.2 Tu0 12 00:02:21 285 5000 0 3
Rack1SW1#
!
!
!
Rack1R1(config)#ip route 9.9.9.0 255.255.255.0 183.1.17.7
Rack1SW2(config)#ip route 183.1.17.0 255.255.255.0 9.9.9.1
Rack1R1#trace 9.9.9.2
Type escape sequence to abort.
Tracing the route to 9.9.9.2
1 183.1.17.7 0 msec 4 msec 0 msec
2 9.9.9.2 45 msec * 40 msec
Rack1R1#telnet 9.9.9.2
Trying 9.9.9.2 ... Open
User Access Verification
Password:
Rack1SW2>
Rack1SW2#sh int tunnel 0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
Internet address is 9.9.9.2/24
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 150.1.8.8 (Loopback0), destination 150.1.7.7, fastswitch TTL 255
Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled
Tunnel TTL 255
Checksumming of packets disabled, fast tunneling enabled
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
140 packets input, 11041 bytes, 0 no buffer
Received 0 broadcasts (86 IP multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
128 packets output, 10944 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
07-18-2008 09:54 AM
Edison Ortiz
thank you for your patience. 5 ponits :)
but could you add some device behind 3560?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide