Configuring a gre over ipv4 tunnel at the cli, Configuration guidelines, Configuration prerequisites – H3C Technologies H3C SecPath F1000-E User Manual

10

Configuring a GRE over IPv4 tunnel at the CLI

Configuration guidelines

•

The source address and destination address of a tunnel uniquely identify a path. They must be

configured at both ends of the tunnel and the source address at one end must be the destination

address at the other end and vice versa.

•

Tunnel interfaces using the same encapsulation protocol must have different source addresses and

destination addresses.

•

If you configure a source interface for a tunnel interface, the tunnel interface takes the primary IP
address of the source interface as its source address.

•

You can enable or disable the checksum function at both ends of the tunnel as needed. If the
checksum function is enabled at the local end but not at the remote end, the local end calculates the

checksum of a packet to be sent but does not check the checksum of a received packet. Contrarily,

if the checksum function is enabled at the remote end but not at the local end, the local end checks

the checksum of a received packet but does not calculate the checksum of a packet to be sent.

•

When configuring a route through the tunnel, you are not allowed to set up a static route whose
destination address is in the subnet of the tunnel interface. Instead, you can do one of the following:

{

Configure a static route, using the address of the network segment that the original packet is
destined for as its destination address and the address of the peer tunnel interface as its next

hop.

{

Enable a dynamic routing protocol on both the tunnel interface and the router interface
connecting the private network, so that the dynamic routing protocol can establish a routing

entry that allows the tunnel to forward packets through the tunnel.

Configuration prerequisites

On each of the peer devices, configure an IP address for the interface to be used as the source interface

of the tunnel interface (for example, a VLAN interface, GigabitEthernet interface, or loopback interface),

and make sure this interface can normally communicate with the interface used as the source interface

of the tunnel interface on the peer device.

Configuration procedure

To configure a GRE over IPv4 tunnel:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create a tunnel interface and
enter tunnel interface view.

interface tunnel
interface-number

By default, no tunnel interface is
created on the firewall.

3.

Configure an IPv4 address for
the tunnel interface.

ip address ip-address { mask |
mask-length }

By default, a tunnel interface has no
IPv4 address.

4.

Set the tunnel mode to GRE

over IPv4.

tunnel-protocol gre

Optional.
The default tunnel mode is GRE over
IPv4.
You must configure the same tunnel
mode on both ends of a tunnel.

Otherwise, packet delivery might fail.