Network requirements – H3C Technologies H3C SecPath F1000-E User Manual

11

Step Command

Remarks

5.

Configure the source address
or interface for the tunnel

interface.

source { ip-address |
interface-type interface-number }

By default, no source address or
interface is configured for a tunnel
interface.

6.

Configure the destination

address for the tunnel
interface.

destination ip-address

By default, no destination address is
configured for a tunnel interface.

7.

Enable GRE keepalive and set

the interval and the maximum
number of transmission

attempts.

keepalive [ seconds [ times ] ]

Optional.
Disabled by default.

8.

Enable the GRE packet

checksum function.

gre checksum

Optional.
Disabled by default.

9.

Configure the key for the GRE
tunnel interface.

gre key key-number

Optional.
By default, no key is configured for a

GRE tunnel interface.
The two ends of a tunnel must have
the same key or have no key at the

same time.

10.

Configure a route for packet

forwarding through the
tunnel.

See Network Management
Configuration Guide

Each end of the tunnel must have a
route (static or dynamic) through the

tunnel to the other end.

11.

Return to system view.

quit

N/A

12.

Configure the firewall to

discard the IPv4-compatible
IPv6 packets.

tunnel discard
ipv4-compatible-packet

Optional.
By default, the firewall does not
discard the IPv4-compatible IPv6

packets.

NOTE:

For information tunnel interfaces and more configuration commands in a tunnel interface, see
"Configuring tunneling."

GRE over IPv4 tunnel configuration example at the CLI

NOTE:

In this configuration example, either Router A or Router B is the SecPath firewall.

Network requirements

Router A and Router B are interconnected through the Internet. Two private IPv4 subnets Group 1 and

Group 2 are interconnected through a GRE tunnel between the two routers.