Configuration prerequisites, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual

15

•

You can enable or disable the checksum function at both ends of the tunnel as needed. If the

checksum function is enabled at the local end but not at the remote end, the local end calculates the
checksum of a packet to be sent but does not check the checksum of a received packet. Contrarily,

if the checksum function is enabled at the remote end but not at the local end, the local end checks

the checksum of a received packet but does not calculate the checksum of a packet to be sent.

•

When configuring a route through the tunnel, you are not allowed to set up a static route whose
destination address is in the subnet of the tunnel interface. Instead, you can do one of the following:

{

Configure a static route, using the address of the network segment the original packet is

destined for as its destination address and the address of the peer tunnel interface as its next
hop.

{

Enable a dynamic routing protocol on both the tunnel interface and the router interface
connecting the private network, so that the dynamic routing protocol can establish a routing

entry that allows the tunnel to forward packets through the tunnel.

Configuration prerequisites

On each of the peer devices, configure an IP address for the interface to be used as the source interface

of the tunnel interface (for example, a VLAN interface, GigabitEthernet interface, or loopback interface),

and make sure this interface can normally communicate with the interface used as the source interface
of the tunnel interface on the peer device.

Configuration procedure

To configure a GRE over IPv6 tunnel:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enable the IPv6 packet

forwarding function.

ipv6

Disabled by default.

3.

Create a tunnel interface and

enter tunnel interface view.

interface tunnel interface-number

By default, no tunnel interface is
created on the firewall.

4.

Configure an IPv4 address for

the tunnel interface.

ip address ip-address { mask |
mask-length }

By default, no IPv4 address is
configured for a tunnel interface.

5.

Set the tunnel mode to GRE

over IPv6.

tunnel-protocol gre ipv6

The default tunnel mode is GRE
over IPv6.
You must configure the same tunnel

mode on both ends of a tunnel.
Otherwise, packet delivery might

fail.

6.

Configure the source address

or interface for the tunnel
interface.

source { ipv6-address |
interface-type interface-number }

By default, no source address or
interface is configured for a tunnel

interface.

7.

Configure the destination
address for the tunnel

interface.

destination ipv6-address

By default, no destination address
is configured for a tunnel interface.

8.

Set the maximum number of
encapsulations in the tunnel.

encapsulation-limit [ number ]

Optional.
4 by default.