interface tunnel
interface tunnel <number>
autogenerate peer <peer-mac-address>
description <string>
inter-tunnel-flooding
ip
access group in <acl-name>
address {internal | pool tunnel-pool <pool-name> |{<ipaddr> <netmask>}}
ospf
area <area-id>
authentication message-digest
cost <value>
dead-interval <value>
hello-interval <value>
message-digest-key <id> <pwd>
priority <value>
retransmit-interval <value>
transmit-delay <value>
ipv6 address X:X:X:X::X
mtu <mtu>
no ...
openflow-enable
shutdown
trusted [vlan add <word>|remove <word>|<word>]
tunnel
destination <ip-addr>|{ipv6 <ipv6-addr>}
keepalive icmp <ipaddr> <next-hop>
keepalive cisco|{<interval> <retries>}
mode gre {ip|ipv6|<num>}
source
controller-ip
ipv6 {controller-ip|loopback|{vlan <vlanid>}|<ipv6-addr>}
loopback
vlan <vlanid>
<ip-addr>
vlan add <word>|remove <word>|<word>
Description
This command configures a Layer-2 or Layer-3 GRE tunnel between a managed device and another GRE-capable device. The default is an IPv4 Layer-3 GRE tunnel (tunnel mode gre ip).
In Layer-3 GRE tunnels, IPv6 encapsulated in IPv4 and IPv4 encapsulated in IPv6 are not supported. The only Layer-3 GRE modes supported are IPv4 encapsulated in IPv4 and IPv6 encapsulated in IPv6.
You can direct traffic into the tunnel using a static route (by specifying the tunnel as the next hop for a static route) or a session-based ACL.
Parameter |
Description |
<number> |
Tunnel Identification number. The tunnel ID used here does not have to match the tunnel ID used in the other managed device. 1-16777215 |
autogenerate peer <peer-mac-address> |
Auto generates the tunnel endpoint for the specified peer device. |
String that describes this tunnel. |
|
Enables inter-tunnel flooding. Enabled |
|
ip access group in <acl-name> |
Attach a route ACL to a L3 GRE tunnel interface. When you associate a routing ACL to inbound traffic on a managed device terminating a L3 GRE tunnel, that ACL can forward traffic as normal, route traffic to a nexthop router on a nexthop list, or redirect traffic over an L3 GRE tunnel or tunnel group. For more information on creating a routing ACL, see ip access-list route. |
ip address {internal | pool tunnel-pool <pool-name> |{<ipaddr> <netmask>}} |
IP address of the Layer 3 tunnel. This represents the entrance to the tunnel. This address should be a unique, non-routable IP address. Enter one of the following values:
The IP address should not be part of any subnet in your network, nor does it have to be routable in your network. It is used as a gateway for routing your private subnets (i.e., non-routable VLANs) within the GRE tunnel.
|
ipv6 |
IPv6 address of the Layer-3 GRE tunnel. This IP address can be configured only for a Layer-3 GRE tunnel (refer to the "mode gre" parameter below for details). |
MTU size for the interface. 1024 - 9216 Enabled, IPv4: 1100, IPv6: 1500 |
|
no |
Negates any configured parameter. |
openflow-enable |
Enables OpenFlow on the tunnel. Disabled |
Causes a hard shutdown of the interface. |
|
Use to add VLANs to the current trusted list.Disabled <word> represents a VLAN range. Use to remove VLANs from the current trusted list.<word> represents a VLAN range.
For related information, see aaa authentication wired. |
|
Configures tunneling. The default is an IPv4 Layer-3 GRE tunnel. mode gre ip |
|
destination <ip-addr>|{ipv6 <ipv6-addr>} |
The destination IP address (IPv4 or IPv6) for the GRE tunnel endpoint. |
keepalive icmp |
Enables sending periodic ICMP (ping) keepalive frames on the tunnel to determine the status of the tunnel (up or down). Disabled |
<ipaddr> |
IP address of the ping destination. |
<next-hop> |
Router IP address belonging to any of the L2 GRE tunnel -vlans . This parameter is mandatory only for L2 GRE tunnel. Disabled |
keepalive cisco|{<interval> <retries>} |
Enables sending of periodic keepalive frames on the tunnel to determine the tunnel status (up or down). You can optionally set the interval at which keepalive frames are sent, and the number of times the frames are resent before a tunnel is considered to be down. Disabled Executing the The <managed devices and Cisco network devices. HPE Aruba Networking sets the keepalive packet’s GRE protocol field to 0x801; however, Cisco sets the GRE protocol field to 0. When the option is enabled, the HPE Aruba Networkingmanaged device automatically sets the GRE protocol value to 0. > option enables keepalive interoperability for Layer-3 tunnels betweenThe option sets the number of seconds at which the keepalive frames are sent. Range is 1 second to 86400 seconds and default is 10 seconds.The option sets the number of consecutive times that the keepalives fail before the tunnel is considered to be down. Range is 0 to 1024 and default is 3. |
mode gre {ip|ipv6|<num>} |
This parameter specifies the tunnel encapsulation method as and allows you to specify whether it is a Layer-2 or Layer-3 GRE tunnel.managed device encapsulates the Layer-3 packet only. : Specifies an IPv4 Layer-3 GRE tunnel. The protocol number is set to and is not configurable. Traffic is redirected into the tunnel using a static route or a session ACL policy. Themanaged device encapsulates the Layer-3 packet only. : Specifies an IPv6 Layer-3 GRE tunnel. The protocol number is set to and is not configurable. Traffic is redirected into the tunnel using a static route or a session ACL policy. Themanaged devices at both endpoints of the tunnel must be configured with the same protocol number. The protocol number does not necessarily have to match the protocol number of the encapsulated frame. The managed device encapsulates the entire frame, including the Layer-2 header. : A 16-bit protocol number that uniquely identifies a GRE tunnel. The number format is numeric. The |
source controller-ip ipv6 {controller-ip|loopback|{vlan <vlanid>}|<ipv6-addr>} loopback {vlan <vlanid>} <ip-addr> |
The local endpoint of the tunnel on the controller. This can be one of the following: controller-ip: IPv4 address of the managed device. ipv6: Specify one of the following IPv6 options:
|
vlan {add <word>|remove <word>|<word>} |
Specify the VLANs to be included in this tunnel.
You can configure a VLAN only if the tunnel mode is set to Layer-2 ( ). If the tunnel mode is not set to Layer-2 mode, the system displays an error message: Tunnel is an IP [v6] GRE Tunnel. Change the mode before adding this. |
Examples
Layer-2 GRE Tunnel
The following CLI command configures a Layer-2 GRE tunnel:
MN-1 Configuration
(host) [mynode] (config)# interface tunnel 101
description “IPv4 Layer-2 GRE 101"
tunnel mode gre 1
tunnel source vlan 101
tunnel destination 192.168.1.1
tunnel keepalive
trusted
tunnel vlan 101
trusted vlan 101
MN-2 Configuration
(host) [mynode] (config)# interface tunnel 201
description “IPv4 Layer-2 GRE 201"
tunnel mode gre 1
tunnel source vlan 201
tunnel destination 192.168.2.1
tunnel keepalive
trusted
tunnel vlan 201
trusted vlan 201
IPv4 Layer-3 GRE Tunnel
The following CLI command examples configure a Layer-3 GRE tunnel for IPv4 between two managed devices.
MN-1 Configuration
(MN-1) (host) [mynode] (config) #interface tunnel 301
(host) [mynode] (config-submode) #description “IPv4 L3 GRE 301"
(host) [mynode] (config-submode) #tunnel mode gre ip
(host) [mynode] (config-submode) #ip address 192.1.1.1 255.255.255.255
(host) [mynode] (config-submode) #tunnel source vlan 301
(host) [mynode] (config-submode) #tunnel destination 20.20.20.249
(host) [mynode] (config-submode) #tunnel vlan 301
(host) [mynode] (config-submode) #trusted vlan 301
MN-2 Configuration
(MN-2) (host) [mynode] (config) #interface tunnel 401
(host) [mynode] (config-submode) #description “IPv4 L3 GRE 401"
(host) [mynode] (config-submode) #tunnel mode gre ip
(host) [mynode] (config-submode) #ip address 168.1.1.2 255.255.255.255
(host) [mynode] (config-submode) #tunnel source vlan 401
(host) [mynode] (config-submode) #tunnel destination 10.10.10.249
(host) [mynode] (config-submode) #tunnel vlan 401
(host) [mynode] (config-submode) #trusted vlan 401
IPv6 Layer-3 GRE Tunnel
The following CLI command examples configure a Layer-3 GRE tunnel for IPv6 between two managed devices.
MN-1 Configuration
(MN-1) (host) [mynode] (config) #interface tunnel 501
(host) [mynode] (config-submode) #description “IPv6 Layer-3 GRE 501"
(host) [mynode] (config-submode) #tunnel mode gre ipv6
(host) [mynode] (config-submode) #ip address 2001:1:2:1::1
(host) [mynode] (config-submode) #tunnel source vlan 501
(host) [mynode] (config-submode) #tunnel destination 2001:1:2:2020::1
(host) [mynode] (config-submode) #tunnel vlan 501
(host) [mynode] (config-submode) #trusted vlan 501
MN-2 Configuration
(MN-2) (host) [mynode] (config) #interface tunnel 601
(host) [mynode] (config-submode) #description “IPv6 Layer-3 GRE 601"
(host) [mynode] (config-submode) #tunnel mode gre ipv6
(host) [mynode] (config-submode) #ip address 2001:1:2:1::2
(host) [mynode] (config-submode) #tunnel source vlan 601
(host) [mynode] (config-submode) #tunnel destination 2001:1:2:1010::1
(host) [mynode] (config-submode) #tunnel vlan 601
(host) [mynode] (config-submode) #trusted vlan 601
Command History
Release |
Modification |
AOS 8.5.0.0 |
The |
AOS 8.4.0.0 |
Added the optional sub-parameters |
AOS 8.2.0.0 |
Updated the new syntax as . |
AOS 8.0.0.0 |
Command introduced. |
Command Information
Platforms |
License |
Command Mode |
All platforms |
Base operating system. |
Config mode on Mobility Conductor. |