Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3481
Views
0
Helpful
16
Replies

Datacenter to branch GRE Tunnel and VRF

Go to solution
Luke Fuller
Level 1
Level 1

‎08-07-2011 03:28 AM - edited ‎03-04-2019 01:12 PM

Hi

We have the requirement to setup a public wifi access point for customers.

To setup the public wifi network and ensure it is completely separated form our corporate network we have chosen to use a VRF at both the data center side and branch office side. Between the data center and the branch office we are going to run a GRE tunnel within our WAN.

So far we have configured the VRF, public interface and the tunnel - from the branch office and data center we can ping both ends of the tunnel and on the data center side we can ping our upstream however once we setup the default route on the branch VRF we cannot ping any network aside from the VRF network 172.12.1.0

Any help or suggestions greatly appreciated

Extracted configuration below;

Router 2 (Branch)

---------------------------------

interface Tunnel0

ip vrf forwarding PublicNet

ip address 172.16.1.2 255.255.255.252

ip tcp adjust-mss 1436

tunnel source 192.168.53.1

tunnel destination 192.168.50.4

end

!

ip route vrf PublicNet 0.0.0.0 0.0.0.0 Tunnel0 172.16.1.1

!

ip vrf PublicNet

description Public Netwrk

!

Router 1 (Datacenter)

--------------------------------------------

interface FastEthernet0/1.903

encapsulation dot1Q 903

ip vrf forwarding PublicNet

ip address 202.xxx.xxx.xxx 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip virtual-reassembly

no cdp enable

!

interface Tunnel0

ip vrf forwarding PublicNet

ip address 172.16.1.1 255.255.255.252

ip virtual-reassembly

ip tcp adjust-mss 1436

tunnel source 192.168.50.4

tunnel destination 192.168.53.1

!

ip route vrf PublicNet 0.0.0.0 0.0.0.0 202.xxx.xxx.xxx (upstream)

Labels:
0 Helpful
16 Replies 16

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni
In response to john.dejesus

‎08-08-2011 12:07 AM

Q. Does the Cisco Catalyst 3560-E support generic routing encapsulation (GRE) tunneling?

#

A. No. The Cisco Catalyst 3560-E can switch "transient" GRE tunneled traffic in hardware at wire rate, but it cannot act as a GRE tunnel endpoint. Future support of GRE tunneling in software is possible

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps7078/prod_qas0900aecd805bacc7.html

i think you need the high end Switches for GRE tunneling

HTH

if helpful Rate

0 Helpful

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to Marwan ALshawi

‎08-08-2011 12:33 AM

Hello,

Agree 100%. In fact, I would not even talk about "transient" GRE traffic because it is slightly confusing. The GRE is inside IP, and the IP is inside Ethernet frames. Everything encapsulated in Ethernet frames can be L2 switched at wire rate.

Best regards,

Peter

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card