Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1353
Views
5
Helpful
5
Replies

GRE Tunnel issue

Go to solution
lmanavalan
Level 1
Level 1

‎09-02-2015 10:18 PM - edited ‎03-05-2019 02:13 AM

Hi

 

On a Cisco 7301 i have configured GRE Tunnel with vrf mgnt and the Tunnel source interface is not part of any vrf.

The other end of the Tunnel is simple GRE configuration with out any vrf.

The tunnel is not coming up.

 

Below is the configuration

 

Router_2:

hostname Router_2
!
vrf definition mgmt
 description VRF for Management
 rd 1000:1000
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
crypto isakmp policy 10
 encr aes
 authentication pre-share
 group 2
crypto isakmp key <removed> address 122.x.x.66  
!
!
crypto ipsec transform-set aes-128-sha esp-aes esp-sha-hmac
 mode tunnel
!
!
!
crypto map managementVpn 10 ipsec-isakmp
 set peer 122.x.58.x
 set transform-set aes-128-sha
 match address VpnList
!
interface Tunnel1
 vrf forwarding mgmt
 ip address 10.157.252.78 255.255.255.252
 ip tcp adjust-mss 1200
 ip ospf 2 area 0
 keepalive 1 3
 tunnel source 162.249.176.141
 tunnel destination 10.176.21.6
 tunnel vrf mgmt
!
interface GigabitEthernet0/0
 no ip address
 media-type rj45
 speed auto
 duplex auto
 negotiation auto
!
interface GigabitEthernet0/0.101
 encapsulation dot1Q 101
 ip address 162.x.x.141 255.255.255.248
 standby 101 ip 162.x.x.142
 crypto map managementVpn
!
interface GigabitEthernet0/1
 no ip address
 media-type rj45
 speed auto
 duplex auto
 negotiation auto
!
interface GigabitEthernet0/1.102
 encapsulation dot1Q 102
 ip address 10.177.56.19 255.255.255.248
 standby 102 ip 10.177.56.17
!
interface GigabitEthernet0/1.108
 description Link to MgmtVlan
 encapsulation dot1Q 108
 vrf forwarding mgmt
 ip address 10.157.64.131 255.255.255.128
 standby 108 ip 10.157.64.129
!
interface GigabitEthernet0/2
 no ip address
 shutdown
 media-type rj45
 speed auto
 duplex auto
 negotiation auto
!
router ospf 2 vrf mgmt
 router-id 10.157.64.4
 network 10.157.64.0 0.0.3.255 area 100
!
router ospf 1
 router-id 10.177.56.2
 network 10.177.56.0 0.0.3.255 area 0
!
ip route 0.0.0.0 0.0.0.0 162.x.x.137
ip route 10.176.21.6 255.255.255.255 162.x.x.137
!
ip access-list extended VpnList
 permit ip host 162.x.x.141 host 10.176.21.6
!
 

 

And Router_1 Confuuguration:

 

interface Tunnel 101
 ip address 10.157.252.77 255.255.255.252
 ip tcp adjust-mss 1200
 ip ospf 1 area 0
 keepalive 1 3
 tunnel source 10.176.21.6
 tunnel destination 162.x.x.141

 

regards

Logesh

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ahmed Muhi
Level 1
Level 1
In response to lmanavalan

‎09-03-2015 02:01 AM

Hello Imanavalan,

Please note that there is a difference between the commands "vrf forwarding mgmt" and the command "tunnel vrf mgmt". 

At first when you used the "tunnel vrf mgmt" the router looked for the tunnel source IP and tunnel destination IP in the vrf mgmt, the tunnel source "162.249.176.141" is configured under the interface GigabitEthernet0/0.101 which does not belong to vrf mgmt, and the tunnel destination "10.176.21.6" is under the global routing table by means of a static route and again it does not belong to the vrf mgmt. That is why the tunnel was down, because it did not find a route for the tunnel source and destination in the vrf mgmt.

Now as soon as you remove the tunnel vrf mgmt command the router looks for the tunnel source and the tunnel destination in the global routing table, and since it finds both the tunnel becomes up.

As for the command "vrf forwarding mgmt" this simply puts the actual tunnel interface inside the vrf mgmt, not in the global routing table.

Both commands are not connected to each other, I mean you can have the tunnel in a vrf and the tunnel source and destination in a different vrf for example:

interface tunnel0
  ip vrf forwarding green
  ip address 1.2.3.4 255.255.255.0
  tunnel source 5.6.7.8
  tunnel destination 9.10.11.12
  tunnel vrf blue

The tunnel would belong to vrf green but it would look for the tunnel source IP " 5.6.7.8" and the tunnel destination IP "9.10.11.12" in the vrf blue.

Just one final note the tunnel source and destination must be in the same vrf, for our example above both the "5.6.7.8" and the "9.10.11.12" must be in vrf blue.

For further information please reference below documents:

http://www.cisco.com/c/en/us/td/docs/routers/10000/10008/feature/guides/122_31sb5/fs_gripvrf.html

http://www.cisco.com/c/en/us/support/docs/multiprotocol-label-switching-mpls/mpls/46252-grewithvrf.html 

View solution in original post

5 Replies 5

Go to solution
Rolf Fischer
Level 9
Level 9

‎09-02-2015 10:58 PM

Hi,

 

... GRE Tunnel with vrf mgnt and the Tunnel source interface is not part of any vrf.

in such scenarios, you cannot use GRE keepalives.

You could adjust the OSPF timers instead.

 

HTH

Rolf

0 Helpful

Go to solution
lmanavalan
Level 1
Level 1
In response to Rolf Fischer

‎09-02-2015 11:57 PM

Hi

i removed the keep alive still the tunnel was down and then i removed the tunnel vrf mgmt and tunnel came up.

 

interface Tunnel1
 vrf forwarding mgmt
 ip address 10.157.252.78 255.255.255.252
 ip tcp adjust-mss 1200
 ip ospf 2 area 0
 tunnel source 162.x.x.141
 tunnel destination 10.176.21.6
!

 

Thanks

Regards

Logesh

0 Helpful

Go to solution
Rolf Fischer
Level 9
Level 9
In response to lmanavalan

‎09-03-2015 12:15 AM

Ah, correct; I've overlooked that.

The 'tunnel vrf <VRF>' command specifies the transport-vrf; in your case that's the global routing context.

Does the OSPF adjacency form now?

0 Helpful

Go to solution
lmanavalan
Level 1
Level 1
In response to Rolf Fischer

‎09-03-2015 05:32 PM

Hi

Yes the OSPF is Up now. Thanks for your help.

 

 

regards

Logesh

0 Helpful

Go to solution
Ahmed Muhi
Level 1
Level 1
In response to lmanavalan

‎09-03-2015 02:01 AM

Hello Imanavalan,

Please note that there is a difference between the commands "vrf forwarding mgmt" and the command "tunnel vrf mgmt". 

At first when you used the "tunnel vrf mgmt" the router looked for the tunnel source IP and tunnel destination IP in the vrf mgmt, the tunnel source "162.249.176.141" is configured under the interface GigabitEthernet0/0.101 which does not belong to vrf mgmt, and the tunnel destination "10.176.21.6" is under the global routing table by means of a static route and again it does not belong to the vrf mgmt. That is why the tunnel was down, because it did not find a route for the tunnel source and destination in the vrf mgmt.

Now as soon as you remove the tunnel vrf mgmt command the router looks for the tunnel source and the tunnel destination in the global routing table, and since it finds both the tunnel becomes up.

As for the command "vrf forwarding mgmt" this simply puts the actual tunnel interface inside the vrf mgmt, not in the global routing table.

Both commands are not connected to each other, I mean you can have the tunnel in a vrf and the tunnel source and destination in a different vrf for example:

interface tunnel0
  ip vrf forwarding green
  ip address 1.2.3.4 255.255.255.0
  tunnel source 5.6.7.8
  tunnel destination 9.10.11.12
  tunnel vrf blue

The tunnel would belong to vrf green but it would look for the tunnel source IP " 5.6.7.8" and the tunnel destination IP "9.10.11.12" in the vrf blue.

Just one final note the tunnel source and destination must be in the same vrf, for our example above both the "5.6.7.8" and the "9.10.11.12" must be in vrf blue.

For further information please reference below documents:

http://www.cisco.com/c/en/us/td/docs/routers/10000/10008/feature/guides/122_31sb5/fs_gripvrf.html

http://www.cisco.com/c/en/us/support/docs/multiprotocol-label-switching-mpls/mpls/46252-grewithvrf.html 

Customers Also Viewed These Support Documents