VRF through GRE Tunnel

linus-ardstal · ‎04-28-2024

Hi! I am sitting with a topology of:

PC1 -- SW1 -- R1 -- SW2 -- PC2

I am trying to configure a GRE tunnel between SW1 and SW2, but I cannot manage to make it work. Can someone help out? See below config. I have been fooling around a bit with the routes, but nothing worked for me so far!

---SW1---
interface Tunnel0
vrf forwarding RED
ip address 100.100.100.1 255.255.255.0
tunnel source GigabitEthernet0/0
tunnel destination 20.20.20.1
!
interface GigabitEthernet0/0
no switchport
ip address 192.168.100.2 255.255.255.0
negotiation auto
!
interface GigabitEthernet0/1
switchport access vlan 10
switchport mode access
negotiation auto
!
interface Vlan10
vrf forwarding RED
ip address 10.10.10.1 255.255.255.0
!
ip route 20.20.20.0 255.255.255.0 GigabitEthernet0/0
ip route vrf RED 20.20.20.0 255.255.255.0 GigabitEthernet0/0 192.168.100.1

---R1---

interface GigabitEthernet0/0
ip address 192.168.100.1 255.255.255.0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
ip address 192.168.200.1 255.255.255.0
duplex auto
speed auto
media-type rj45
!
ip route 10.10.10.0 255.255.255.0 GigabitEthernet0/0
ip route 20.20.20.0 255.255.255.0 GigabitEthernet0/1

---SW2---

interface Tunnel0
vrf forwarding RED
ip address 100.100.100.2 255.255.255.0
tunnel source GigabitEthernet0/0
tunnel destination 10.10.10.1
!
interface GigabitEthernet0/0
no switchport
ip address 192.168.200.2 255.255.255.0
negotiation auto
!
interface GigabitEthernet0/1
switchport access vlan 10
switchport mode access
negotiation auto
!
interface Vlan10
vrf forwarding RED
ip address 20.20.20.1 255.255.255.0
!
ip route 10.10.10.0 255.255.255.0 GigabitEthernet0/0
ip route vrf RED 10.10.10.0 255.255.255.0 GigabitEthernet0/0 192.168.200.1

Harold Ritter · ‎04-28-2024

Hi @linus-ardstal ,

The tunnel source on one side needs to match the tunnel destination on the other side and vice versa.

Currently you have:

SW1:

tunnel source: 192.168.100.2

tunnel destination: 20.20.20.1

SW2:

tunnel source: 192.168.200.2

tunnel destination: 10.10.10.1

One more thing, the tunnel source and destination need to be reachable via the global routing table, unless you config "tunnel vrf RED" in the tunnel interface.

I would suggest the following changes for the tunnel to work for you.

SW1:

interface Tunnel0
vrf forwarding RED
ip address 100.100.100.1 255.255.255.0
tunnel source GigabitEthernet0/0
tunnel destination 192.168.200.2

!

ip route 192.168.200.2 255.255.255.255 192.168.100.1

no ip route 20.20.20.0 255.255.255.0 GigabitEthernet0/0

no ip route vrf RED 20.20.20.0 255.255.255.0 GigabitEthernet0/0 192.168.100.1

ip route vrf RED 20.20.20.0 255.255.255.0 100.100.100.2

SW2:

interface Tunnel0
vrf forwarding RED
ip address 100.100.100.2 255.255.255.0
tunnel source GigabitEthernet0/0
tunnel destination 192.168.100.2
!

ip route 192.168.100.2 255.255.255.255 192.168.200.1

no ip route 10.10.10.0 255.255.255.0 GigabitEthernet0/0

no ip route vrf RED 10.10.10.0 255.255.255.0 GigabitEthernet0/0 192.168.200.1

ip route vrf RED 10.10.10.0 255.255.255.0 100.100.100.1

R1:

no ip route 10.10.10.0 255.255.255.0 GigabitEthernet0/0
no ip route 20.20.20.0 255.255.255.0 GigabitEthernet0/1

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

MHM Cisco World · ‎04-29-2024

Are you use you run

Ip routing in both SW?

Also what you use SW? Or you want to test gre with vlan.

MHM