Hi Dimitar,Cisco ASR1000

Ratimid84 · ‎07-09-2015

Hi,

I need to create a GRE tunnel with IPSec in transport mode and to use a specific vlan_id for the tunnel.

I have read in some articles that there should be a "tunnel vlan xxx" command when I'm on the tunnel interface, but all I get is "Invalid input detected" error.

I'm using a C881-K9 router. Can anyone help me with this problem???

Peter Paluch · ‎07-09-2015

Hello,

I am not entirely sure what are you trying to accomplish and why. VLAN IDs, or VLAN tags, are specific to Ethernet frames only. There is no place in GRE headers to put the VLAN tag into, and because GRE tunnels carry IP packets (that cannot be tagged themselves) and not Ethernet frames, I do not see how the VLAN IDs would relate to GRE tunnels in any way.

Can you perhaps explain your needs in more detail?

Best regards,
Peter

Ratimid84 · ‎07-10-2015

Hi Peter,

I'm given the following info:

transport addresses for the booth sides of the tunnel;

GRE tunnel addresses;

VLAN_ID adn pre-share key.

On the net I found the following config for the tunnel:

interface tunnel tunnel-number

ip address ip-address mask

tunnel source {ip-address | ipv6-address | interface-type interface-number}

tunnel mode ethernet gre {ipv4 | ipv6}

tunnel key key ( I do not need this option)

tunnel vlan vlan-id

and here is the link for the article ( and it is a CISCO page):

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/interface/configuration/xe-3s/ir-xe-3s-book/ir-eogre.html

Now, I am configuring everything but the last command for the tunnel.

Peter Paluch · ‎07-10-2015

Hello,

Oh, I see. I stand corrected - this must be a relatively new feature in tunneling I was not aware of yet.

I am afraid, though, that your router simply does not support this feature. I have tested different IOS versions myself, ranging from 12.4T through 15.3(3)XB12 up to 15.5(2)T but none of them supportes the EoGRE tunneling. This feature seems to be available so far only on selected platforms that run IOS-XE but this operating system is not available for your router type.

Is it possible to ask your provider to set up a different tunnel type? Requiring you to configure the EoGRE on an 800 series router is a dead end.

Best regards,
Peter

Ratimid84 · ‎07-10-2015

I can ask if it can be arranged, but in a case if it can not be,

Can You refer some model that supports this feature?

Thanks for Your help and quick reply.

BR, Dimitar

Peter Paluch · ‎07-10-2015

Hi Dimitar,

Cisco ASR1000 series routers would appear to support this but they are certainly not routers that are intended to be placed at a branch office - they are far too powerful and expensive for that. Unfortunately, as far as I could find, there is no other hardware router platform supporting this feature as of yet. Perhaps reaching out to your Cisco partner or support would help you better - this forum is not a substitute for a direct talk to a Cisco representative, especially in terms of devices and their features.

There is an option of using a virtual router called Cisco Cloud Services Router CSR1000v that internally runs IOS-XE and that could - if installed on a server and properly licensed - provide this functionality with a decent performance.

Best regards,
Peter

adding a vlan_id on gre tunnel