To create a point-to-point GRE tunnel, you just need a few commands. The tricky part is to figure out what parameters to plug into the commands, particularly for the source and destination of each end of the tunnel. Check out the lab exercise first, write down your answer, and come back here for the answer. As usual, it should take about 10 minutes for the lab if you’ve already read thoroughly about how to configure GRE for your CCNA R&S exam.
Answers
Figure 1: Two Enterprise Routers at Acme Corp, with One Router Acting as Entire Internet
Example 1: Edge1 Config
interface Tunnel0 ip address 10.10.30.1 255.255.255.0 tunnel source GigabitEthernet0/1 tunnel destination 198.51.100.2 ! router eigrp 10 network 10.10.30.0 0.0.0.255
Example 2: Edge2 Config
interface Tunnel0 ip address 10.10.30.2 255.255.255.0 tunnel source GigabitEthernet0/1 tunnel destination 192.0.2.2 ! router eigrp 10 network 10.10.30.0 0.0.0.255
Commentary
One of the technologies that is quickly becoming more popular is the use and configuration of Virtual Private Networks (VPN). One of the simplest and useful methods is the configuration of a Generic Routing Encapsulation (GRE) VPN. GRE can be used in a number of different complex configurations when mixed together with several other technologies.
For this lab you are tasked with configuring a manual GRE tunnel between Acme devices and configuring EIGRP over this newly configured tunnel.
We will start the GRE configuration on Acme1. Acme1 connects to the Internet router via its GigabitEthernet0/1 interface. The first step is to create the tunnel interface using the interface tunnel0 command. Once in tunnel interface configuration mode you need to set the tunnel source. Per the requirements, Acme1’s G0/1 should be used as the source, because this interface acts like a public interface connected to the internet. The configuration in this case is tunnel source gigabitethernet0/1 command. Because Acme2 will reference its own G0/1 interface, whose address is 198.51.100.2, Acme1 needs to use a tunnel destination to match Acme2’s G0/1 IP address, making Acme1’s configuration be tunnel destination 198.51.100.2.
At this point the GRE portion of the configuration on Acme1 is complete. Next we need to configure an IP address on the tunnel interface. That IPv4 address should come from the private enterprise IPv4 address space. Per the figure, Acme1 should be configured with the 10.10.30.1 IP address using a subnet mask of 255.255.255.0; to configure this use the ip address 172.16.1.1 255.255.255.0 command.
Finally, Acme1 needs to enable EIGRP on the tunnel0 interface. Note per the initial configuration, EIGRP had been enabled only on the local LAN interface G0/2. The additional configuration uses an EIGRP network command with a wildcard mask, with the network 10.10.30.0 0.0.0.255 command.
The configuration on router Acme2 is of course similar. Specifically, on Acme2:
- Per the figure, Acme2 creates an interface tunnel 0.
- Acme2 uses the tunnel source gigabitethernet0/1 command to reference Acme2’s Internet facing interface, which uses a public IP address
- Acme2 points its tunnel destination at the IP address of Acme1’s tunnel source using the tunnel destination 192.0.2.2
- To enable IPv4 on Acme2’s tunnel0 interface, Acme2 configures the IPv4 address shown in the figure, with the ip address 10.10.30.2 255.255.255.0
- Finally, to enable EIGRP on the tunnel interface, Acme2 needs a command that matches the tunnel0 interface IP address; the configuration uses the commands router eigrp 10 and network 10.10.30.0 0.0.0.255.