Lab: GRE Tunnel

Generic Routing Encapsulation (GRE) is a tunneling protocol. This protocol allows the encapsulation of the network layer protocols inside other packets (packets into packets). Tunnel allows the expansion of a network that are separated in two different locations to create a point-to-point connection between the two sites.

In this lab, we will build a simple GRE Tunnel between two different sites. We are not going to encrypt the traffic, so therefore this is a non-secure remote location network.

Task 1:
Lets start with the ISP router. Configure the host name of the router and both interfaces.

Router>enable
Router#configure terminal
Router(config)#hostname ISP
ISP(config)#interface ethernet 0/0
ISP(config-if)#ip address 199.100.25.38 255.255.255.252
ISP(config-if)#no shutdown
ISP(config-if)#exit
ISP(config)#
ISP(config)#interface ethernet 0/1
ISP(config-if)#ip address 199.100.25.25 255.255.255.252
ISP(config-if)#no shutdown
ISP(config-if)#exit
ISP(config)#
ISP(config)#end
ISP#

Task 2:
Configure the HQ router. Configure the host name and both its public IP interface and the loopback 0 interface.

Router>enable
Router#configure terminal
Router(config)#hostname HQ
HQ(config)#interface ethernet 0/0
HQ(config-if)#ip address 199.100.25.37 255.255.255.252
HQ(config-if)#no shutdown
HQ(config-if)#exit
HQ(config)#
HQ(config)#interface loopback 0
HQ(config-if)#ip address
HQ(config-if)#ip address 172.16.1.1 255.255.255.255
HQ(config-if)#no shutdown
HQ(config-if)#end
HQ#

Task 3:
Configure the Branch router. Configure the host name and both its public IP interface and the loopback 0 interface.

Router>enable
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname Branch
Branch(config)#interface ethernet 0/1
Branch(config-if)#ip address 199.100.25.26 255.255.255.252
Branch(config-if)#no shutdown
Branch(config-if)#exit
Branch(config)#interface loopback 0
Branch(config-if)#ip address 172.16.3.3 255.255.255.255
Branch(config-if)#no shutdown
Branch(config-if)#exit
Branch(config)#end
Branch#

Task 4:
In order for a tunnel to form. Both the HQ router and the Branch router will need to know how to reach each others public IP address. Add a static route on both routers to the others public ip. After both static routes have been implemented ping from the HQ router the Branch’s IP address.

Branch#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Branch(config)#ip route 199.100.25.37 255.255.255.255 199.100.25.25
Branch(config)#end
Branch#


HQ#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
HQ(config)#ip route 199.100.25.26 255.255.255.255 199.100.25.38
HQ(config)#end
HQ#ping 199.100.25.26
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 199.100.25.26, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

Task 5:
Now we can create the tunnel interface in the HQ router. The tunnel source shall be the physical inteface towards the ISP. The destination will be the branch router public IP address.

HQ#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
HQ(config)#interface tunnel 105
HQ(config-if)#tunnel source ethernet 0/0
HQ(config-if)#tunnel destination 199.100.25.26
HQ(config-if)#ip address 10.220.105.1 255.255.255.252
HQ(config-if)#end
HQ#

Task 6:
Create the tunnel interface in the Branch router. The tunnel source shall be the physical port that connects to the ISP. The destination will be the HQ routers public IP address. Verify the connection after completion.

Branch#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Branch(config)#interface tunnel 105
Branch(config-if)#tunnel source ethernet 0/1
Branch(config-if)#tunnel destination 199.100.25.37
Branch(config-if)#ip address 10.220.105.2 255.255.255.252
Branch(config-if)#exit
Branch(config)#exit
Branch#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
Ethernet0/0                unassigned      YES unset  administratively down down
Ethernet0/1                199.100.25.26   YES manual up                    up
Ethernet0/2                unassigned      YES unset  administratively down down
Ethernet0/3                unassigned      YES unset  administratively down down
Loopback0                  172.16.3.3      YES manual up                    up
Tunnel105                  10.220.105.2    YES manual up                    up
Branch#ping 10.220.105.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.220.105.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Branch#show interface tunnel 105
Tunnel105 is up, line protocol is up
  Hardware is Tunnel
  Internet address is 10.220.105.2/30
  MTU 17916 bytes, BW 100 Kbit/sec, DLY 50000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation TUNNEL, loopback not set
  Keepalive not set
  Tunnel linestate evaluation up
  Tunnel source 199.100.25.26 (Ethernet0/1), destination 199.100.25.37
   Tunnel Subblocks:
      src-track:
         Tunnel105 source tracking subblock associated with Ethernet0/1
          Set of tunnels with source Ethernet0/1, 1 member (includes iterators), on interface 
  Tunnel protocol/transport GRE/IP
    Key disabled, sequencing disabled
    Checksumming of packets disabled
  Tunnel TTL 255, Fast tunneling enabled
  Tunnel transport MTU 1476 bytes
  Tunnel transmit bandwidth 8000 (kbps)
  Tunnel receive bandwidth 8000 (kbps)
  Last input 00:22:20, output 00:01:02, output hang never
  Last clearing of "show interface" counters 00:25:21
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/0 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     5 packets input, 620 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     14 packets output, 1304 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out

Task 7:
Now lets use a Dynamic routing protocol, in this lab I am going to use EIGRP. With the routing protocol configured we can have the HQ router and the Branch router learn about each other’s loopback address or in another instance the LANs IP address of the site. Verify after the configuration connectivity to the HQs Loopback from the Branch router.

HQ#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
HQ(config)#router eigrp 1
HQ(config-router)#no auto-summary
HQ(config-router)#network 172.16.1.1 0.0.0.0
HQ(config-router)#network 10.220.105.0 0.0.0.3
HQ(config-router)#end
HQ#

Branch(config)#router eigrp 1
Branch(config-router)#no auto-summary
Branch(config-router)#network 172.16.3.3 0.0.0.0
Branch(config-router)#network 10.220.105.0 0.0.0.3
Branch(config-router)#end
Branch#

Branch#ping 172.16.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

A Tech Blog/Portfolio

Leave a Reply Cancel reply

A Tech Blog/Portfolio

Lab: GRE Tunnel

Related articles

Basic OSPF Lab

HSRP

Cisco ACL lab

Leave a Reply Cancel reply