Cisco CCNA GRE Tunnel Configuration
-
Upload
hamed-moghaddam -
Category
Education
-
view
504 -
download
3
Transcript of Cisco CCNA GRE Tunnel Configuration
CISCO CCNAPPP MULTILINK CONFIGURATION
TO WATCH OUR CISCO CCNA VIDEO TRAININGS PLEASE CHECK OUT THE LINK BELOW:WWW.ASMED.COM/C1ASM Educational Center Inc. (ASM)
Where Training, Technology & Service ConvergePhone: (301) 984-7400Rockville,MD
GRE TUNNEL CONFIGURATIONNow I will do small Lab:
The Goal is that PC1 (private Network) be able to Ping PC2 another Private Network, by going Via R3 which represent internet. R3 has no connectivity to LAN 192.168.2.0 and 192.168.1.0 /24
GRE TUNNEL CONFIGURATION
Here is R1 has default route to ISP (R3):
R1#show ip routeCodes: C – connected, S – static, I – IGRP, R – RIP, M – mobile, B – BGPD – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter areaN1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2E1 – OSPF external type 1, E2 – OSPF external type 2, E – EGPi – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, ia – IS-IS inter area* – candidate default, U – per-user static route, o – ODRP – periodic downloaded static route
Gateway of last resort is 20.20.20.2 to network 0.0.0.020.0.0.0/30 is subnetted, 1 subnetsC 20.20.20.0 is directly connected, Serial0/0/0C 192.168.1.0/24 is directly connected, FastEthernet0/0S* 0.0.0.0/0 [1/0] via 20.20.20.2R1#
GRE TUNNEL CONFIGURATION
GRE TUNNEL CONFIGURATIONAlso R2 has a default route to ISP (R3):R2#show ip routeCodes: C – connected, S – static, I – IGRP, R – RIP, M – mobile, B – BGPD – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter areaN1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2E1 – OSPF external type 1, E2 – OSPF external type 2, E – EGPi – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, ia – IS-IS inter area* – candidate default, U – per-user static route, o – ODRP – periodic downloaded static route Gateway of last resort is 30.30.30.1 to network 0.0.0.0 30.0.0.0/30 is subnetted, 1 subnetsC 30.30.30.0 is directly connected, Serial0/0/0C 192.168.2.0/24 is directly connected, FastEthernet0/0S* 0.0.0.0/0 [1/0] via 30.30.30.1
GRE TUNNEL CONFIGURATION
So right now I should be able to ping from R1 to Public IP address of R2 ( Think of R1 for Company 1) and think of R2 for Company 2R1#ping 30.30.30.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 30.30.30.2, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 4/10/13 ms Now seated at PC1 =192.168.1.1 I cannot ping PC2=192.168.2.1PC>ping 192.168.2.1
GRE TUNNEL CONFIGURATIONPinging 192.168.2.1 with 32 bytes of data:Request timed out.Request timed out.Request timed out.Request timed out. Ping statistics for 192.168.2.1:Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), So Goal is to have a GRE Tunnel Between R1 and R2, over internet; and PC1 be able to Ping PC2
GRE TUNNEL CONFIGURATION
Step 1) Create an Int Tunnel 0 on R1 as followR1#interface Tunnel0ip address 10.10.10.1 255.255.255.252tunnel mode gre iptunnel source Serial0/0/0tunnel destination 30.30.30.2!
GRE TUNNEL CONFIGURATION
As we see in above I need to use source (I use my S0/0/0 that is talking to ISP) and also I need to use the destination, which I need to use Public IP address of R2 = 30.30.30.2 R1#config tEnter configuration commands, one per line. End with CNTL/Z.R1(config)#int tunnel 0 R1(config-if)#%LINK-5-CHANGED: Interface Tunnel0, changed state to up
GRE TUNNEL CONFIGURATION
R1(config-if)#R1(config-if)#ip addR1(config-if)#ip address 10.10.10.1 255.255.255.252R1(config-if)#tunR1(config-if)#tunnel ?destination destination of tunnelmode tunnel encapsulation methodsource source of tunnel packets
GRE TUNNEL CONFIGURATION
R1(config-if)#tunnel souR1(config-if)#tunnel source ?Ethernet IEEE 802.3FastEthernet FastEthernet IEEE 802.3GigabitEthernet GigabitEthernet IEEE 802.3zLoopback Loopback interfaceSerial SerialR1(config-if)#tunnel source s0/0/0R1(config-if)#R1(config-if)#R1(config-if)#tunne
GRE TUNNEL CONFIGURATION
R1(config-if)#tunnel ?destination destination of tunnelmode tunnel encapsulation methodsource source of tunnel packetsR1(config-if)#tunnel desR1(config-if)#tunnel destination ?A.B.C.D ip addressR1(config-if)#tunnel destination 30.30.30.2R1(config-if)#%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
GRE TUNNEL CONFIGURATION
R1(config-if)#tunR1(config-if)#tunnel ?destination destination of tunnelmode tunnel encapsulation methodsource source of tunnel packetsR1(config-if)#tunnel moR1(config-if)#tunnel mode ?gre generic route encapsulation protocolipv6ip IPv6 over IP encapsulationR1(config-if)#tunnel mode grR1(config-if)#tunnel mode gre ?ip over IPR1(config-if)#tunnel mode gre ip ?<cr>R1(config-if)#tunnel mode gre ip
GRE TUNNEL CONFIGURATION
Here is show run so far:interface Tunnel0ip address 10.10.10.1 255.255.255.252tunnel mode gre iptunnel source Serial0/0/0tunnel destination 30.30.30.2 Lets check R1# show ip int briefR1#show ip int brief
GRE TUNNEL CONFIGURATION
Interface IP-Address OK? Method Status ProtocolFastEthernet
0/0192.168.1.10
0YES manual up up
FastEthernet0/1
unassigned YES unset administratively down down
Serial0/0/0 20.20.20.1 YES manual up upTunnel0 10.10.10.1 YES manual up up
!
GRE TUNNEL CONFIGURATION
Step 2) Now I will do same concept on R2 (make sure use your own interface as source and use public IP address of R1=20.20.20.1)interface Tunnel0ip address 10.10.10.2 255.255.255.252mtu 1476tunnel source Serial0/0/0tunnel destination 20.20.20.1
GRE TUNNEL CONFIGURATION
R2#R2#config tEnter configuration commands, one per line. End with CNTL/Z.R2(config)#int tunnel 0 R2(config-if)#%LINK-5-CHANGED: Interface Tunnel0, changed state to up R2(config-if)#R2(config-if)#ip addR2(config-if)#ip address 10.10.10.2 255.255.255.252
GRE TUNNEL CONFIGURATION
R2(config-if)#R2(config-if)#tunR2(config-if)#tunnel ?destination destination of tunnelmode tunnel encapsulation methodsource source of tunnel packetsR2(config-if)#tunnel souR2(config-if)#tunnel source s0/0/0R2(config-if)#tunnel desR2(config-if)#tunnel destination 20.20.20.1R2(config-if)#%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
GRE TUNNEL CONFIGURATION
R2(config-if)#trunR2(config-if)#tunR2(config-if)#tunnel ?destination destination of tunnelmode tunnel encapsulation methodsource source of tunnel packetsR2(config-if)#tunnel moR2(config-if)#tunnel mode ?gre generic route encapsulation protocol
GRE TUNNEL CONFIGURATION
ipv6ip IPv6 over IP encapsulationR2(config-if)#tunnel mode grR2(config-if)#tunnel mode gre ?ip over IPR2(config-if)#tunnel mode gre ip ?<cr>R2(config-if)#tunnel mode gre ipR2(config-if)#
GRE TUNNEL CONFIGURATION
Here is show run so far on R2#:interface Tunnel0ip address 10.10.10.2 255.255.255.252mtu 1476tunnel source Serial0/0/0tunnel destination 20.20.20.1 Now Lets look at R2#show ip int brief and See if I can ping from R1 to R2 Tunnel IP address=10.10.10.2R2#show ip int brief
GRE TUNNEL CONFIGURATION
R2#R2#ping 10.10.10.2 Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 3/11/18 ms
Interface IP-Address
OK? Method Status Protocol
FastEthernet0/0
192.168.1.100
YES manual up up
FastEthernet0/1
unassigned YES unset administratively down
down
Serial0/0/0 30.30.30.2 YES manual up upTunnel0 10.10.10.2 YES manual up up
GRE TUNNEL CONFIGURATION
R2#ping 10.10.10.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 12/17/24 msAs we see we have connectivity from Tunnel of R1 to Tunnel of R2 But let’s see if I can ping from PC1 to PC2?
GRE TUNNEL CONFIGURATION
PC>ping 192.168.2.1Pinging 192.168.2.1 with 32 bytes of data: Request timed out.Request timed out.Request timed out.Request timed out. Ping statistics for 192.168.2.1:Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
GRE TUNNEL CONFIGURATION
Not yet? Why? Since R1 routing table does not know how to get to network 192.168.2.0 ,Let’s look at R1#show ip routeR1#show ip routeCodes: C – connected, S – static, I – IGRP, R – RIP, M – mobile, B – BGPD – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter areaN1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2E1 – OSPF external type 1, E2 – OSPF external type 2, E – EGPi – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, ia – IS-IS inter area* – candidate default, U – per-user static route, o – ODRP – periodic downloaded static route Gateway of last resort is 20.20.20.2 to network 0.0.0.0
GRE TUNNEL CONFIGURATION
10.0.0.0/30 is subnetted, 1 subnetsC 10.10.10.0 is directly connected, Tunnel020.0.0.0/30 is subnetted, 1 subnetsC 20.20.20.0 is directly connected, Serial0/0/0C 192.168.1.0/24 is directly connected, FastEthernet0/0S* 0.0.0.0/0 [1/0] via 20.20.20.2
GRE TUNNEL CONFIGURATION
Step 3) Make sure create a Static Route on Both R1 and R2 , to be able to see each other network ; that is R1 need to see network 192.168.2.0 and R2 need to see network 192.168.1.0 Hint: when you put the next hop, make sure use private ip address of each other =10.10.10.1 and 10.10.10.2 Let’s do R1 static route:R1#config tEnter configuration commands, one per line. End with CNTL/Z.R1(config)#ip route ?A.B.C.D Destination prefixR1(config)#ip route 192.168.2.0 ?A.B.C.D Destination prefix mask
GRE TUNNEL CONFIGURATION
R1(config)#ip route 192.168.2.0 255.255.255.0 ?A.B.C.D Forwarding router’s addressEthernet IEEE 802.3FastEthernet FastEthernet IEEE 802.3GigabitEthernet GigabitEthernet IEEE 802.3zLoopback Loopback interfaceNull Null interfaceSerial SerialVlan Catalyst VlansR1(config)#ip route 192.168.2.0 255.255.255.0 10.10.10.2
GRE TUNNEL CONFIGURATIONHere is show run on R1:R1#show run ip route 192.168.2.0 255.255.255.0 10.10.10.2 (destination Net) (Next hop) Here is show ip route on R1#:R1#show ip routeCodes: C – connected, S – static, I – IGRP, R – RIP, M – mobile, B – BGPD – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter areaN1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2E1 – OSPF external type 1, E2 – OSPF external type 2, E – EGPi – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, ia – IS-IS inter area* – candidate default, U – per-user static route, o – ODRP – periodic downloaded static route Gateway of last resort is 20.20.20.2 to network 0.0.0.0
GRE TUNNEL CONFIGURATION
10.0.0.0/30 is subnetted, 1 subnetsC 10.10.10.0 is directly connected, Tunnel020.0.0.0/30 is subnetted, 1 subnetsC 20.20.20.0 is directly connected, Serial0/0/0C 192.168.1.0/24 is directly connected, FastEthernet0/0S 192.168.2.0/24 [1/0] via 10.10.10.2S* 0.0.0.0/0 [1/0] via 20.20.20.2R1#
GRE TUNNEL CONFIGURATION
Now I will do same static route on R2R2#config tEnter configuration commands, one per line. End with CNTL/Z.R2(config)#ip route ?A.B.C.D Destination prefixR2(config)#ip route 192.168.1.0 ?A.B.C.D Destination prefix maskR2(config)#ip route 192.168.1.0 255.255.255.0 ?A.B.C.D Forwarding router’s addressEthernet IEEE 802.3
GRE TUNNEL CONFIGURATION
FastEthernet FastEthernet IEEE 802.3GigabitEthernet GigabitEthernet IEEE 802.3zLoopback Loopback interfaceNull Null interfaceSerial SerialVlan Catalyst VlansR2(config)#ip route 192.168.1.0 255.255.255.0 10.10.10.1R2(config)#
GRE TUNNEL CONFIGURATION
Here is my show run on R2#:ip route 192.168.1.0 255.255.255.0 10.10.10.1 (dest net ) (Next Hop) Now I should be able to ping from PC1 to PC2 ,PC>ping 192.168.2.1
GRE TUNNEL CONFIGURATION
Pinging 192.168.2.1 with 32 bytes of data: Reply from 192.168.2.1: bytes=32 time=5ms TTL=126Reply from 192.168.2.1: bytes=32 time=2ms TTL=126Reply from 192.168.2.1: bytes=32 time=2ms TTL=126Reply from 192.168.2.1: bytes=32 time=2ms TTL=126
GRE TUNNEL CONFIGURATION
Ping statistics for 192.168.2.1:Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:Minimum = 2ms, Maximum = 5ms, Average = 2ms
GRE TUNNEL CONFIGURATION
So here is summary of each router:R1#show run interface Tunnel0ip address 10.10.10.1 255.255.255.252mtu 1476tunnel source Serial0/0/0 (use your own Interface)tunnel destination 30.30.30.2 ( use Public IP address of R2)!!
GRE TUNNEL CONFIGURATION
interface FastEthernet0/0ip address 192.168.1.100 255.255.255.0duplex autospeed auto!interface FastEthernet0/1no ip addressduplex autospeed autoshutdown!
GRE TUNNEL CONFIGURATION
interface Serial0/0/0ip address 20.20.20.1 255.255.255.252clock rate 2000000!interface Vlan1no ip addressshutdown!ip classlessip route 0.0.0.0 0.0.0.0 20.20.20.2ip route 192.168.2.0 255.255.255.0 10.10.10.2 ( static route to other side network ; and use private IPaddress of Tunnel of R2)
GRE TUNNEL CONFIGURATION
Now here is Show run on R2#:R2#interface Tunnel0ip address 10.10.10.2 255.255.255.252mtu 1476tunnel source Serial0/0/0 (use your own interface )tunnel destination 20.20.20.1 ( use the public IP address of R1)!!
GRE TUNNEL CONFIGURATION
interface FastEthernet0/0ip address 192.168.2.100 255.255.255.0duplex autospeed auto!interface FastEthernet0/1no ip addressduplex autospeed autoshutdown!
GRE TUNNEL CONFIGURATION
interface Serial0/0/0ip address 30.30.30.2 255.255.255.252clock rate 2000000!interface Vlan1no ip addressshutdown!ip classlessip route 0.0.0.0 0.0.0.0 30.30.30.1ip route 192.168.1.0 255.255.255.0 10.10.10.1 (static route to other network with remote Tunnel IP Address)
ASM EDUCATIONAL CENTER INC. (ASM)WHERE TRAINING, TECHNOLOGY & SERVICE CONVERGE
To watch our Cisco CCNA Video Trainings Please Check out the link below:www.asmed.com/c1Phone: (301) 984-7400Rockville,MD