«

Is it possible to make a GRE tunnel specific to an interface? ie so only traffic from that interface can use the GRE
tunnel?

I want to configure Router A so that any traffic from the GRE tunnel gets sent to Ethernet 0, and any traffic from
Ethernet 0 gets sent over the GRE tunnel. I dont want any traffic from Ethernet 1 to be able to get to Ethernet0,
or the GRE tunnel.

Here is the config I have at the moment:

====== Router A ===========
interface Tunnel0
ip address 172.16.0.1 255.255.255.0
tunnel source 100.100.100.1
tunnel destination 200.200.200.1
!
interface FastEthernet0
description connected to Private LAN
ip address 10.0.0.1 255.255.255.0
!
interface FastEthernet1
description connected to Standard LAN
ip address 150.150.150.1 255.255.255.0
!
interface Serial0
description connected to Internet
ip address 100.100.100.1 255.255.255.252
!
ip route 0.0.0.0 0.0.0.0 Serial0
ip route 192.168.0.0 255.255.255.0 Tunnel0


Router B only has one ethernet card with a private network so is simpler. I want the routing for the FE0 to
be seperate from the routing for FE1 as if the two interfaces dont know about each other and each others
IP routing.

Thanks.

Jim.

In article <>,
am <Jim> wrote:
:Is it possible to make a GRE tunnel specific to an interface? ie so
nly traffic from that interface can use the GRE tunnel?

Yes, just configure the 'tunnel source' appropriately.


:I want to configure Router A so that any traffic from the GRE tunnel
:gets sent to Ethernet 0, and any traffic from Ethernet 0 gets sent over
:the GRE tunnel. I dont want any traffic from Ethernet 1 to be able to
:get to Ethernet0, or the GRE tunnel.

Ah, that's a slightly different question, as setting the tunnel
source wouldn't preclude the other traffic from being routed to
something that sent it back out through the interface marked as
the tunnel source.

What you should do is either use ACLs to block the traffic, if
it can be isolated to particular destination IPs [e.g., you don't
have a situation wanting there to be different default routes
for the different interfaces.] If there is overlap between the
IP ranges then you should set up a route map and use policy based
routing (PBR).

On some devices with some IOS versions, another approach would be to
set up VRF (Virtual Router Facility), which sort of partitions the
router as if it were separate routers with different routing
characteristics for each identified VRF.
--
History is a pile of debris -- Laurie Anderson