How do I make GRE tunnel specific to one interface

Discussion in 'Cisco' started by jim, Dec 7, 2004.

  1. jim

    jim Guest

    Is it possible to make a GRE tunnel specific to an interface? ie so only traffic from that interface can use the GRE
    tunnel?

    I want to configure Router A so that any traffic from the GRE tunnel gets sent to Ethernet 0, and any traffic from
    Ethernet 0 gets sent over the GRE tunnel. I dont want any traffic from Ethernet 1 to be able to get to Ethernet0,
    or the GRE tunnel.

    Here is the config I have at the moment:

    ====== Router A ===========
    interface Tunnel0
    ip address 172.16.0.1 255.255.255.0
    tunnel source 100.100.100.1
    tunnel destination 200.200.200.1
    !
    interface FastEthernet0
    description connected to Private LAN
    ip address 10.0.0.1 255.255.255.0
    !
    interface FastEthernet1
    description connected to Standard LAN
    ip address 150.150.150.1 255.255.255.0
    !
    interface Serial0
    description connected to Internet
    ip address 100.100.100.1 255.255.255.252
    !
    ip route 0.0.0.0 0.0.0.0 Serial0
    ip route 192.168.0.0 255.255.255.0 Tunnel0


    Router B only has one ethernet card with a private network so is simpler. I want the routing for the FE0 to
    be seperate from the routing for FE1 as if the two interfaces dont know about each other and each others
    IP routing.

    Thanks.

    Jim.
     
    jim, Dec 7, 2004
    #1
    1. Advertisements

  2. :Is it possible to make a GRE tunnel specific to an interface? ie so
    :eek:nly traffic from that interface can use the GRE tunnel?

    Yes, just configure the 'tunnel source' appropriately.


    :I want to configure Router A so that any traffic from the GRE tunnel
    :gets sent to Ethernet 0, and any traffic from Ethernet 0 gets sent over
    :the GRE tunnel. I dont want any traffic from Ethernet 1 to be able to
    :get to Ethernet0, or the GRE tunnel.

    Ah, that's a slightly different question, as setting the tunnel
    source wouldn't preclude the other traffic from being routed to
    something that sent it back out through the interface marked as
    the tunnel source.

    What you should do is either use ACLs to block the traffic, if
    it can be isolated to particular destination IPs [e.g., you don't
    have a situation wanting there to be different default routes
    for the different interfaces.] If there is overlap between the
    IP ranges then you should set up a route map and use policy based
    routing (PBR).

    On some devices with some IOS versions, another approach would be to
    set up VRF (Virtual Router Facility), which sort of partitions the
    router as if it were separate routers with different routing
    characteristics for each identified VRF.
     
    Walter Roberson, Dec 7, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.