EN WLC
Дерево страниц

Сравнение версий

Старая версия 4

changes.mady.by.user Отдел Документации

Сохранено

по сравнению с

Новая версия Текущий

changes.mady.by.user Отдел Документации

Сохранено

Ключ

  • Эта строка добавлена.
  • Эта строка удалена.
  • Изменено форматирование.

...

Step

Description

Command

Keys

1

Configure L3 interface from which a GRE tunnel will be built.



2

Create a GRE tunnel and switch to its configuration mode.

esr(config)# tunnel gre <INDEX>

<INDEX> – tunnel identifier, set in the range of:

  • for ESR-10/12V(F)/14VF/15 and WLC-15 – [1..10];
  • for ESR-20/21/30/100/200 and WLC-30 – [1..250];
  • for ESR-1000/1200/1500/1511/1700/3100/3200 and WLC-3200 – [1..500].

3

Specify VRF instance, in which the given GRE tunnel will operate (optional).

esr(config-gre )# ip vrf forwarding <VRF>

<VRF> – VRF name, set by the string of up to 31 characters.

4

Specify the description of the configured tunnel (optional).

esr(config-gre)# description <DESCRIPTION>

<DESCRIPTION> – tunnel description, set by the string of up to 255 characters.

5

Set local IP address for tunnel installation.

esr(config-gre)# local address <ADDR>

<ADDR> – gateway IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255].

esr(config-gre)# local interface <IF>

<IF> – interface IP address of which is used for the tunnel installation.

6

Set remote IP address for tunnel installation.

esr(config-gre)# remote address <ADDR>

<ADDR> – gateway IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255].

7

Specify the GRE tunnel encapsulation mode.

esr(config-gre)# mode <MODE>

<MODE> – GRE tunnel encapsulation mode:

  • ip – encapsulation of IP in GRE;
  • ethernet –  encapsulation of Ethernet frames in GRE.

Default value: ip

8

Set the IP address of a tunnel local side (only in ip mode).

esr(config-gre)# ip address <ADDR/LEN>

<ADDR/LEN> – IP address and prefix of a subnet, defined as AAA.BBB.CCC.DDD/EE where each part AAA-DDD takes values of [0..255] and EE takes values of [1..32].

Up to 8 IP addresses can be specified separated by commas.

For advanced IPv4 addressing features see section IP addressing configuration.

9

Assign the broadcast domain for encapsulation in the tunnel’s GRE packets (only in ethernet mode).

esr(config-gre)# bridge-group <BRIDGE-ID>

<BRIDGE-ID> – bridge identification number, takes values in the range of:

  • for ESR-10/12V(F)/14VF/15 and WLC-15 – [1..50];
  • for ESR-20/21/30/100/200 and WLC-30 – [1..250];
  • for ESR-1000/1200/1500/1511/1700/3100/3200 and WLC-3200 – [1..500].

10

Include the GRE tunnel in a security zone and configure interaction rules between zones or disable firewall (see section Firewall configuration).

esr(config-gre)# security-zone<NAME>

<NAME> – security zone name, set by the string of up to 12 characters.

esr(config-gre)# ip firewall disable

         

       

11

Specify MTU size (MaximumTransmissionUnit) for the tunnel (optional).
MTU above 1500 will be active only when using the 'system jumbo-frames' command.

esr(config-gre)# mtu <MTU>

<MTU> – MTU value, takes values in the range of:

  • for ESR-10/12V(F)/14VF/15 and WLC-15 – [1280..9600];
  • for ESR-20/21/30 and WLC-30 – [1280..9500];
  • for ESR-100/200/1000/1200/1500/1511/1700/3100/3200 and WLC-3200 – [1280..10000].

Default value: 1500.

12

Specify the TTL lifetime for tunnel packets (optional).

esr(config-gre)# ttl <TTL>

<TTL> – TTL value, takes values in the range of [1..255].

Default value: Inherited from encapsulated packet.

13

Specify DSCP for the use in IP header of encapsulated packet (optional).

esr(config-gre)# dscp <DSCP>

<DSCP> – DSCP code value, takes values in the range of [0..63].

Default value: inherited from encapsulated packet.

14

Enable key transmitting in GRE tunnel header (according to RFC 2890) and set the key value. Configured only on the both tunnel sides (optional).

esr(config-gre)# key <KEY>

<KEY> – KEY value, takes values in the range of [1..2000000].

Default value: key is not transmitted.

15

Enable the calculation of the checksum and entry it to the GRE header of the packets to be sent. Also it is necessary to enable verifying of the checksum on the remote side (optional).

esr(config-gre)# local checksum


16

Enable verification of the presence and consistency of checksum values in the headers of GRE packets being received. Also it is necessary to enable calculation of the checksum on the remote side (optional).

esr(config-gre)# remote checksum


17

Enable the check for tunnel remote gateway availability (optional).

esr(config-gre)# keepalive enable


18

Change the keepalive packets timeout from the opposing party (optional).

esr(config-gre)# keepalive timeout <TIME>

<TIME> – time in seconds, takes values of [1..32767].

Default value: 10.

19

Change the number of attempts to check the availability of a tunnel remote gateway (optional).

esr(config-gre)# keepalive retries <VALUE>

<VALUE> – number of attempts, takes values in the range of [1..255].

Default value: 5.

20

Specify the IP address for the keepalive mechanism (mandatory in ethernet mode).

esr(config-gre)# keepalive dst-address <ADDR>

<ADDR> – IP address to check GRE tunnel capability.

21

Change the time interval during which the statistics on the tunnel load is averaged (optional).

esr(config-gre)# load-average <TIME>

<TIME> – interval in seconds, takes values of [5..150].

Default value: 5.

22

Enable sending snmp-trap about tunnel enabling/disabling.

esr(config-gre)# snmp init-trap


23

Enable the mechanism of IP addresses iterative query using DHCP on the specified interfaces when the GRE tunnel is disconnected via keepalive (optional).

esr(config-gre)# keepalive dhcp dependent-interface <IF>

<IF> – physical/logical interface on which IP address obtaining via DHCP is enabled.

24

Specify the time interval between GRE tunnel disabling and IP address iterative query on the interface/interfaces specified by the keepalive dhcp dependent-interface command (optional).

esr(config-gre)# keepalive dhcp link-timeout <SEC>

<SEC> – time interval between GRE tunnel disabling and IP address requery via DHCP on the interfaces.

25

Override the MSS (Maximum segment size) field in incoming TCP packets (optional).

esr(config-gre)# ip tcp adjust-mss <MSS>

<MSS> – MSS value, takes values in the range of [500..1460].

Default value: 1460.

26

Enable recording of the current tunnel usage statistics (optional).

esr(config-gre)# history statistics


27

Enable the tunnel.

esr(config-gre)# enable


It is also possible to configure the GRE tunnel:

...

Define the inherence of L2TPv3 tunnel to a bridge that should be mapped to remote office network (for bridge configuration, see Section section Configuration example of bridge for VLAN and L2TPv3 tunnel):

...

Define the inherence of sub-interface to a bridge that should be mapped to LAN (for bridge configuration, see Section section Configuration of PPP via E1):

...

R2 IP address – 203.0.113.1.

Scroll Pagebreak
IKE:

  • Diffie-Hellman group: 2;
  • encryption algorithm: AES 128 bit;
  • authentication algorithm: MD5.

...

Примечание

If none of dynamic routing protocols is configured in VRF, specify static routes for each VRF:

Блок кода
esr(config)# ip route vrf vrf_1 0.0.0.0/0 192.168.0.2
esr(config)# ip route vrf vrf_2 0.0.0.0/0 192.168.0.1

Scroll Pagebreak