GRE konfigürasyonu

1. GRE trafiginin yapılandırması

GRE üzerinde ACL Ipsec yeniden yapılandıralım.

[CLIGURU-R1]acl 3001

[CLIGURU-R1-acl-adv-3001]rule 5 permit gre source 10.0.12.1 0 destination 10.0.23.3 0

[CLIGURU-R3]acl 3001

[CLIGURU-R3-acl-adv-3001]rule 5 permit gre source 10.0.23.3 0 destination 10.0.12.1 0

2.Interfaceler arası tunnel oluşturalım.

Bir tünel arabirimi oluşturulım ve encapsulation türü GRE olarak belirtelim.

Tunnel source adresi veya source interface ayarlayalım , ve tunnel destination adresini ayarlayalım.

[CLIGURU-R1]interface Tunnel 0/0/1

[CLIGURU-R1-Tunnel0/0/1]ip address 100.1.1.1 24

[CLIGURU-R1-Tunnel0/0/1]tunnel-protocol gre

Info: Relevant configurations on this interface are deleted.

[CLIGURU-R1-Tunnel0/0/1]source 10.0.12.1

[CLIGURU-R1-Tunnel0/0/1]destination 10.0.23.3

[CLIGURU-R3]interface Tunnel 0/0/1

[CLIGURU-R3-Tunnel0/0/1]ip address 100.1.1.2 24

[CLIGURU-R3-Tunnel0/0/1]tunnel-protocol gre

Info: Relevant configurations on this interface are deleted.

[CLIGURU-R3-Tunnel0/0/1]source 10.0.23.3

[CLIGURU-R3-Tunnel0/0/1]destination 10.0.12.1

3. OSPF yapılandırması .

[CLIGURU-R1]ospf 1

[CLIGURU-R1-ospf-1]area 0

[CLIGURU-R1-ospf-1-area-0.0.0.0]network 100.1.1.0 0.0.0.255

[CLIGURU-R1]ospf 2 router-id 10.0.1.1

[CLIGURU-R1-ospf-2]area 0

[CLIGURU-R1-ospf-2-area-0.0.0.0]network 10.0.12.0 0.0.0.255

[CLIGURU-R3]ospf 1

[CLIGURU-R3-ospf-1]area 0

[CLIGURU-R3-ospf-1-area-0.0.0.0]network 100.1.1.0 0.0.0.255

[CLIGURU-R3]ospf 2 router-id 10.0.3.3

[CLIGURU-R3-ospf-2]area 0

[CLIGURU-R3-ospf-2-area-0.0.0.0]network 10.0.23.0 0.0.0.255

Tunnel konfigürasyonunn yapılandırmasına display interface tunnel 0/0/1 komutu ile bakabiliriz.

[CLIGURU-R1]display interface Tunnel 0/0/1

Tunnel0/0/1 current state : UP

Line protocol current state : UP

Last line protocol up time : 2015-01-29 12:16:41 UTC-08:00

Description:

Route Port,The Maximum Transmit Unit is 1500

Internet Address is 100.1.1.1/24

Encapsulation is TUNNEL, loopback not set

Tunnel source 10.0.12.1 (Serial0/0/1), destination 10.0.23.3

Tunnel protocol/transport GRE/IP, key disabled

keepalive disabled

Checksumming of packets disabled

Current system time: 2015-01-29 12:19:41-08:00

300 seconds input rate 32 bits/sec, 0 packets/sec

300 seconds output rate 32 bits/sec, 0 packets/sec

0 seconds input rate 0 bits/sec, 0 packets/sec

0 seconds output rate 0 bits/sec, 0 packets/sec

28 packets input, 2676 bytes

0 input error

28 packets output, 2612 bytes

0 output error

Input:

Unicast: 0 packets, Multicast: 0 packets

Output:

Unicast: 0 packets, Multicast: 28 packets

Input bandwidth utilization : —

Output bandwidth utilization : —

[CLIGURU-R3]display interface Tunnel 0/0/1

Tunnel0/0/1 current state : UP

Line protocol current state : UP

Last line protocol up time : 2015-01-29 12:16:45 UTC-08:00

Description:

Route Port,The Maximum Transmit Unit is 1500

Internet Address is 100.1.1.2/24

Encapsulation is TUNNEL, loopback not set

Tunnel source 10.0.23.3 (Serial0/0/2), destination 10.0.12.1

Tunnel protocol/transport GRE/IP, key disabled

keepalive disabled

Checksumming of packets disabled

Current system time: 2015-01-29 12:20:41-08:00

300 seconds input rate 64 bits/sec, 0 packets/sec

300 seconds output rate 72 bits/sec, 0 packets/sec

0 seconds input rate 0 bits/sec, 0 packets/sec

0 seconds output rate 0 bits/sec, 0 packets/sec

34 packets input, 3168 bytes

0 input error

34 packets output, 3228 bytes

0 output error

Input:

Unicast: 0 packets, Multicast: 0 packets

Output:

Unicast: 0 packets, Multicast: 34 packets

Input bandwidth utilization : —

Output bandwidth utilization : —

GRE tunnel konfigürasyonunu kontrol edelim.

Routing tablosuna display ip routing-table komutu ile bakabiliriz.

[CLIGURU-R1]display ip routing-table

Route Flags: R – relay, D – download to fib

——————————————————————————

Routing Tables: Public

Destinations : 15 Routes : 15

Destination/Mask Proto Pre Cost Flags NextHop Interface

10.0.1.0/24 Direct 0 0 D 10.0.1.1 LoopBack0

10.0.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0

10.0.2.2/32 OSPF 10 1562 D 10.0.12.2 Serial0/0/1

10.0.3.3/32 OSPF 10 1562 D 100.1.1.2 Tunnel0/0/1

10.0.11.0/24 Direct 0 0 D 10.0.11.11 LoopBack1

10.0.11.11/32 Direct 0 0 D 127.0.0.1 LoopBack1

10.0.12.0/24 Direct 0 0 D 10.0.12.1 Serial0/0/1

10.0.12.1/32 Direct 0 0 D 127.0.0.1 Serial0/0/1

10.0.12.2/32 Direct 0 0 D 10.0.12.2 Serial0/0/1

10.0.23.0/24 OSPF 10 3124 D 10.0.12.2 Serial0/0/1

10.0.33.33/32 OSPF 10 1562 D 100.1.1.2 Tunnel0/0/1

100.1.1.0/24 Direct 0 0 D 100.1.1.1 Tunnel0/0/1

100.1.1.1/32 Direct 0 0 D 127.0.0.1 Tunnel0/0/1

127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0

127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

<CLIGURU-R3>display ip routing-table

Route Flags: R – relay, D – download to fib

——————————————————————————

Routing Tables: Public

Destinations : 15 Routes : 15

Destination/Mask Proto Pre Cost Flags NextHop Interface

10.0.1.1/32 OSPF 10 1562 D 100.1.1.1 Tunnel0/0/1

10.0.2.2/32 OSPF 10 1562 D 10.0.23.2 Serial0/0/2

10.0.3.0/24 Direct 0 0 D 10.0.3.3 LoopBack0

10.0.3.3/32 Direct 0 0 D 127.0.0.1 LoopBack0

10.0.11.11/32 OSPF 10 1562 D 100.1.1.1 Tunnel0/0/1

10.0.12.0/24 OSPF 10 3124 D 10.0.23.2 Serial0/0/2

10.0.23.0/24 Direct 0 0 D 10.0.23.3 Serial0/0/2

10.0.23.2/32 Direct 0 0 D 10.0.23.2 Serial0/0/2

10.0.23.3/32 Direct 0 0 D 127.0.0.1 Serial0/0/2

10.0.33.0/24 Direct 0 0 D 10.0.33.33 LoopBack1

10.0.33.33/32 Direct 0 0 D 127.0.0.1 LoopBack1

100.1.1.0/24 Direct 0 0 D 100.1.1.2 Tunnel0/0/1

100.1.1.2/32 Direct 0 0 D 127.0.0.1 Tunnel0/0/1

127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0

127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

GRE tünel kurulduktan sonra , GRE tunnel üzerinden konfigürasyonun çalıtıgını kontrol edelim.Ipsec statisticleri temizledikten sonra bağlantıyı test edelim.

<CLIGURU-R1>reset ipsec statistics esp

<CLIGURU-R1>ping -a 10.0.1.1 10.0.3.3

PING 10.0.3.3: 56 data bytes, press CTRL_C to break

Reply from 10.0.3.3: bytes=56 Sequence=1 ttl=255 time=70 ms

Reply from 10.0.3.3: bytes=56 Sequence=2 ttl=255 time=70 ms

Reply from 10.0.3.3: bytes=56 Sequence=3 ttl=255 time=70 ms

Reply from 10.0.3.3: bytes=56 Sequence=4 ttl=255 time=80 ms

Reply from 10.0.3.3: bytes=56 Sequence=5 ttl=255 time=30 ms

— 10.0.3.3 ping statistics —

5 packet(s) transmitted

5 packet(s) received

0.00% packet loss

round-trip min/avg/max = 30/64/80 ms

<CLIGURU-R1>display ipsec statistics esp

Inpacket count : 8

Inpacket auth count : 0

Inpacket decap count : 0

Outpacket count : 8

Outpacket auth count : 0

Outpacket encap count : 0

Inpacket drop count : 0

Outpacket drop count : 0

BadAuthLen count : 0

AuthFail count : 0

PktDuplicateDrop count : 0

PktSeqNoTooSmallDrop count: 0

PktInSAMissDrop count : 0

GRE IPsec üzerinden hello paketleri dahil tüm OSPF trafiğini encapsüle eder ,

[CLIGURU-R1]interface Tunnel 0/0/1

[CLIGURU-R1-Tunnel0/0/1]keepalive period 3

<CLIGURU-R1>display interface Tunnel 0/0/1

Tunnel0/0/1 current state : UP

Line protocol current state : UP

Last line protocol up time : 2015-01-29 12:16:41 UTC-08:00

Description:

Route Port,The Maximum Transmit Unit is 1500

Internet Address is 100.1.1.1/24

Encapsulation is TUNNEL, loopback not set

Tunnel source 10.0.12.1 (Serial0/0/1), destination 10.0.23.3

Tunnel protocol/transport GRE/IP, key disabled

keepalive enable period 3 retry-times 3

Checksumming of packets disabled

Current system time: 2015-01-29 12:24:55-08:00

300 seconds input rate 80 bits/sec, 0 packets/sec

300 seconds output rate 80 bits/sec, 0 packets/sec

0 seconds input rate 0 bits/sec, 0 packets/sec

0 seconds output rate 0 bits/sec, 0 packets/sec

66 packets input, 6252 bytes

0 input error

76 packets output, 6712 bytes

0 output error

Input:

Unicast: 0 packets, Multicast: 0 packets

Output:

Unicast: 5 packets, Multicast: 62 packets

Input bandwidth utilization : —

Output bandwidth utilization : —

<CLIGURU-R1>display current-configuration

#

sysname CLIGURU-R1

#

acl number 3001

rule 5 permit gre source 10.0.12.1 0 destination 10.0.23.3 0

#

interface Serial0/0/1

link-protocol ppp

ip address 10.0.12.1 255.255.255.0

#

interface LoopBack0

ip address 10.0.1.1 255.255.255.0

#

interface LoopBack1

ip address 10.0.11.11 255.255.255.0

#

interface Tunnel0/0/1

ip address 100.1.1.1 255.255.255.0

tunnel-protocol gre

keepalive period 3

source 10.0.12.1

destination 10.0.23.3

#

ospf 1 router-id 10.0.1.1

area 0.0.0.0

network 100.1.1.0 0.0.0.255

network 10.0.1.0 0.0.0.255

network 10.0.11.0 0.0.0.255

#

ospf 2 router-id 10.0.1.1

area 0.0.0.0

network 10.0.12.0 0.0.0.255

#

user-interface con 0

user-interface vty 0 4

user-interface vty 16 20

#

Return

<R2>display current-configuration

#

sysname R2

#

interface Serial0/0/1

link-protocol ppp

ip address 10.0.12.2 255.255.255.0

#

interface Serial0/0/2

link-protocol ppp

ip address 10.0.23.2 255.255.255.0

#

interface LoopBack0

ip address 10.0.2.2 255.255.255.0

#

ospf 1 router-id 10.0.2.2

area 0.0.0.0

network 10.0.2.0 0.0.0.255

network 10.0.12.0 0.0.0.255

network 10.0.23.0 0.0.0.255

#

user-interface con 0

user-interface vty 0 4

user-interface vty 16 20

#

Return

<CLIGURU-R3>display current-configuration

#

sysname CLIGURU-R3

#

acl number 3001

rule 5 permit gre source 10.0.23.3 0 destination 10.0.12.1 0

#

interface Serial0/0/2

link-protocol ppp

ip address 10.0.23.3 255.255.255.0

#

interface LoopBack0

ip address 10.0.3.3 255.255.255.0

#

interface LoopBack1

ip address 10.0.33.33 255.255.255.0

#

interface Tunnel0/0/1

ip address 100.1.1.2 255.255.255.0

tunnel-protocol gre

source 10.0.23.3

destination 10.0.12.1

#

ospf 1 router-id 10.0.3.3

area 0.0.0.0

network 100.1.1.0 0.0.0.255

network 10.0.3.0 0.0.0.255

network 10.0.33.0 0.0.0.255

#

ospf 2 router-id 10.0.3.3

area 0.0.0.0

network 10.0.23.0 0.0.0.255

#

user-interface con 0

user-interface vty 0 4

user-interface vty 16 20

#

Return