-
Interface and Hardware Component Command Reference, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
-
cable bundle through clock mode
-
clock rate through cut-through
-
D through E
-
F through H
-
I through K
-
l2 vfi manual through loopback (PA-MC-8TE1 + port adapter)
-
loopback (T1 interface) through nrzi-encoding
-
O through R
-
service-module t1 linecode through show controllers satellite
-
show controllers serial through show hw-module slot proc cpu
-
show hw-module slot tech-support through show interfaces vg-anylan
-
show interfaces vlan mapping through show scp
-
show service-module serial through standby port
-
squelch through system jumbomtu
-
tunnel bandwidth through yellow
-
Index
-
Feedback
tunnel bandwidth through yellow
tunnel destination
To specify the destination for a tunnel interface, use the tunnel destination command in interface configuration mode. To remove the destination, use the no form of this command.
Command History
Release
Modification
10.0
This command was introduced.
12.3(7)T
This command was modified. The address field was modified to accept an ipv6-address argument to allow IPv6 nodes to be configured as a tunnel destination.
12.2(30)S
This command was integrated into Cisco IOS Release 12.2(30)S.
12.2(28)SB
This command was integrated into Cisco IOS Release 12.2(28)SB.
12.2(25)SG
This command was integrated into Cisco IOS Release 12.2(25)SG.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
Cisco IOS XE Release 2.1
This command was introduced on Cisco ASR 1000 Series Routers.
15.1SY
This command was integrated into Cisco IOS Release 15.1SY.
Cisco IOS XE Release 3.7S
This command was modified. The dynamic keyword was added.
Usage Guidelines
You cannot configure two tunnels to use the same encapsulation mode with exactly the same source and destination addresses. The workaround is to create a loopback interface and configure the packet source off of the loopback interface. Refer to the Cisco IOS AppleTalk, ISO CLNS, and Novell IPX Configuration Guide for more information about AppleTalk Cayman tunneling.
Examples
Tunnel Destination Address for Cayman Tunnel
The following example shows how to configure the tunnel destination address for Cayman tunneling:
Device(config)# interface tunnel0 Device(config-if)# tunnel source ethernet0 Device(config-if)# tunnel destination 10.108.164.19 Device(config-if)# tunnel mode caymanExamples
Tunnel Destination Address for Dynamic Tunnel
The following example shows how to set the tunnel destination address dynamically:
Device(config)# interface tunnel0 Device(config-if)# tunnel destination dynamic Device(config-if)# *Nov 22 19:38:28.271: Tunnel notified destination change: dynamic is set Device(config-if)# end Device# show run interface tunnel0 Building configuration... Current configuration : 63 bytes ! interface Tunnel0 no ip address tunnel source dynamic tunnel destination dynamic endIf the tunnel destination address is configured to be set dynamically, you cannot configure the tunnel destination address without removing the dynamic configuration.
Device(config)# interface tunnel0 Device(config-if)# tunnel destination ethernet 0/0 Device(config-if)# end Device# show run interface tunnel0 Building configuration... Current configuration : 63 bytes ! interface Tunnel0 no ip address tunnel destination dynamic end Device# configure terminal Device(config)# interface tunnel0 Device(config-if)# no tunnel destinationExamples
Tunnel Destination Address for GRE Tunneling
The following example shows how to configure the tunnel destination address for generic routing encapsulation (GRE) tunneling:
Device(config)# interface tunnel0 Device(config-if)# appletalk cable-range 4160-4160 4160.19 Device(config-if)# appletalk zone Engineering Device(config-if)# tunnel source ethernet0 Device(config-if)# tunnel destination 10.108.164.19 Device(config-if)# tunnel mode gre ipExamples
Tunnel Destination Address for IPv6 Tunnel
The following example shows how to configure the tunnel destination address for GRE tunneling of IPv6 packets:
Device(config)# interface Tunnel0 Device(config-if)# no ip address Device(config-if)# ipv6 router isis Device(config-if)# tunnel source Ethernet0/0 Device(config-if)# tunnel destination 2001:0DB8:1111:2222::1/64 Device(config-if)# tunnel mode gre ipv6 Device(config-if)# exit ! Device(config)# interface Ethernet0/0 Device(config-if)# ip address 10.0.0.1 255.255.255.0 Device(config-if)# exit ! Device(config)# ipv6 unicast-routing Device(config)# router isis Device(config)# net 49.0000.0000.000a.00tunnel mode
To set the encapsulation mode for the tunnel interface, use the tunnelmode command in interface configuration mode. To restore the default mode, use the no form of this command.
tunnel mode { aurp | cayman | dvmrp | eon | gre | gre multipoint | gre ipv6 | ipip [decapsulate-any] | ipsec ipv4 | iptalk | ipv6 | ipsec ipv6 | mpls | nos | rbscp }
no tunnel mode
Syntax Description
aurp
AppleTalk Update-Based Routing Protocol.
cayman
Cayman TunnelTalk AppleTalk encapsulation.
dvmrp
Distance Vector Multicast Routing Protocol.
eon
EON compatible Connectionless Network Protocol (CLNS) tunnel.
gre
Generic routing encapsulation (GRE) protocol. This is the default.
gre multipoint
Multipoint GRE (mGRE).
gre ipv6
GRE tunneling using IPv6 as the delivery protocol.
ipip
IP-over-IP encapsulation.
decapsulate-any
(Optional) Terminates any number of IP-in-IP tunnels at one tunnel interface.
This tunnel will not carry any outbound traffic; however, any number of remote tunnel endpoints can use a tunnel configured this way as their destination.
ipsec ipv4
Tunnel mode is IPSec, and the transport is IPv4.
iptalk
Apple IPTalk encapsulation.
ipv6
Static tunnel interface configured to encapsulate IPv6 or IPv4 packets in IPv6.
ipsec ipv6
Tunnel mode is IPSec, and the transport is IPv6.
mpls
Multiprotocol Label Switching (MPLS) encapsulation.
nos
KA9Q/NOS compatible IP over IP.
rbscp
Rate Based Satellite Control Protocol (RBSCP).
Command History
Usage Guidelines
Source and Destination Address
You cannot have two tunnels that use the same encapsulation mode with exactly the same source and destination address. The workaround is to create a loopback interface and source packets off of the loopback interface.
Cayman Tunneling
Designed by Cayman Systems, Cayman tunneling implements tunneling to enable Cisco routers to interoperate with Cayman GatorBoxes. With Cayman tunneling, you can establish tunnels between two routers or between a Cisco router and a GatorBox. When using Cayman tunneling, you must not configure the tunnel with an AppleTalk network address.
DVMRP
Use DVMRP when a router connects to an mrouted (multicast) router to run DVMRP over a tunnel. You must configure Protocol Independent Multicast (PIM) and an IP address on a DVMRP tunnel.
GRE with AppleTalk
GRE tunneling can be done between Cisco routers only. When using GRE tunneling for AppleTalk, you configure the tunnel with an AppleTalk network address. Using the AppleTalk network address, you can ping the other end of the tunnel to check the connection.
Multipoint GRE
After enabling mGRE tunneling, you can enable the tunnelprotection command, which allows you to associate the mGRE tunnel with an IPSec profile. Combining mGRE tunnels and IPSec encryption allows a single mGRE interface to support multiple IPSec tunnels, thereby simplifying the size and complexity of the configuration.
NoteGRE tunnel keepalives configured using the keepalive command under a GRE interface are supported only on point-to-point GRE tunnels.
RBSCP
RBSCP tunneling is designed for wireless or long-distance delay links with high error rates, such as satellite links. Using tunnels, RBSCP can improve the performance of certain IP protocols, such as TCP and IPSec, over satellite links without breaking the end-to-end model.
IPSec in IPv6 Transport
IPv6 IPSec encapsulation provides site-to-site IPSec protection of IPv6 unicast and multicast traffic. This feature allows IPv6 routers to work as a security gateway, establishes IPSec tunnels between another security gateway router, and provides crypto IPSec protection for traffic from an internal network when being transmitting across the public IPv6 Internet. IPv6 IPSec is very similar to the security gateway model using IPv4 IPsec protection.
Examples
Cayman Tunneling
The following example shows how to enable Cayman tunneling:
Router(config ) # interface tunnel 0 Router(config-if)# tunnel source ethernet 0 Router(config-if)# tunnel destination 10.108.164.19 Router(config-if)# tunnel mode caymanExamples
GRE Tunneling
The following example shows how to enable GRE tunneling:
Router(config ) # interface tunnel 0 Router(config-if)# appletalk cable-range 4160-4160 4160.19 Router(config-if)# appletalk zone Engineering Router(config-if)# tunnel source ethernet0 Router(config-if)# tunnel destination 10.108.164.19 Router(config-if)# tunnel mode greExamples
IPSec in IPv4 Transport
The following example shows how to configure a tunnel using IPSec encapsulation with IPv4 as the transport mechanism:
Router(config)# cryptoipsecprofilePROF
Router(config ) #settransformtset
Router(config ) #interfaceTunnel0
Router(config -if) #ipaddress10.1.1.1255.255.255.0
Router(config -if) #tunnelmodeipsecipv4
Router(config -if) #tunnelsourceLoopback0
Router(config -if) #tunneldestination172.16.1.1
Router(config-if)# tunnel protection ipsec profile PROFExamples
IPSec in IPv6 Transport
The following example shows how to configure an IPv6 IPSec tunnel interface:
Router(config)# interface tunnel 0 Router(config-if)# ipv6 address 2001:0DB8:1111:2222::2/64 Router(config-if)# tunnel destination 10.0.0.1 Router(config-if)# tunnel source Ethernet 0/0 Router(config-if)# tunnel mode ipsec ipv6 Router(config-if)# tunnel protection ipsec profile profile1Examples
Multipoint GRE Tunneling
The following example shows how to enable mGRE tunneling:
interface Tunnel0 bandwidth 1000 ip address 10.0.0.1 255.255.255.0 ! Ensures longer packets are fragmented before they are encrypted; otherwise, the ! receiving router would have to do the reassembly. ip mtu 1416 ! Turns off split horizon on the mGRE tunnel interface; otherwise, EIGRP will not ! advertise routes that are learned via the mGRE interface back out that interface. no ip split-horizon eigrp 1 no ip next-hop-self eigrp 1 delay 1000 ! Sets IPSec peer address to Ethernet interface’s public address. tunnel source Ethernet0 tunnel mode gre multipoint ! The following line must match on all nodes that want to use this mGRE tunnel. tunnel key 100000 tunnel protection ipsec profile vpnprofExamples
RBSCP Tunneling
The following example shows how to enable RBSCP tunneling:
Router(config ) # interface tunnel 0 Router(config-if)# tunnel source ethernet 0 Router(config-if)# tunnel destination 10.108.164.19 Router(config-if)# tunnel mode rbscpRelated Commands
Command
Description
appletalk cable-range
Enables an extended AppleTalk network.
appletalk zone
Sets the zone name for the connected AppleTalk network.
tunnel destination
Specifies the destination for a tunnel interface.
tunnel protection
Associates a tunnel interface with an IPSec profile.
tunnel source
Sets the source address of a tunnel interface.
tunnel source
To set the source address for a tunnel interface, use the tunnel source command in interface configuration mode. To remove the source address, use the no form of this command.
tunnel source { ip-address | ipv6-address | interface-type interface-number | dynamic }
no tunnel source
Syntax Description
Command History
Release
Modification
10.0
This command was introduced.
12.3(7)T
The address field has been updated to accept an IPv6 address as the source address allowing an IPv6 node to be used as a tunnel source.
12.2(30)S
This command was integrated into Cisco IOS Release 12.2(30)S.
12.2(25)SG
This command was integrated into Cisco IOS Release 12.2(25)SG.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
Cisco IOS XE Release 2.1
This command was integrated into Cisco IOS Release 2.1 and implemented on Cisco ASR 1000 Series Aggregation Services Routers.
15.1SY
This command was integrated into Cisco IOS Release 15.1SY.
Cisco IOS XE Release 3.7S
This command was modified. The dynamic keyword was added.
Usage Guidelines
The source address is either an explicitly defined IP address or the IP address assigned to the specified interface.
You cannot have two tunnels using the same encapsulation mode with exactly the same source and destination addresses. The workaround is to create a loopback interface and source packets from the loopback interface. This restriction is applicable only for generic routing encapsulation (GRE) tunnels. You can have more than one TE tunnel with the same source and destination addresses.
When using tunnels to Cayman boxes, you must set the tunnel source command to an explicit IP address on the same subnet as the Cayman box, and not the tunnel itself.
GRE tunnel encapsulation and deencapsulation for multicast packets are handled by the hardware. Each hardware-assisted tunnel must have a unique source. Hardware-assisted tunnels cannot share a source even if the destinations are different. You should use secondary addresses on loopback interfaces or create multiple loopback interfaces to ensure that the hardware-assisted tunnels do not share a source.
Examples
Cayman Tunnel Example
The following example shows how to set a tunnel source address for Cayman tunneling:
Device(config)# interface tunnel0 Device(config-if)# tunnel source ethernet0 Device(config-if)# tunnel destination 172.32.164.19 Device(config-if)# tunnel mode cisco1Examples
Dynamic Tunnel Example
The following example shows how to set the tunnel source dynamically:
Device(config)# interface tunnel0 Device(config-if)# tunnel source dynamic Device(config-if)# *Nov 22 19:38:28.271: Tunnel notified source change: dynamic is set Device(config-if)# end Device# show run interface tunnel0 Building configuration... Current configuration : 63 bytes ! interface Tunnel0 no ip address tunnel source dynamic endIf the tunnel source is configured to be set dynamically, you cannot configure the tunnel source address without removing the dynamic configuration.
Device(config)# interface tunnel0 Device(config-if)# tunnel source ethernet 0/0 Device(config-if)# *Nov 22 21:39:52.423: Tunnel notified source change: dynamic is set *Nov 22 21:39:52.423: Tunnel notified source change, src ip 1.1.1.1 Device(config-if)# end Device# show run interface tunnel0 Building configuration... Current configuration : 63 bytes ! interface Tunnel0 no ip address tunnel source dynamic end Device# configure terminal Device(config)# interface tunnel0 Device(config-if)# no tunnel source Device(config-if)# *Nov 22 21:41:10.287: Tunnel notified source change: dynamic is not setExamples
GRE Tunneling Example
The following example shows how to set a tunnel source address for GRE tunneling:
Device(config)# interface tunnel0 Device(config-if)# appletalk cable-range 4160-4160 4160.19 Device(config-if)# appletalk zone Engineering Device(config-if)# tunnel source ethernet0 Device(config-if)# tunnel destination 172.32.164.19 Device(config-if)# tunnel mode gre ipExamples
MPLS TE Tunnel Example
The following example shows how to set a tunnel source for a Multiprotocol Label Switching (MPLS) TE tunnel:
Device> enable Device# configure terminal Device(config)# interface tunnel 1 Device(config-if)# ip unnumbered loopback0 Device(config-if)# tunnel source loopback1 Device(config-if)# tunnel mode mpls traffic-eng Device(config-if)# end
