Directing Traffic into the GRE Tunnel
You can direct traffic into a GRE Generic Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnel by configuring a Static route, which directs traffic to the IP address of the tunnel, or a Firewall policy (session-based ACL), that redirects traffic to the specified tunnel ID.
The following sections describe:
About Configuring Static Routes
You can configure a static route that specifies the IP address of a tunnel as the next-hop for traffic for a specific destination. See Configuring Static IP Routes for detailed information on how to configure a static route.
While redirecting traffic into a Layer-3 GRE Generic Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnel via a static route, be sure to use the tunnel IP address of the controller as the next-hop, instead of providing the tunnel IP address of the destination controller.
Referring to , the following are examples of the required static route configurations to direct traffic into the IPv4 Layer-3 GRE Generic Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnel. for Controller-1 and Controller-2:
- For the controller named Controller-1:
(host) [mynode] (config) # ip route 20.20.202.0 255.255.255.0 1.1.1.1
- For the controller named Controller-2:
(host) [mynode] (config) # ip route 10.10.101.0 255.255.255.0 1.1.1.2
IP routing is enabled by default and should not be disabled under VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. interferences for GRE Generic Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. to work.
Configuring a Firewall Policy Rule
Traffic redirected by a firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. policy rule is not forwarded to a tunnel that is “down” (see the next section, Directing Traffic into the GRE Tunnel, for more information on how GRE Generic Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnel status is determined).
The following procedure directs traffic into a GRE Generic Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnel via a firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. policy:
- On the node hierarchy, navigate to the tab.
- Create a new firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. policy by clicking + below the table. The popup window appears.
- Enter the .
- For , specify (the default).
- Click .
- Click .
- In the window, select the check box and click
- To create a new policy rule for that policy, select the new policy in the Policies table, then scroll to the
- Select the and click .
- Specify the .
- For , select or .
- Configure any additional settings.
table (below the table) section and click +. - Click .
- Click .
- In the window, select the check box and click .
The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command directs traffic into a GRE Generic Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunnel via a firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. policy (session-based ACL Access Control List. ACL is a common way of restricting certain types of traffic on a physical port.):
(host) [mynode] (config) #ip access-list session <name>
<source> <destination> <service> redirect tunnel <id>