No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR500, AR510, and AR530 V200R007 Commands Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
GRE Configuration Commands

GRE Configuration Commands

NOTE:

The AR500 series does not support GRE.

description (tunnel interface view)

Function

The description command sets the description of the current tunnel interface.

The undo description command deletes the description of the current tunnel interface.

By default, the description of a tunnel interface is "HUAWEI, AR Series, Tunnel interface-number Interface".

Format

description text

undo description

Parameters

Parameter Description Value
text Specifies the description of a tunnel interface. The value is a string of 1 to 242 case-sensitive characters, with spaces supported.

Views

Tunnel interface view

Default Level

2: Configuration level

Usage Guidelines

After using the interface tunnel command to create a tunnel interface, you can run the description command to configure a description of the tunnel interface to facilitate later query.

To check the description of a tunnel interface, run the display this interface command in the tunnel interface view or the display interface tunnel command.

Example

# Configure the description of Tunnel 0/0/1.
<Huawei> system-view
[Huawei] interface tunnel 0/0/1
[Huawei-Tunnel0/0/1] description This is a tunnel from 10.1.1.1 to 10.2.2.2
# Delete the description of Tunnel 0/0/1.
<Huawei> system-view
[Huawei] interface tunnel 0/0/1
[Huawei-Tunnel0/0/1] undo description

destination

Function

The destination command specifies the destination IP address of a tunnel interface.

The undo destination command deletes the destination IP address of a tunnel interface.

By default, no destination address is configured.

Format

destination [ vpn-instance vpn-instance-name ] dest-ip-address

undo destination

Parameters

Parameter Description Value
vpn-instance vpn-instance-name Specifies the name of the VPN instance that the destination address of a tunnel belongs to. When the tunnel interface uses GRE or IPSec, you can specify vpn-instance vpn-instance-name. The value is the name of an existing VPN instance.
dest-ip-address Specifies the destination IP address of a tunnel interface. The value is in dotted decimal notation.

Views

Tunnel interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When configuring a GRE, IPv4 over IPv6, IPSec, manual IPv6 over IPv4 tunnel, create a tunnel interface. After a tunnel interface is created, run the destination command to specify the destination IP address for the tunnel interface.

When using the destination command on a PE to specify the destination address of a GRE tunnel bound for a CE, you need to set vpn-instance vpn-instance-name in the command to specify the name of the VPN instance to which the destination address belongs.

Prerequisites

A tunnel interface has been created using the interface tunnel command, and the encapsulation mode is set to GRE ,IPSec, IPv4 over IPv6, or IPv6 over IPv4 of manual mode using the tunnel-protocol command.

Precautions

Two or more GRE tunnel interfaces in a system can have the same source address and same destination address. The system uses GRE keys to identify these GRE tunnel interfaces. Normally, two tunnel interfaces in a system cannot have the same encapsulation mode, source address, and destination address.

Two tunnel interfaces with the same encapsulation mode, source address, and destination address cannot be configured simultaneously.

On the IPSec, IPv6 over IPv4, IPv4 over IPv6, or GRE tunnel, the destination address of the local tunnel interface is the source address of the remote tunnel interface by the source command, and the source address of the local tunnel interface is the destination address of the remote tunnel interface.

Example

# Set the destination address of the GRE tunnel Tunnel 0/0/1 to 10.1.1.1.

<Huawei> system-view
[Huawei] interface tunnel 0/0/1
[Huawei-Tunnel0/0/1] tunnel-protocol gre
[Huawei-Tunnel0/0/1] destination 10.1.1.1

# Set the destination address of the GRE tunnel Tunnel 0/0/0 to 10.1.1.1 that belongs to vpn1.

<Huawei> system-view
[Huawei] interface tunnel 0/0/0
[Huawei-Tunnel0/0/0] tunnel-protocol gre
[Huawei-Tunnel0/0/0] destination vpn-instance vpn1 10.1.1.1

display interface tunnel

Function

The display interface tunnel command displays details of the tunnel interface.

Format

display interface tunnel [ interface-number | main ]

Parameters

Parameter

Description

Value

interface-number

Specifies the number of the tunnel interface.

If this parameter is not specified, the command displays information about all tunnel interfaces.

The value must be the number a tunnel interface that has been created.

main Displays status and traffic statistics about main interface. The interface has no sub-interfaces. Status and traffic statistics about the interface are displayed whether you specify the main parameter or not.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

None

Example

# Display the details of the tunnel interface.

<Huawei> display interface tunnel 0/0/2
Tunnel0/0/2 current state : UP
Line protocol current state : UP
Description:HUAWEI, AR Series, Tunnel0/0/2 Interface
Route Port,The Maximum Transmit Unit is 1500
Internet protocol processing : disabled
Encapsulation is TUNNEL, loopback not set
Tunnel source 10.10.10.1 (GigabitEthernet0/0/1), destination 10.1.1.1
Tunnel protocol/transport GRE/IP, key disabled
keepalive disabled
Checksumming of packets disabled
Current system time: 2012-08-09 18:53:47
    300 seconds input rate 0 bits/sec, 0 packets/sec
    300 seconds output rate 0 bits/sec, 0 packets/sec
    15 seconds input rate 0 bits/sec, 0 packets/sec
    15 seconds output rate 0 bits/sec, 0 packets/sec
    0 packets input,  0 bytes
    0 input error
    0 packets output,  0 bytes
    0 output error
    Input bandwidth utilization  : 0%
    Output bandwidth utilization : 0%
Table 10-8  Description of the display interface tunnel command output

Item

Description

Tunnel0/0/2 current state

Physical layer status of the Tunnel0/0/2 interface:
  • UP: The interface is in normal state.

  • Administratively DOWN: The network administrator executes the shutdown command on the interface.

After a tunnel interface is created, its physical layer status is Up.

Line protocol current state

Link protocol status of the Tunnel0/0/2 interface:
  • UP: The link layer protocol of the tunnel interface works normally.

  • DOWN: The link layer protocol of the tunnel interface is abnormal.

Description

Description of the tunnel interface.

Route Port,The Maximum Transmit Unit is 1500

MTU of tunnel interfaces, which is 1500 bytes by default. Any packet larger than the MTU is fragmented before being sent. If non-fragmentation is configured, the packet is discarded.

Internet protocol processing: disabled

IP protocol is disabled.

Encapsulation is TUNNEL

Encapsulation type of packets on a tunnel interface.

Packet encapsulation protects a whole IP packet.

loopback not set

The tunnel interface does not support a loopback test.

Tunnel source 10.10.10.1 (GigabitEthernet0/0/1)

The source address of the tunnel is 10.10.10.1. That is, the IP address of the GigabitEthernet 0/0/1 interface sending packets at the source side is 10.10.10.1.

destination

Destination address of the tunnel.

Tunnel protocol/transport GRE/IP, key disabled

The tunnel encapsulation protocol is the GRE protocol, and the transport protocol is the IP protocol.

Encapsulation protocol types of a tunnel are as follows:

  • GRE: indicates Generic Routing Encapsulation.

  • IPSec: indicates tunnel mode of IPSec to protect data stream.

  • IPv6 over IPv4: encapsulates IPv6 packets into IPv4 packets.

  • IPv4 over IPv6: encapsulates IPv4 packets into IPv6 packets.

  • SVPN: encapsulates packets into SVPN packets.

  • none: indicates no encapsulation. This is the default mode of the tunnel interface.

key disabled: the key word recognition function of GRE is not enabled.

keepalive disabled

The keepalive function of GRE is not enabled.

Checksumming of packets disabled

The check sum function of GRE is not enabled.

300 seconds input rate 0 bits/sec, 0 packets/sec

Rate of bits and packets received on the interface in the last 300 seconds.

NOTE:

If the tunnel encapsulation protocol is SVPN, this field is not supported.

300 seconds output rate 0 bits/sec, 0 packets/sec

Rate of bits and packets sent through the interface in the last 300 seconds.

NOTE:

If the tunnel encapsulation protocol is SVPN, this field is not supported.

15 seconds input rate 0 bits/sec, 0 packets/sec

Rate of bits and packets received on the interface during the last query period.

15 seconds output rate 0 bits/sec, 0 packets/sec

Rate of bits and packets sent through the interface during the last query period.

0 packets input, 0 bytes

0 input error

Total packets and bytes received on the interface and the total number of defective packets.

0 packets output, 0 bytes

0 output error

Total packets and bytes sent through the interface and the total number of defective packets.

Input bandwidth utilization

Input bandwidth usage.

Output bandwidth utilization

Output bandwidth usage.

Related Topics

display keepalive packets count

Function

The display keepalive packets count command displays the number of Keepalive packets and Keepalive response packets sent and received by the local GRE tunnel interface.

Format

display keepalive packets count

Parameters

None

Views

Tunnel interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When a tunnel is a GRE tunnel, you can enable the Keepalive function to check the link connectivity. If the function is disabled, service packets are continuously forwarded through this tunnel interface when the link fails, resulting in a tunnel black hole and loss of service data.

The display keepalive packets count command allows you to view the number of Keepalive packets and Keepalive response packets sent and received through the GRE tunnel interface.

Prerequisites

  1. The tunnel interface view has been displayed using the interface tunnel command.

  2. The tunnel type has been set to GRE using the tunnel-protocol gre command.

  3. The Keepalive function has been enabled for the GRE tunnel using the keepalive command.

Follow-up Procedure

Run the reset keepalive packets count command to reset the Keepalive packet statistics.

Example

# View the Keepalive packet statistics of GRE tunnel interface 0/0/1.

<Huawei> system-view
[Huawei] interface tunnel 0/0/1
[Huawei-Tunnel0/0/1] tunnel-protocol gre
[Huawei-Tunnel0/0/1] keepalive
[Huawei-Tunnel0/0/1] display keepalive packets count
Send 10 keepalive packets to peers, Receive 10 keepalive response packets from peers                                                
Receive 8 keepalive packets from peers, Send 8 keepalive response packets to peers.                                                 
Table 10-9  Description of the display keepalive packets count command output

Item

Description

Send 10 keepalive packets to peers

Ten Keepalive packets are sent to the remote end.

Receive 10 keepalive response packets from peers

Ten Keepalive response packets are received from the remote end.

Receive 8 keepalive packets from peers

Eight Keepalive packets are received from the remote end.

Send 8 keepalive response packets to peers

Eight Keepalive response packets are sent to the remote end.

gre checksum

Function

The gre checksum command enables the end-to-end checksum function between both ends of a GRE tunnel.

The undo gre checksum command disables the end-to-end checksum function.

By default, the checksum function is disabled on the GRE tunnel.

Format

gre checksum

undo gre checksum

Parameters

None

Views

Tunnel interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can configure an end-to-end check between both ends of a GRE tunnel to improve the GRE tunnel security. This mechanism prevents the device from incorrectly identifying and receiving invalid packets.

You can configure the checksum function on the two ends of the tunnel as required to determine whether to trigger the checksum function.

Prerequisites

The tunnel interface view has been displayed using the interface tunnel command.

The tunnel type has been set to GRE using the tunnel-protocol gre command.

Precautions

After this command is executed, the integrity of packets can be checked.

If the checksum function is configured on the local end:

  • The local end calculates the checksum according to the GRE header and payload.

  • The local end sends a packet containing the checksum to the remote end.

  • The remote end calculates the checksum based on the packet and then compares the result with the checksum contained in the packet.

    • If the two checksum values are the same, the packet is processed.

    • If the two checksum values are different, the packet is discarded.

If the checksum function is enabled on the local end and disabled on the remote end, the local end does not perform checksum on received packets, but performs checksum on locally transmitted packets. If the checksum function is disabled on the local end and enabled on the remote end, the local end performs checksum on received packets, but does not perform checksum on locally transmitted packets.

Example

# Enable checksum on the GRE Tunnel0/0/1 on the local device.

<Huawei> system-view
[Huawei] interface tunnel 0/0/1
[Huawei-Tunnel0/0/1] tunnel-protocol gre
[Huawei-Tunnel0/0/1] gre checksum

gre key

Function

The gre key command sets the key number of a GRE tunnel.

The undo gre key command deletes the key number of a GRE tunnel.

By default, the GRE key number is not configured.

Format

gre key { plain key-number | [ cipher ] plain-cipher-text }

undo gre key

Parameters

Parameter Description Value
plain key-number

Specifies a plaintext key.

NOTICE:

If plain is selected, the key is saved in the configuration file in plain text. This brings security risks. It is recommended that you select cipher to save the key in cipher text.

The value is an integer that ranges from 0 to 4294967295.
[ cipher ] plain-cipher-text Specifies that a ciphertext key is displayed. You can specify a plaintext key (integer) ranging from 0 to 4294967295 or a ciphertext key of 32 or 48 bits.

Views

Tunnel interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can configure key numbers for both ends of a GRE tunnel to improve GRE tunnel security. This security mechanism ensures that a device accepts only packets sent from the valid tunnel interface and discards invalid packets.

Prerequisites

The tunnel interface view has been displayed using the interface tunnel command.

The tunnel type has been set to GRE using the tunnel-protocol gre command.

Precautions

Packets pass authentication only when the key numbers set on both ends of the tunnel are consistent. Otherwise, the packets are discarded.

When you run the gre key command several times, the latest configuration overrides the previous configurations.

Example

# Configure the GRE key number for the ends of a tunnel is 123.

<Huawei> system-view
[Huawei] interface tunnel 0/0/1
[Huawei-Tunnel0/0/1] tunnel-protocol gre
[Huawei-Tunnel0/0/1] gre key cipher 123

interface tunnel

Function

The interface tunnel command creates a tunnel interface.

The undo interface tunnel command deletes the configured tunnel interface.

By default, no tunnel interface is configured.

Format

interface tunnel interface-number

undo interface tunnel interface-number

Parameters

Parameter

Description

Value

interface-number

Specifies the number of the tunnel interface with format "slot/subslot/number".

The slot, subslot, or interface number is an integer. The value range of the slot or subslot number varies according to the device type. The interface number varies according to different devices.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To forward data over a tunnel, ensure that the tunnel has been created. The system supports the following types of tunnels:
  • IPSec

  • GRE

  • IPv6 over IPv4

  • IPv4 over IPv6

Precautions

After a tunnel interface is created, you need to configure an IP address and encapsulation type for the tunnel interface.

To save IP addresses, run the ip address unnumbered command to configure the tunnel interface to borrow an IP address of another interface.

The tunnel-protocol command configures an encapsulation protocol for the tunnel interface. Then basic configurations are performed based on the encapsulation protocol:
  • On the GRE, IPSec, IPv4 over IPv6, or IPv6 over IPv4 tunnel, run the source and destination commands.

Tunnel interface numbers are valid on the local device only. You can configure different numbers for the tunnel interfaces on the two ends.

If a tunnel is being used, services transmitted over the tunnel will be affected after the tunnel interface is deleted. Exercise caution when running the undo interface tunnel command.

Example

# Create a tunnel interface.

<Huawei> system-view
[Huawei] interface tunnel 0/0/1
[Huawei-Tunnel0/0/1]

keepalive

Function

The keepalive command enables the Keepalive function of GRE tunnels.

The undo keepalive command disables the Keepalive function of GRE tunnels.

By default, the Keepalive function of a GRE tunnel is disabled.

Format

keepalive [ period period [ retry-times retry-times ] ]

undo keepalive

Parameters

Parameter Description Value
period period

Specifies the interval for sending Keepalive packets.

The value is an integer that ranges from 1 to 32767, in seconds. The default value is 5 seconds.

retry-times retry-times

Specifies the parameter of the unreachable counter.

The value is an integer that ranges from 1 to 255. The default value is 3.

Views

Tunnel interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Before you configure a tunnel policy and set the VPN tunnel type to GRE, you need to enable the Keepalive function. After Keepalive is enabled, the VPN cannot choose a tunnel with an unreachable remote end, preventing data loss.

When Keepalive is disabled on a local end, the tunnel interface status of the local end might be Up even if the remote end is unreachable. After Keepalive is enabled on the local end, the tunnel interface status of the local end changes to Down if the remote end is unreachable. Therefore, when the remote end is unreachable, the VPN cannot choose the GRE tunnel, preventing data loss.

The Keepalive function takes effect uni-directionally. To enable the Keepalive function on both ends of a tunnel, run the keepalive command on each end of the tunnel. The Keepalive configuration takes effect on one end even if the function is disabled on the other end. However, it is recommended that you enable the Keepalive function on both ends.

After the Keepalive function is enabled on a GRE tunnel, the tunnel periodically sends Keepalive packets. The unreachable counter increases by one each time a packet is sent. If no response packet is received when the value of the counter reaches the value of retry-times, the remote end is considered unreachable.

Prerequisites

The keepalive command can be used only when the encapsulation mode has been set to GRE on an interface.

Precautions

When you run the keepalive command several times, the latest configuration overrides the previous configurations.

Follow-up Procedure

Run the display keepalive packets count command to display the number of Keepalive packets and Keepalive response packets sent and received by the local GRE tunnel interface.

Example

# Enable the Keepalive function for the GRE tunnel using default parameters.

<Huawei> system-view
[Huawei] interface tunnel 0/0/1
[Huawei-Tunnel0/0/1] tunnel-protocol gre
[Huawei-Tunnel0/0/1] keepalive

# Enable the Keepalive function for the GRE tunnel. Set the interval for sending Keepalive packets to 12 seconds and retry-times to 4.

<Huawei> system-view
[Huawei] interface tunnel 0/0/1
[Huawei-Tunnel0/0/1] tunnel-protocol gre
[Huawei-Tunnel0/0/1] keepalive period 12 retry-times 4

mtu (tunnel interface view)

Function

The mtu command sets the Maximum Transmission Unit (MTU) of a tunnel interface.

The undo mtu command restores the default value.

By default, the MTU is 1500 bytes on a tunnel interface.

Format

mtu mtu

undo mtu

Parameters

Parameter Description Value
mtu Specifies the MTU of a tunnel interface.

An integer ranging from 128 to 9202, in bytes.

Views

Tunnel interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The size of data frames is limited at the network layer. Any time the IP layer receives an IP packet to be sent, it checks to which local interface the packet needs to be sent and obtains the MTU configured on the interface. Then the IP layer compares the MTU with the packet length. If the packet length is longer than the MTU, the IP layer fragments the packet into smaller packets, which are shorter than or equal to the MTU.

If unfragmentation is configured, some packets may be discarded during data transmission at the IP layer. To ensure jumbo packets are not dropped during transmission, you need to configure forcible fragmentation. In this case, you can run the mtu command to set the size of a fragment.

Precautions

Set the MTU for a tunnel interface based on actual networking. The default value is recommended. If a small MTU is used but the packet size is large, packets may be divided into many fragments. Then the packets are discarded by QoS queues. If a large MTU is used, packets may be transmitted at a low rate.

If IPv6 is run on a tunnel interface and the MTU set using the mtu command on the interface is smaller than 1280, IPv6 works abnormally on this interface. To prevent this problem, set the MTU of a tunnel interface to a value greater than or equal to 1280 if IPv6 runs on the tunnel interface.

After running the mtu command, run the shutdown and then undo shutdown commands on the interface. The set MTU then can take effect.

On a network with IPv4 over IPv6 tunnels, if a tunnel interface is Down, the MTU value of the tunnel interface 64000 does not take effect. After the tunnel interface goes Up, the system dynamically refreshes the MTU value of the tunnel interface based on the Path_MTU of the tunnel and IPv6 MTU of the tunnel outbound interface. If the Path_MTU does not exist, the system adopts the MTU of the tunnel outbound interface as the MTU of the tunnel interface.

The mtu mtu command configuration on a TE tunnel interface takes effect for packets sent by hosts only in the following scenarios:
  • In an L3VPN over TE scenario, if the length of a packet that a host sends exceeds the configured MTU value, the packet is fragmented based on the MTU value at the IP layer before being forwarded.

  • In a TE tunnel scenario, the length of a tunnel detection packet must be less than the configured MTU value.

Example

# Set the MTU of Tunnel 0/0/1 to 1492.

<Huawei> system-view
[Huawei] interface tunnel 0/0/1
[Huawei-Tunnel0/0/1] mtu 1492
[Huawei-Tunnel0/0/1] shutdown
[Huawei-Tunnel0/0/1] undo shutdown

reset keepalive packets count

Function

The reset keepalive packets count command clears the statistics on Keepalive packets sent and received by a GRE tunnel interface.

Format

reset keepalive packets count

Parameters

None

Views

Tunnel interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After the Keepalive function is enabled on a GRE tunnel, the VPN cannot choose a tunnel with an unreachable remote end, preventing data loss. You can run the display keepalive packets count command to view the statistics on Keepalive packets and Keepalive response packets sent and received by the GRE tunnel interface, and the running status of the GRE tunnel.

The reset keepalive packets count command resets the statistics of Keepalive packets and Keepalive response packets sent and received by the GRE tunnel interface. You can monitor the running status of the GRE tunnel.

Precautions

The cleared packet statistics cannot be restored. Exercise caution when you run the command.

Example

# Reset the Keepalive packet statistics of GRE tunnel interface 0/0/1.

<Huawei> system-view
[Huawei] interface tunnel 0/0/1
[Huawei-Tunnel0/0/1] tunnel-protocol gre
[Huawei-Tunnel0/0/1] reset keepalive packets count
 Info: Succeeded in resetting tunnel keepalive packets count.

source

Function

The source command configures the source address or source interface of the tunnel.

The undo source command deletes the configured source address or source interface.

The source address and source interface of a tunnel are not specified by default.

Format

source { [ vpn-instance vpn-instance-name ] source-ip-address | interface-type interface-number }

undo source

Parameters

Parameter

Description

Value

vpn-instance vpn-instance-name Specifies the name of the VPN instance that the source address of a tunnel belongs to.
NOTE:
You can specify the parameter only when the encapsulation mode of a tunnel interface is set to IPSec or mGRE.
The value is the name of an existing VPN instance.

source-ip-address

Specifies the source address of a tunnel interface. If a tunnel interface works in IPv4-IPv6 mode, specify an IPv6 address as the source address of the tunnel interface.

The IPv4 address is in dotted decimal notation.

The IPv6 address is a 32-digit hexadecimal number, in the format X:X:X:X:X:X:X:X.

interface-type interface-number

Specifies the type and the number of the source interface of the tunnel.

-

Views

Tunnel interface view, Tunnel-Template interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When configuring a tunnel, you must create a tunnel interface. After a tunnel interface is created, run the source command to specify the source IP address for the tunnel interface.

Prerequisites

A tunnel interface has been created using the interface tunnel command, and the encapsulation mode is set to GRE, IPSec, IPv4 over IPv6, or IPv6 over IPv4 of manual mode using the tunnel-protocol command.

Precautions

Two tunnel interfaces with the same encapsulation mode, source address, and destination address cannot be configured simultaneously.

IPv6 over IPv4, IPv4 over IPv6, and GRE tunnels are bidirectional tunnels. The source address of the local tunnel interface is the destination address of the remote tunnel interface by the destination command, and the destination address of the local tunnel interface is the source address of the remote tunnel interface.

Two or more tunnel interfaces that use the same encapsulation protocol cannot be configured with the same source and destination addresses.Two or more GRE tunnel interfaces in a system can have the same source address and same destination address. The system uses GRE keys to identify these GRE tunnel interfaces.When two or more tunnel interfaces on a P2MP tunnel are configured with the same source address, run the gre key command to set the key number of each tunnel interface.

You can also specify VPN instance parameters while specifying the source address for an IPSec tunnel or an mGRE tunnel in IPSec/mGRE over VPN scenarios.

Example

# Set the tunnel type of Tunnel0/0/1 to IPv6 over IPv4 manual tunnel and configure the source IP address of Tunnel0/0/1 as 10.1.1.1.
<Huawei> system-view
[Huawei] interface tunnel 0/0/1
[Huawei-Tunnel0/0/1] tunnel-protocol ipv6-ipv4
[Huawei-Tunnel0/0/1] source 10.1.1.1
# Configure Tunnel0/0/2 of mGRE and use Loopback0 address as the interface address.
<Huawei> system-view
[Huawei] interface loopback 0
[Huawei-LoopBack0] ip address 10.2.1.1 32
[Huawei-LoopBack0] quit
[Huawei] interface tunnel 0/0/2
[Huawei-Tunnel0/0/2] tunnel-protocol gre p2mp
[Huawei-Tunnel0/0/2] source loopback 0

statistic enable (Tunnel interface view)

Function

The statistic enable command enables traffic statistics collection on a Tunnel interface.

The undo statistic enable command disables traffic statistics collection on a Tunnel interface.

By default, traffic statistics collection is disabled on a Tunnel interface.

Format

statistic enable { inbound | outbound }

undo statistic enable { inbound | outbound }

Parameters

Parameter

Description

Value

inbound

Enables incoming traffic statistics collection.

-

outbound

Enables outgoing traffic statistics collection.

-

Views

Tunnel interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To check the network status or locate network faults, you can use the statistic enable command to enable traffic statistics collection on Tunnel interfaces. The device then collect traffic statistics on the Tunnel interfaces.

Precautions

After running the statistic enable command on an interface, you can run the display interface tunnel command to view the traffic statistics on the interface. The traffic statistics help you diagnose the fault of a tunnel.

Example

# Enable incoming traffic statistics collection on a Tunnel interface.

<Huawei> system-view
[Huawei] interface tunnel 0/0/1
[Huawei-Tunnel0/0/1] statistic enable inbound

tunnel route-via

Function

The tunnel route-via command specifies the routing outbound interface for a GRE tunnel.

The undo tunnel route-via command restores the default configuration.

By default, a GRE tunnel does not have a routing outbound interface.

Format

tunnel route-via interface-type interface-number { mandatory | preferred

undo tunnel route-via interface-type interface-number { mandatory | preferred

Parameters

Parameter Description Value
interface-type interface-number Specifies the type and number of an interface. -
mandatory Configures traffic to be strictly forwarded through the specified routing outbound interface. -
preferred Configures traffic to be preferentially forwarded through the specified routing outbound interface. -

Views

Tunnel interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

GRE packets are forwarded based on routing tables. If there are multiple equal-cost routes to the destination address, GRE packets are shared among these routes. In some situations, the actual routing outbound interface of GRE packets transmitted over a GRE tunnel may be the routing outbound interface for another GRE tunnel. If Unicast Reverse Path Forwarding (URPF) is enabled on the next hop device, this device checks the source addresses of these GRE packets to identify their outbound interface and then determines whether the outbound interface for these packets are the same as the actual interface that receives these packets. After the device finds that the outbound interface for these packets is different from the actual interface that receives these packets, the device drops these packets. To solve this problem, run the tunnel route-via command to specify the routing outbound interface for each GRE tunnel.

Prerequisites

The tunnel-protocol gre command has been run in the tunnel interface view.

Configuration Impact

If you configure mandatory when running the tunnel route-via command, traffic is strictly forwarded through the specified routing outbound interface. Specifically, if the available routing outbound interfaces for GRE packets transmitted over a GRE tunnel do not include the routing outbound interface specified for the tunnel, packets cannot be forwarded. If you configure preferred when running the tunnel route-via command, traffic is preferentially forwarded through the specified routing outbound interface. Specifically, if the available routing outbound interfaces for GRE packets transmitted over a GRE tunnel do not include the routing outbound interface specified for the tunnel, packets can still be forwarded through available routing outbound interfaces.

Example

# Specify the routing outbound interface for a GRE tunnel and configure traffic to be strictly forwarded through the specified interface.

<Huawei> system-view
[Huawei] interface Tunnel 0/0/1
[Huawei-Tunnel0/0/1] tunnel-protocol gre
[Huawei-Tunnel0/0/1] tunnel route-via GigabitEthernet 0/0/1 mandatory

tunnel-protocol

Function

The tunnel-protocol command configures the tunnel protocol on a tunnel interface.

The undo tunnel-protocol command restores the tunnel protocol to the default configuration.

By default, no tunnel protocol is used on a tunnel interface.

Format

tunnel-protocol { gre [ p2mp ] | ipsec | ipv6-ipv4 [ 6to4 | auto-tunnel | isatap ] | ipv4-ipv6 | svpn [ p2p | p2mp ] | none }

undo tunnel-protocol

Parameters

Parameter Description Value
gre

Indicates that the GRE tunnel protocol is configured on a tunnel interface.

-
gre p2mp

Indicates that the mGRE tunnel protocol is configured on a tunnel interface. If this parameter is not used, the tunnel protocol configured on a tunnel interface is a traditional point-to-point GRE.

-
ipsec

Indicates that the IPSec tunnel protocol is configured on a tunnel interface.

-
ipv4-ipv6

Indicates that the IPv4 to IPv6 tunnel protocol is configured on a tunnel interface.

-
ipv6-ipv4

Configures the tunnel protocol of the tunnel interface as ipv6-ipv4 and uses a manual IPv6 over IPv4 tunnel.

-
ipv6-ipv4 6to4

Indicates that the IPv6 to IPv4 tunnel protocol is configured on a tunnel interface using 6to4.

-
ipv6-ipv4 auto-tunnel

Configures the tunnel protocol of the tunnel interface as ipv6-ipv4 and uses an automatic IPv6 over IPv4 tunnel.

-
ipv6-ipv4 isatap

Indicates that the IPv6 to IPv4 tunnel protocol is configured on a tunnel interface using isatap.

-
svpn [ p2p | p2mp ]

Indicates that the SVPN tunnel protocol is configured on a tunnel interface.

  • p2p: indicates the P2P SVPN tunnel protocol.
  • p2mp: indicates the P2MP SVPN tunnel protocol.
-
none

Indicates that no tunnel protocol is configured on a tunnel interface.

-

Views

Tunnel interface view, Tunnel-Template interface view

NOTE:

The tunnel template interface view supports the ipsec and none parameters only.

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After creating a tunnel interface using the interface tunnel command, run the tunnel-protocol command to configure the tunnel encapsulation mode for the tunnel interface.

The following tunnel encapsulation modes are available:
  • GRE: encapsulates packets of some network layer protocols such as IP or IPX to enable these encapsulated packets to be transmitted on networks running other protocols such as IP. When the p2mp parameter is specified following gre, you can set the tunnel encapsulation mode to P2MP GRE. The destination address of a P2MP GRE tunnel does not need to be manually configured. Instead, the destination address of this tunnel can either be defined by a protocol (for example, NHRP in a DSVPN scenario) or be dynamically learned.
  • IPSec: protects the security of data transmitted on the Internet by establishing tunnels using the IPSec protocol.
  • IPv4-IPv6: creates tunnels on the IPv6 networks to connect IPv4 isolated sites so that IPv4 isolated sites can access other IPv4 networks through the IPv6 public network.
  • IPv6-IPv4: creates tunnels on the IPv4 networks to connect IPv6 isolated sites so that IPv6 packets can be transmitted on IPv4 networks.
  • SVPN: binds multiple WAN access lines to provide high bandwidth and highly reliable networks for customers.

    • When the SVPN mode is set to Hub-Spoke, specify p2p on the Spoke and p2mp on the hub when configuring a tunnel protocol.
    • When the SVPN mode is set to Lone Ranger, you must not specify p2p or p2mp.

Precautions

  • The none mode indicates the initial configuration, that is, no tunnel encapsulation mode is configured. In practice, you must select another tunnel encapsulation mode.
  • You must configure the tunnel encapsulation mode before setting the source IP address or other parameters for a tunnel interface. Changing the encapsulation mode of a tunnel interface deletes other parameters of the tunnel interface. When an SVPN proposal is bound to a tunnel interface, you cannot modify the tunnel encapsulation mode.

Example

# Set the tunnel encapsulation mode of Tunnel0/0/2 to mGRE.
<Huawei> system-view
[Huawei] interface tunnel 0/0/2
[Huawei-Tunnel0/0/2] tunnel-protocol gre p2mp
# Set the tunnel encapsulation mode of Tunnel0/0/2 to GRE.
<Huawei> system-view
[Huawei] interface tunnel 0/0/2
[Huawei-Tunnel0/0/2] tunnel-protocol gre
Related Topics
Translation
Download
Updated: 2019-05-29

Document ID: EDOC1000097293

Views: 90700

Downloads: 124

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next