IPv6 Switch-2 Configuration
(Switch-2) (config) # interface tunnel 206
description “IPv6 Layer-3 GRE 206"
tunnel mode gre ipv6
ip address 2001:1:2:1::2
tunnel source vlan 20
tunnel destination 2001:1:2:1010::1
trusted
Directing Traffic into the Tunnel
You can direct traffic into a GRE tunnel by configuring one of the following:
n Static route: Redirects traffic to the IP address of the tunnel.
n Firewall policy (session-based ACL): Redirects traffic to the specified tunnel ID.
About Configuring Static Routes
You can configure a static route that specifies the IP address of a tunnel as the next-hop for traffic for a specific
destination. See Configuring Static Routes on page 113 for detailed information on how to configure a static
route.
While redirecting traffic into a Layer-3 GREtunnel via a static route, be sure to use the switch's tunnel IPaddress as
the next-hop, instead of providing the destination switch's tunnel IP address.
Referring to Figure 18, the following are examples of the required static route configurations to direct traffic
into the IPv4 Layer-3 GRE tunnel. for Switch-1 and Switch-2:
n For the switch named Switch-1:
(Switch-1) (config) # ip route 20.20.202.0 255.255.255.0 1.1.1.1
n For the switch named Switch-2:
(Switch-2) (config) # ip route 10.10.101.0 255.255.255.0 1.1.1.2
Configuring a Firewall Policy Rule
You can configure a firewall policy rule to redirect selected traffic into a GRE tunnel.
Traffic redirected by a firewall policy rule is not forwarded to a tunnel that is “down” (see the next section,
Configuring Tunnel Keepalives, for more information on how GRE tunnel status is determined).
From the WebUI
To direct traffic into a GRE tunnel via a firewall policy via the WebUI:
1. On the switch, navigate to the Configuration > Security > Access Control > Policies page.
AOS-W 6.5.3.x | User Guide Network Configuration Parameters | 121
To Next Page
Loading...