protocol is used, the protocol must be configured on the tunnel interface and the GE interface
connected to the PC. Moreover, in the routing table of Router A, the egress with the
destination as the network segment where GE 2/0/0 on Router C resides cannot be Tunnel
0/0/1.
In practical configurations, configure a multi-process routing protocol or change the metric
value of the tunnel interface. This prevents the tunnel interface from being selected as the
outbound interface of routes to the destination physical interface of the tunnel.
In practical configurations, tunnel interfaces and physical interfaces connected to the public
network should use different routing protocols or different processes of the same routing
protocol. With one of these procedures in place, you can avoid selecting a tunnel interface
as an outbound interface for packets destined for the destination of the tunnel. In addition, a
physical interface is prevented from forwarding user packets that should be forwarded
through the tunnel.
Figure 1-3 Diagram of configuring the GRE dynamic routing protocol
RouterA RouterC
Tunnel0/0/1 Tunnel0/0/2
PC2
PC1
GE1/0/0
GE2/0/0
Backbone
GE2/0/0
GE1/0/0
Tunnel
----End
1.3.4 (Optional) Configuring GRE Security Options
To enhance the security of a GRE tunnel, configure end-to-end checksum authentication or key
authentication. This security mechanism can prevent the tunnel interface from incorrectly
identifying and receiving packets from other devices.
Context
Perform the following steps on the routers at two ends of a tunnel.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface tunnel interface-number
Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN 1 GRE Configuration
Issue 01 (2012-04-20) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6
To Next Page
Loading...
Need help?
General
