Wednesday, November 3, 2010

How To Softencotton Hanky

GRE tunnel between Cisco and Linux (Debian) Retrieve the key

Location: I want to create a GRE tunnel between a Linux computers and Cisco router


Procedure:


a) the side of linux:
The first thing to do is lift the side ip_gre module Linux: # modprobe ip_gre execute the following commands


Core2 ip tunnel add mode gre remote 8.8.8.1 local 9.9.9.2 dev eth0 ip ad add 7.7.7.1/32 dev Core2
ip link set up dev Core2




Local
refers to the interface in our linux (eth0 has the IP 8.8.8.1) where the traffic comes, if we manage a single interface, in this case would use the IP address of the interface that we have set, if we handle two interfaces is convenient to use the interface we know that the traffic to the other end of the tunnel will come out. (Use a traceroute) Remote


refers to the peer IP address, this should be the direction against which we will raise the tunnel
Now we see is the configuration of the interface # ifconfig

Core2 Core2 Link encap: HWaddr unspec C8-2F-97-7E-05-08-00-00 -00-00-00-00-00-00-00-00 inet addr: 7.7.7.1 PtP: 7.7.7.1 Mask: 255.255.255.255 UP pointopoint NOARP RUNNING MTU: 1476 Metric: 1
RX packets: 134 errors : 0 dropped: 0 overruns: 0 frame: 0
TX packets: 35 errors: 0 dropped: 0 overruns: 0 carrier: 0
collisions: 0 txqueuelen: 0 RX bytes : 11896 (11.6 KiB) TX bytes: 3780 (3.6 KiB)


b) The
cisco equipment side, is slightly simple GRE



# conf t Enter configuration commands, one per line. End with CNTL / Z. # Int
GRE GRE tunnel 100
(config-if) # tunnel source 9.9.9.2
GRE (config-if) # tunnel destination 8.8.8.1
GRE (config-if) # ip address 7.7.7.2

255 255 255 252

Ready! Consider the configuration


GRE # sh run Building configuration in TU100 ...
Current configuration: 128 bytes
!
Tunnel100
interface ip address 7.7.7.2 9.9.9.2 255 255 255 252

tunnel source 8.8.8.1 tunnel destination end

GRE #

Mr
And ready, we already have GRE Tunnel up

# sh int tunnel 100
Tunnel100 is up, line protocol is up Hardware is Tunnel
Internet address is 7.7.7.2/30
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec, reliability 255/255
, txload 1 / 255, rxload 1 / 255 Encapsulation
TUNNEL, loopback not set Keepalive not set

Tunnel source 9.9.9.2, destination 8.8.8.1 Tunnel protocol
/
transport GRE / IP



Notably
tunnel interface 100, uses default GRE tunnel mode, so no need to define it.


Review:


To test connection, a simple Ping could give us what we


GRE#ping 7.7.7.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 7.7.7.1, timeout is 2 seconds: !!!!! Lab:/home/rollingpaper# tcpdump -i Core2 icmp
tcpdump: WARNING: arptype 778 not supported by libpcap - falling back to cooked socket
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on Core2, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
11:56:26.704400 IP 7.7.7.2 > 7.7.7.1: ICMP echo request, id 153, seq 0, length 80
11:56:26.708400 IP 7.7.7.2 > 7.7.7.1: ICMP echo request, id 153, seq 1, length 80 11:56:26.710648 IP 7.7.7.2 > 7.7.7.1: ICMP echo request, id 153, seq 2, length 80 11:56:26.712147 IP 7.7.7.2> 7.7.7.1: ICMP echo request, id 153, seq 3, length 80 11:56:26.713897 IP
7.7.7.2> 7.7.7.1: ICMP echo request, id 153, seq 4, length 80



Mr Ready, I hope that was helpful


0 comments:

Post a Comment