Configuring mGRE

Procedure

1. Run system-view

   The system view is displayed.

2. Run interface tunnel interface-number

   A tunnel interface is created and the tunnel interface view is displayed.

3. Run ip address ip-address { mask | mask-length }

   The IP address of the tunnel interface is configured.

4. Run tunnel-protocol gre p2mp

   The tunnel encapsulation mode is set to mGRE.

   

   Changing the encapsulation mode of a tunnel interface deletes other parameters of the tunnel interface, including the source address or source interface configured for the tunnel interface, and NHRP parameters.

5. Run source { [ vpn-instance vpn-instance-name ] source-ip-address | interface-type interface-number }

   The source address or source interface is configured for the tunnel interface.

   

   Changing the source command configuration will cause the IPSec configuration on the tunnel interface to be deleted.

6. (Optional) Run gre key { plain key-number | [ cipher ] plain-cipher-text }

   The key number of a tunnel interface is set.

   By default, no key number is set for a tunnel interface.

   

   If plain is selected, the password is saved in the configuration file in plain text. This brings security risks. It is recommended that you select cipher to save the password in cipher text.

7. Optional: Run nhrp session link-state check

   The session detection on decapsulated mGRE tunnel packets is enabled.

   By default, session detection is not performed on decapsulated mGRE tunnel packets.

   If the dynamic mGRE tunnel between two Spokes is disconnected, the Spoke attempts to send packets to the Hub for communication with the peer Spoke. The Hub performs session detection on received packets. If the session detection fails, the Hub drops the receive packets. After session detection on decapsulated mGRE tunnel packets is disabled, the Hub forwards received packets instead of session detection, which avoid dropping of packets sent from the Spoke to the Hub.