The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The Ethernet over GRE Tunnels feature allows customers to leverage existing low–end residential gateways to provide mobility
services to mobile nodes using Proxy Mobile IPv6 (PMIPv6), General Packet Radio Service (GPRS) Tunneling Protocol (GTP), and
Intelligent Service Gateway (ISG).
Finding Feature Information
Your software release may not support all the features documented in this module. For
the latest caveats and feature information, see Bug Search
Tool and the release notes for your platform and software release. To find
information about the features documented in this module, and to see a list of the
releases in which each feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software
image support. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/. An account on
Cisco.com is not required.
Restrictions for Ethernet over GRE Tunnels
Mobile nodes can have only IPv4 addresses
IPv6 mobile clients are not supported
If the VLAN priority tag inside the EoGRE packet is set to a nonzero value, ISG or iWAG ignores the packet
Information About Ethernet over GRE Tunnels
The Ethernet over GRE tunnels feature allows customers to leverage existing low-end residential gateways
to provide mobility services to mobile nodes.
As service provider Wi-Fi space gains popularity, Cisco customers need to provide access to the Internet and mobile
services using public hotspots. A high–end RG can provide these mobility services using Proxy Mobile IPv6 (PMIPv6), Intelligent
Service Gateway (ISG) or General Packet Radio Service (GPRS) Tunneling Protocol (GTP).
Low-end RGs or customer premises equipment (CPE) can be used to forward traffic from Mobile nodes to high-end devices. These
RGs or CPE can be configured in bridged mode, and Ethernet over Generic Routing Encapsulation (GRE) tunnels can be used
to forward Ethernet traffic to the aggregation device.
Mobile nodes access the Internet over Wi-Fi access points (APs). The APs are either autonomous or connected to a wireless
LAN controller (WLC). These APs and WLCs are generically referred to as RGs or CPEs. The CPEs are located at individual
or community residences and may be connected to the service–provider network through a connection mechanism like an asymmetric
DSL (ADSL) modem or a cable modem. The connection mechanism is transparent to the aggregation device.
These CPEs are provided, provisioned, and managed by the service provider as a part of the broadband access service. Generally,
there is extra bandwidth on the Wi-FI AP as well as the back-end pipe to the service provider, which can be used to provide
mobile–Internet services to roaming customers in the vicinity.
Mobility Services Using PMIPv6
You can use PMIPv6 to provide mobility services to mobile devices,
but you would require high-end RGs with Mobile Access Gateways (MAG)
functionality.
RGs or CPEs can also be used to forward traffic from Mobile nodes to MAG-enabled aggregation devices using Ethernet over
GRE tunnels.
The aggregation device can create IP sessions and allocate IP
addresses (locally or in proxy mode) in a manner similar
to regular IP sessions on physical Ethernet interfaces.
In the deployment scenario given in the above figure, MAG-1 and MAG-2 are configured to handle tunneled
Ethernet traffic from access side and also have regular IP tunnels
to one or more local mobility anchor (LMA).
Mobility Services Using GTP
You can use GTP to provide mobility services to mobile devices,
but you would require high-end RGs with Enhanced Wireless Access Gateway functionality.
RGs or CPEs can also be used to forward traffic from Mobile nodes to Enhanced Wireless Access Gateway devices using Ethernet
over GRE tunnels.
In the deployment scenario given in the above figure, eWAG-1 and eWAG-2 are configured to handle tunneled
Ethernet traffic from access side and also have one or more GTP tunnels
to one or more gateway Cisco General packet radio service (GPRS) support node
(GGSN) devices.
Mobility Services Using ISG
You can use ISG to provide simple IP services to mobile devices
but you would require a high-end RGs with ISG functionality.
RGs or CPEs can also be used to forward traffic from Mobile nodes to ISG devices using Ethernet over GRE tunnels as shown
in the figure below.
Ethernet over GRE Tunnels Supported Functionality
The Ethernet over GRE tunnels feature supports the following functionality:
Mobility services can be provided to the mobile nodes using existing low-end residential gateways (RGs) using Ethernet over
generic routing and encapsulation (GRE) tunnels. Intelligent Service Gateway (ISG), Proxy Mobile IPv6 (PMIPv6), and GPRS Tunneling
Protocol (GTP) can be used to provide the mobility services.
Ethernet frames can be transported over IPv6 and IPv4 infrastructures. Customer premises Equipment (CPE) is pre–configured
with a point-to-point Generic Routing Encapsulation (GRE) IPv4 or IPv6 tunnel. The tunnel destination is a well-known IPv4
or IPv6 address of an aggregation device.
Tunnels can be configured to be part of a single VLAN—The CPE may insert a VLAN tag in the Ethernet frame. Only a single VLAN
tag is supported.
Tunnels can be configured with a statically configured, symmetric GRE key. You can use the tunnel key command to configure this key.
Sessions can be created with DHCP for IPv4 (DHCPv4), unclassified MAC, and Address Resolution Protocol (ARP) Detecting Network
Attachments for IPv4 (DNAv4).
Tunnel Encapsulation in Ethernet over GRE tunnels
Tunnel encapsulation in Ethernet over GRE tunnels is similar to tunnel encapsulation in multipoint Generic Routing Encapsulation
(mGRE) tunnels, given in the below figure.
The mGRE tunnel is a nonbroadcast multiAccess (NBMA) interface that can handle multiple tunnel endpoints. The mGRE tunnel
can forward payloads like IPv4, IPv6, and Multiprotocol Label Switching (MPLS) in GRE–encapsulated IPv4/IPv6 transport frames
from different endpoints, which can then be sent to specific endpoints. While transmitting, the mGRE tunnel interface encapsulates
the payload with GRE and transports IPv4/IPv6 headers. On the receiving end, the mGRE tunnel interface strips the GRE and
transport header and forwards the payload.
In Ethernet over GRE tunnels, the Ethernet header is included in the tunnel encapsulation along with GRE and transport header.
The tunnel modes used for Ethernet over GRE IPv4 transport can be set using the tunnel mode ethernet gre ipv4 command.
Similarly, the tunnel modes used for Ethernet over GRE IPv6 transport can be set using the tunnel mode ethernet gre ipv6 command.
You can see the source of the tunnel by using the show tunnel source tracking command.
Although the Ethernet over GRE tunnel simulates regular Ethernet behavior for all practical purposes, the interface is an
NBMA interface at the data-link layer. As there may be many mobile nodes and CPE connected to the Ethernet over GRE tunnel,
broadcasting a packet is not supported. Even if an aggregation device like the Mobile Access Gateway (MAG) needs to use a
broadcast MAC address in the downstream packet frame, the message is unicast to only the respective CPE. Similarly, multicast
messages are also sent as unicast messages to the mobile nodes.
Virtual MAC Address
An Ethernet over GRE tunnel is configured with a virtual MAC address. When a packet enters the tunnel, the tunnel accepts
the packet only if the destination MAC address of the packet matches the virtual MAC address of the tunnel or the broadcast
MAC address. Otherwise, the packet is dropped.
Note
If the tunnel interface is configured to handle multicast traffic for specific multicast groups, the corresponding MAC addresses
are also accepted by the tunnel.
If PMIPv6 or GTP is enabled on the tunnel, the protocols provide a virtual MAC address that is used as the source MAC address
of packets exiting the tunnel. If PMIPv6 or GTP is not enabled, the virtual MAC address of the tunnel interface is used as
the source MAC address of the exiting packets.
Virtual MAC addresses are associated with the tunnel using the mac-address command . You can use the show tunnel mac-table command to see MAC table entries. You can use the test tunnel mac-address command to test the addition of MAC addresses to the MAC table of a tunnel interface.
VLAN on the Tunnel Interface
Mobile nodes connect to the wireless access points (APs). These APs have Service Set Identifiers (SSIDs) provided by the
service provider. The SSID of a CPE is the VLAN identifier. The CPE can be configured to insert VLAN tags in Ethernet frames
received from the mobile nodes before forwarding them on the GRE tunnel. Similarly, for downstream traffic, the GRE tunnel
can be configured to insert a VLAN tag in all Ethernet frames sent to the MN.
A tunnel interface supports only one VLAN tag.
You can associate a VLAN with an Ethernet over GRE tunnel by using the tunnel vlan command.
Sets the encapsulation mode of the tunnel to Ethernet over GRE IPv4 or GRE IPv6.
Step 6
tunnel keykey
Example:
Device(config-if)# tunnel key 1
Enables an key identifier for the tunnel interface.
Step 7
tunnel vlanvlan-id
Example:
Device(config-if)# tunnel vlan 1
Associates a VLAN identifier with the Ethernet over GRE tunnel.
Step 8
end
Example:
end
Exits to privileged EXEC mode.
What to do next
Verify the tunnel.
Verifying Ethernet Over GRE Tunnel
Before you begin
Configure the Ethernet over GRE tunnel.
SUMMARY STEPS
show interface tunnel
show tunnel mac-table
show tunnel endpoints
DETAILED STEPS
Step 1
show interface tunnel
This command displays information about the tunnel.
Example:
Device# show interface tunnel 1
Tunnel1 is up, line protocol is up
Hardware is Tunnel
Internet address is 11.1.1.1/24
MTU 17846 bytes, BW 100 Kbit/sec, DLY 50000 usec, reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 10.0.0.1
Tunnel MAC address 0000.5e00.5213
Tunnel Vlan-id 1
Tunnel protocol/transport Ethernet-GRE/IP Key 0x1, sequencing disabled Checksumming of packets disabled
Tunnel TTL 255
Tunnel transport MTU 1454 bytes
Tunnel transmit bandwidth 8000 (kbps) Tunnel receive bandwidth 8000 (kbps)
Last input 00:48:08, output never, output hang never
Last clearing of "show interface" counters 00:48:26
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 107
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
1867 packets input, 161070 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
43 packets output, 4386 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out ind-uut#
--- 22:03:51 ---
44: 2013-01-30T22:03:51: %SCRIPT-6-INFO: {_haExecCmd: Executing cmd exec with ind-uut-a}
Device# show interface tunnel 2
Tunnel2 is up, line protocol is up
Hardware is Tunnel
Internet address is 10.1.1.1/24
MTU 1434 bytes, BW 100 Kbit/sec, DLY 50000 usec, reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 10::1
Tunnel MAC address 0000.5e00.5213
Tunnel Vlan-id 2
Tunnel protocol/transport Ethernet-GRE/IPv6
Key 0x2, sequencing disabled
Checksumming of packets disabled
Tunnel TTL 255
Path MTU Discovery, ager 10 mins, min MTU 1280
Tunnel transport MTU 1434 bytes
Tunnel transmit bandwidth 8000 (kbps) Tunnel receive bandwidth 8000 (kbps)
Last input never, output never, output hang never
Last clearing of "show interface" counters 00:48:28
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 106
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
Step 2
show tunnel mac-table
This command displays MAC table entries associated with a tunnel.
Example:
Device# show tunnel mac-table tunnel0
CPE IP 1.1.1.1 Refcount 2 Base 0x2A98DD0000
mac-address 0122.0111.0111 vlan 1
mac-address 0011.1111.0001 vlan 2
CPE IP 3.3.3.3 Refcount 2 Base 0x12345678
mac-address 1234.5678.9011 vlan 1
Step 3
show tunnel endpoints
This command displays tunnel endpoints and verifies if the tunnel has been created correctly.
Example:
Device# show tunnel endpoints
Tunnel0 running in Ethernet-GRE/IP mode
Endpoint transport 10.1.1.1 Refcount 3 Base 0x2A98DD03C0 Create Time 3d02h
overlay 10.1.1.1 Refcount 2 Parent 0x2A98DD03C0 Create Time 3d02h
Endpoint transport 3.3.3.3 Refcount 3 Base 0x2A98DD0300 Create Time 3d02h
overlay 10.1.1.3 Refcount 2 Parent 0x2A98DD0300 Create Time 3d02h
Configuration Examples for Ethernet over GRE Tunnels
Example: Configuring Ethernet over GRE Tunnels
Configuring Ethernet over GRE tunnels on the Mobile Node
! Configure the topology
mobile-node1(config-if)# interface GigabitEthernet0/1
mobile-node1(config-if)# ip address 10.21.1.1 255.255.255.0
mobile-node1(config-if)# no shut
mobile-node1(config-if)# exit
mobile-node1(config)# ip route 10.0.0.1 255.255.255.255 10.21.1.2
! Configuring the interface used as the source of the tunnel
mobile-node1(config)# interface Loopback0
mobile-node1(config-if)# ip address 10.40.0.1 255.255.255.0
mobile-node1(config-if)# ipv6 address 2001:db8:2:40::1/64
mobile-node1(config-if)# no shutdown
! Configuring the Ethernet over GRE IPv4 Tunnel
mobile-node1(config-if)# interface Tunnel1
mobile-node1(config-if)# mac-address 0000.0000.0001
mobile-node1(config-if)# ip dhcp client client-id ascii MN1@cisco.com
mobile-node1(config-if)# ip address dhcp
mobile-node1(config-if)# no ip redirects
mobile-node1(config-if)# no ip route-cache
mobile-node1(config-if)# tunnel source Loopback0
mobile-node1(config-if)# tunnel mode ethernet gre ipv4
mobile-node1(config-if)# tunnel key 1
mobile-node1(config-if)# tunnel vlan 1
mobile-node1(config-if)# no shutdown
Configuring Ethernet over GRE tunnel on the MAG
! Configure the topology
MAG(config)# interface FastEthernet1/1/5
MAG(config-if)# ip address 10.21.1.2 255.255.255.0
MAG(config-if)# ipv6 address 2001:db8:2:21::2/64
MAG(config-if)# no shut
MAG(config)# ip route 10.40.0.1 255.255.255.255 10.21.1.1
! Configure the interface used as source of the tunnel
MAG(config-if)# interface Loopback0
MAG(config-if)# ip address 10.0.0.1 255.255.255.0
MAG(config-if)# no shutdown
! Configuring the Ethernet over GRE IPv4 Tunnel
MAG(config)# interface Tunnel1
MAG(config-if)# ip address 10.11.1.1 255.255.255.0
MAG(config-if)# tunnel mode ethernet gre ipv4
MAG(config-if)# tunnel source 10.0.0.1
! Configuring a static GRE and VLAN ID for the tunnel
MAG(config-if)# tunnel key 1
MAG(config-if)# tunnel vlan 1
! Associating the service policy control with the tunnel
MAG(config-if)# service-policy type control DHCP1
! Enable ISG on the tunnel
MAG(config-if)# ip subscriber l2-connected
MAG(config-subscriber)# initiator unclassified mac-address
Please unconfigure existing command before configuring.
MAG(config-subscriber)# initiator dhcp class-aware
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use
these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products
and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.
The following table provides release information about the feature or features described in this module. This table lists
only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise,
subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco
Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 1. Feature Information for Ethernet over GRE Tunnels
Feature Name
Releases
Feature Information
Ethernet over GRE Tunnels
Cisco IOS XE Release 3.9S
The Ethernet over GRE tunnels feature allows customers to leverage existing low–end residential gateways
to provide mobility services to mobile nodes using Proxy Mobile IPv6 (PMIPv6), GPRS Tunneling Protocol (GTP) and Intelligent
Service Gateway (ISG).
The following command was modified to add the Ethernet over GRE tunnel mode for IPv4 and IPv6: tunnel mode ethernet gre.
The following commands were introduced:tunnel vlan, show tunnel mac-table, show tunnel source tracking, test tunnel mac-address.