User Manual Command Reference (Volume 3) Versatile Routing Platform

Table of Contents

Table of Contents
Chapter 1 VPN Configuration Commands........................................................................... 1-1 1.1 accept dialin l2tp virtual-template ............................................................................... 1-1 1.2 clear vpdn tunnel l2tp................................................................................................ 1-2 1.3 force-local-chap........................................................................................................ 1-3 1.4 l2tp tunnel authentication........................................................................................... 1-3 1.5 l2tp tunnel password ................................................................................................. 1-4 1.6 lcp renegotiation ....................................................................................................... 1-5 1.7 local name................................................................................................................ 1-5 1.8 request dialin ............................................................................................................ 1-6 1.9 vpdn domain-delimiter prefix...................................................................................... 1-7 1.10 vpdn domain-delimiter suffix .................................................................................... 1-8 1.11 vpdn enable............................................................................................................ 1-9 1.12 vpdn search-order................................................................................................. 1-10 1.13 vpdn-group........................................................................................................... 1-11 1.14 show l2tp session.................................................................................................. 1-11 1.15 show l2tp tunnel.................................................................................................... 1-12 1.16 debug l2tp ............................................................................................................ 1-12 Chapter 2 GRE Configuration Commands........................................................................... 2-1 2.1 interface tunnel ......................................................................................................... 2-1 2.2 tunnel checksum....................................................................................................... 2-2 2.3 tunnel destination...................................................................................................... 2-2 2.4 tunnel key................................................................................................................. 2-3 2.5 tunnel mode gre ip .................................................................................................... 2-4 2.6 tunnel sequence-datagrams ...................................................................................... 2-5 2.7 tunnel source............................................................................................................ 2-6 2.8 show interface tunnel ................................................................................................ 2-6

User Manual Command Reference (Volume 3) Versatile Routing Platform

Chapter 1
VPN Configuration Commands

Chapter 1 VPN Configuration Commands

L2TP configuration commands include: l l l l l l l l l l l l l l l l l l l l l l l l l l l accept dialin l2tp virtual-template clear vpdn tunnel l2tp force-local-chap interface virtual-template l2tp tunnel authentication l2tp tunnel password lcp renegotiation local name request dialin tunnel destination tunnel vpdngroup vpdn domain-delimiter prefix vpdn domain-delimiter suffix vpdn enable vpdn search-order vpdn-group show l2tp session show l2tp tunnel debug l2tp all debug l2tp control debug l2tp dump debug l2tp error debug l2tp evnet debug l2tp hidden debug l2tp payload debug l2tp raw-dump debug l2tp time-stamp

1.1 accept dialin l2tp virtual-template

To accept the originated L2TP tunnel connection request, use the accept dialin 12tp virtual-template command. To return to the default, use the no form of this command. accept dialin l2tp virtual-template virtual-template-number [ remote remote-name ] no accept dialin

Syntax Description
virtual-template-number Number of virtual template used for creating a new virtual access interface, ranging integer 1 to 25. remote-name Name of a remote end originating a tunnel connection request, case sensitive.

Default
no accept dialin l2tp virtual-template By default, virtual-template-number is 1.
1-1

User Manual Command Reference (Volume 3) Versatile Routing Platform

Chapter 1
VPN Configuration Commands

Command Mode
VPDN group configuration mode

Usage Guideline
When VPDN group 1 (default VPDN group number) is used and configurations are made in group 1 without specifying remote-name, the format of this command is: accept dialin l2tp virtual-template virtual-template-number [remote remote-name ] If the remote name is specified in VPDN group 1 configuration, then VPDN group 1 does not serve as default VPDN group. In Windows 2000 beta 2, for example, the local name for the VPN connection is NONE, and the remote name received by the router is NONE. A default VPN group can be set in order to receive a tunnel connection request originated by an unknown remote end, or just for test purpose.

Example
! Accept L2PT tunnel connection request from a remote end whose name is A8010, and create the virtual-access interface according to virtual-template 1. Quidway(config-vpdn2)# accept dialin l2tp virtual-template 1 remote A8010 ! With VPDN group 1 as the default VPDN group, accept an L2TP tunnel connection request from any remote end, and create virtual-access interface according to virtualtemplate 1. Quidway(config)# vpdn-group 1 Quidway(config-vpdn1)# accept dialin l2tp virtual-template 1

Related Command
vpdn-group

1.2 clear vpdn tunnel l2tp

To clear the specified tunnel connection and all the sessions in the tunnel, use the clear vpdn tunnel l2tp remote-name command.

Syntax Description
remote-name Name of the remote end of a tunnel.

Command Mode
Privileged user mode

Usage Guideline
This command is used to clear a tunnel connection by force. When a remote user dials in again, the tunnel connection can be set up again. You can determine the tunnel connection to be cleared by specifying the remote name of a tunnel. If no qualified tunnel connection exists, then the current tunnel connection is not affected. If multiple qualified tunnels (with the same name, but different IP addresses), the first qualified

1-2

User Manual Command Reference (Volume 3) Versatile Routing Platform

Chapter 1
VPN Configuration Commands

tunnel connection is cleared. The sequence referred to here is the same as that shown after executing the show l2tp tunnel command.

Example
! Clear a tunnel connection whose remote end name is A8010. Quidway# clear vpdn tunnel l2tp A8010

1.3 force-local-chap
To perform forced CHAP re-authentication between LNS and Client, use the forcelocal-chap command. To return to the default, use the no form of this command. force-local-chap no force-local-chap

Default
no force-local-chap.

Command Mode
VPDN group configuration mode

Usage Guideline
After proxy authentication between LAC and Client, LNS re-authenticates Client to improve security. If this command is used, then the client of a VPN where the access server initializes the tunnel connection undergoes two rounds of authentication: one is by the access server, and the other is by LNS. If some PPP Clients don't support a second authentication, then the local CHAP authentication may fail.

Example
! Perform forced CHAP authentication. Quidway(config-vpdn1)# force-local-chap

Related Command
lcp renegotiation

1.4 l2tp tunnel authentication

To start L2TP tunnel authentication, use the 12tp tunnel authentication command. To cancel authentication for this tunnel, use the no form of this command. l2tp tunnel authentication no l2tp tunnel authentication

1-3

User Manual Command Reference (Volume 3) Versatile Routing Platform

Chapter 1
VPN Configuration Commands

Default
l2tp tunnel authentication.

Command Mode
VPDN group configuration mode

Usage Guideline
L2TP tunnel authentication is enabled by default. In general, both ends of a tunnel need to authenticate each other. Tunnel authentication can be skipped if network connectivity is being tested or a connection request is received from an unknown remote end.

Example
! Set no l2tp tunnel authentication. Quidway(config-vpdn1)# no l2tp tunnel authentication

1.5 l2tp tunnel password

To specify the password used by the tunnel, use the 12tp tunnel password command. To return to the default, use the no form of this command. l2tp tunnel password { 0 | 7 } password no l2tp tunnel password

Syntax Description
0 Password of the tunnel shown in plain text; 7 Password of the tunnel shown in ciphered text. password Password used for tunnel authentication.

Default
Password is the router name.

Command Mode
VPDN group configuration mode

Usage Guideline
When setting up a VPDN group, the local name and the tunnel password are both initialized to be the router name. For example, if the current router name is set to Quidway, then the local name is initialized to be Quidway, and the tunnel password is also Quidway. l2tp tunnel password is used to specify the password of the tunnel.

Example
! Set the password of the tunnel to yougotit.

1-4

User Manual Command Reference (Volume 3) Versatile Routing Platform

Chapter 1
VPN Configuration Commands

Quidway(config-vpdn1)# l2tp tunnel password 7 yougotit

1.6 lcp renegotiation

To enable LCP (Link Control Protocol) re-negotiation between LNS and client, use the lcp renegotiation command. To disable lcp renegotiation function, use the no form of this command. lcp renegotiation no lcp renegotiation

Default
no lcp renegotiation

Command Mode
VPDN group configuration mode

Usage Guideline
As for the client of NAS-Initialized VPN, when a PPP session starts, the NAS (network access server) is PPP authenticated. If the authentication succeeds, the NAS will initialize the tunnel connection, and transfer to LNS the information received through negotiation with the client. LNS can check for the legality according to the received proxy authentication information. lcp renegotiation can be used to force LCP renegotiation between LNS and client, overlooking the proxy authentication information of NAS. Some PPP Clients may not support LCP re-negotiation, so LCP re-negotiation may fail.

Example
! Enable LCP re-negotiation Quidway(config-vpdn1)# lcp renegotiation

Related Command
force-local-chap

1.7 local name

To specify the local name of the tunnel, use the local name command. To return to the default, use the no form of this command. local name name no local name

Syntax Description
name Local name of the tunnel.

1-5

User Manual Command Reference (Volume 3) Versatile Routing Platform

Chapter 1
VPN Configuration Commands

Default
Default local name is the router name.

Command Mode
VPDN group configuration mode

Usage Guideline
When setting up a VPDN group, the name of the local tunnel is initialized to be the router name. For example, if the current router name is set to Quidway, then the local name is initialized to be Quidway, and the tunnel password of is also Quidway. local name is used to specify the local name of the tunnel.

Example
! Set the local name of the tunnel to itsme Quidway(config-vpdn1)# local name itsme

Related Command
hostname

1.8 request dialin

To set the condition for originating a tunnel connection from the local end as the L2TP LAC end, use the no request dialin command. To delete the condition, use the no form of this command. request dialin l2tp { ip ip-address } [ ip ip-address ... ] { domain domain-name | dnis dialed-number | fullusername user-name } no request dialin l2tp [ ip ip-address ]

Syntax Description
ip-address IP address of the remote end of the tunnel (LNS). Five IP addresses can be configured for LNS, and they are searched for in the order in which they are configured. domain-name Domain name of the user originating the connection request, case sensitive. dialed-number Dialed number originating the connection request. user-name the name of the user originating the connection request, case sensitive.

Default
no request dialin.

Command Mode
VPDN group configuration mode

1-6

User Manual Command Reference (Volume 3) Versatile Routing Platform

Chapter 1
VPN Configuration Commands

Usage Guideline
This command is used to specify the IP address of LNS. It supports multiple methods for originating the connection request. l A tunnel connection request can be originated based on the domain name of the user. For example, if a user is from a company whose domain name is huawei.com.cn, then this user can be specified as a VPN user whose domain name is huawei.com.cn; l You can determine whether or not the user is VPN user according to the numbers that he dials. For example, if the string of 8810188 is specified as service number, then users dialing this numbers are VPN users; the LNS address is determined by the parameter of ip-address. l You can also specify whether or not a user is a VPN user through the user name. The LNS address is determined by the ip parameter. If the user is a VPN user, then the local end will send a L1TP tunnel connection request to the specified LNS. There may be conflict between these methods, for example, the LNS address specified through the dialer number is 1.1.1.1, while that specified through the domain name is 1.1.1.2. Therefore it is necessary to specify the order to search for VPN user. The order: first, check if there exists a VPDN group specified through this user name according to the complete user name; if it does not exist, then search according to the order of the specified dialed number and order of the domain name. The search order for the dialed number and domain name is set through the vpdn search-order command.

Example
! The domain name of the VPN user is huawei.com.cn; the IP address of the L2TP server of its headquarters is 202.38.168.1; this user needs to set up a VPN connection with 202.38.168.1: Quidway(config-vpdn2)# request dialin l2tp ip 202.38.168.1 domain huawei.com.cn ! A user dials a special number 8810188, and this indicates that this user is a VPN user; this user needs to set up a VPN connection with 129.102.1.1: Quidway(config-vpdn2)# request dialin l2tp ip 129.102.1.1 dnis 8810188 ! A user whose name is iamvpnuser is a VPN user; the IP address of its L2TP server is 172.168.10.3 , with 172.168.10.4 as its backup IP address; Quidway(config-vpdn2)# request fullusername iamvpnuser dialin l2tp ip 172.168.10.3 ip 172.168.10.4

Related Command
vpdn domain-delimiter prefix, vpdn domain-delimiter suffix, vpdn search-order

1.9 vpdn domain-delimiter prefix

To specify the domain prefix delimiter, use the vpdn domain-delimiter prefix command. To delete the prefix, use the no form of this command. vpdn domain-delimiter prefix prefix-delimiters no vpdn domain-delimiter prefix

1-7

User Manual Command Reference (Volume 3) Versatile Routing Platform

Chapter 1
VPN Configuration Commands

Syntax Description
prefix Prefix specified, like huawei.com.cn# yaoxin . prefix-delimiters Domain prefix delimiter; valid prefix delimiters include: '%', '@', '# ', and '/'.

Default
no vpdn domain-delimiter prefix.

Command Mode
Global configuration mode

Usage Guideline
This command is used to specify one or multiple domain prefix delimiters. Through a domain prefix delimiter, a domain name can be separated from the user name, so you can search in the domain specified through the request dialin command by VPDN to check if such a domain exists. If it exists, then this indicates that the user is a VPN user, so it is necessary to set up a VPN tunnel connection with the LNS of the user. A character serving as a suffix delimiter can not serve as a prefix delimiter. That is, a character can not serve as a prefix and suffix delimiter at the same time.

Example
! Domain serves a prefix; the prefix and the user name are separated by # : Quidway(config)# vpdn domain-delimiter prefix # ! The prefix can be separated by such delimiters as # , @, and %: Quidway(config)# vpdn domain-delimiter prefix # @%

Related Command
vpdn domain-delimiter suffix, request dialin

1.10 vpdn domain-delimiter suffix

To specify the domain suffix delimiter, use the vpdn domain delimiter suffix command. To delete the suffix, use the no form of this command. vpdn domain-delimiter suffix suffix-delimiters no vpdn domain-delimiter suffix

Syntax Description
suffix Suffix specified, like yaoxin@huawei.com.cn. suffix-delimiters Domain suffix delimiters; valid suffix delimiters include: '%', '@', '# ', and '/'.

1-8

User Manual Command Reference (Volume 3) Versatile Routing Platform

Chapter 1
VPN Configuration Commands

Default
no vpdn domain-delimiter suffix.

Command Mode
Global configuration mode

Usage Guideline
This command is used to specify one or multiple domain suffix delimiters. Through a domain suffix delimiter, a domain name can be separated from the user name, so you can search in the domain specified through the request dialin command by VPDN to check if such a domain exists. If it exists, then this indicates that the user is a VPN user, so it is necessary to set up a VPN tunnel connection with the LNS of the user. A character serving as a suffix delimiter can not serve as a prefix delimiter. That is, a character can not serve as a prefix and suffix delimiter at the same time.

Example
! The domain name acts as a suffix; the suffix and user name are separated by @: Quidway(config)# vpdn domain-delimiter suffix @ ! The suffix can be separated by multiple delimiters such as @, and %: Quidway(config)# vpdn domain-delimiter suffix @%

Related Command
vpdn domain-delimiter prefix, request dialin

1.11 vpdn enable

To enable the VPDN function, use the vpdn enable command. To disable vpdn function, use the no form of this command. vpdn enable no vpdn enable

Default
no vpdn enable.

Command Mode
Global configuration mode

Usage Guideline
vpdn enable command is used to enable VPDN function for the router. By default, VPDN is disabled.

1-9

User Manual Command Reference (Volume 3) Versatile Routing Platform

Chapter 1
VPN Configuration Commands

Example
! Disable VPDN Quidway(config)# no vpdn enable

1.12 vpdn search-order

To set the search order based on the dialed number or domain name, use the vpdn search-order command. To return to the default, use the no form of this command. vpdn search-order { dnisdomain | dnisonly | domaindnis | domainonly } no vpdn search-order

Syntax Description
dnisdomain Searching for the VPDN group first by the dialed number, and then by the domain name. dnisonly Searching for the VPDN group by the dialed number only. domaindnis Searching for the VPDN group by the domain name first, and then by the dialed number. domainonly Searching for the VPDN group by the domain name only.

Default
Default search order is to search by the dialed number first, and then by the domain name.

Command Mode
Global configuration mode

Usage Guideline
When there are large number of L2TP access users, search for the user one by one is time consuming. So you need to set a search policy (like the prefix/suffix delimiter) to accelerate the search speed. There are two types of delimiters: prefix delimiter and suffix delimiter, including the following four special characters: @, # , &, and /. For example, a user with a prefix delimiter: huawei.com# vpdnuser; a user with a suffix delimiter: vpdnuser@ huawei.com. During the search, the username and the prefix/suffix delimiter will be separated, and the VPDN search is carried out according to the specified rules. This greatly improves the speed.

Example
! Search by the domain name only Quidway(config)# vpdn search-order domainonly

1-10

User Manual Command Reference (Volume 3) Versatile Routing Platform

Chapter 1
VPN Configuration Commands

1.13 vpdn-group
To create a VPDN group and enter the VDPN group configuration, use the vpdn-group command. To delete the specified vpdn group, use the no form of this command. vpdn-group group-number no vpdn group group-number

Syntax Description
group-number VPDN group number, ranging 1 to 3000.

Default
no vpdn group.

Command Mode
Global configuration mode

Usage Guideline
This command is used to create a VPDN group. VPDN group 1 can act as default VPDN group.

Example
! Create VPDN group 2, and enter the configuration for VPDN group 2. Quidway(config)# vpdn-group 2

Related Command
accept dialin

1.14 show l2tp session

To show the information about current L2TP session, use the show l2tp session command.

Command Mode
Privileged user mode

Usage Guideline
The information output through this command helps the user with L2TP fault diagnosis.

Example
Quidway# show l2tp session
LocID RemID 1 1 Total session = 1 TunID 2

1-11

User Manual Command Reference (Volume 3) Versatile Routing Platform

Chapter 1
VPN Configuration Commands

Table VPN-1-1 Description of fields in show l2tp session

Field Total sessions LocID RemID TunID Description Number of Sessions Local ID uniquely identifying a session Remote id uniquely identifying a session Tunnel ID

1.15 show l2tp tunnel

To show the information about the current L2TP tunnel, use the show l2tp tunnel command.

Command Mode
Privileged user mode

Usage Guideline
The information output through this command helps the user with L2TP fault diagnosis.

Example
Quidway# show l2tp tunnel
LocID RemID Remote Name 1 8 AS8010 Total tunnels = 1 Remote Address 172.168.10.2 Port 1701 Sessions 1

Table VPN-1-2 Description of the fields in show l2tp tunnel

Field Total tunnels LocID RemID Remote Name Remote Address Port Sessions Description Number of tunnels Local ID uniquely identifying a tunnel Remote ID uniquely identifying a tunnel Remote name Remote IP address Remote port number Number of sessions at the tunnel port

1.16 debug l2tp

To enable the L2TP information debugging, use the following command. debug l2tp { all | control | dump | error | event | hidden | payload | raw-dump | time-stamp }

Syntax Description
all To enable all the L2TP information debugging. control To enable the control packet debugging. dump To enable the PPP packet debugging.

1-12

User Manual Command Reference (Volume 3) Versatile Routing Platform

Chapter 1
VPN Configuration Commands

error To enable the L2TP error debugging. event To enable the L2TP event debugging. hidden To enable the information debugging with hidden AVP. payload To enable L2TP payload debugging. raw-dump To enable the L2TP raw-dump debugging. time-stamp To enable the L2TP time stamp debugging.

Command Mode
Privileged user mode

1-13

User Manual Command Reference (Volume 3) Versatile Routing Platform

Chapter 2
GRE Configuration Commands

Chapter 2 GRE Configuration Commands

GRE configuration commands include: l l l l l l l l interface tunnel tunnel checksum tunnel destination tunnel key tunnel mode gre ip tunnel sequence-datagrams tunnel source show interface tunnel

2.1 interface tunnel

To create a virtual tunnel interface and enter the tunnel configuration, use the interface tunnel command. To delete the tunnel interface, use the no form of this command. interface tunnel number no interface tunnel

Syntax Description
number Specified tunnel interface number, ranging 0 to 4294967295; but the number of tunnels that can actually be set up are limited by the total number of interfaces and the size of memory .

Default
no interface tunnel.

Command Mode
Global configuration mode

Usage Guideline
This command is used to enter the configuration for a specified tunnel interface. This tunnel interface must be set up, first of all.

Example
! Set up tunnel0 in router A RouterA(config)# interface tunnel 0

Related Command
tunnel source, tunnel destination, tunnel key, tunnel checksum, tunnel sequence-datagrams

2-1

User Manual Command Reference (Volume 3) Versatile Routing Platform

Chapter 2
GRE Configuration Commands

2.2 tunnel checksum

To set checksum-based end-to-end check at both ends of the tunnel, use the tunnel checksum command. To not use checksum for this tunnel, use the no form of this command. tunnel checksum no tunnel checksum

Default
no tunnel checksum.

Command Mode
Tunnel interface configuration mode

Usage Guideline
RFC 1701 provides that: if the Checksum bit is set in the GRE packet header, then Checksum is valid. The sender calculates the checksum based on the GRE header and payload, and the receiver calculates the checksum based on the received packet and compares it with the checksum contained in the packet. If they are the same, the packet will be further processed, otherwise it will be discarded. If the checksum is set at one end of the tunnel only, then no checksum-based check will be performed on the packet. Only when the checksum is set at both ends of a tunnel, will the packet be checked.

Example
! Set a tunnel between RouterA and RouterB, whose tunnel interfaces are tunnel0 and tunnel1 respectively. It is required to set tunnel checksum. Make the following configuration at tunnel0 in RouterA: RouterA(config-if-tunnel0)# tunnel checksum Make the following configuration at tunnel1 in RouterB: RouterB(config-if-tunnel1)# tunnel checksum

Related Command
interface tunnel

2.3 tunnel destination

To specify the destination IP address added when the tunnel interface is encapsulated, use the tunnel destination command. This address must be the same as the source address specified by the remote tunnel interface. To delete the address of remote tunnel interface, use the no form of this command. tunnel destination ip-address no tunnel destination
2-2

User Manual Command Reference (Volume 3) Versatile Routing Platform

Chapter 2
GRE Configuration Commands

Syntax Description
ip-address IP address of the actual physical port at the remote tunnel interface.

Command Mode
tunnel interface configuration mode.

Usage Guideline
The specified remote address of the tunnel is input in the IP address format. It must be the same as the actual remote physical address and it should be guaranteed that the route to this port is reachable.

Example
! Set up a tunnel connection between Serial0 in RouterA and Serial1 in RouterB; the IP address of Serial0 in RouterA is 193.101.1.1, and that of Serial11 in RouterB is 192.100.1.1. Make the following configurations at tunnel0 in RouterA: RouterA(config)# interface tunnel 0 RouterA(config-if-tunnel0)# tunnel source 193.101.1.1 RouterA(config-if-tunnel0)# tunnel destination 192.100.1.1

Related Command
interface tunnel, tunnel source

2.4 tunnel key

To set the tunnel key at the tunnel interface, use the tunnel key command. It is mainly used for destinations of poor security and for avoiding misidentifying packets from other places. To delete the tunnel key, use the no form of this command. tunnel key key-number no tunnel key

Syntax Description
key-number Key IDs at both ends of the tunnel, ranging 0 to 4294967295.

Default
no tunnel key.

Command Mode
Tunnel interface configuration mode.

Usage Guideline
RFC 1701 provides that: if the KEY field in the GRE header is located, then both the receiver and sender will authenticate the tunnel key. Only when the tunnel keys set at

2-3

User Manual Command Reference (Volume 3) Versatile Routing Platform

Chapter 2
GRE Configuration Commands

both ends of the tunnel are the same will the authentication succeed, otherwise the packet will be discarded.

Example
! Set up a tunnel between RouterA and RouterB, and the tunnel interfaces are tunnel0 and tunnel1, respectively. It is required that the tunnel key be set. Make the following configuration at tunnel0 in RouterA: RouterA(config)# interface tunnel 0 RouterA(config-if-tunnel0)# tunnel key 123456789 Make the following configuration at tunnel1 in RouterB: RouterB(config)# interface tunnel 1 RouterB(config-if-tunnel1)# tunnel key 123456789

Related Command
interface tunnel

2.5 tunnel mode gre ip

To set the encapsulation protocol at the tunnel interface as GRE, and transmission protocol as IP, use the tunnel mode gre ip command. tunnel mode gre ip

Default
Default encapsulation protocol at the tunnel interface is GRE, and default transmission protocol is IP.

Command Mode
Tunnel interface configuration mode.

Usage Guideline
Select the same encapsulation protocol and transmission protocol at both ends of the tunnel.

Example
! Set up a tunnel between RouterA and RouterB, whose tunnel interfaces are tunnel0 and tunnel1, respectively. Configure the encapsulation protocol as GRE, and transmission protocol as IP. Make the following configuration at tunnel0 in RouterA: RouterA(config-if-tunnel0)# tunnel mode gre ip Make the following configuration at tunnel1 in RouterB: RouterB(config-if-tunnel1)# tunnel mode gre ip

2-4

User Manual Command Reference (Volume 3) Versatile Routing Platform

Chapter 2
GRE Configuration Commands

Related Command
interface tunnel

2.6 tunnel sequence-datagrams

To set the tunnel datagram sequence, use the tunnel sequence-datagram command. To return to the default, use the no form of this command. tunnel sequence-datagrams no tunnel sequence-datagrams

Default
no tunnel sequence-datagrams

Command Mode
Tunnel interface configuration mode

Usage Guideline
RFC 1701 provides that: if sequence-datagram in the GRE header is located, then the receiver and sender will undergo sequence datagram synchronization. Only synchronous packets will be further processed, otherwise the packet will be discarded. The tunnel sequence provides unreliable but orderly packets. The receiver sequences the packets received locally and successfully de-capsulated (the sequence number 32 can be any integer, ranging 0 to 2 1, with that of the first packet being 0). When setting up the tunnel, the sequence numbers will be counted in an accumulative and cyclic manner. If the receiver receives a packet whose sequence number is less than or equal to that of the last packet, this packet is deemed to be an illegal packet. If a packet out of sequence is received, it will be discarded automatically. Only when tunnel sequence-datagrams or no tunnel sequence-datagrams is set at both ends of the tunnel can the tunnel be set up.

Example
! Set up a tunnel between RouterA and RouterB, whose interfaces are tunnel0 and tunnel1, respectively. It is required to set the tunnel sequence-datagrams. Make the following configuration at tunnel0 in RouterA: RouterA(config-if-tunnel0)# tunnel sequence-datagrams Make the following configuration at tunnel1 in RouterB: RouterB(config-if-tunnel1)# tunnel sequence-datagrams

Related Command
interface tunnel

2-5

User Manual Command Reference (Volume 3) Versatile Routing Platform

Chapter 2
GRE Configuration Commands

2.7 tunnel source

To specify the source address added when the tunnel is encapsulated, use the tunnel source command, and this address must be the same as the destination address specified at remote end of the tunnel. To delete the source address of the tunnel, use the no form of this command. tunnel source ip-address no tunnel source

Syntax Description
ip-address IP address of the actual physical interface at tunnel1.

Default
no tunnel source.

Command Mode
tunnel interface mode

Usage Guideline
The specified tunnel source address is input in the IP address format. It must be the same as the actual physical interface address.

Example
! Configure tunnel0 in the router: the actual exit for the packet encapsulated at this interface is Serial0. RouterA(config)# interface serial 0 RouterA(config-if-serial0)# ip address 192.100.1.1 255.255.255.0 RouterA(config)# interface tunnel 0 RouterA(config-if-tunnel0)# tunnel source 192.100.1.1

Related Command
interface tunnel, tunnel destination

2.8 show interface tunnel

To show the status of the active tunnel interface, use the show interface tunnel command.

Command Mode
Privileged user mode

2-6

User Manual Command Reference (Volume 3) Versatile Routing Platform

Chapter 2
GRE Configuration Commands

Example
Quidway# show interface tunnel 1
Tunnel1 is up, line protocol is up Internet address is 3.1.1.1 255.255.255.0 10 packets input, 640 bytes 0 input errors, 0 broadcast, 0 drops 10 packets output, 640 bytes 0 output errors, 0 broadcast, 0 no protocol

The above information shows: the network address of Tunnel1 is 3.1.1.1; 0 packet is received; 0 error and broadcast packet is received; no packet is discarded; 0 packet is sent; 0 packet with output errors, 0 broadcast packet and 0 packet with unknown protocol.

2-7