GRE Tunnel 2

By Chris June 30, 2016 13:05

GRE tunnels, without the encryption, can be a breeze to configure and verify – you just need to practice the variations. Today’s post does just that, with a lab topology that looks like two enterprise routers connected to the Internet, with a need for a point-to-point GRE tunnel. No muss, no fuss, just get the tunnel working, make it pingable across the tunnel, with EIGRP exchanging routes.


This lab uses a rather small design with three routers, but actually does a nice job of approximating how two remote enterprise sites would connect to the Internet. Think of the two routers on the edges of the figure as enterprise routers (Acme1 and Acme2). Both have an Internet access link, and both have a default route (ip route with a next-hop address referencing the router in the middle of the design. The one router in the middle represents the entire Internet, but one is enough: The Enterprise routers now have public IP addresses on the links connected to the cloud, and private IP addresses in network

The specific rules for this lab are:

  • As the tunnel source, refer to each router’s local interface that the Acme router to the Internet
  • As the tunnel destination, use the remote Internet IP addresses on the Acme routers (that is, the IP addresses used as the source address by the opposite router)
  • Assign the tunnel IP addresses as private IP addresses per the figure
  • Configure EIGRP on the tunnel interface using EIGRP network commands
  • Use all existing EIGRP parameters and autonomous systems.
  • Assume all device interfaces shown in the lab are up, working and with correct IP addresses assigned.


Figure 1: Two Enterprise Routers at Acme Corp, with One Router Acting as Entire Internet


Initial Configuration

Examples 1, 2 and 3 show the beginning configuration state of Internet, Acme1 and Acme2.

Example 1: Internet Config


Example 2: Acme1 Config


Example 3: Acme2 Config


Answer on Paper, or Maybe Test in Lab

Next, write your answer on paper. Or if you have some real gear, or other tools, configure the lab with those tools.

To test your solution, if you happen to try it with CML/VIRL or real gear, you can verify the configuration and operation of the tunnel interface by issuing the show interfaces tunnel0 command. EIGRP should form a neighborship across the interface and allow each of the Acme branch routers to see each other’s routes and to communicate between each other. Additionally, look at show ip interface brief, which should show the tunnel interface, it’s IP address, and a state of up/up.


Do this Lab with Cisco’s CML (Formerly VIRL)

You can do these labs on paper and still get a lot out of the lab. As an extra help, we have added files for Cisco Modeling Lab – Personal (CML-P). CML-P replaces Cisco Virtual Internet Routing Lab (VIRL) software, in effect serving as VIRL Version 2.

Below, find two files: a file useful with CML-P and another useful with VIRL. (Note that the CML-P file has a .yaml filetype, while the older VIRL file has a VIRL filetype.) Once the file is loaded, CML-P or VIRL will create a lab topology similar to this lab’s topology, with the initial configuration shown in the lab as well.

This lab’s CML file!

This lab’s VIRL file!

The CML/VIRL topology matches this lab topology exactly.

Answers: PPP over Ethernet 1
Answers: GRE Tunnel 2
By Chris June 30, 2016 13:05
Write a comment


  1. Sanjin Beslagic November 13, 08:45


    can you please explain to me how to make routes on router named Internet. We have default routes on Edge1 and Edge2 and one router between them.


    Reply to this comment
    • certskills November 21, 13:17

      Hi Sanjin,
      The Internet router in this case only needs to route packets to addresses in those two inner subnets, and those are covered by connected routes. So the Internet router needs no static routes nor routing protocol for this limited case in a lab. EG:
      Acme1 uses its default route when forwarding to the tunnel destination, sending the packet to the Internet router.
      The Internet router has a connected route for, matching that destination, sending the packet to Acme2.
      Similar logic in the reverse direction.

      Reply to this comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email


Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.