Courseiva
VPNInterface Config

tunnel mode gre ip

Configures a tunnel interface to use Generic Routing Encapsulation (GRE) as the tunnel mode, enabling the transport of multiprotocol packets over an IP network.

Syntax·Interface Config
tunnel mode gre ip

When to Use This Command

  • Connecting two remote private networks over the internet using a GRE tunnel to route non-IP protocols or multicast traffic.
  • Creating a site-to-site VPN overlay without encryption, often combined with IPsec for secure communication.
  • Enabling dynamic routing protocols like OSPF or EIGRP between two sites across a public network.
  • Transporting IPv6 traffic over an IPv4-only infrastructure.

Command Examples

Basic GRE Tunnel Configuration

interface Tunnel0 ip address 10.0.0.1 255.255.255.252 tunnel source 192.168.1.1 tunnel destination 203.0.113.1 tunnel mode gre ip
Router(config)#interface Tunnel0
Router(config-if)#ip address 10.0.0.1 255.255.255.252
Router(config-if)#tunnel source 192.168.1.1
Router(config-if)#tunnel destination 203.0.113.1
Router(config-if)#tunnel mode gre ip
Router(config-if)#end
Router#

The command sequence creates a GRE tunnel interface (Tunnel0) with an IP address 10.0.0.1/30. The tunnel source is set to the local physical interface IP (192.168.1.1), and the destination is the remote peer's public IP (203.0.113.1). The 'tunnel mode gre ip' command explicitly sets the encapsulation to GRE over IPv4.

Verifying GRE Tunnel Status

show interfaces tunnel 0
Tunnel0 is up, line protocol is up
  Hardware is Tunnel
  Internet address is 10.0.0.1/30
  MTU 1476 bytes, BW 100 Kbit/sec, DLY 50000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation TUNNEL, loopback not set
  Keepalive not set
  Tunnel source 192.168.1.1, destination 203.0.113.1
  Tunnel protocol/transport GRE/IP
    Key disabled, sequencing disabled
    Checksumming of packets disabled
  Tunnel TTL 255
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/0 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out

The output shows the tunnel interface status: 'Tunnel0 is up, line protocol is up' indicates the tunnel is operational. The MTU is reduced to 1476 bytes due to GRE overhead. The tunnel source and destination IPs are displayed. 'Tunnel protocol/transport GRE/IP' confirms the mode. Key fields to monitor: interface status, MTU, and packet counters for errors.

Understanding the Output

The 'show interfaces tunnel X' command displays the status and configuration of a GRE tunnel. Key fields include: 'TunnelX is up, line protocol is up' – both must be 'up' for the tunnel to function. 'Internet address' shows the tunnel IP. 'MTU' is typically 1476 bytes (1500 minus 24 bytes GRE+IP header). 'Tunnel source/destination' shows the physical endpoints. 'Tunnel protocol/transport GRE/IP' confirms the mode. 'Input/output rate' indicates traffic load. Error counters like 'input errors', 'CRC', 'output errors' should be zero; non-zero values indicate problems. 'Reliability 255/255' is ideal; lower values suggest packet loss. 'txload/rxload' show bandwidth utilization (1/255 is minimal).

CCNA Exam Tips

1.

GRE tunnels reduce the MTU by 24 bytes (20 IP + 4 GRE); remember this for MTU-related questions.

2.

GRE does not provide encryption; it is often used with IPsec for secure tunnels.

3.

The tunnel source and destination must be reachable via IP routing; otherwise the tunnel will not come up.

4.

GRE can encapsulate multicast traffic, making it suitable for routing protocols like OSPF over VPNs.

Common Mistakes

Forgetting to configure a tunnel IP address – the tunnel interface must have an IP in the same subnet as the remote tunnel IP.

Using the wrong tunnel source or destination IP (e.g., using private IPs when the tunnel goes over the internet).

Not enabling the tunnel interface with 'no shutdown' – by default, tunnel interfaces are up but may be administratively down.

Related Commands

show ip route

Displays the current IP routing table on a Cisco router, used to verify routes, check next-hop addresses, and troubleshoot connectivity issues.

tunnel destination [ip]

Specifies the destination IP address for a tunnel interface, used to define the remote endpoint of a point-to-point VPN tunnel.

tunnel source [intf|ip]

Specifies the source interface or IP address for a tunnel interface, used to define the tunnel's source address for VPN or overlay networks.

Practice for the CCNA 200-301

Test your knowledge with hundreds of CCNA practice questions covering all exam domains.

Practice CCNA Questions