Administrator Guide
Conguring Tunnel allow-remote Decapsulation
You can congure an IPv4 or IPV6 address or prex whose tunneled packet will be accepted for decapsulation.
• If no allow-remote entries are congured, then tunneled packets from any remote peer address will be accepted.
• Upto eight allow-remote entries can be congured on any particular multipoint receive-only tunnel.
The following sample conguration shows how to congure a tunnel allow-remote address.
Dell(conf)#interface tunnel 1
Dell(conf-if-tu-1)#ipv6 address 1abd::1/64
Dell(conf-if-tu-1)#ip address 1.1.1.1/24
Dell(conf-if-tu-1)#tunnel source 40.1.1.1
Dell(conf-if-tu-1)#tunnel mode ipip decapsulate-any
Dell(conf-if-tu-1)#
tunnel allow-remote 40.1.1.2
Dell(conf-if-tu-1)#no shutdown
Dell(conf-if-tu-1)#show config
!
interface Tunnel 1
ip address 1.1.1.1/24
ipv6 address 1abd::1/64
tunnel source 40.1.1.1
tunnel allow-remote 40.1.1.2
tunnel mode ipip decapsulate-any
no shutdown
Conguring Tunnel source anylocal Decapsulation
The tunnel source anylocal command allows a multipoint receive-only tunnel to decapsulate tunnel packets addressed to any
IPv4 or IPv6 (depending on the tunnel mode) address congured on the switch that is operationally UP.
The source anylocal parameters can be used for packet decapsulation instead of the ip address or interface (tunnel allow-
remote command), but only on multipoint receive-only mode tunnels.
The following sample conguration shows how to use the tunnel source anylocal command.
Dell(conf)#interface tunnel 1
Dell(conf-if-tu-1)#ipv6 address 1abd::1/64
Dell(conf-if-tu-1)#ip address 1.1.1.1/24
Dell(conf-if-tu-1)#tunnel source anylocal
Dell(conf-if-tu-1)#tunnel mode ipip decapsulate-any
Dell(conf-if-tu-1)#tunnel allow-remote 40.1.1.2
Dell(conf-if-tu-1)#no shutdown
Dell(conf-if-tu-1)#show config
!
interface Tunnel 1
ip address 1.1.1.1/24
ipv6 address 1abd::1/64
tunnel source anylocal
tunnel allow-remote 40.1.1.2
tunnel mode ipip decapsulate-any
no shutdown
Multipoint Receive-Only Tunnels
A multipoint receive-only IP tunnel decapsulates packets from remote end-points and never forwards packets on the tunnel. You can
congure an additional level of security on a receive-only IP tunnel by specifying a valid prex or range of remote peers.
The operational status of a multipoint receive-only tunnel interface always remains up. Packets from the remote addresses congured for a
multipoint receive-only tunnel are decapsulated and are not marked for neighbor resolution as for a standard tunnel’s destination address.
Connected routes for the tunnel interface’s IP subnet do not point towards the tunnel but towards the switch CPU for the receive-only
tunnel. The tunnel interface can function as an unnumbered interface with no IPv4/IPv6 address assigned.
1050
Tunneling