Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsC9010 Modular Chassis Switch

981

982

983

984

985

986

987

988

989

990

Configuring Tunnel allow-remote Decapsulation

You can configure an IPv4 or IPV6 address or prefix whose tunneled packet will be accepted for decapsulation.

● If no allow-remote entries are configured, then tunneled packets from any remote peer address will be accepted.

● Upto eight allow-remote entries can be configured on any particular multipoint receive-only tunnel.

The following sample configuration shows how to configure a tunnel allow-remote address.

Dell(conf)#interface tunnel 1

Dell(conf-if-tu-1)#ipv6 address 1abd::1/64

Dell(conf-if-tu-1)#ip address 1.1.1.1/24

Dell(conf-if-tu-1)#tunnel source 40.1.1.1

Dell(conf-if-tu-1)#tunnel mode ipip decapsulate-any

Dell(conf-if-tu-1)#tunnel allow-remote 40.1.1.2

Dell(conf-if-tu-1)#no shutdown

Dell(conf-if-tu-1)#show config

interface Tunnel 1

ip address 1.1.1.1/24

ipv6 address 1abd::1/64

tunnel source 40.1.1.1

tunnel allow-remote 40.1.1.2

tunnel mode ipip decapsulate-any

no shutdown

Configuring Tunnel source anylocal Decapsulation

The tunnel source anylocal command allows a multipoint receive-only tunnel to decapsulate tunnel packets addressed

to any IPv4 or IPv6 (depending on the tunnel mode) address configured on the switch that is operationally UP.

The source anylocal parameters can be used for packet decapsulation instead of the ip address or interface (tunnel

allow-remote command), but only on multipoint receive-only mode tunnels.

The following sample configuration shows how to use the tunnel source anylocal command.

Dell(conf)#interface tunnel 1

Dell(conf-if-tu-1)#ipv6 address 1abd::1/64

Dell(conf-if-tu-1)#ip address 1.1.1.1/24

Dell(conf-if-tu-1)#tunnel source anylocal

Dell(conf-if-tu-1)#tunnel mode ipip decapsulate-any

Dell(conf-if-tu-1)#tunnel allow-remote 40.1.1.2

Dell(conf-if-tu-1)#no shutdown

Dell(conf-if-tu-1)#show config

interface Tunnel 1

ip address 1.1.1.1/24

ipv6 address 1abd::1/64

tunnel source anylocal

tunnel allow-remote 40.1.1.2

tunnel mode ipip decapsulate-any

no shutdown

Multipoint Receive-Only Tunnels

A multipoint receive-only IP tunnel decapsulates packets from remote end-points and never forwards packets on the tunnel. You

can configure an additional level of security on a receive-only IP tunnel by specifying a valid prefix or range of remote peers.

The operational status of a multipoint receive-only tunnel interface always remains up. Packets from the remote addresses

configured for a multipoint receive-only tunnel are decapsulated and are not marked for neighbor resolution as for a standard

tunnel’s destination address. Connected routes for the tunnel interface’s IP subnet do not point towards the tunnel but towards

the switch CPU for the receive-only tunnel. The tunnel interface can function as an unnumbered interface with no IPv4/IPv6

address assigned.

Tunneling

983