Users Guide

ManualsBrandsDell ManualsAccess PlatformsC9010 Modular Chassis Switch

1041

Conguring Tunnel allow-remote Decapsulation

You can congure an IPv4 or IPV6 address or prex whose tunneled packet will be accepted for decapsulation.

• If no allow-remote entries are congured, then tunneled packets from any remote peer address will be accepted.

• Upto eight allow-remote entries can be congured on any particular multipoint receive-only tunnel.

The following sample conguration shows how to congure a tunnel allow-remote address.

Dell(conf)#interface tunnel 1

Dell(conf-if-tu-1)#ipv6 address 1abd::1/64

Dell(conf-if-tu-1)#ip address 1.1.1.1/24

Dell(conf-if-tu-1)#tunnel source 40.1.1.1

Dell(conf-if-tu-1)#tunnel mode ipip decapsulate-any

Dell(conf-if-tu-1)#

tunnel allow-remote 40.1.1.2

Dell(conf-if-tu-1)#no shutdown

Dell(conf-if-tu-1)#show config

interface Tunnel 1

ip address 1.1.1.1/24

ipv6 address 1abd::1/64

tunnel source 40.1.1.1

tunnel allow-remote 40.1.1.2

tunnel mode ipip decapsulate-any

no shutdown

Conguring Tunnel source anylocal Decapsulation

The tunnel source anylocal command allows a multipoint receive-only tunnel to decapsulate tunnel packets addressed to any

IPv4 or IPv6 (depending on the tunnel mode) address congured on the switch that is operationally UP.

The source anylocal parameters can be used for packet decapsulation instead of the ip address or interface (tunnel allow-

remote command), but only on multipoint receive-only mode tunnels.

The following sample conguration shows how to use the tunnel source anylocal command.

Dell(conf)#interface tunnel 1

Dell(conf-if-tu-1)#ipv6 address 1abd::1/64

Dell(conf-if-tu-1)#ip address 1.1.1.1/24

Dell(conf-if-tu-1)#tunnel source anylocal

Dell(conf-if-tu-1)#tunnel mode ipip decapsulate-any

Dell(conf-if-tu-1)#tunnel allow-remote 40.1.1.2

Dell(conf-if-tu-1)#no shutdown

Dell(conf-if-tu-1)#show config

interface Tunnel 1

ip address 1.1.1.1/24

ipv6 address 1abd::1/64

tunnel source anylocal

tunnel allow-remote 40.1.1.2

tunnel mode ipip decapsulate-any

no shutdown

Multipoint Receive-Only Tunnels

A multipoint receive-only IP tunnel decapsulates packets from remote end-points and never forwards packets on the tunnel. You can

congure an additional level of security on a receive-only IP tunnel by specifying a valid prex or range of remote peers.

The operational status of a multipoint receive-only tunnel interface always remains up. Packets from the remote addresses congured for a

multipoint receive-only tunnel are decapsulated and are not marked for neighbor resolution as for a standard tunnel’s destination address.

Connected routes for the tunnel interface’s IP subnet do not point towards the tunnel but towards the switch CPU for the receive-only

tunnel. The tunnel interface can function as an unnumbered interface with no IPv4/IPv6 address assigned.

Tunneling

1041