R3721-F3210-F3171-HP High-End Firewalls VPN Command Reference-6PW101
3
Description
Use gre key to configure a key for a GRE tunnel interface.
Use undo gre key to remove the configuration.
By default, no key is configured for a GRE tunnel interface.
For a P2P GRE tunnel, both ends of the tunnel must be configured with the same GRE key. Otherwise,
packets cannot pass the GRE key verification and thus will be discarded. This weak security mechanism
can prevent packets from being received mistakenly.
For a P2MP GRE tunnel, the GRE key identifies the priority of a tunnel entry. A tunnel entry with a smaller
GRE key value has a higher priority.
Related commands: interface tunnel and display interface tunnel.
Examples
# Set the key for the GRE tunnel interfaces to 123 on firewall Sysname1 and firewall Sysname2.
// Set the GRE key to 123 for GRE tunnel interface 3 on firewall Sysname1.
<Sysname1> system-view
[Sysname1] interface tunnel 3
[Sysname1-Tunnel3] gre key 123
// Set the GRE key to 123 for GRE tunnel interface 2 on firewall Sysname2.
<Sysname2> system-view
[Sysname2] interface tunnel 2
[Sysname2-Tunnel2] gre key 123
gre p2mp aging-time
Syntax
gre p2mp aging-time aging-time
undo gre p2mp aging-time
View
Tunnel interface view
Default level
2: System level
Parameters
aging-time: Aging time for tunnel entries, in the range of 1 to 86400, in seconds.
Description
Use gre p2mp aging-time to set the aging time for P2MP GRE tunnel entries.
Use undo gre p2mp aging-time to restore the default.
By default, the tunnel entry aging time is 5 seconds.
This command is available for only tunnel interfaces working in P2MP GRE tunnel mode.
If the firewall at the headquarters does not receive any packet from a branch before the aging time
expires, it removes the corresponding tunnel entry.