GRE (Generic Routing Encapsulation)
June 3, 2025 - Reading time: 2 minutes

GRE (Generic Routing Encapsulation) is a tunneling protocol that allows the encapsulation of a wide variety of Layer 3 protocols inside IP tunnels. This enables the creation of logical point-to-point links between routers across an IP network. GRE tunnels are used to connect remote networks or routers that do not have a direct Layer 3 path, creating a virtual interface for routing. GRE itself does not provide encryption or authentication—its purpose is purely encapsulation and tunneling.

Step-by-Step Lab: GRE Tunnel Between Routers

Topology:

Router1.  -----  ISP Router/s  -----  Router2
192.10.1.1         .2     .1          192.20.2.2
Tunnel: 10.10.10.1/30                 Tunnel: 10.10.10.2/30

Device Configurations

Router1 Configuration

interface Tunnel0
 ip address 10.10.10.1 255.255.255.252
 tunnel source 192.10.1.1
 tunnel destination 192.20.2.2

Router2 Configuration

interface Tunnel0
 ip address 10.10.10.2 255.255.255.252
 tunnel source 192.20.2.2
 tunnel destination 192.10.1.1

Verification Commands and Results

1. Show Tunnel Interface

Router1# show interface tunnel0
Tunnel0 is up, line protocol is up
  Hardware is Tunnel
  Internet address is 10.10.10.1/30
  MTU 1476 bytes, BW 9 Kbit/sec, DLY 500000 usec
  Encapsulation TUNNEL, loopback not set
  Tunnel source 192.10.1.1, destination 192.20.2.2
  Tunnel protocol/transport GRE/IP

2. Ping Across the Tunnel

Router1# ping 10.10.10.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

3. Show IP Route to Tunnel Network

Router1# show ip route 10.10.10.0

Routing entry for 10.10.10.0/30
  Known via "connected", distance 0, metric 0 (connected)
  Routing Descriptor Blocks:
  * directly connected, via Tunnel0
      Route metric is 0, traffic share count is 1

Common Mistakes

Mistake Symptom Solution
Tunnel source/destination mismatch Tunnel line protocol stays down Ensure both tunnel source and destination IPs are correct and reachable.
Missing route to tunnel destination Tunnel stays down or unreachable Add a static/default route or ensure the underlying IP network is routable.
Incorrect tunnel IP subnet Ping fails between tunnel endpoints Use matching and correct subnet mask (/30 in this lab).

The lab is available for download from this link. Try recreating the sample lab above using the provided IP addressing scheme.

User Challenge

  1. Reconfigure the tunnel using a /29 subnet instead of /30.

  2. Add a static route on Router1 to reach a network on Router2 (e.g 172.16.0.0/16) via 10.10.10.2 and test connectivity.

  3. Download the GRE1 and GRE2 troubleshooting scenarios and apply what you've learned.
    (requires version 2.10)

GRE (Generic Routing Encapsulation) | PocketCLI

Search

Categories

LATEST POSTS

Download


>