There are several commands that can be used to monitor and troubleshoot GRE tunnels. To determine whether the tunnel interface is up or down, use the show ip interface brief command, as shown in Figure 1.
To verify the state of a GRE tunnel, use the show interface tunnel command. The line protocol on a GRE tunnel interface is up as long as there is a route to the tunnel destination. Before implementing a GRE tunnel, IP connectivity must already be in effect between the IP addresses of the physical interfaces on opposite ends of the potential GRE tunnel. The tunnel transport protocol is displayed in the output, also shown in Figure 1.
If OSPF has also been configured to exchange routes over the GRE tunnel, verify that an OSPF adjacency has been established over the tunnel interface using the show ip ospf neighbor command. In Figure 2, note that the peering address for the OSPF neighbor is on the IP network created for the GRE tunnel.
In Figure 3, use the Syntax Checker to configure and verify a GRE tunnel on R2 followed by R1.
GRE is considered a VPN because it is a private network that is created by tunneling over a public network. Using encapsulation, a GRE tunnel creates a virtual point-to-point link to Cisco routers at remote points over an IP internetwork. The advantages of GRE are that it can be used to tunnel non-IP traffic over an IP network, allowing for network expansion by connecting multiprotocol subnetworks across a single-protocol backbone environment. GRE also supports IP multicast tunneling. This means that routing protocols can be used across the tunnel, enabling dynamic exchange of routing information in the virtual network. Finally, it is common practice to create IPv6 over IPv4 GRE tunnels, where IPv6 is the encapsulated protocol and IPv4 is the transport protocol. In the future, these roles will likely be reversed as IPv6 takes over as the standard IP protocol.
However, GRE does not provide encryption or any other security mechanisms. Therefore, data sent across a GRE tunnel is not secure. If secure data communication is needed, IPsec or SSL VPNs should be configured.