< Home

(Optional) Configuring a Security Mechanism for GRE

Context

You can configure key numbers for both ends of a GRE tunnel to improve GRE tunnel security. This security mechanism ensures that a device accepts only packets sent from the valid tunnel interface and discards invalid packets.

Only the S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-HI, S6730-H, S6730S-H, S6730-S, and S6730S-S support this function.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface tunnel interface-number

    The tunnel interface view is displayed.

  3. Run gre key { plain key-number | [ cipher ] plain-cipher-text }

    A key is configured for the GRE tunnel.

    Specify the same value for the key-number parameter on tunnel interfaces on both ends of the GRE tunnel, or configure no key for either end of the tunnel.

    By default, no key is configured for the GRE tunnel.

    If plain is selected, the key is saved in the configuration file in plain text. This brings security risks. It is recommended that you select cipher to save the key in cipher text.

Parent Topic: Configuring a GRE Tunnel
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >