gre key

Function

The gre key command sets the key number of a GRE tunnel.

The undo gre key command deletes the key number of a GRE tunnel.

By default, the GRE key number is not configured.

Only the S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-HI, S6730-H, S6730S-H, S6730-S, and S6730S-S support this command.

Format

gre key { plain key-number | [ cipher ] plain-cipher-text }

undo gre key

Parameters

Parameter	Description	Value
plain key-number	Specifies a plaintext key. NOTICE: If plain is selected, the key is saved in the configuration file in plain text. This brings security risks. It is recommended that you select cipher to save the key in cipher text.	The value is an integer that ranges from 0 to 4294967295.
[ cipher ] plain-cipher-text	Specifies that a ciphertext key is displayed.	You can specify a plaintext key (integer) ranging from 0 to 4294967295 or a ciphertext key of 32 or 48 characters.

Views

Tunnel interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can configure key numbers for both ends of a GRE tunnel to improve GRE tunnel security. This security mechanism ensures that a device accepts only packets sent from the valid tunnel interface and discards invalid packets.

Prerequisites

The tunnel interface view has been displayed using the interface tunnel command.

The tunnel type has been set to GRE using the tunnel-protocol gre command.

Precautions

Packets pass authentication only when the key numbers set on both ends of the tunnel are consistent. Otherwise, the packets are discarded.

When you run the gre key command several times, the latest configuration overrides the previous configurations.

Example

# Configure the GRE key number for the ends of a tunnel is 123.

<HUAWEI> system-view
[HUAWEI] interface tunnel 1
[HUAWEI-Tunnel1] tunnel-protocol gre
[HUAWEI-Tunnel1] gre key cipher 123