The gre key command sets the key number of a GRE tunnel.
The undo gre key command deletes the key number of a GRE tunnel.
By default, the GRE key number is not configured.
| Parameter | Description | Value |
|---|---|---|
| simple key-number-simple |
Specifies the key number used for both ends of a tunnel. The key number is saved in plaintext in the configuration file. Since a simple key number is insecure, it is recommended that you configure the key number in ciphertext on both ends of the tunnel. |
The value is an integer ranging from 0 to 4294967295. |
| cipher |
Indicates that a ciphertext key is displayed. |
- |
| key-number-cipher |
Specifies a simple text key (integer) or a ciphertext key. |
The value can be an integer that ranges from 0 to 4294967295 in simple text or a string of 32 characters or 48 to 128 characters in cipher text. |
Usage Scenario
To enhance GRE tunnel security, run the gre key command to set the key number of a GRE tunnel. The key number of a GRE tunnel can be used to prevent one end from identifying or receiving packets from another end that has a different key number.
Prerequisites
The encapsulation mode of a tunnel has been configured as GRE using the tunnel-protocol gre command.
Configuration Impact
If the gre key command is run more than once, the latest configuration overrides the previous one.
Follow-up Procedure
Precautions
If the gre key command is run, the transmit and receive ends will authenticate the key number of packets. Only the packets with the same key number on both ends of the tunnel can pass the authentication. Otherwise, the packets will be dropped. Therefore, if you specify the key number on both ends of a tunnel, set the same value for both ends. You can also specify no key number on both ends.