Problem
You want to check the status of a tunnel.
Solution
You can look at the attributes for a tunnel with the show interface command.
Router1#show interface Tunnel5
And the easiest way to determine if a tunnel is operational is simply to use a PING test to either the send ICMP packets through the tunnel or to its destination address:
Router1#ping 192.168.66.6 Router1#ping 172.22.1.4
Discussion
You can use the standard show interface command on a tunnel interface to see a considerable amount of useful information about it:
Router1#show interface Tunnel5 Tunnel5 is up, line protocol is up Hardware is Tunnel Internet address is 192.168.66.5/30 MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation TUNNEL, loopback not set Keepalive not set Tunnel source 172.22.1.3, destination 172.22.1.4 Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled Tunnel TTL 255 Checksumming of packets disabled, fast tunneling enabled Last input 1d19h, output 00:00:06, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 79 Queueing strategy: fifo Output queue: 0/0 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 2536 packets input, 1386605 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 23235 packets output, 2036436 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out Router1#
As you can see from this output, the show interface command tells you what the tunnel's source and destination IP addresses are. You can see the input and output rate, as well as the total number of packets and bytes both sent and received on this tunnel interface. The output also shows that we are using the default GRE tunnel protocol, and we have not enabled checksums or keepalives on this tunnel.
There is only one serious problem with this output. Because we have not enabled keepalives, as we discussed in Recipe 12.1, the show interface command will almost always show the tunnel interface as being in an up state. As we mentioned in Recipe 12.1, the router will temporarily bring the tunnel interface down in response to recursive routing situations, and you can also use the shutdown command to disable a tunnel as you would with any other interface. However, usually the tunnel interface will appear to be in an up state, even if the router can't reach the tunnel destination router.
If you are running an IOS level that supports keepalives on tunnels, you can enable that feature. Then the show interface command will give a more realistic view of the tunnel's status. But without that feature, the easiest way to see if a tunnel is working is to simply ping through it:
Router1#ping 192.168.66.6 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.66.6, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/14/20 ms Router1#
Or, alternatively, you can ping the destination IP address of the tunnel:
Router1#ping 172.22.1.4 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.66.6, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/14/20 ms Router1#
See Also
Recipe 12.1
Router Configuration and File Management
Router Management
User Access and Privilege Levels
TACACS+
IP Routing
RIP
EIGRP
OSPF
BGP
Frame Relay
Handling Queuing and Congestion
Tunnels and VPNs
Dial Backup
NTP and Time
DLSw
Router Interfaces and Media
Simple Network Management Protocol
Logging
Access-Lists
DHCP
NAT
First Hop Redundancy Protocols
IP Multicast
IP Mobility
IPv6
MPLS
Security
Appendix 1. External Software Packages
Appendix 2. IP Precedence, TOS, and DSCP Classifications
Index