CLI Guide

tunnel allow-remote

Configure an IPv4 or IPv6 address or prefix whose tunneled packets will be accepted for decapsulation. If

no allow-remote entries are configured, tunneled packets from any remote peer address will be

accepted.

Syntax tunnel allow-remote {ip-address | ipv6-address} [mask]

Use the no tunnel allow-remote command to delete a configured allow-remote

entry. Any specified address/mask values must match an existing entry for the

delete to succeed. If the address and mask are not specified, this command deletes

all allow-remote entries.

Parameters

ip-address Enter the source IPv4 address in A.B.C.D format.

ipv6–address Enter the source IPv6 address in X:X:X:X::X format.

mask (OPTIONAL) Enter a network mask in /prefix format (/x) or

A.B.C.D to match a range of remote addresses. The default

mask is /32 for IPv4 addresses and /128 for IPv6 addresses,

which match only the specified address.

Defaults If no tunnel allow remote is configured, all traffic which is destined to tunnel

source address will be decapsulated.

Command Modes INTERFACE TUNNEL

Supported Modes Full–Switch

Command History

Version Description

9.9(0.0) Introduced on the FN IOM.

9.4(0.0) Introduced on the MXL.

Usage Information

Up to eight allow-remote entries can be configured on any particular multipoint

receive-only tunnel.

This command will fail if the address family entered does not match the outer

header address family of the tunnel mode, tunnel source, or any other tunnel

allow-remote.

If any allow-remote are configured, the tunnel source or tunnel mode commands

will fail if the outer header address family does not match that of the configured

allow-remote.

1470

Tunneling