The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Multihop virtual private dialup networking (VPDN) is a specialized VPDN configuration that allows packets to pass through multiple tunnels. Ordinarily, packets are not allowed to pass through more than one tunnel. In a multihop deployment, the VPDN tunnel is terminated after each hop and a new tunnel is initiated to the next hop destination.
Multihop VPDN deployments can also be used to configure a device as a tunnel switch. A tunnel switch acts as both a network access server (NAS) and a tunnel server, able to receive packets from an incoming VPDN tunnel and send them out over an outgoing VPDN tunnel. Tunnel switch configurations can be used between Internet service providers (ISPs) to provide wholesale VPDN services.
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the Feature Information Table at the end of this document.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Before you configure multihop VPDN, a VPDN deployment must be configured. For more information about VPDN deployments that are compatible with multihop VPDN scenarios, see the Configuring a Multihop Tunnel Switch.
Only the Layer 2 Tunneling Protocol (L2TP) is supported on the Cisco ASR 1000 Series Aggregation Services Routers.
Multihop VPDN can be used to configure a device as a tunnel switch. A tunnel switch acts as both a NAS and a tunnel server, receiving packets from an incoming VPDN tunnel and sending them out over an outgoing VPDN tunnel. Tunnel switch configurations can be used between ISPs to provide wholesale VPDN services. A VPDN tunnel switch on the Cisco ASR 1000 Series Aggregation Services Routers can forward L2TP sessions. L2F or Point-to-Point Tunneling Protocol (PPTP) are not supported.
In an L2TP tunnel switching deployment, the tunnel endpoints are considered the originating NAS and the terminating tunnel server. The tunnel switch is not considered a tunnel endpoint.
The figure below shows a network scenario using a basic L2TP tunnel switching deployment.
Figure 1 | Tunnel Switching Using Multihop VPDN |
The tunnel switch can be configured to terminate incoming VPDN tunnels from multiple devices, and to initiate outgoing VPDN tunnels to one or more tunnel servers.
The Subscriber Service Switch (SSS) framework is supported for VPDN tunnel switching. SSS supports additional Layer 2 protocols, including PPP over Ethernet (PPPoE) and generic routing encapsulation (GRE). Configuring SSS for VPDN tunnel switching is optional. SSS profiles increase the scalability of tunnel switching configurations, particularly in multiprotocol environments.
Multihop VPDN can be used to configure a device as a tunnel switch. A tunnel switch acts as both a NAS and a tunnel server, and must be configured with both a NAS VPDN group and a tunnel server VPDN group.
Tunnel switching using the SSS infrastructure is supported. SSS allows L2TP, L2F, PPTP, PPPoE, PPPoA, GRE, and general packet radio service (GPRS) sessions to be switched over virtual links using a tunnel switch. SSS configurations are not required for tunnel switching data over L2TP, L2F, or PPTP tunnels, but SSS increases the scalability of tunnel switching deployments.
Note |
On the Cisco ASR 1000 Series Aggregation Services Router, a multihop VPDN tunnel switch can be configured to forward L2TP tunnels only. |
Perform these tasks to configure a device as a multihop VPDN tunnel switch:
In tunnel switching deployments, packets must traverse multiple tunnels. Multihop VPDN must be enabled on the tunnel switch for the deployment to function.
You must perform the task in the Configuring the Multihop Tunnel Switch to Terminate Incoming VPDN Tunnels.
A tunnel switch must be configured as a tunnel server, allowing it to terminate incoming VPDN tunnels. You can configure a tunnel switch to terminate tunnels from multiple devices.
You must perform the task in the Configuring the Multihop Tunnel Switch to Initiate Outgoing VPDN Tunnels section.
A tunnel switch must be configured as a NAS, allowing it to initiate outgoing VPDN tunnels. You can configure a tunnel switch to initiate tunnels to multiple devices.
The following example configures a NAS, tunnel switch, and tunnel server to establish a multihop VPDN tunnel using L2TP:
! Configure the NAS to initiate VPDN dial-in sessions to the tunnel switch vpdn-group 1 request-dialin protocol l2tp domain cisco.com ! initiate-to ip 172.22.66.25 local name ISP-NAS
!Enable VPDN vpdn enable ! !Enable multihop vpdn multihop
!
! Configure the tunnel switch to use the multihop hostname in the authentication search.
vpdn search-order multihop-hostname domain dnis
!
! Configure the tunnel switch to accept dial-in sessions from the NAS vpdn-group tunnelin accept-dialin protocol l2tp virtual-template 1 ! terminate-from hostname ISP-NAS local name ISP-Sw ! ! Configure the tunnel switch to initiate VPDN dial-in sessions to the tunnel server vpdn-group tunnelout request-dialin protocol l2tp multihop-hostname ISP-NAS ! initiate-to ip 10.2.2.2 local name ISP-Sw
! Configure the tunnel server to accept dial-in sessions from the NAS vpdn-group 1 accept-dialin protocol l2tp virtual-template 1 ! terminate-from hostname ISP-Sw local name ENT-TS
You can perform any of the relevant optional tasks in the Configuring Additional VPDN Features and in the VPDN Tunnel Management modules.
Related Topic |
Document Title |
---|---|
Cisco IOS commands |
|
VPDN commands |
Cisco IOS VPDN Command Reference |
VPDN technology overview |
VPDN Technology Overview |
Broadband access aggregation and DSL commands |
Cisco IOS Broadband Access Aggregation and DSL Command Reference |
Standard |
Title |
---|---|
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature. |
-- |
MIB |
MIBs Link |
---|---|
No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature. |
To locate and download MIBs for selected platforms, Cisco software releases, and feature sets, use Cisco MIB Locator found at the following URL: |
RFC |
Title |
---|---|
RFC 2661 |
Layer Two Tunneling Protocol (L2TP) |
Description |
Link |
---|---|
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password. |
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 1 | Feature Information for Multihop VPDN |
Feature Name |
Software Releases |
Feature Configuration Information |
---|---|---|
Multihop VPDN |
Cisco IOS XE Release 2.2 |
This feature was introduced on Cisco ASR 1000 Series Routers. Multihop VPDN is a specialized VPDN configuration that allows packets to pass through multiple tunnels. Ordinarily, packets are not allowed to pass through more than one tunnel. In a multihop deployment, the VPDN tunnel is terminated after each hop and a new tunnel is initiated to the next hop destination. No commands were introduced or modified by this feature. |
Subscriber Service Switch |
Cisco IOS XE Release 2.2.1 |
This feature provides flexibility on where and how many subscribers are connected to available services and how those services are defined. The primary focus of SSS is to direct PPP from one point to another using a Layer 2 subscriber policy. The policy will manage tunneling of PPP in a policy-based bridging fashion. The following VPDN commands were introduced or modified by this feature: multihop-hostname and vpdn search-order. |
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.