Cisco IOS Dial Technologies Command Reference, Release 12.3
Dial Technologies Commands: L
Download this chapter
Dial Technologies Commands: LDial Technologies Commands: L
Download the complete book
Book-level PDF: Cisco IOS Dial Technologies Command Reference, Release 12.3 Book-level PDF: Cisco IOS Dial Technologies Command Reference, Release 12.3 (PDF - 8 MB)
give_us_feedback

Table Of Contents

l2f ignore-mid-sequence

l2f tunnel busy timeout

l2f tunnel retransmit initial retries

l2f tunnel retransmit retries

l2f tunnel timeout setup

l2tp drop out-of-order

l2tp hidden

l2tp ip udp checksum

l2tp security crypto-profile

l2tp sequencing

l2tp tunnel authentication

l2tp tunnel bearer capabilities

l2tp tunnel busy timeout

l2tp tunnel framing capabilities

l2tp tunnel hello

l2tp tunnel password

l2tp tunnel receive-window

l2tp tunnel retransmit initial retries

l2tp tunnel retransmit initial timeout

l2tp tunnel retransmit retries

l2tp tunnel retransmit timeout

l2tp tunnel timeout no-session

l2tp tunnel timeout setup

l2tp tunnel zlb delay

lcp renegotiation

limit base-size

limit overflow-size

line-power

loadsharing

local name

logging event nfas-status

loopback (controller el)

loopback local (controller)

loopback local (interface)

loopback remote (controller)


l2f ignore-mid-sequence

To configure the router to ignore multiplex ID (MID) sequence numbers for sessions in a Layer 2 Forwarding (L2F) tunnel, use the l2f ignore-mid-sequence command in VPDN group or VPDN template configuration mode. To remove the ability to ignore MID sequencing, use the no form of this command.

l2f ignore-mid-sequence

no l2f ignore-mid-sequence

Syntax Description

This command has no arguments or keywords.

Command Default

MID sequence numbers are not ignored.

Command Modes

VPDN group configuration
VPDN template configuration

Command History

Release
Modification

11.3(5)AA

This command was introduced.

12.0(1)T

This command was integrated into Cisco IOS Release 12.0(1)T.


Usage Guidelines

This command applies only to L2F initiated tunnels and control packets for initial link control protocol (LCP) tunnel negotiation.

This command is not required when both tunnel endpoints are Cisco equipment, and is required only if MID sequence numbering is not supported by third-party hardware.

Examples

The following example configures the VPDN group named group1 to ignore MID sequencing for L2F sessions between a Cisco router and a non-Cisco hardware device that does not support MID sequencing: 

vpdn-group group1

 l2f ignore-mid-sequence

Related Commands

Command
Description

vpdn-group

Creates a VPDN group and enters VPDN group configuration mode.

vpdn-template

Creates a VPDN template and enters VPDN template configuration mode.


l2f tunnel busy timeout

To configure the amount of time that the router will wait before attempting to recontact a Layer 2 Forwarding (L2F) peer that was previously busy, use the l2f tunnel busy timeout command in VPDN group or VPDN template configuration mode. To restore the default value, use the no form of this command.

l2f tunnel busy timeout seconds

no l2f tunnel busy timeout

Syntax Description

seconds

Time, in seconds, to wait before checking for router availability. This value can range from 5 to 6000. The default value is 60.


Command Default

The router will wait 60 seconds before attempting to recontact a previously busy peer.

Command Modes

VPDN group configuration
VPDN template configuration

Command History

Release
Modification

12.2(4)T

This command was introduced.

12.2(11)T

This command was integrated into Cisco IOS Release 12.2(11)T and support was added for the Cisco 1760, Cisco AS5300, Cisco AS5400, and Cisco AS5800 platforms.


Examples

The following example configures the router to leave an L2F peer on the busy list for 90 seconds. This configuration applies only to tunnels associated with the virtual private dialup network (VPDN) group named group 1. 

vpdn-group group1

 l2f tunnel busy timeout 90

Related Commands

Command
Description

l2f tunnel retransmit initial retries

Configures the number of times that the router will attempt to send the initial control packet for tunnel establishment before considering an L2F peer busy.

l2f tunnel retransmit retries

Configures the number of times the router will attempt to resend an L2F tunnel control packet before tearing the tunnel down.

l2f tunnel timeout setup

Configures the amount of time that the router will wait for a confirmation message after sending out the initial L2F control packet before considering a peer busy.

vpdn-group

Creates a VPDN group and enters VPDN group configuration mode.

vpdn-template

Creates a VPDN template and enters VPDN template configuration mode.


l2f tunnel retransmit initial retries

To configure the number of times that the router will attempt to send the initial control packet for tunnel establishment before considering a Layer 2 Forwarding (L2F) peer busy, use the l2f tunnel retransmit initial retries command in VPDN group or VPDN template configuration mode. To restore the default value, use the no form of this command.

l2f tunnel retransmit initial retries number

no l2f tunnel retransmit initial retries

Syntax Description

number

The number of retries that will be attempted, ranging from 1 to 1000. The default value is 2.


Command Default

The router will send the initial control packet twice.

Command Modes

VPDN group configuration
VPDN template configuration

Command History

Release
Modification

12.2(4)T

This command was introduced.

12.2(11)T

This command was integrated into Cisco IOS Release 12.2(11)T and support was added for the Cisco 1760, Cisco AS5300, Cisco AS5400, and Cisco AS5800 platforms.


Usage Guidelines

This command can be used only if load sharing is enabled.

Examples

The following example configures a dial-in VPDN group on a network access server (NAS) to load balance calls between two tunnel servers, and to attempt to send the initial L2F control packet five times: 

vpdn-group 1

 request-dialin

  protocol l2f

  domain cisco.com

!

 initiate-to ip 172.16.0.1 priority 1

 initiate-to ip 172.16.1.1 priority 2

 l2f tunnel retransmit initial retries 5

Related Commands

Command
Description

l2f tunnel busy timeout

Configures the amount of time that the router will wait before attempting to recontact an L2F peer that was previously busy.

l2f tunnel retransmit retries

Configures the number of times the router will attempt to resend an L2F tunnel control packet before tearing the tunnel down.

l2f tunnel timeout setup

Configures the amount of time that the router will wait for a confirmation message after sending out the initial L2F control packet before considering a peer busy.

vpdn-group

Creates a VPDN group and enters VPDN group configuration mode.

vpdn-template

Creates a VPDN template and enters VPDN template configuration mode.


l2f tunnel retransmit retries

To configure the number of times the router will attempt to resend a Layer 2 Forwarding (L2F) tunnel control packet before tearing the tunnel down, use the l2f tunnel retransmit retries command in VPDN group or VPDN template configuration mode. To restore the default value, use the no form of this command.

l2f tunnel retransmit retries number

no l2f tunnel retransmit retries

Syntax Description

number

The number of retries that will be attempted, ranging from 5 to 1000. The default value is 6.


Command Default

The router will resend control packets six times.

Command Modes

VPDN group configuration
VPDN template configuration

Command History

Release
Modification

12.2(4)T

This command was introduced.

12.2(11)T

This command was integrated into Cisco IOS Release 12.2(11)T and support was added for the Cisco 1760, Cisco AS5300, Cisco AS5400, and Cisco AS5800 platforms.


Usage Guidelines

This command does not apply to the initial tunnel setup message or session control packets.

Examples

The following example configures the router to resend L2F tunnel control packets ten times before tearing the tunnel down. This configuration applies only to tunnels associated with the virtual private dialup network (VPDN) group named group1. 

vpdn-group group1

 l2f tunnel retransmit retries 10

Related Commands

Command
Description

l2f tunnel busy timeout

Configures the amount of time that the router will wait before attempting to recontact an L2F peer that was previously busy.

l2f tunnel retransmit initial retries

Configures the number of times that the router will attempt to send the initial control packet for tunnel establishment before considering an L2F peer busy.

l2f tunnel timeout setup

Configures the amount of time that the router will wait for a confirmation message after sending out the initial L2F control packet before considering a peer busy.

vpdn-group

Creates a VPDN group and enters VPDN group configuration mode.

vpdn-template

Creates a VPDN template and enters VPDN template configuration mode.


l2f tunnel timeout setup

To configure the amount of time that the router will wait for a confirmation message after sending out the initial Layer 2 Forwarding (L2F) control packet before considering a peer busy, use the l2f tunnel timeout setup command in VPDN group or VPDN template configuration mode. To restore the default value, use the no form of this command.

l2f tunnel timeout setup seconds

no l2f tunnel timeout setup

Syntax Description

seconds

Time, in seconds, that the router will wait for a return message. This value can range from 5 to 6000. The default value is 10.


Command Default

The router will wait 10 seconds for a confirmation message.

Command Modes

VPDN group configuration
VPDN template configuration

Command History

Release
Modification

12.2(4)T

This command was introduced.

12.2(11)T

This command was integrated into Cisco IOS Release 12.2(11)T and support was added for the Cisco 1760, Cisco AS5300, Cisco AS5400, and Cisco AS5800 platforms.


Usage Guidelines

If the router has not received a confirmation message from the peer device before the tunnel timeout setup timer expires, the peer will be placed on the busy list.

Examples

The following example configures a router to wait 25 seconds for confirmation that the initial L2F control packet was received by the peer. This configuration will apply only to tunnels associated with the virtual private dialup network (VPDN) group named group1. 

vpdn-group group1

 l2f tunnel timeout setup 25

Related Commands

Command
Description

l2f tunnel busy timeout

Configures the amount of time that the router will wait before attempting to recontact an L2F peer that was previously busy.

l2f tunnel retransmit initial retries

Configures the number of times that the router will attempt to send the initial control packet for tunnel establishment before considering an L2F peer busy.

l2f tunnel retransmit retries

Configures the number of times the router will attempt to resend an L2F tunnel control packet before tearing the tunnel down.

vpdn-group

Creates a VPDN group and enters VPDN group configuration mode.

vpdn-template

Creates a VPDN template and enters VPDN template configuration mode.


l2tp drop out-of-order

To instruct a network access server (NAS) or tunnel server using Layer 2 Tunneling Protocol (L2TP) to drop packets that are received out of order, use the l2tp drop out-of-order command in VPDN group or VPDN template configuration mode. To disable dropping of out-of-sequence packets, use the no form of this command.

l2tp drop out-of-order

no l2tp drop out-of-order

Syntax Description

This command has no arguments or keywords.

Command Default

Out of order packets are not dropped.

Command Modes

VPDN group configuration
VPDN template configuraton

Command History

Release
Modification

11.3(5)AA

This command was introduced.

12.0(1)T

This command was integrated into Cisco IOS Release 12.0(1)T.


Usage Guidelines

This command is valid only for tunnels where sequencing is enabled.

Examples

The following example enables sequencing and configures the router to drop any out-of-order packets that are received on a tunnel associated with the VPDN group named tunnelme: 

vpdn-group tunnelme

 l2tp sequencing

 l2tp drop out-of-order

Related Commands

Command
Description

l2tp sequencing

Enables sequencing for packets sent over an L2TP tunnel.

vpdn-group

Creates a VPDN group and enters VPDN group configuration mode.

vpdn-template

Creates a VPDN template and enters VPDN template configuration mode.


l2tp hidden

To enable Layer 2 Tunneling Protocol (L2TP) attribute-value (AV) pair hiding, which encrypts the value of sensitive AV pairs, use the l2tp hidden command in VPDN group or VPDN template configuration mode. To disable L2TP AV pair value hiding, use the no form of this command.

l2tp hidden

no l2tp hidden

Syntax Description

This command has no arguments or keywords.

Command Default

L2TP AV pair hiding is disabled.

Command Modes

VPDN group configuration
VPDN template configuration

Command History

Release
Modification

11.3(5)AA

This command was introduced.

12.0(1)T

This command was integrated into Cisco IOS Release 12.0(1)T.


Usage Guidelines

This command is not required if one-time Password Authentication Protocol (PAP) password authentication is used. This command is useful for additional security if PPP is using PAP or proxy authentication between the L2TP access concentrator (LAC) and Layer 2 Tunneling Protocol Network Server (LNS). When AV pair hiding is enabled, the L2TP hiding algorithm is executed, and sensitive passwords that are used between the L2TP AV pairs are encrypted during PAP or proxy authentication.

In Figure 1, the client initiates a PPP session with the LAC, and tunnel authentication begins. The LAC in turn exchanges authentication requests with the LNS. Upon successful authentication between the LAC and LNS, a tunnel is created. Proxy authentication is done by the LAC using either PAP or Challenge Handshake Authentication Protocol (CHAP). Because PAP username and password information is exchanged between devices in clear-text, it is beneficial to use the l2tp hidden command where L2TP AV pair values are encrypted.

Figure 1 LAC-LNS Proxy Authentication

Examples

The following example encrypts the AV pair value exchanged between the endpoints of tunnels associated with the VPDN group named group1: 

vpdn-group group1

 l2tp hidden

Related Commands

Command
Description

vpdn-group

Creates a VPDN group and enters VPDN group configuration mode.

vpdn-template

Creates a VPDN template and enters VPDN template configuration mode.


l2tp ip udp checksum

To enable IP User Data Protocol (UDP) checksums on Layer 2 Tunneling Protocol (L2TP) data packets, use the l2tp ip udp checksum command in VPDN group or VPDN template configuration mode. To disable IP UDP checksums, use the no form of this command.

l2tp ip udp checksum

no l2tp ip udp checksum

Syntax Description

This command has no arguments or keywords.

Command Default

UDP checksums are not used on L2TP data packets.

Command Modes

VPDN group configuration
VPDN template configuration

Command History

Release
Modification

11.3(5)AA

This command was introduced.

12.0(1)T

This command was integrated into Cisco IOS release 12.0(1)T.


Usage Guidelines

Enabling IP UDP checksums on data packets causes the switching path to revert to process-level switching, which results in slower performance. The drop in performance may be acceptable if the connection between the network access server (NAS) and the tunnel server is poor. Enabling IP UDP checksums will minimize delays that occur when the ultimate error correction is done end-to-end rather than at the tunnel endpoints.

Examples

The following example enables IP UDP checksums on L2TP data packets for tunnels associated with the virtual private dialup network (VPDN) group named group1: 

vpdn-group group1

 l2tp ip udp checksum

Related Commands

Command
Description

vpdn-group

Creates a VPDN group and enters VPDN group configuration mode.

vpdn-template

Creates a VPDN template and enters VPDN template configuration mode.


l2tp security crypto-profile

To configure IP Security (IPSec) protection of Layer 2 Tunnel Protocol (L2TP) sessions associated with a virtual private dialup network (VPDN) group, use the l2tp security crypto-profile command in VPDN group or VPDN template configuration mode. To disable IPSec protection for a VPDN group, use the no form of this command.

l2tp security crypto-profile profile-name [keep-sa]

no l2tp security crypto-profile

Syntax Description

profile-name

The name of the crypto profile to be used for IPSec protection of tunneled PPP sessions. The profile-name argument must match the name of a profile configured using the crypto map command.

keep-sa

(Optional) Controls the destruction of IPSec security associations (SAs) upon tunnel teardown. By default, any IPSec phase 2 SAs and Internet Key Exchange (IKE) phase 1 SAs are destroyed when the L2TP tunnel is torn down. Issuing the keep-sa keyword prevents the destruction of IKE phase 1 SAs.


Command Default

IPSec security is disabled.
IKE phase 1 SAs are destroyed on tunnel teardown.

Command Modes

VPDN group configuration
VPDN template configuration

Command History

Release
Modification

12.2(4)T

This command was introduced.

12.2(11)T

This command was integrated into Cisco IOS Release 12.2(11)T and support was added for the Cisco 1760, Cisco AS5300, Cisco AS5400, and Cisco AS5800 platforms.


Usage Guidelines

A crypto profile must be configured using the crypto map (global IPSec) command before it can be associated with a VPDN group using the l2tp security crypto-profile command. Enabling this command for a VPDN group ensures that no L2TP packets will be processed unless they have IPSec protection.

The keep-sa keyword can be used to prevent the destruction of IKE phase 1 SAs when the L2TP tunnel between the network access server (NAS) and tunnel server is considered permanent, and the IP addresses of the peer devices rarely change. This option is not useful with short-lived tunnels, such as those generated by client-initiated L2TP tunneling.

Examples

The following example configures VPDN group 1, associates it with the crypto profile named l2tp, and prevents the destruction of IKE phase 1 SAs on tunnel teardown: 

vpdn-group 1

 request-dialin

  protocol l2tp

  domain cisco.com

 initiate-to ip 10.0.0.13 

 local name LAC

l2tp security crypto-profile l2tp keep-sa

Related Commands

Command
Description

crypto map (global IPSec)

Enters crypto map configuration mode and creates or modifies a crypto map entry, creates a crypto profile that provides a template for configuration of dynamically created crypto maps, or configures a client accounting list.

vpdn-group

Creates a VPDN group and enters VPDN group configuration mode.

vpdn-template

Creates a VPDN template and enters VPDN template configuration mode.


l2tp sequencing

To enable sequencing for packets sent over a Layer 2 Tunnel Protocol (L2TP) tunnel, use the l2tp sequencing command in VPDN group or VPDN template configuration mode. To disable sequencing, use the no form of this command.

l2tp sequencing

no l2tp sequencing

Syntax Description

This command has no arguments or keywords.

Command Default

Sequencing is disabled by default. However, if the peer device requests sequencing, it will be enabled.

Command Modes

VPDN group configuration
VPDN template configuration

Command History

Release
Modification

12.1

This command was introduced.


Usage Guidelines

Use the l2tp sequencing command to control sequencing for packets sent over an L2TP tunnel.

The l2tp sequencing command configuration may be overridden by a request for sequencing from the peer device. The following sections describe the default behavior and sequencing request interactions of the two tunnel endpoints.

Tunnel Initiator

By default, sequence numbers are off.

By default, the Sequencing Required attribute-value (AV) pair will not be sent from the tunnel initiator to the tunnel terminator.

If the tunnel initiator receives data packets from the tunnel terminator that include sequencing numbers, the tunnel initiator will include sequence numbers on data packets regardless of the l2tp sequencing command configuration.

Enabling the l2tp sequencing command will cause the tunnel initiator to send the Sequencing Required AV pair to the tunnel terminator and to include sequencing numbers on data packets.

Tunnel Terminator

By default, sequence numbers are off.

If the tunnel terminator receives the Sequencing Required AV pair from the tunnel initiator, the tunnel terminator will include sequence numbers on data packets regardless of the l2tp sequencing command configuration.

Enabling the l2tp sequencing command will cause the tunnel terminator to include sequence numbers.

Examples

The following example configures sequencing on a network access server (NAS) for dial-in L2TP tunnels associated with the VPDN group named tunnelme. The NAS will send the Sequencing Required AV pair to the tunnel server, and sequencing will be enabled on both devices. 

vpdn-group tunnelme

 request-dialin

  protocol l2tp

  domain cisco.com

!

 local name router32

 initiate to 172.16.1.1

 l2tp sequencing

Related Commands

Command
Description

l2tp drop out-of-order

Instructs a NAS or tunnel server using L2TP to drop packets that are received out of order.

vpdn-group

Creates a VPDN group and enters VPDN group configuration mode.

vpdn-template

Creates a VPDN template and enters VPDN template configuration mode.


l2tp tunnel authentication

To enable Layer 2 Tunneling Protocol (L2TP) tunnel authentication, use the l2tp tunnel authentication command in VPDN group or VPDN template configuration mode. To disable L2TP tunnel authentication, use the no form of this command.

l2tp tunnel authentication

no l2tp tunnel authentication

Syntax Description

This command has no arguments or keywords.

Command Default

L2TP tunnel authentication is enabled.

Command Modes

VPDN group configuration
VPDN template configuration

Command History

Release
Modification

11.3(5)AA

This command was introduced.

12.0(1)T

This command was integrated into Cisco IOS Release 12.0(1)T.


Examples

The following example disables L2TP tunnel authentication for tunnels associated with the virtual private dialup network (VPDN) group named group1: 

vpdn-group group1

 no l2tp tunnel authentication

The following example reenables L2TP tunnel authentication for tunnels associated with the VPDN group named group1: 

vpdn-group group1

 l2tp tunnel authentication

Note L2TP tunnel authentication is enabled by default, so there is no need to enable this command unless it was previously disabled.

Related Commands

Command
Description

vpdn-group

Creates a VPDN group and enters VPDN group configuration mode.

vpdn-template

Creates a VPDN template and enters VPDN template configuration mode.


l2tp tunnel bearer capabilities

To set the Layer 2 Tunnel Protocol (L2TP) bearer-capability value used by the Cisco router, use the l2tp tunnel bearer capabilities command in VPDN group or VPDN template configuration mode. To restore the default value, use the no form of this command.

l2tp tunnel bearer capabilities {none | digital | analog | all}

no l2tp tunnel bearer capabilities

Syntax Description

none

Specifies that no access types are supported. This is the default value if the accept-dialout command is not configured..

digital

Specifies that digital access is supported.

analog

Specifies that analog access is supported.

all

Specifies that all access types are supported. This is the default value if the accept-dialout command is configured.


Command Default

If the accept-dialout command is not configured, no access types are supported.
If the accept-dialout command is configured, all access types are supported.

Command Modes

VPDN group configuration
VPDN template configuration

Command History

Release
Modification

12.2(11)T

This command was introduced.


Usage Guidelines

By default, Cisco routers use a bearer-capability value of none. If the accept-dialout command is configured, Cisco routers use a bearer-capability value of all. To ensure compatibility with some non-Cisco routers, you may be required to override the default bearer-capability value by configuring the l2tp tunnel bearer capabilities command.

Examples

The following example configures the bearer-capability value to support only digital access for tunnels associated with the virtual private dialup network (VPDN) group named group1: 

vpdn-group group1

 l2tp tunnel bearer capabilities digital

Related Commands

Command
Description

accept-dialout

Accepts requests to tunnel L2TP dial-out calls and creates an accept-dialout VPDN subgroup.

l2tp tunnel framing capabilities

Sets the framing-capability value used by the Cisco router.

vpdn-group

Creates a VPDN group and enters VPDN group configuration mode.

vpdn-template

Creates a VPDN template and enters VPDN template configuration mode.


l2tp tunnel busy timeout

To configure the amount of time that the router will wait before attempting to recontact a Layer 2 Transport Protocol (L2TP) peer that was previously busy, use the l2tp tunnel busy timeout command in VPDN group or VPDN template configuration mode. To restore the default value, use the no form of this command.

l2tp tunnel busy timeout seconds

no l2tp tunnel busy timeout

Syntax Description

seconds

Time, in seconds, to wait before checking for router availability. This value can range from 5 to 6000. The default value is 60.


Command Default

The router will wait 60 seconds before attempting to recontact a previously busy peer.

Command Modes

VPDN group configuration
VPDN template configuration

Command History

Release
Modification

12.2(4)T

This command was introduced.

12.2(11)T

This command was integrated into Cisco IOS Release 12.2(11)T and support was added for the Cisco 1760, Cisco AS5300, Cisco AS5400, and Cisco AS5800 platforms.


Examples

The following example configures tunnels associated with the virtual private dialup network (VPDN) group named group1 to leave an L2TP destination router on the busy list for 90 seconds: 

vpdn-group group1

 l2tp tunnel busy timeout 90

Related Commands

Command
Description

l2tp tunnel retransmit initial retries

Sets the number of times that the router will attempt to send out the initial control packet for tunnel establishment before considering a router busy.

l2tp tunnel retransmit initial timeout

Sets the amount of time that the router will wait before resending an initial packet out to establish a tunnel.

vpdn-group

Creates a VPDN group and enters VPDN group configuration mode.

vpdn-template

Creates a VPDN template and enters VPDN template configuration mode.


l2tp tunnel framing capabilities

To set the Layer 2 Tunnel Protocol (L2TP) framing-capability value used by the Cisco router, use the l2tp tunnel framing capabilities command in VPDN group or VPDN template configuration mode. To restore the default value, use the no form of this command.

l2tp tunnel framing capabilities {none | synchronous | asynchronous | all}

no l2tp tunnel framing capabilities

Syntax Description

none

Specifies that no framing types are supported. This is the default value if the accept-dialout command is not configured.

synchronous

Specifies that synchronous framing is supported.

asynchronous

Specifies that asynchronous framing is supported.

all

Specifies that all framing types are supported. This is the default value if the accept-dialout command is configured.


Command Default

If the accept-dialout command is not configured, no framing types are supported.
If the accept-dialout command is configured, all framing types are supported.

Command Modes

VPDN group configuration
VPDN template configuration

Command History

Release
Modification

12.2(11)T

This command was introduced.


Usage Guidelines

By default, Cisco routers use a framing-capability value of none. If the accept-dialout command is configured, Cisco routers use a framing-capability value of all. To ensure compatibility with some non-Cisco routers, you may be required to override the default framing-capability value by configuring the l2tp tunnel framing capabilities command.

Examples

The following example configures the framing-capability value to support only asynchronous framing for tunnels associated with the virtual private dialup network (VPDN) group named group1: 

vpnd-group group1

 l2tp tunnel framing capabilities asynchronous

Related Commands

Command
Description

accept-dialout

Accepts requests to tunnel L2TP dial-out calls and creates an accept-dialout VPDN subgroup.

l2tp tunnel bearer capabilities

Sets the bearer-capability value used by the Cisco router.

vpdn-group

Creates a VPDN group and enters VPDN group configuration mode.

vpdn-template

Creates a VPDN template and enters VPDN template configuration mode.


l2tp tunnel hello

To set the number of seconds between sending hello keepalive packets for a Layer 2 Tunneling Protocol (L2TP) tunnel, use the l2tp tunnel hello command in VPDN group or VPDN template configuration mode. To disable the sending of hello keepalive packets, use the no form of this command.

l2tp tunnel hello seconds

no l2tp tunnel hello

Syntax Description

seconds

The interval, in seconds, that the network access server (NAS) and tunnel server wait before sending the next L2TP tunnel keepalive packet. Valid values range from 0 to 1000. The default value is 60.


Command Default

Hello keepalive packets are sent every 60 seconds.

Command Modes

VPDN group configuration
VPDN template configuration

Command History

Release
Modification

11.3(5)AA

This command was introduced.

12.0(1)T

This command was integrated into Cisco IOS Release 12.0(1)T.


Usage Guidelines

To change the tunnel hello value, reenter the command with the new value.

The L2TP tunnel keepalive timers need not use the same value on both sides of the tunnel. For example, a NAS can use a keepalive value of 30 seconds, and a tunnel server can use the default value of 60 seconds.

Examples

The following example sets the L2TP tunnel hello value to 90 seconds for tunnels associated with the virtual private dialup network (VPDN) group named group1: 

vpdn-group group1

 l2tp tunnel hello 90

Related Commands

Command
Description

vpdn-group

Creates a VPDN group and enters VPDN group configuration mode.

vpdn-template

Creates a VPDN template and enters VPDN template configuration mode.


l2tp tunnel password

To set the password that the router will use to authenticate Layer 2 Tunnel Protocol (L2TP) tunnels, use the l2tp tunnel password command in VPDN group or VPDN template configuration mode. To remove a previously configured password, use the no form of this command.

l2tp tunnel password password

no l2tp tunnel password

Syntax Description

password

String that the router uses for tunnel authentication.


Command Default

The password associated with the local name of the router is used to authenticate the tunnel.
If no local name password is configured, the password associated with the hostname of the router is used to authenticate the tunnel.

Command Modes

VPDN group configuration
VPDN template configuration

Command History

Release
Modification

11.3(5)AA

This command was introduced.

12.0(1)T

This command was integrated into Cisco IOS Release 12.0(1)T.


Usage Guidelines

The password defined with the l2tp tunnel password command is also used for attribute-value (AV) pair hiding.

The password hierarchy sequence that is used for tunnel identification, and subsequently tunnel authentication, is as follows:

An L2TP tunnel password is used if one is configured.

If no L2TP tunnel password exists, the password associated with the local name of the router is used.

If a local name password does not exist, the password associated with the hostname of the router is used.

The username command is used to define the passwords associated with the local name and the hostname.

Examples

The following example configures the L2TP tunnel password, secret, which will be used to authenticate tunnels associated with the virtual private dialup network (VPDN) group named group1: 

vpdn-group group1

 l2tp tunnel password secret

Related Commands

Command
Description

hostname

Specifies or modifies the hostname for the network server.

local name

Specifies a local hostname that the tunnel will use to identify itself.

l2tp hidden

Enables L2TP AV pair hiding, which encrypts the value of sensitive AV pairs.

username

Establishes a username-based authentication system.

vpdn-group

Creates a VPDN group and enters VPDN group configuration mode.

vpdn-template

Creates a VPDN template and enters VPDN template configuration mode.


l2tp tunnel receive-window

To configure the number of packets allowed in the local receive window for a Layer 2 Tunnel Protocol (L2TP) control channel, use the l2tp tunnel receive-window command in VPDN group or VPDN template configuration mode. To restore the default value, use the no form of this command.

l2tp tunnel receive-window packets

no l2tp tunnel receive-window packets

Syntax Description

packets

Number of packets allowed in the receive window. Valid values range from 1 to 5000. The default value varies by platform.


Command Default

The default size of the control channel receive window is platform-dependent.

Command Modes

VPDN group configuration
VPDN template configuration

Command History

Release
Modification

12.0(7) DC

This command was introduced on the Cisco 6400 node route processor (NRP).

12.1(1)

This command was integrated into Cisco IOS Release 12.1(1).


Usage Guidelines

Use the l2tp tunnel receive-window command to set the size of the advertised control channel receive window. The receive window size controls the number of L2TP control packets that can be queued by the system for processing. Increasing the size of the control channel receive window allows the system to open PPP sessions more quickly; a smaller size is desirable on networks that cannot handle large bursts of traffic.

Examples

The following example configures the receive window to hold up to 500 packets for tunnels associated with the virtual private dialup network (VPDN) group named group1: 

vpdn-group group1

 l2tp tunnel receive-window 500

Related Commands

Command
Description

vpdn-group

Creates a VPDN group and enters VPDN group configuration mode.

vpdn-template

Creates a VPDN template and enters VPDN template configuration mode.


l2tp tunnel retransmit initial retries

To configure the number of times that the router will attempt to send out the initial Layer 2 Tunnel Protocol (L2TP) control packet for tunnel establishment before considering a peer busy, use the l2tp tunnel retransmit initial retries command in VPDN group or VPDN template configuration mode. To restore the default value, use the no form of this command.

l2tp tunnel retransmit initial retries number

no l2tp tunnel retransmit initial retries

Syntax Description

number

Number of retransmission attempts. Valid values range from 1 to 1000. The default value is 2.


Command Default

The router will resend the initial L2TP control packet 2 times.

Command Modes

VPDN group configuration
VPDN template configuration

Command History

Release
Modification

12.2(4)T

This command was introduced.

12.2(11)T

This command was integrated into Cisco IOS Release 12.2(11)T and support was added for the Cisco 1760, Cisco AS5300, Cisco AS5400, and Cisco AS5800 platforms.


Usage Guidelines

Use the l2tp tunnel retransmist initial retries command to configure the number of times a device will attempt to resend the initial control packet used to establish an L2TP tunnel.

Examples

The following example configures the router to attempt to send the initial L2TP control packet five times for tunnels associated with the virtual private dialup network (VPDN) group named group1: 

vpdn-group group1

 l2tp tunnel retransmit initial retries 5

Related Commands

Command
Description

l2tp tunnel busy timeout

Configures the amount of time that the router will wait before attempting to recontact a router that was previously busy.

l2tp tunnel retransmit initial timeout

Configures the amount of time that the router will wait before resending an initial L2TP control packet out to establish a tunnel.

l2tp tunnel retransmit retries

Configures the number of retransmission attempts made for a L2TP control packet.

l2tp tunnel retransmit timeout

Configures the amount of time that the router will wait before resending an L2TP control packet.

vpdn-group

Creates a VPDN group and enters VPDN group configuration mode.

vpdn-template

Creates a VPDN template and enters VPDN template configuration mode.


l2tp tunnel retransmit initial timeout

To configure the amount of time that the router will wait before resending an initial Layer 2 Tunnel Protocol (L2TP) control packet out to establish a tunnel, use the l2tp tunnel retransmit initial timeout command in VPDN group or VPDN template configuration mode. To restore the default value, use the no form of this command.

l2tp tunnel retransmit initial timeout {min | max} seconds

no l2tp tunnel retransmit initial timeout {min | max}

Syntax Description

min

Specifies the minimum time that the router will wait before resending an initial packet.

max

Specifies the maximum time that the router will wait before resending an initial packet.

seconds

Timeout length, in seconds, the router will wait before resending an initial packet. Valid values range from 1 to 8. The default minimum value is 1. The default maximum value is 8.


Command Default

The router will use the default timeout values specified in the "Syntax Description" section.

Command Modes

VPDN group configuration
VPDN template configuration

Command History

Release
Modification

12.2(4)T

This command was introduced.

12.2(11)T

This command was integrated into Cisco IOS Release 12.2(11)T and support was added for the Cisco 1760, Cisco AS5300, Cisco AS5400, and Cisco AS5800 platforms.


Usage Guidelines

This command will take effect only when load balancing is enabled.

Control channel retransmissions follow an exponential backoff, starting at the minimum retransmit timeout length specified by the min seconds keyword and argument combination. After each packet that is not acknowledged, the timeout exponentially increases until it reaches the value specified by the max seconds keyword and argument combination. For example, if the minimum timeout length is set to 1 second, the next retransmission attempt occurs 2 seconds later. The following attempt occurs 4 seconds later, and all additional attempts occur in 8-second intervals.

Examples

The following example configures a network access server (NAS) virtual private dialup network (VPDN) group to establish L2TP tunnels that are load balanced across two tunnel servers. The NAS is configured to attempt to recontact a peer with an initial control packet 5 times before considering it busy. The timers are set so that the first attempt to recontact the peer will occur 2 seconds after the initial failure, and the final attempt will occur 7 seconds after the previous failure. 

vpdn-group 1

 request-dialin

  protocol l2tp

  domain cisco.com

!

 initiate-to ip 172.16.0.1 priority 1

 initiate-to ip 172.16.1.1 priority 2

 l2tp tunnel retransmit initial retries 5

 l2tp tunnel retransmit initial timeout min 2

 l2tp tunnel retransmit initial timeout max 7

Related Commands

Command
Description

l2tp tunnel busy timeout

Configures the amount of time that the router will wait before attempting to recontact a router that was previously busy.

l2tp tunnel retransmit initial retries

Configures the number of times that the router will attempt to send out the initial L2TP control packet for tunnel establishment before considering a peer busy.

l2tp tunnel retransmit retries

Configures the number of retransmission attempts made for an L2TP control packet.

l2tp tunnel retransmit timeout

Configures the amount of time that the router will wait before resending an L2TP control packet.

vpdn-group

Creates a VPDN group and enters VPDN group configuration mode.

vpdn-template

Creates a VPDN template and enters VPDN template configuration mode.


l2tp tunnel retransmit retries

To configure the number of retransmission attempts made for a Layer 2 Tunnel Protocol (L2TP) control packet, use the l2tp tunnel retransmit retries command in VPDN group or VPDN template configuration mode. To restore the default value, use the no form of this command.

l2tp tunnel retransmit retries number

no l2tp tunnel retransmit retries number

Syntax Description

number

Number of retransmission attempts. Valid values range from 5 to 1000 retries. The default value is 10.


Command Default

The router will resend control packets ten times.

Command Modes

VPDN group configuration
VPDN template configuration

Command History

Release
Modification

12.0(7) DC

This command was introduced on the Cisco 6400 node route processor (NRP).

12.1(1)

This command was integrated into Cisco IOS Release 12.1(1).


Usage Guidelines

Use the l2tp tunnel retransmist retries command to configure the number of times a device will attempt to resend an L2TP control packet.

Examples

The following example tunnels associated with the virtual private dialup network (VPDN) group named group1 to make eight retransmission attempts: 

vpdn-group group1

 l2tp tunnel retransmit retries 8

Related Commands