Cisco IOS Software Releases 12.3 T

Table Of Contents

L2TP Client-Initiated Tunneling

Contents

Prerequisites for L2TP Client-Initiated Tunneling

Restrictions for L2TP Client-Initiated Tunneling

Information About L2TP Client-Initiated Tunneling

L2TP Client-Initiated Tunnels

L2 Tunnel Types

Benefits of L2TP Client-Initiated Tunneling

How to Configure L2TP Client-Initiated Tunneling

Configuring L2TP Client-Initiated Tunneling on the Local Peer

Configuring L2TP Client-Initiated Tunneling on the Remote Peer

Configuring L2TP Client-Initiated Tunneling on the Remote Peer for L2TP Tunnels

Configuring L2TP Client-Initiated Tunneling on the Remote Peer for L2TPv3 Tunnels

Configuring L2TP Control Channel Parameters

Configuring L2TP Control Channel Timing Parameters

Configuring L2TP Control Channel Authentication Parameters

Configuring L2TP Control Channel Maintenance Parameters

Configuring the L2TPv3 Pseudowire

Configuration Examples for L2TP Client-Initiated Tunneling

Configuring L2TP Client-Initiated Tunneling on the Local Peer for L2TP Tunnels: Example

Configuring L2TP Client-Initiated Tunneling on the Local Peer for L2TPv3 Tunnels: Example

Configuring L2TP Client-Initiated Tunneling on the Remote Peer for L2TP Tunnels: Example

Configuring L2TP Client-Initiated Tunneling on the Remote Peer for L2TPv3 Tunnels: Example

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Command Reference

authentication (L2TP)

encapsulation (L2TP)

hello

hidden

hostname (L2TP)

interface virtual-ppp

ip dfbit set

ip local interface

ip pmtu

ip protocol

ip tos (L2TP)

ip ttl

l2tp-class

password (L2TP)

protocol (L2TP)

pseudowire

pseudowire-class

receive-window

retransmit

sequencing

timeout setup

L2TP Client-Initiated Tunneling

---

The L2TP Client-Initiated Tunneling feature introduces the ability to establish client-initiated Layer 2 Tunnel Protocol (L2TP) tunnels. The client may initiate an L2TP or L2TP Version 3 (L2TPv3) tunnel to the L2TP network server (LNS) without the intermediate network access server (NAS) participating in tunnel negotiation or establishment. The benefit of this feature is that client routers now have the ability to initiate L2TP or L2TPv3 tunnels.

Feature History for the L2TP Client-Initiated Tunneling

Release	Modification
12.3(2)T	This feature was introduced.

Feature

Finding Support Information for Platforms and Cisco IOS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.

Contents

•Prerequisites for L2TP Client-Initiated Tunneling

•Restrictions for L2TP Client-Initiated Tunneling

•Information About L2TP Client-Initiated Tunneling

•How to Configure L2TP Client-Initiated Tunneling

•Configuration Examples for L2TP Client-Initiated Tunneling

•Additional References

•Command Reference

Prerequisites for L2TP Client-Initiated Tunneling

•A virtual private dialup network (VPDN) must be enabled. For more information about enabling VPDN, refer to the "Configuring Virtual Private Networks" chapter in the Cisco IOS Dial Technologies Configuration Guide.

•Cisco Express Forwarding (CEF) must be enabled. For more information about enabling CEF, refer to the "Configuring Cisco Express Forwarding" chapter in the Cisco IOS Switching Services Configuration Guide.

Restrictions for L2TP Client-Initiated Tunneling

•Only PPP encapsulation is supported with this feature.

•PPTP tunneling is not supported with this feature; only L2TP tunneling is supported.

•Session establishment cannot be triggered by interesting traffic.

•Failover is not supported with the L2TP peer.

•L2TP redirect is not supported.

Information About L2TP Client-Initiated Tunneling

To configure the L2TP Client-Initiated Tunneling feature, you must understand the following concepts:

•L2TP Client-Initiated Tunnels

•L2 Tunnel Types

•Benefits of L2TP Client-Initiated Tunneling

L2TP Client-Initiated Tunnels

L2TP client-initiated tunneling allows the client router to initiate Layer 2 tunnels. The client establishes a tunnel to the customer network without an intermediate NAS participating in the tunnel negotiation and establishment. The customer manages the client software that initiates the tunnel.

In the client-initiated tunneling scenario depicted in Figure 1, the client connects to the L2TP access concentrator (LAC) through a media that supports PPP, such as a dialup modem, digital subscriber line (DSL), ISDN, or a cable modem. The client may initiate an L2TP or L2TPv3 tunnel to the LNS.

Figure 1

Client-Initiated L2TP Tunneling

The L2TP Client-Initiated Tunneling feature uses a virtual-PPP interface. The virtual-PPP interface adds Layer 2 encapsulation to Layer 3 packets, allowing them to be sent to the LNS over an L2TP or L2TPv3 tunnel.

L2 Tunnel Types

The L2TP Client-Initiated Tunneling feature can be configured to establish either an L2TP tunnel or an L2TPv3 tunnel. The type of Layer 2 (L2) tunnel that is established is dependent on the configuration of both the local and remote peers. To establish L2TP tunnels, refer to the sections "Configuring L2TP Client-Initiated Tunneling on the Local Peer" and "Configuring L2TP Client-Initiated Tunneling on the Remote Peer for L2TP Tunnels" in this document. To establish L2TPv3 tunnels, refer to the sections "Configuring L2TP Client-Initiated Tunneling on the Local Peer" and "Configuring L2TP Client-Initiated Tunneling on the Remote Peer for L2TPv3 Tunnels" in this document.

Benefits of L2TP Client-Initiated Tunneling

This feature provides the ability for client routers to initiate L2TP or L2TPv3 tunnels. The main advantage of client-initiated L2TP tunneling is that the connection between the client and the internet service provider (ISP) is secure.

How to Configure L2TP Client-Initiated Tunneling

This section contains the following procedures:

•Configuring L2TP Client-Initiated Tunneling on the Local Peer (required)

•Configuring L2TP Client-Initiated Tunneling on the Remote Peer (required)

•Configuring L2TP Control Channel Parameters (optional)

•Configuring the L2TPv3 Pseudowire (required)

Configuring L2TP Client-Initiated Tunneling on the Local Peer

The L2TP Client-Initiated Tunneling feature can be configured to establish either L2TP or L2TPv3 tunnels. The type of tunnel that is established is dependent on the configuration of both the local and remote peers. The local and remote peers must be configured to establish the same type of tunnel.

To configure the local peer to establish L2TP tunnels, perform the task described in this section. You must also perform the task "Configuring the L2TPv3 Pseudowire" and configure the protocol l2tpv2 option.

To configure the local peer to establish L2TPv3 tunnels, perform the task perform the task described in this section. You must also perform the task "Configuring the L2TPv3 Pseudowire" and configure the protocol l2tpv3 option.

Perform this task to configure the L2TP Client-Initiated Tunneling feature on the local peer.

SUMMARY STEPS

1. enable

2. configure terminal

3. l2tp-class [l2tp-class-name]

4. exit

5. pseudowire-class [pw-class-name]

6. exit

7. interface virtual-ppp number

8. ppp authentication {protocol1 [protocol2...]} [if-needed] [list-name | default] [callin] [one-time]

9. ppp chap hostname [hostname]

10. pseudowire peer-ip-address vcid pw-class pw-class-name [sequencing {transmit | receive | both}]

11. exit

12. ip route prefix mask {ip-address | interface-type interface-number [ip-address]} [distance] [name] [permanent] [tag tag]

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	l2tp-class [l2tp-class-name] Example: Router(config)# l2tp-class l2tpclass2	Specifies the L2TP class name and enters L2TP class configuration mode. •The l2tp-class-name argument is optional. However, if you want to configure multiple L2TP classes you must specify a unique l2tp-class-name for each one. •You may configure L2TP control channel parameters in L2TP class configuration mode. See the section "Configuring L2TP Control Channel Parameters" in this document for more information.
Step 4	exit Example: Router(config-l2tp-class)# exit	Exits L2TP class configuration mode.
Step 5	pseudowire-class [pw-class-name] Example: Router(config)# pseudowire-class pwclass2	Enters pseudowire class configuration mode and optionally specifies the name of the L2TP pseudowire class. •Pseudowire class configuration options may be configured in pseudowire class configuration mode. See the section "Configuring the L2TPv3 Pseudowire" in this document for more information. Note To configure the pseudowire to establish L2TP tunnels, you must configure the protocol l2tpv2 option in pseudowire class configuration mode. To configure the pseudowire to establish L2TPv3 tunnels, you must configure the protocol l2tpv3 option in pseudowire class configuration mode.
Step 6	exit Example: Router(config-pw)# exit	Exits pseudowire class configuration mode.
Step 7	interface virtual-ppp number Example: Router(config)# interface virtual-ppp 2	Enters interface configuration mode and assigns a virtual-PPP interface number.
Step 8	ppp authentication {protocol1 [protocol2...]} [if-needed] [list-name | default] [callin] [one-time] Example: Router(config-if)# ppp authentication chap	Enables Challenge Handshake Authentication Protocol (CHAP) or Password Authentication Protocol (PAP) or both and specifies the order in which CHAP and PAP authentication is selected on the interface.
Step 9	ppp chap hostname [hostname] Example: Router(config-if)# ppp chap hostname peer2	Creates a pool of dialup routers that all appear to be the same host when authenticating with CHAP.
Step 10	pseudowire peer-ip-address vcid pw-class pw-class-name [sequencing {transmit | receive | both}] Example: Router(config-if)# pseudowire 172.16.32.24 10 pw-class pwclass2	Specifies the IP address of the peer provider edge (PE) router and the 32-bit virtual circuit identifier shared between the PE at each end of the control channel. •peer-ip-address vcid—The peer router IP address and virtual circuit ID must be a unique combination on the router. •pw-class pw-class-name—The pseudowire class configuration from which the data encapsulation type will be taken.The pw-class parameter binds the pseudowire statement to a specific pseudowire class. The pseudowire class then serves as the template configuration for all attachment circuits bound to it. •sequencing—The optional sequencing parameter specifies whether sequencing is required for packets that are received, sent, or both received and sent.
Step 11	exit Example: Router(config-if)# exit	Exits interface configuration mode.
Step 12	ip route prefix mask {ip-address | interface-type interface-number [ip-address]} [distance] [name] [permanent] [tag tag] Example: Router(config)# ip route 10.20.20.0 255.255.255.0 virtual-PPP1	Establishes static routes.

Configuring L2TP Client-Initiated Tunneling on the Remote Peer

The L2TP Client-Initiated Tunneling feature can be configured to establish either L2TP or L2TPv3 tunnels. The type of tunnel that is established is dependent on the configuration of both the local and remote peers. The local and remote peers must be configured to establish the same type of tunnel.

To configure the remote peer to establish L2TP tunnels, perform the task "Configuring L2TP Client-Initiated Tunneling on the Remote Peer for L2TP Tunnels" in this section. To configure the remote peer to establish L2TPv3 tunnels, perform the task "Configuring L2TP Client-Initiated Tunneling on the Remote Peer for L2TPv3 Tunnels" in this section.

This section contains the following tasks:

•Configuring L2TP Client-Initiated Tunneling on the Remote Peer for L2TP Tunnels

•Configuring L2TP Client-Initiated Tunneling on the Remote Peer for L2TPv3 Tunnels

Configuring L2TP Client-Initiated Tunneling on the Remote Peer for L2TP Tunnels

This task configures the L2TP Client-Initiated Tunneling feature on the remote peer. Perform this task to establish L2TP tunnels.

SUMMARY STEPS

1. enable

2. configure terminal

3. vpdn-group name

4. accept-dialin

5. protocol {l2f | l2tp | pppoe | any}

6. virtual-template template-number

7. exit

8. terminate-from hostname hostname

9. exit

10. interface virtual-template number

11. ppp authentication {protocol1 [protocol2...]} [if-needed] [list-name | default] [callin] [one-time]

12. ppp chap hostname [hostname]

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	vpdn-group name Example: Router(config)# vpdn group vpdngroup1	Enters VPDN group configuration mode and associates a VPDN group to a customer or VPDN profile.
Step 4	accept-dialin Example: Router(config-vpdn)# accept-dialin	Enters VPDN accept-dialin configuration mode and configures the LNS to accept tunneled PPP connections from a LAC and creates an accept-dialin VPDN subgroup.
Step 5	protocol {l2f | l2tp | pppoe | any} Example: Router(config-vpdn-acc-in)# protocol l2tp	Specifies the L2 protocol that the VPDN subgroup will use. Note The L2TP Client-Initiated Tunneling feature works only with the L2TP protocol.
Step 6	virtual-template template-number Example: Router(config-vpdn-acc-in)# virtual-template 1	Specifies which virtual template will be used to clone virtual access interfaces.
Step 7	exit Example: Router(config-vpdn-acc-in)# exit	Exits VPDN accept-dialin configuration mode.
Step 8	terminate-from hostname hostname Example: Router(config-vpdn)# terminate-from hostname peer1	Specifies the host name of the remote LAC or LNS that will be required when accepting a VPDN tunnel.
Step 9	exit Example: Router(config-vpdn)# exit	Exits VPDN group configuration mode.
Step 10	interface virtual-template number Example: Router(config)# interface virtual-template 1	Enters interface configuration mode and creates a virtual template interface that can be configured and applied dynamically in creating virtual access interfaces.
Step 11	ppp authentication {protocol1 [protocol2...]} [if-needed] [list-name | default] [callin] [one-time] Example: Router(config-if)# ppp authentication chap	Enables CHAP or PAP or both and specifies the order in which CHAP and PAP authentication is selected on the interface.
Step 12	ppp chap hostname [hostname] Example: Router(config-if)# ppp chap hostname peer2	Creates a pool of dialup routers that all appear to be the same host when authenticating with CHAP.

Configuring L2TP Client-Initiated Tunneling on the Remote Peer for L2TPv3 Tunnels

This task configures the L2TP Client-Initiated Tunneling feature on the remote peer. Perform this task to establish L2TPv3 tunnels.

SUMMARY STEPS

1. enable

2. configure terminal

3. l2tp-class [l2tp-class-name]

4. exit

5. pseudowire-class [pw-class-name]

6. exit

7. interface virtual-ppp number

8. ppp authentication {protocol1 [protocol2...]} [if-needed] [list-name | default] [callin] [one-time]

9. ppp chap hostname [hostname]

10. pseudowire peer-ip-address vcid pw-class pw-class-name [sequencing {transmit | receive | both}]

11. exit

12. ip route prefix mask {ip-address | interface-type interface-number [ip-address]} [distance] [name] [permanent] [tag tag]

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	l2tp-class [l2tp-class-name] Example: Router(config)# l2tp-class l2tpclass2	Specifies the L2TP class name and enters L2TP class configuration mode. •The l2tp-class-name argument is optional. However, if you want to configure multiple L2TP classes you must specify a unique l2tp-class-name for each one. •You may configure L2TP control channel parameters in L2TP class configuration mode. See the section "Configuring L2TP Control Channel Parameters" in this document for more information.
Step 4	exit Example: Router(config-l2tp-class)# exit	Exits L2TP class configuration mode.
Step 5	pseudowire-class [pw-class-name] Example: Router(config)# pseudowire-class pwclass2	Enters pseudowire class configuration mode and optionally specifies the name of the L2TP pseudowire class. •You may configure pseudowire class configuration options in pseudowire class configuration mode. See the section "Configuring the L2TPv3 Pseudowire" in this document for more information. Note To configure the pseudowire to establish L2TPv3 tunnels, you must configure the protocol l2tpv3 option in pseudowire class configuration mode.
Step 6	exit Example: Router(config-pw)# exit	Exits pseudowire class configuration mode.
Step 7	interface virtual-ppp number Example: Router(config)# interface virtual-ppp 2	Enters interface configuration mode and assigns a virtual-PPP interface number.
Step 8	ppp authentication {protocol1 [protocol2...]} [if-needed] [list-name | default] [callin] [one-time] Example: Router(config-if)# ppp authentication chap	Enables CHAP or PAP or both and specifies the order in which CHAP and PAP authentication is selected on the interface.
Step 9	ppp chap hostname [hostname] Example: Router(config-if)# ppp chap hostname peer2	Creates a pool of dialup routers that all appear to be the same host when authenticating with CHAP.
Step 10	pseudowire peer-ip-address vcid pw-class pw-class-name [sequencing {transmit | receive | both}] Example: Router(config-if)# pseudowire 172.16.32.24 10 pw-class pwclass2	Specifies the IP address of the peer provider edge (PE) router and the 32-bit virtual circuit identifier shared between the PE at each end of the control channel. •peer-ip-address vcid—The peer router IP address and virtual circuit ID must be a unique combination on the router. •pw-class pw-class-name—The pseudowire class configuration from which the data encapsulation type will be taken.The pw-class parameter binds the pseudowire statement to a specific pseudowire class. The pseudowire class then serves as the template configuration for all attachment circuits bound to it. •sequencing—The optional sequencing parameter specifies whether sequencing is required for packets that are received, sent, or both received and sent.
Step 11	exit Example: Router(config-if)# exit	Exits interface configuration mode.
Step 12	ip route prefix mask {ip-address | interface-type interface-number [ip-address]} [distance] [name] [permanent] [tag tag] Example: Router(config)# ip route 10.20.20.0 255.255.255.0 Virtual-PPP1	Establishes static routes.

Configuring L2TP Control Channel Parameters

The L2TP class configuration procedure creates a template of L2TP control channel parameters that can be inherited by different pseudowire classes. L2TP control channel parameters are used in control channel authentication, keepalive messages, and control channel negotiation. In an L2TPv3 session, the same L2TP class must be specified in the pseudowire configured on the PE router at each end of the control channel. Configuring L2TP control channel parameters is optional. However, the L2TP class must be configured before it is associated with a pseudowire class (see the section "Configuring the L2TPv3 Pseudowire").

The three main groups of L2TP control channel parameters that you can configure in an L2TP class are described in the following sections:

•Configuring L2TP Control Channel Timing Parameters

•Configuring L2TP Control Channel Authentication Parameters

•Configuring L2TP Control Channel Maintenance Parameters

After the router enters L2TP class configuration mode, you can configure L2TP control channel parameters in any order. If you have multiple authentication requirements you can configure multiple sets of L2TP class control channel parameters with different L2TP class names. However, only one set of L2TP class control channel parameters can be applied to a connection between any pair of IP addresses.

Configuring L2TP Control Channel Timing Parameters

The following L2TP control channel timing parameters can be configured in L2TP class configuration mode:

•Packet size of the receive window used for the control channel

•Retransmission parameters used for control messages

•Timeout parameters used for the control channel

This task configures a set of timing control channel parameters in an L2TP class. All of the timing control channel parameter configurations are optional and may be configured in any order. If these parameters are not configured, the default values are applied.

SUMMARY STEPS

1. enable

2. configure terminal

3. l2tp-class [l2tp-class-name]

4. receive-window size

5. retransmit {initial retries initial-retries | retries retries | timeout {max | min} timeout}

6. timeout setup seconds

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	l2tp-class [l2tp-class-name] Example: Router(config)# l2tp-class class1	Specifies the L2TP class name and enters L2TP class configuration mode. •The l2tp-class-name argument is optional. However, if you want to configure multiple L2TP classes you must specify a unique l2tp-class-name for each one.
Step 4	receive-window size Example: Router(config-l2tp-class)# receive-window 30	(Optional) Configures the number of packets that can be received by the remote peer before backoff queueing occurs. •The valid values range from 1 to the upper limit the peer has for receiving packets. The default value is the upper limit.
Step 5	retransmit {initial retries initial-retries | retries retries | timeout {max | min} timeout} Example: Router(config-l2tp-class)# retransmit retries 10	(Optional) Configures parameters that affect the retransmission of control packets. •initial retries—Specifies how many start control channel requests (SCCRQs) are re-sent before giving up on the session. Valid values for the initial-retries argument range from 1 to 1000. The default value is 2. •retries—Specifies how many retransmission cycles occur before determining that the peer PE router does not respond. Valid values for the retries argument range from 1 to 1000. The default value is 15. •timeout {max | min}—Specifies maximum and minimum retransmission intervals (in seconds) for resending control packets. Valid values for the timeout argument range from 1 to 8. The default maximum interval is 8; the default minimum interval is 1.
Step 6	timeout setup seconds Example: Router(config-l2tp-class)# timeout setup 400	(Optional) Configures the amount of time, in seconds, allowed for setting up a control channel. •Valid values for the seconds argument range from 60 to 6000. The default value is 300.

Configuring L2TP Control Channel Authentication Parameters

The following L2TP control channel authentication parameters can be configured in L2TP class configuration mode:

•Authentication for the L2TP control channel

•Local host name used for authenticating the control channel

•Hiding the attribute-value pairs (AVPs) in outgoing control messages

•Password used for control channel authentication and AVP hiding

This task configures a set of authentication control channel parameters in an L2TP class. All of the authentication control channel parameter configurations are optional and may be configured in any order. If these parameters are not configured, the default values will be applied.

SUMMARY STEPS

1. enable

2. configure terminal

3. l2tp-class [l2tp-class-name]

4. authentication

5. hostname name

6. hidden

7. password [encryption-type] password

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	l2tp-class [l2tp-class-name] Example: Router(config)# l2tp-class class1	Specifies the L2TP class name and enters L2TP class configuration mode. •The l2tp-class-name argument is optional. However, if you want to configure multiple L2TP classes you must specify a unique l2tp-class-name for each one.
Step 4	authentication Example: Router(config-l2tp-class)# authentication	(Optional) Enables authentication for the control channel between PE routers. •Authentication is enabled by default.
Step 5	hostname name Example: Router(config-l2tp-class)# hostname yb2	(Optional) Specifies a host name used to identify the router during L2TP control channel authentication. •If you do not use this command, the default host name of the router is used.
Step 6	hidden Example: Router(config-l2tp-class)# hidden	(Optional) Hides the AVPs in control messages. •AVPs are not hidden by default.
Step 7	password [encryption-type] password Example: Router(config-l2tp-class)# password tunnel2	(Optional) Configures the password used for control channel authentication. •The valid values for the optional encryption type range from 0 to 7. If you do not use this command to specify a password, the password associated with the remote peer PE is taken from the value entered with the username password value global configuration command.

Configuring L2TP Control Channel Maintenance Parameters

The L2TP hello packet keepalive interval control channel maintenance parameter can be configured in L2TP class configuration mode.

This task configures the interval used for hello messages in an L2TP class. This control channel parameter configuration is optional. If this parameter is not configured, the default value will be applied.

SUMMARY STEPS

1. enable

2. configure terminal

3. l2tp-class [l2tp-class-name]

4. hello interval

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	l2tp-class [l2tp-class-name] Example: Router(config)# l2tp-class class1	Specifies the L2TP class name and enters L2TP class configuration mode. •The l2tp-class-name argument is optional. However, if you want to configure multiple L2TP classes you must specify a unique l2tp-class-name for each one.
Step 4	hello interval Example: Router(config-l2tp-class)# hello 100	(Optional) Specifies the exchange interval (in seconds) used between L2TP hello packets. •Valid values for the interval argument range from 0 to 1000. The default value is 60.

Configuring the L2TPv3 Pseudowire

The pseudowire class configuration procedure creates a configuration template for the pseudowire. You use this template, or class, to configure session-level parameters for L2TPv3 sessions that will be used to transport attachment circuit traffic over the pseudowire.

The pseudowire configuration specifies the characteristics of the L2TPv3 signaling mechanism, including the data encapsulation type, the control protocol, sequencing, fragmentation, payload-specific options, and IP properties. The setting that determines if signaling is used to set up the pseudowire is also included.

For simple L2TPv3 signaling configurations on most platforms, pseudowire class configuration is optional. However, specifying a source IP address to configure a loopback interface is highly recommended. If you do not configure a loopback interface, the router will choose the best available local address, which could be any IP address configured on a core-facing interface. This configuration could prevent a control channel from being established. If you do not configure other pseudowire class configuration commands, the default values are used.

SUMMARY STEPS

1. enable

2. configure terminal

3. pseudowire-class [pw-class-name]

4. encapsulation {l2tpv2 | l2tpv3 [manual] | mpls}

5. protocol {l2tpv2 | l2tpv3 | none} [l2tp-class-name]

6. ip local interface interface-name

7. ip pmtu

8. ip tos {value value | reflect}

9. ip dfbit set

10. ip ttl value

11. ip protocol {l2tp | uti | protocol-number}

12. sequencing {transmit | receive | both}

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	pseudowire-class [pw-class-name] Example: Router(config)# pseudowire-class etherpw	Enters pseudowire class configuration mode and optionally specifies the name of the L2TP pseudowire class.
Step 4	encapsulation {l2tpv2 | l2tpv3 [manual]| mpls} Example: Router(config-pw)# encapsulation l2tpv3	Specifies the data encapsulation method used to tunnel IP traffic. •l2tpv2—L2TP is the tunneling method to be used to encapsulate data in the pseudowire. •l2tpv3—L2TPv3 is the tunneling method to be used to encapsulate data in the pseudowire. –manual—(Optional) No signaling is to be used in the L2TPv3 control channel. This option is not compatible withthe L2TP Client-Initiated Tunneling feature. •mpls—Multiprotocol Label Switching (MPLS) is the tunneling method to be used to encapsulate data in the pseudowire. Note The L2TP Client-Initiated Tunneling feature works only with the L2TPv3 and L2TP data encapsulation methods.
Step 5	protocol {l2tpv2 | l2tpv3 | none} [l2tp-class-name] Example: Router(config-pw)# protocol l2tpv3 class1	(Optional) Specifies the L2 signaling protocol to be used to manage the pseudowires created with the control channel parameters in the specified L2TP class (see the section "Configuring L2TP Control Channel Parameters"). •l2tpv2—Specifies L2TP as the signaling protocol to be used. •l2tpv3—Specifies L2TPv3 as the signaling protocol to be used. •none—If you do not want to use signaling in the L2TPv3 sessions created with this pseudowire class, enter the protocol none command. This option is not compatible with the L2TP Client-Initiated Tunneling feature. •l2tp-class-name—(Optional) The name of the L2TP class whose control plane configuration is to be used for pseudowires set up from a specified pseudowire class. Note If the l2tp-class-name argument is not specified, the default values for L2TP control channel parameters will be used. The default protocol option is l2tpv3. Note To configure the pseudowire to establish L2TP tunnels, you must configure the protocol l2tpv2 option in pseudowire class configuration mode. To configure the pseudowire to establish L2TPv3 tunnels, you must configure the protocol l2tpv3 option in pseudowire class configuration mode.
Step 6	ip local interface interface-name Example: Router(config-pw)# ip local interface e0/0	Specifies the PE router interface whose IP address is to be used as the source IP address for sending tunneled packets. •Use the same local interface name for all pseudowire classes configured between a pair of PE routers. Note This command must be configured for pseudowire class configurations using L2TPv3 as the data encapsulation method.
Step 7	ip pmtu Example: Router(config-pw)# ip pmtu	(Optional) Enables the discovery of the path maximum transmission unit (PMTU) for tunneled traffic. •This command enables the processing of Internet Control Message Protocol (ICMP) unreachable messages that indicate fragmentation errors in the backbone network that carries L2TPv3 session traffic. Also, this command enables MTU checking for IP packets sent into the session and that have the Don't Fragment (DF) bit set. Any IP packet larger than the MTU is dropped and an ICMP unreachable message is sent. MTU discovery is disabled by default. •This command must be enabled in the pseudowire class configuration for fragmentation of IP packets before the data enters the pseudowire to occur. Note For fragmentation of IP packets before the data enters the pseudowire, we recommend that you also enable the ip dfbit set command in the pseudowire class configuration. This allows the PMTU to be obtained more rapidly.
Step 8	ip tos {value value | reflect} Example: Router(config-pw)# ip tos reflect	(Optional) Configures the value of the type of service (ToS) byte in IP headers of tunneled packets, or reflects the ToS byte value from the inner IP header. •Valid values for the value argument range from 0 to 255. The default ToS byte value is 0.
Step 9	ip dfbit set Example: Router(config-pw)# ip dfbit set	(Optional) Configures the value of the DF bit in the outer headers of tunneled packets. •Use this command if (for performance reasons) you do not want reassembly of tunneled packets to be performed on the peer PE router. This command is disabled by default.
Step 10	ip ttl value Example: Router(config-pw)# ip ttl 100	(Optional) Configures the value of the time to live (TTL) byte in the IP headers of tunneled packets. •Valid values for the value argument range from 1 to 255. The default TTL byte value is 255.
Step 11	ip protocol {l2tp | uti | protocol-number} Example: Router(config-pw)# ip protocol uti	(Optional) Configures the IP protocol to be used for tunneling packets. •For backward compatibility with UTI, enter uti or 120, the UTI protocol number. The default IP protocol value is l2tp or 115, the L2TP protocol number.
Step 12	sequencing {transmit | receive | both} Example: Router(config-pw)# sequencing both	(Optional) Specifies the direction in which sequencing of data packets in a pseudowire is enabled. •transmit—Updates the Sequence Number field in the headers of data packets sent over the pseudowire according to the data encapsulation method that is used. •receive—Keeps the Sequence Number field in the headers of data packets received over the pseudowire. Out-of-order packets are dropped. •both—Enables both the transmit and receive options.

Configuration Examples for L2TP Client-Initiated Tunneling

This section contains the following configuration examples:

•Configuring L2TP Client-Initiated Tunneling on the Local Peer for L2TP Tunnels: Example

•Configuring L2TP Client-Initiated Tunneling on the Local Peer for L2TPv3 Tunnels: Example

•Configuring L2TP Client-Initiated Tunneling on the Remote Peer for L2TP Tunnels: Example

•Configuring L2TP Client-Initiated Tunneling on the Remote Peer for L2TPv3 Tunnels: Example

Configuring L2TP Client-Initiated Tunneling on the Local Peer for L2TP Tunnels: Example

The following example configures the L2TP Client-Initiated Tunneling feature on the local peer. This configuration is for L2TP tunnels.

l2tp-class l2tpclass1

!

pseudowire-class pwclass1

 encapsulation l2tpv2

 protocol l2tpv2 pw-class1

 ip local interface ethernet0/0

!

interface virtual-ppp 1

 ip unnumbered loopback1

 ppp authentication chap

 ppp chap hostname peer1

 pseudowire 172.24.13.196 10 pw-class pwclass1

!

ip route 10.10.10.0 255.255.255.0 virtual-PPP1

Configuring L2TP Client-Initiated Tunneling on the Local Peer for L2TPv3 Tunnels: Example

The following example configures the L2TP Client-Initiated Tunneling feature on the local peer. This configuration is for L2TPv3 tunnels.

l2tp-class l2tpclass1

!

pseudowire-class pwclass1

 encapsulation l2tpv3

 protocol l2tpv3 pw-class1

 ip local interface ethernet0/0

!

interface virtual-ppp 1

 ip unnumbered loopback1

 ppp authentication chap

 ppp chap hostname peer1

 pseudowire 172.24.13.196 10 pw-class pwclass1

!

ip route 10.10.10.0 255.255.255.0 virtual-PPP1

Configuring L2TP Client-Initiated Tunneling on the Remote Peer for L2TP Tunnels: Example

The following example configures the L2TP Client-Initiated Tunneling feature on the remote peer using a VPDN group. This configuration is for L2TP tunnels.

vpdn-group vpdngroup1

 accept-dialin

  protocol l2tp

  virtual-template 1

 terminate-from host peer1

!

interface virtual-template 1

 ip unnumbered loopback1

 ppp authentication chap

 ppp chap hostname peer2

Configuring L2TP Client-Initiated Tunneling on the Remote Peer for L2TPv3 Tunnels: Example

The following example configures the L2TP Client-Initiated Tunneling feature on the remote peer using an L2TP class and a pseudowire class. This configuration is for L2TPv3 tunnels.

l2tp-class l2tpclass2

!

pseudowire-class pwclass2

 encapsulation l2tpv3

 protocol l2tpv3 pw-class1

 ip local interface ethernet0/1

!

interface virtual-ppp 2

 ip unnumbered loopback1

 ppp authentication chap

 ppp chap hostname peer2

 pseudowire 172.16.32.24 10 pw-class pwclass2

!

ip route 10.20.20.0 255.255.255.0 virtual-PPP1

Additional References

The following sections contain additional information related to the L2TP Client-Initiated Tunneling feature.

Related Documents

Related Topic	Document Title
Information about L2TP.	•Layer 2 Tunnel Protocol •Layer 2 Tunneling Protocol: A Feature in Cisco IOS Software
Information about L2TPv3.	L2TPv3: Layer 2 Tunnel Protocol Version 3
Additional VPN commands: complete command syntax, command mode, defaults, usage guidelines and examples.	Cisco IOS Dial Technologies Command Reference, Release 12.3
Information on PPP encapsulation.	Cisco IOS Dial Technologies Configuration Guide
Information on CHAP authentication.	Cisco IOS Security Configuration Guide
Additional authentication commands: complete command syntax, command mode, defaults, usage guidelines and examples.	Cisco IOS Security Command Reference, Release 12.3

Standards

Standards	Title
None	—

MIBs

MIBs	MIBs Link
None	To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs

RFCs

RFCs	Title
RFC 2661	Layer Two Tunneling Protocol "L2TP"

Technical Assistance

Description	Link
Technical Assistance Center (TAC) home page, containing 30,000 pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.	http://www.cisco.com/public/support/tac/home.shtml

Command Reference

This section documents new and modified commands. All other commands used with this feature are documented in the Cisco IOS Release 12.3T command reference publications.

•authentication (L2TP)

•encapsulation (L2TP)

•hello

•hidden

•hostname (L2TP)

•interface virtual-ppp

•ip dfbit set

•ip local interface

•ip pmtu

•ip protocol

•ip tos (L2TP)

•ip ttl

•l2tp-class

•password (L2TP)

•protocol (L2TP)

•pseudowire

•pseudowire-class

•receive-window

•retransmit

•sequencing

•timeout setup

authentication (L2TP)

To enable Layer 2 Tunnel Protocol (L2TP) or L2TP Version 3 (L2TPv3) authentication, use the authentication (L2TP) command in L2TP class configuration mode. To disable Layer 2 (L2) authentication, use the no form of this command.

authentication

no authentication

Syntax Description

This command has no arguments or keywords.

Defaults

L2 authentication is enabled.

Command Modes

L2TP class configuration

Command History

Release	Modification
12.0(23)S	This command was introduced.
12.3(2)T	This command was integrated into Cisco IOS Release 12.3(2)T.

Usage Guidelines

Use the authentication command to enable L2 authentication only if authentication was previously disabled.

Examples

The following example enables authentication in L2 pseudowires configured using the L2TP class configuration named l2tp class1:

Router(config)# l2tp-class l2tp-class1

Router(config-l2tp-class)# authentication 

Related Commands

Command	Description
l2tp-class	Creates a template of L2TP control plane configuration settings that can be inherited by different pseudowire classes and enters L2TP class configuration mode.

encapsulation (L2TP)

To specify the Layer 2 (L2) data encapsulation method to be used for tunneling IP traffic over a pseudowire, use the encapsulation (L2TP) command in pseudowire class configuration mode. To remove the specified L2 encapsulation method, use the no form of this command.

encapsulation {l2tpv2 | l2tpv3 [manual] | mpls}

no encapsulation {l2tpv2 | l2tpv3 [manual] | mpls}

Syntax Description

l2tpv2	Uses L2TP as the tunneling method to encapsulate data in the pseudowire.
l2tpv3 [manual]	Uses L2TPv3 as the tunneling method to encapsulate data in the pseudowire. •manual—(Optional) No signaling is to be used in the L2TPv3 control channel.
mpls	Uses Multiprotocol Label Switching (MPLS) as the tunneling method to encapsulate data in the pseudowire.

Defaults

No encapsulation method is specified.

Command Modes

Pseudowire class configuration

Command History

Release	Modification
12.0(23)S	This command was introduced.
12.3(2)T	The l2tpv2 keyword was added and this command was integrated into Cisco IOS Release 12.3(2)T.

Usage Guidelines

This command must be configured if the pseudowire class will be referenced from an xconnect or pseudowire configured to forward L2 traffic.

Examples

The following example shows how to configure L2TPv3 as the data encapsulation method for the pseudowire class named ether-pw:

Router(config)# pseudowire-class ether-pw

Router(config-pw)# encapsulation l2tpv3

Related Commands

Command	Description
pseudowire-class	Specifies the name of an L2TP pseudowire class and enters pseudowire class configuration mode.

hello

To configure the interval used to exchange hello keepalive packets in a Layer 2 (L2) control channel, use the hello command in L2TP class configuration mode. To disable the sending of hello keepalive packets, use the no form of this command.

hello interval

no hello interval

Syntax Description

interval

Number of seconds a router at one end of an L2 control channel waits before sending a hello keepalive packet to its peer router. The valid values range from 0 to 1000 seconds. The default value is 60 seconds.

Defaults

60 seconds

Command Modes

L2TP class configuration

Command History

Release	Modification
12.0(23)S	This command was introduced.
12.3(2)T	This command was integrated into Cisco IOS Release 12.3(2)T.

Usage Guidelines

You can configure different values with the hello command on the router at each end of an L2 control channel.

Examples

The following example sets an interval of 120 seconds between the sending of hello keepalive messages in pseudowires configured using the L2TP class configuration named l2tp class1:

Router(config)# l2tp-class l2tp-class1

Router(config-l2tp-class)# hello 120

Related Commands

Command	Description
l2tp-class	Creates a template of L2TP control plane configuration settings that can be inherited by different pseudowire classes and enters L2TP class configuration mode.

hidden

To hide the attribute-value pair (AVP) values in Layer 2 Tunneling Protocol (L2TP) control messages, use the hidden command in L2TP class configuration mode. To unhide AVPs, use the no form of this command.

hidden

no hidden

Syntax Description

This command has no arguments or keywords.

Defaults

L2TP AVP hiding is disabled.

Command Modes

L2TP class configuration

Command History

Release	Modification
12.0(23)S	This command was introduced.
12.3(2)T	This command was integrated into Cisco IOS Release 12.3(2)T.

Usage Guidelines

Use the hidden command to provide additional security for the exchange of control messages between provider edge routers in a Layer 2 Tunnel Protocol Version 3 (L2TPv3) control channel. Because username and password information is exchanged between devices in clear text, it is useful to encrypt L2TP AVP values with the hidden command.

Examples

The following example enables AVP hiding and encrypts AVPs in control messages in L2TPv3 pseudowires configured using the L2TP class configuration named l2tp class1:

Router(config)# l2tp-class l2tp-class1

Router(config-l2tp-class)# hidden

Related Commands

Command	Description
l2tp-class	Creates a template of L2TP control plane configuration settings that can be inherited by different pseudowire classes and enters L2TP class configuration mode.

hostname (L2TP)

To configure the host name that the router will use to identify itself during Layer 2 Tunnel Protocol Version 3 (L2TPv3) authentication, use the hostname (L2TP) command in L2TP class configuration mode. To remove the host name, use the no form of this command.

hostname name

no hostname name

Syntax Description

name	Name used to identify the router during authentication.

Defaults

No host name is specified for L2TPv3 authentication.

Command Modes

L2TP class configuration

Command History

Release	Modification
12.0(23)S	This command was introduced.
12.3(2)T	This command was integrated into Cisco IOS Release 12.3(2)T.

Usage Guidelines

If you do not use the hostname command, the host name of the router is used for L2TPv3 authentication.

Examples

The following example configures the host name yb2 for a provider edge router used at one end of an L2TPv3 control channel in an L2TPv3 pseudowire configured using the L2TP class configuration named l2tp class1:

Router(config)# l2tp-class l2tp-class1

Router(config-l2tp-class)# hostname yb2

Related Commands

Command	Description
ip local interface	Configures the IP address of the PE router interface to be used as the source IP address for sending tunneled packets.
l2tp-class	Creates a template of L2TP control plane configuration settings that can be inherited by different pseudowire classes and enters L2TP class configuration mode.

interface virtual-ppp

To enter interface configuration mode and assign a virtual-PPP interface number, use the interface virtual-ppp command in global configuration mode. To disable a virtual-PPP interface, use the no form of this command.

interface virtual-ppp number

no interface virtual-ppp number

Syntax Description

number

Virtual-PPP interface number. Valid values range from one to 2147483647.

Defaults

No default behavior or values

Command Modes

Global configuration mode

Command History

Release	Modification
12.3(2)T	This command was introduced.

Usage Guidelines

Use the interface virtual-ppp command to create a virtual interface with PPP encapsulation.

Issuing the interface virtual-ppp command enters interface configuration mode.

Examples

The following example configures a virtual-PPP interface with the number 503 and enters virtual-PPP interface configuration mode:

interface virtual-ppp 503

Related Commands

Command	Description
l2tp-class	Creates a template of L2TP control plane configuration settings that can be inherited by different pseudowire classes and enters L2TP class configuration mode.
pseudowire-class	Specifies the name of an L2TP pseudowire class and enters pseudowire class configuration mode.
pseudowire	Binds an attachment circuit to a L2TPv3 pseudowire for Xconnect service.

ip dfbit set

To enable the Don't Fragment (DF) bit in the outer Layer 2 (L2) header, use the ip dfbit set command in pseudowire class configuration mode. To disable the DF bit setting, use the no form of this command.

ip dfbit set

no ip dfbit set

Syntax Description

This command has no arguments or keywords.

Defaults

The default value is DF bit off, except for Cisco 12000 series Internet routers, which have this command enabled by default.

Command Modes

Pseudowire class configuration

Command History

Release	Modification
12.0(23)S	This command was introduced.
12.3(2)T	This command was integrated into Cisco IOS Release 12.3(2)T.

Usage Guidelines

Use this command to set the DF bit on if, for performance reasons, you do not want tunneled packet reassembly to be performed on the router.

---

Note The no ip dfbit set command is not supported on the Cisco 12000 series Internet routers.

---

Examples

The following example shows how to enable the DF bit in the outer L2 header in pseudowires created from the pseudowire class named ether-pw:

Router(config)# pseudowire-class ether-pw

Router(config-pw)# ip dfbit set

Related Commands

Command	Description
ip pmtu (L2TP)	Enables the discovery of a PMTU for L2 traffic.
pseudowire-class	Specifies the name of an L2TP pseudowire class and enters pseudowire class configuration mode.

ip local interface

To configure the IP address of the provider edge (PE) router interface to be used as the source IP address for sending tunneled packets, use the ip local interface command in pseudowire class configuration mode. To remove the IP address, use the no form of this command.

ip local interface interface-name

no ip local interface interface-name

Syntax Description

interface-name

Name of the PE interface whose IP address is used as the source IP address for sending tunneled packets over a Layer 2 (L2) pseudowire.

Defaults

NoIP address is configured.

Command Modes

Pseudowire class configuration

Command History

Release	Modification
12.0(23)S	This command was introduced.
12.3(2)T	This command was integrated into Cisco IOS Release 12.3(2)T.

Usage Guidelines

Use the same local interface name for all pseudowire classes configured between a pair of PE routers. It is highly recommended that a loopback interface is configured with this command. If you do not configure a loopback interface, the router will choose the "best available local address," which could be any IP address configured on a core-facing interface. This configuration could prevent a control channel from being established.

---

Note The interface configured with the ip local interface command must be a loopback interface on Cisco 12000 series Internet routers.

---

---

Note This command must be configured for pseudo-wire class configurations using L2TPv3 as the data encapsulation method.

---

Examples

The following example shows how to configure the IP address of the local Ethernet interface named e0/0 as the source IP address for sending Ethernet packets through an L2TPv3 session:

Router(config)# pseudowire-class ether-pw

Router(config-pw)# ip local interface e0/0

Related Commands

Command	Description
pseudowire-class	Specifies the name of an L2TP pseudowire class and enters pseudowire class configuration mode.

ip pmtu

To enable the discovery of a path maximum transmission unit (PMTU) for Layer 2 (L2) traffic, use the ip pmtu command in pseudowire class configuration mode. To disable PMTU discovery, use the no form of this command.

ip pmtu

no pmtu

Syntax Description

This command has no arguments or keywords.

Defaults

Path MTU discovery is disabled.

Command Modes

Pseudowire class configuration

Command History

Release	Modification
12.0(23)S	This command was introduced.
12.3(2)T	This command was integrated into Cisco IOS Release 12.3(2)T.

Usage Guidelines

The ip pmtu command enables the processing of Internet Control Message Protocol (ICMP) unreachable messages that indicate fragmentation errors in the IP backbone network carrying the tunneled traffic. The MTU of the L2TPv3 session is updated according to the MTU information contained in the ICMP unreachable message.

The ip pmtu command also enables MTU checking for IP packets that are sent into an L2TPv3 session with the Don't Fragment (DF) bit set. If an IP packet is larger than the MTU of the tunnel, the packet is dropped and an ICMP unreachable message is sent. If an IP packet is smaller than the MTU of the tunnel, the DF bit in the packet header is reflected from the inner IP header to the tunnel header.

Examples

The following example shows how to enable the discovery of the path MTU for pseudowires created from the pseudowire class named ether-pw:

Router(config)# pseudowire-class ether-pw

Router(config-pw)# ip pmtu

Related Commands

Command	Description
ip dfbit set	Enables the DF bit in the outer L2TPv3 tunnel header.
pseudowire-class	Specifies the name of an L2TP pseudowire class and enters pseudowire class configuration mode.

ip protocol

To configure the Layer 2 Tunnel Protocol (L2TP) or Universal Tunnel Interface (UTI) as the IP protocol used for tunneling packets in a Layer 2 (L2) pseudowire, use the ip protocol command in pseudowire class configuration mode. To remove the IP protocol configuration, use the no form of this command.

ip protocol {l2tp | uti | protocol-number}

no ip protocol {l2tp | uti | protocol-number}

Syntax Description

l2tp	Configures L2TP as the IP protocol used to tunnel packets in an L2 pseudowire.
uti	Configures UTI as the IP protocol used to tunnel packets in an L2 pseudowire, and allows a router running L2TPv3 to interoperate with a peer running UTI.
protocol-number	The protocol number of the desired IP protocol. The protocol number for L2TPv3 is 115. The protocol number for UTI is 120.

Defaults

The default IP protocol is L2TP.

Command Modes

Pseudowire class configuration

Command History

Release	Modification
12.0(23)S	This command was introduced.
12.3(2)T	This command was integrated into Cisco IOS Release 12.3(2)T.

Usage Guidelines

Use the ip protocol command to ensure backward compatibility with routers running UTI. This command allows you to configure an L2TPv3 pseudowire between a router running L2TPv3 and a peer router running UTI.

---

Note You can use the ip protocol command only if you have already entered the encapsulation l2tpv3 command.

---

To configure L2TP as the IP protocol used to tunnel packets in an L2TPv3 pseudowire, you may enter 115, the IP protocol number assigned to L2TPv3, instead of l2tp in the ip protocol command.

To configure UTI as the IP protocol used to tunnel packets in an L2TPv3 pseudowire, you may enter 120, the IP protocol number assigned to UTI, instead of uti in the ip protocol command.

---

Note Interoperability in an L2TPv3 control channel between a router running UTI and a router configured for L2TPv3 encapsulation is supported only if you disable signaling using the protocol none command.

---

Examples

The following example shows how to configure UTI as the IP protocol used to tunnel packets in an L2TPv3 pseudowire created from the pseudowire class named ether-pw:

Router(config)# pseudowire-class ether-pw

Router(config-pw)# encapsulation l2tpv3

Router(config-pw)# ip protocol uti

Related Commands

Command	Description
encapsulation (L2TP)	Configures the L2 data encapsulation method used to tunnel IP traffic.
pseudowire-class	Specifies the name of an L2TP pseudowire class and enters pseudowire class configuration mode.

ip tos (L2TP)

To configure the Type of Service (ToS) byte in the header of Layer 2 (L2) tunneled packets, use the ip tos (L2TP) command in pseudowire class configuration mode. To disable a configured ToS value or IP ToS reflection, use the no form of this command.

ip tos {value value | reflect}

no tos {value value | reflect}

Syntax Description

value value	Sets the value of the ToS byte for IP packets in an L2TPv3 session. Valid values range from 0 to 255. The default value is 0.
reflect	Sets the value of the ToS byte for IP packets in an L2TPv3 session to be reflected from the inner IP header.

Defaults

The default ToS value is 0.

Command Modes

Pseudowire class configuration

Command History

Release	Modification
12.0(23)S	This command was introduced.
12.3(2)T	This command was integrated into Cisco IOS Release 12.3(2)T.

Usage Guidelines

The ip tos command allows you to manually configure the value of the ToS byte used in the headers of L2 tunneled packets or to have the ToS value reflected from the IP header of the encapsulated packet.

---

Note The reflect option is not supported on the Cisco 10720 and Cisco 12000 series Internet routers.

---

---

Note IP ToS byte reflection functions only if traffic in an L2TPv3 session carries IP packets as its payload.

---

In addition, you can configure both IP ToS reflection and a ToS priority level (from 0 to 255) for a pseudowire class. In this case, the ToS value in the tunnel header defaults to the value you specify with the ip tos value value command. IP packets received on the Layer 2 interface and encapsulated into the L2TPv3 session have their ToS byte reflected into the outer IP session, overriding the default value configured with the ip tos value value command.

Examples

The following example shows how to configure the ToS byte in the headers of tunneled packets in L2 tunnels created from the pseudowire class named ether-pw to be reflected from the ToS value in the header of each encapsulated IP packet:

Router(config)# pseudowire-class ether-pw

Router(config-pw)# ip tos reflect

Related Commands

Command	Description
pseudowire-class	Specifies the name of an L2TP pseudowire class and enters pseudowire class configuration mode.

ip ttl

To configure the time-to-live (TTL) byte in the IP headers of Layer 2 (L2) tunneled packets, use the ip ttl command in pseudowire class configuration mode. To remove the configured TTL value, use the no form of this command.

ip ttl value

no ip ttl value

Syntax Description

value

Value of the TTL byte in the IP headers of L2TPv3 tunneled packets. The valid values range from 1 to 255. The default value is 255.

Defaults

The default value of the TTL byte is 255.

Command Modes

Pseudowire class configuration

Command History

Release	Modification
12.0(23)S	This command was introduced.
12.3(2)T	This command was integrated into Cisco IOS Release 12.3(2)T.

Usage Guidelines

Use this command to set the Don't Fragment (DF) bit on if, for performance reasons, you do not want tunneled packet reassembly to be performed on the router.

Examples

The following example shows how to set the TTL byte to 100 in the IP header of L2 tunneled packets in pseudowires created from the pseudowire class named ether-pw:

Router(config)# pseudowire-class ether-pw

Router(config-pw)# ip ttl 100

Related Commands

Command	Description
pseudowire-class	Specifies the name of an L2TP pseudowire class and enters pseudowire class configuration mode.

l2tp-class

To create a template of Layer 2 Tunneling Protocol control plane configuration settings that can be inherited by different pseudowire classes and to enter L2TP class configuration mode, use the l2tp-class command in global configuration mode.

l2tp-class [l2tp-class-name]

Syntax Description

l2tp-class-name

(Optional) Name of the L2TP class. The l2tp-class-name argument must be specified if you want to configure multiple sets of L2TP control parameters.

Defaults

No default behavior or values.

Command Modes

Global configuration

Command History

Release	Modification
12.0(23)S	This command was introduced.
12.3(2)T	This command was integrated into Cisco IOS Release 12.3(2)T.

Usage Guidelines

The l2tp-class l2tp-class-name command allows you to configure an L2TP class template that consists of configuration settings used by different pseudowire classes. An L2TP class includes the following configuration settings:

•Host name of local router used during L2TPv3 authentication

•Authentication enabled

•Time interval used to exchange hello packets

•Password used for control channel authentication

•Packet size of receive window

•Retransmission settings for control packets

•Time allowed to set up a control channel

The l2tp-class command enters L2TP class configuration mode, where L2TP control plane parameters are configured.

You must use the same L2TP class in the pseudowire configuration at both ends of an L2TPv3 control channel.

Examples

The following example shows how to switch to L2TP class configuration mode to create an L2TP class configuration template for the class named ether-pw:

Router(config)# l2tp-class ether-pw

Router(config-l2tp-class)#

Related Commands

Command	Description
protocol (L2TP)	Specifies the L2 signaling protocol to be used to manage the pseudowires created from a pseudowire class for a dynamic L2 session, and that control plane configuration settings are to be taken from the specified L2TP class
pseudowire	Binds an attachment circuit to a Layer 2 (L2) pseudowire for xconnect service.
pseudowire-class	Specifies the name of an L2TP pseudowire class and enters pseudowire class configuration mode.

password (L2TP)

To configure the password used by a provider edge (PE) router for Layer 2 (L2) authentication, use the password (L2TP) command in L2TP class configuration mode. To disable a configured password, use the no form of this command.

password [encryption-type] password

no password [encryption-type] password

Syntax Description

encryption-type	(Optional) Specifies the type of encryption to use. The valid values are from 0 to 7. Currently defined encryption types are 0 (no encryption) and 7 (text is encrypted using an algorithm defined by Cisco).
password	Specifies the password used for L2TPv3 authentication.

Defaults

If a password is not configured for the L2TP class with the password command, the password configured with the username password command in global configuration mode is used.

Command Modes

L2TP class configuration

Command History

Release	Modification
12.0(23)S	This command was introduced.
12.3(2)T	This command was integrated into Cisco IOS Release 12.3(2)T.

Usage Guidelines

The password that you define with the password command is also used for attribute-value pair (AVP) hiding.

The password hierarchy sequence used for a local and remote peer PE for L2TPv3 authentication is as follows:

•The L2TPv3 password (configured with the password command) is used first.

•If no L2TPv3 password exists, the globally configured password (configured with the username password command) for the router is used.

Examples

The following example sets the password named tunnel2 to be used to authenticate an L2TPv3 session between the local and remote peers in L2TPv3 pseudowires configured with the L2TP class configuration named l2tp class1:

Router(config)# l2tp-class l2tp-class1

Router(config-l2tp-class)# password tunnel2

Related Commands

Command	Description
l2tp-class	Creates a template of L2TP control plane configuration settings that can be inherited by different pseudowire classes and enters L2TP class configuration mode.

protocol (L2TP)

To specify the signaling protocol to be used to manage the pseudowires created from a pseudowire class for a Layer 2 (L2) session, and that control plane configuration settings are to be taken from a specified L2TP class, use the protocol (L2TP) command in pseudowire class configuration mode. To remove the signaling protocol (and the control plane configuration to be used) from a pseudowire class, use the no form of this command.

protocol {l2tpv2 | l2tpv3 | none} [l2tp-class-name]

no protocol {l2tpv2 | l2tpv3 | none} [l2tp-class-name]

Syntax Description

l2tpv2	Specifies that the L2TP signaling protocol will be used.
l2tpv3	Specifies that the L2TPv3 signaling protocol will be used.
none	Specifies that no signaling protocol will be used in L2TPv3 sessions.
l2tp-class-name	(Optional) The name of the L2TP class whose control plane configuration is to be used for pseudowires set up from a specified pseudowire class.

Defaults

The default protocol option is l2tpv3.
If you do not enter a value for the l2tp-class-name argument, the default control plane configuration settings in the L2TP signaling protocol are used.

Command Modes

Pseudowire class configuration

Command History

Release	Modification
12.0(23)S	This command was introduced.
12.3(2)T	This command was integrated into Cisco IOS Release 12.3(2)T.

Usage Guidelines

Use the protocol (L2TP) command to configure the signaling protocol to use in sessions created from the specified pseudowire class. In addition, you can use this command to specify the L2TP class from which the control plane configuration settings are to be taken.

Use the protocol none command to specify that no signaling will be used in L2TPv3 sessions created from the specified pseudowire class. This configuration is required for interoperability with a remote peer running the Universal Tunnel Interface (UTI).

Do not use the command if you want to configure a pseudowire class used to create manual L2TPv3 sessions.

Examples

The following example shows how to enter pseudowire class configuration mode, and how to configure L2TPv3 as the signaling protocol. The control plane configuration used in the L2TP class named class1 will be used to create dynamic L2TPv3 sessions for a VLAN Xconnect interface:

Router(config)# pseudowire-class vlan-xconnect

Router(config-pw)# protocol l2tpv3 class1

Related Commands

Command	Description
pseudowire-class	Specifies the name of an L2TP pseudowire class and enters pseudowire class configuration mode.

pseudowire

To bind an attachment circuit to a Layer 2 (L2) pseudowire for xconnect service, use the pseudowire command in interface configuration mode.

pseudowire peer-ip-address vcid pw-class pw-class-name [sequencing {transmit | receive | both}]

Syntax Description

peer-ip-address	The IP address of the remote peer.
vcid	The 32-bit identifier of the virtual circuit between the routers at each end of the L2 control channel.
pw-class pw-class-name	The pseudowire class configuration from which the data encapsulation type will be taken.
sequencing {transmit | receive | both}	(Optional) Sets the sequencing method to be used for packets received or sent in L2TP sessions: •transmit—Sequencing of L2TP data packets received from the session. •receive—Sequencing of L2TP data packets sent into the session. •both—Sequencing of L2TP data packets that are both sent and received from the session.

Defaults

No default behavior or values

Command Modes

Interface configuration

Command History

Release	Modification
12.3(2)T	This command was introduced.

Usage Guidelines

The combination of the peer-ip-address and vcid must be unique on the router. Each pseudowire configuration must have a unique combination of peer-ip-address and vcid configuration.

The same vcid value that identifies the attachment circuit must be configured using the pseudowire command on the local and remote router at each end of an L2 session. The virtual circuit identifier creates the binding between a pseudowire and an attachment circuit.

The pw-class pw-class-name value binds the pseudowire configuration of an attachment circuit to a specific pseudowire class. In this way, the pseudowire class configuration serves as a template that contains settings used by all attachment circuits bound to it with the pseudowire command.

Examples

The following example creates a virtual-PPP interface with the number 1, configures PPP on the virtual-PPP interface, and binds the attachment circuit to an L2TPv3 pseudowire for Xconnect service for the pseudowire class named pwclass1:

interface virtual-ppp 1

 ppp authentication chap

 ppp chap hostname peer1

 pseudowire 172.24.13.196 10 pw-class pwclass1

Related Commands

Command	Description
l2tp-class	Creates a template of L2TP control plane configuration settings that can be inherited by different pseudowire classes and enters L2TP class configuration mode.
pseudowire-class	Specifies the name of an L2TP pseudowire class and enters pseudowire class configuration mode.

pseudowire-class

To specify the name of a Layer 2 (L2) pseudowire class and enter pseudowire class configuration mode, use the pseudowire-class command in global configuration mode.

pseudowire-class [pw-class-name]

Syntax Description

pw-class-name

(Optional) The name of a L2 pseudowire class. If you want to configure more than one pseudowire class, you must enter a value for the pw-class-name argument.

Defaults

No pseudowire class is defined.

Command Modes

Global configuration

Command History

Release	Modification
12.0(23)S	This command was introduced.
12.3(2)T	This command was integrated into Cisco IOS Release 12.3(2)T.

Usage Guidelines

The pseudowire-class command allows you to configure a pseudowire class template that consists of configuration settings used by all attachment circuits bound to the class. A pseudowire class includes the following configuration settings:

•Data encapsulation type

•Control protocol

•Sequencing

•IP address of the local L2 interface

•Type of Service (ToS) value in IP headers

After you enter the pseudowire-class command, you switch to pseudowire class configuration mode, where pseudowire settings may be configured.

Examples

The following example shows how to enter pseudowire class configuration mode to configure a pseudowire configuration template named ether-pw:

Router(config)# pseudowire-class ether-pw

Router(config-pw)#

Related Commands

Command	Description
l2tp-class	Creates a template of L2TP control plane configuration settings that can be inherited by different pseudowire classes and enters L2TP class configuration mode.
pseudowire	Binds an attachment circuit to an L2 pseudowire for xconnect service.

receive-window

To configure the packet size of the receive window on the remote provider edge router at the other end of a Layer 2 (L2) control channel, use the receive-window command in L2TP class configuration mode. To disable the configured value, use the no form of this command.

receive-window size

no receive-window size

Syntax Description

size	The number of packets that can be received by the remote peer before backoff queueing occurs. The valid values range from 1 to the upper limit the peer has for receiving packets. The default value is the upper limit.

Defaults

The default value is the upper limit the remote peer has for receiving packets.

Command Modes

L2TP class configuration

Command History

Release	Modification
12.0(23)S	This command was introduced.
12.3(2)T	This command was integrated into Cisco IOS Release 12.3(2)T.

Usage Guidelines

To determine the upper limit for the size argument, refer to the platform-specific documentation for the peer router.

Examples

The following example sets a receive window of 30 packets to the remote peer in L2 pseudowires configured with the L2TP class named l2tp class1:

Router(config)# l2tp-class l2tp-class1

Router(config-l2tp-class)# receive-window 30

Related Commands

Command	Description
l2tp-class	Creates a template of L2TP control plane configuration settings that can be inherited by different pseudowire classes and enters L2TP class configuration mode.

retransmit

To configure the retransmission settings of control packets, use the retransmit command in L2TP class configuration mode. To disable the configured values, use the no form of this command.

retransmit {initial retries initial-retries | retries retries | timeout {max | min} timeout}

no retransmit {initial retries initial-retries | retries retries | timeout {max | min} timeout}

Syntax Description

initial retries initial-retries	Specifies how many start control channel requests (SCCRQs) are re-sent before giving up on the session. Valid values for the initial-retries argument range from 1 to 1000. The default value is 2
retries retries	Specifies how many retransmission cycles occur before determining that the peer provider edge (PE) router does not respond. Valid values for the retries argument range from 1 to 1000. The default value is 15.
timeout {max | min} timeout	Specifies maximum and minimum retransmission intervals (in seconds) for resending control packets. Valid values for the timeout argument range from 1 to 8. The default maximum interval is 8; the default minimum interval is 1.

Defaults

Initial retries: 2
Retries: 15
Maximum timeout interval: 8 seconds
Minimum timeout interval: 1 second

Command Modes

L2TP class configuration

Command History

Release	Modification
12.0(23)S	This command was introduced.
12.3(2)T	This command was integrated into Cisco IOS Release 12.3(2)T.

Usage Guidelines

Use this command to configure the amount of time spent trying to establish or maintain a control channel.

Examples

The following example configures ten retries for sending tunneled packets to a remote peer in L2 pseudowires configured with the L2TP class named l2tp class1:

Router(config)# l2tp-class l2tp-class1

Router(config-l2tp-class)# retransmit retries 10

Related Commands

Command	Description
l2tp-class	Creates a template of L2TP control plane configuration settings that can be inherited by different pseudowire classes and enters L2TP class configuration mode.

sequencing

To configure the direction in which sequencing is enabled for data packets in an a Layer 2 (L2) pseudowire, use the sequencing command in pseudowire class configuration mode. To remove the sequencing configuration from the pseudowire class, use the no form of this command.

sequencing {transmit | receive | both}

no sequencing {transmit | receive | both}

Syntax Description

transmit	Updates the Sequence Number field in the headers of data packets sent over the pseudowire according to the data encapsulation method that is used.
receive	Keeps the value in the Sequence Number field in the headers of data packets received over the pseudowire. Out-of-order packets are dropped.
both	Enables both the transmit and receive options.

Defaults

Sequencing is off.

Command Modes

Pseudowire class configuration

Command History

Release	Modification
12.0(23)S	This command was introduced.
12.3(2)T	This command was integrated into Cisco IOS Release 12.3(2)T.

Usage Guidelines

When you enable sequencing using any of the available options, the sending of sequence numbers is automatically enabled and the remote provider edge (PE) peer is requested to send sequence numbers. Out-of-order packets received on the pseudowire are dropped only if you use the sequencing receive or sequencing both command.

If sequencing is enabled for L2 pseudowires on the Cisco 7500 series, all traffic on the pseudowires is switched through the Route Switch Processor (RSP) regardless of the setting configured with the ip cef distributed command.

Examples

The following example shows how to enable sequencing in data packets in L2 pseudowires created from the pseudowire class named ether-pw so that Sequence Number field is updated in tunneled packet headers for data packets both sent and received over the pseudowire:

Router(config)# pseudowire-class ether-pw

Router(config-pw)# sequencing both

Related Commands

Command	Description
pseudowire-class	Specifies the name of an L2TP pseudowire class and enters pseudowire class configuration mode.

timeout setup

To configure the amount of time allowed to set up a control channel with a remote provider edge (PE) router at the other end of a Layer 2 (L2) pseudowire, use the timeout setup command in L2TP class configuration mode. To disable the configured value, use the no form of this command.

timeout setup seconds

no timeout setup seconds

Syntax Description

seconds

The number of seconds allowed to set up an L2 control channel. The valid values range from 60 to 6000. The default value is 300 seconds.

Defaults

300 seconds

Command Modes

L2TP class configuration

Command History

Release	Modification
12.0(23)S	This command was introduced.
12.3(2)T	This command was integrated into Cisco IOS Release 12.3(2)T.

Usage Guidelines

Use this command to configure the amount of time spent attempting to establish a control channel.

Examples

The following example sets a timeout period of 200 seconds to establish a control channel with a remote peer in L2 pseudowires configured with the L2TP class named l2tp class1:

Router(config)# l2tp-class l2tp-class1

Router(config-l2tp-class)# timeout setup 200

Related Commands

Command	Description
l2tp-class	Creates a template of L2TP control plane configuration settings that can be inherited by different pseudowire classes and enters L2TP class configuration mode.

Copyright © 2003 Cisco Systems, Inc. All rights reserved.