Exemplo de Configuração do Método Estático e do Método de Hairpinning do Protocolo de Encapsulamento da Camada 2 (Versão 3)
Contents
Introduction
Este documento oferece um exemplo de configuração dos métodos de estática e hairpinning da versão 3 do Protocolo de túnel da camada 2 (L2TPv3).
Esta tabela descreve o suporte à modificação da versão do software Cisco IOS® para L2TPv3:
| Versão do Cisco IOS Software | Descrição do suporte de L2TPv3 |
|---|---|
| 12.0(21)S | O suporte de plano de dados inicial para L2TPv3 foi apresentado nas plataformas das séries Cisco 7200, Cisco 7500, Cisco 10720 e Cisco 12000. |
| 12.0(23)S | O suporte ao plano de controle L2TPv3 foi apresentado nas plataformas das séries Cisco 7200, Cisco 7500, Cisco 10720 e Cisco 12000. |
| 12.3(2)T | Este recurso foi integrado ao Cisco IOS Software Release 12.3(2)T. |
É necessário habilitar o CEF (Cisco Express Forwarding) para usar o recurso L2TPv3. O submodo de configuração Xconnect fica bloqueado até que o CEF seja habilitado. Em plataformas distribuídas, como o Cisco 7500 Series, se o CEF for desabilitado enquanto uma sessão é estabelecida, a sessão será desativada e permanecerá desativada até que o CEF seja reabilitado. Use o comando ip cef ou ip cef distribute para ativar o CEF.
É altamente recomendável especificar um endereço IP de origem para configurar uma interface de loopback. Se você não configurar uma interface de loopback, o roteador selecionará o melhor endereço local disponível, que pode ser qualquer endereço IP configurado em uma interface voltada para o núcleo. Essa configuração pode impedir o estabelecimento de um canal de controle. O endereço de loopback deve ser alcançável a partir das redes centrais.
Prerequisites
Requirements
Antes de tentar esta configuração, verifique se você tem conhecimento de:
Componentes Utilizados
Este documento não se restringe a versões de software e hardware específicas.
Conventions
Para obter mais informações sobre convenções de documento, consulte as Convenções de dicas técnicas Cisco.
Configurar
Nesta seção, você encontrará informações para configurar os recursos descritos neste documento.
Observação: para encontrar informações adicionais sobre os comandos usados neste documento, use a ferramenta Command Lookup Tool (somente clientes registrados).
Diagrama de Rede
Este documento utiliza a seguinte configuração de rede:
Observação: os roteadores R2 e R3 são usados pelo provedor. Os roteadores R1, R4, R5 e R6 são clientes finais. Usando L2TPv3, o roteador R4 parece ter uma conexão direta com R5; isso também é verdade para a conexão entre o roteador R1 e o roteador R6.
Configurações
Este documento utiliza as seguintes configurações:
-
Pseudo-fio estático através de uma nuvem IP. Uma parte relevante da configuração pode ser encontrada em R2 e R3, onde estão configurados dois túneis unidirecionais.
-
Comutação local ou pseudo-fio (de uma porta para outra no mesmo roteador). A configuração é feita apenas em R2 e consiste na configuração de dois túneis unidirecionais apontando para dois loopbacks, que estão ambos no roteador R2.
| R2 |
|---|
R2# show running-config Building configuration... service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname R2 ! ! clock timezone EST 10 ip subnet-zero ip cef no ip domain-lookup l2tp-class R2signal hello 10 password 0 cisco cookie size 8 ! pseudowire-class wireR5R4 encapsulation l2tpv3 protocol l2tpv3 R2signal ip local interface Loopback0 ip dfbit set ! pseudowire-class wireR6R1 encapsulation l2tpv3 protocol l2tpv3 R2signal ip local interface Loopback1 ip dfbit set ! pseudowire-class wireR1R6 encapsulation l2tpv3 protocol l2tpv3 R2signal ip local interface Loopback2 ip dfbit set ! interface Loopback0 description Used by wireR5R4 for Static Connection ip address 2.2.2.2 255.255.255.255 no ip directed-broadcast ! interface Loopback1 description Used by wireR6R1 for Hair Pinning Connection ip address 2.2.2.6 255.255.255.255 no ip directed-broadcast ! interface Loopback2 description Used by wireR1R6 for Hair Pinning Connection ip address 2.2.2.1 255.255.255.255 no ip directed-broadcast ! interface Ethernet0/0 description Connection to R1 no ip address no ip directed-broadcast xconnect 2.2.2.6 16 encapsulation l2tpv3 pw-class wireR1R6 ! interface Ethernet1/0 description Connection to Pretend Cloud. ip address 20.20.20.2 255.255.255.0 no ip directed-broadcast no cdp enable ! interface Ethernet2/0 description Connection to R5 no ip address no ip directed-broadcast no cdp enable xconnect 3.3.3.3 12 encapsulation l2tpv3 pw-class wireR5R4 ! interface Ethernet3/0 description Connection to R6 no ip address no ip directed-broadcast xconnect 2.2.2.1 16 encapsulation l2tpv3 pw-class wireR6R1 ! ip classless ip route 3.3.3.3 255.255.255.255 20.20.20.3 !--- The other end of wireR5R4 loopback (3.3.3.3) must be !--- reachable from this router. Hair Pinning loopbacks !--- are reachable—there is no need for additional routes. ! ! line con 0 exec-timeout 0 0 privilege level 15 line aux 0 line vty 0 4 login ! end |
| R3 |
|---|
R3# show running-config Building configuration... version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname R3 ! ! clock timezone EST 10 ip subnet-zero ip cef ! l2tp-class R3signal hello 10 password 0 cisco cookie size 8 ! pseudowire-class wireR4R5 encapsulation l2tpv3 protocol l2tpv3 R3signal ip local interface Loopback0 ip dfbit set ! interface Loopback0 description Use by wireR4R5 for static connection ip address 3.3.3.3 255.255.255.255 no ip directed-broadcast ! interface Ethernet0/0 ip address 20.20.20.3 255.255.255.0 no ip directed-broadcast ! interface Ethernet1/0 no ip address no ip directed-broadcast no cdp enable xconnect 2.2.2.2 12 encapsulation l2tpv3 pw-class wireR4R5 ! ip classless ip route 2.2.2.2 255.255.255.255 Ethernet0/0 !--- The other end of wireR4R5 loopback (3.3.3.3) must be !--- reachable from this router. ! line con 0 exec-timeout 0 0 privilege level 15 line aux 0 line vty 0 4 login ! end |
Configuração do roteador final do túnel R1R6 (pseudo-fio) do cliente:
| R1 |
|---|
R1# show running-config Building configuration... version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname R1 ! ! clock timezone EST 10 ip subnet-zero no ip domain-lookup ! interface Ethernet0/0 ip address 10.10.10.1 255.255.255.0 no ip directed-broadcast ! ip classless ! line con 0 exec-timeout 0 0 privilege level 15 line aux 0 line vty 0 4 login ! end |
| R6 |
|---|
R6# show running-config Building configuration... version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname R6 ! ! clock timezone EST 10 ip subnet-zero no ip domain-lookup ! interface Ethernet0/0 ip address 10.10.10.6 255.255.255.0 no ip directed-broadcast ! ip classless ! line con 0 exec-timeout 0 0 privilege level 15 line aux 0 line vty 0 4 login ! end |
Configuração do roteador final do túnel R4R5 (pseudo-fio) do cliente:
| R4 |
|---|
R4# show running-config Building configuration... version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname R4 ! ! ip subnet-zero ! interface Ethernet0/0 ip address 30.30.30.4 255.255.255.0 no ip directed-broadcast ! router ospf 1 log-adjacency-changes network 30.30.30.0 0.0.0.255 area 0 ! ip classless ! line con 0 exec-timeout 0 0 privilege level 15 line aux 0 line vty 0 4 login ! end |
| R5 |
|---|
R5# show running-config Building configuration... version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname R5 ! ! ip subnet-zero ! interface Ethernet0/0 ip address 30.30.30.5 255.255.255.0 no ip directed-broadcast ! router ospf 1 log-adjacency-changes network 30.30.30.0 0.0.0.255 area 0 ! ip classless ! line con 0 exec-timeout 0 0 privilege level 15 line aux 0 line vty 0 4 login ! end |
Verificar
Esta seção fornece informações que você pode usar para confirmar se sua configuração está funcionando adequadamente.
R4# show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
30.30.30.5 1 FULL/DR 00:00:39 30.30.30.5 Ethernet0/0
R5# show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
30.30.30.4 1 FULL/BDR 00:00:38 30.30.30.4 Ethernet0/0
R1# show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
R6 Eth 0/0 158 R 7206VXR Eth 0/0
A Output Interpreter Tool (somente clientes registrados) oferece suporte a determinados comandos show, o que permite exibir uma análise da saída do comando show.
-
show l2tun tunnel all — Para exibir o estado atual de uma sessão L2TPv3 e exibir informações sobre sessões configuradas atualmente, incluindo nomes de host L2TP local e remoto, contagens de pacotes agregadas e canais de controle L2TP, use o comando show l2tun tunnel all no modo EXEC.
R2# show l2tun tunnel all Tunnel Information Total tunnels 3 sessions 3 Tunnel id 54217 is up, remote id is 44186, 1 active sessions Tunnel state is established, time since change 00:12:07 Tunnel transport is IP (115) Remote tunnel name is R2 Internet Address 2.2.2.6, port 0 Local tunnel name is R2 Internet Address 2.2.2.1, port 0 Tunnel domain is VPDN group for tunnel is - L2TP class for tunnel is R2signal 88 packets sent, 87 received 10086 bytes sent, 11092 received Control Ns 76, Nr 74 Local RWS 1024 (default), Remote RWS 1024 (max) Tunnel PMTU checking disabled Retransmission time 1, max 1 seconds Unsent queuesize 0, max 0 Resend queuesize 0, max 2 Total resends 0, ZLB ACKs sent 72 Current nosession queue check 0 of 5 Retransmit time distribution: 0 0 0 0 0 0 0 0 0 Sessions disconnected due to lack of resources 0 Tunnel id 44186 is up, remote id is 54217, 1 active sessions Tunnel state is established, time since change 00:12:08 Tunnel transport is IP (115) Remote tunnel name is R2 Internet Address 2.2.2.1, port 0 Local tunnel name is R2 Internet Address 2.2.2.6, port 0 Tunnel domain is VPDN group for tunnel is - L2TP class for tunnel is R2signal 87 packets sent, 88 received 11092 bytes sent, 10086 received Control Ns 74, Nr 76 Local RWS 1024 (default), Remote RWS 1024 (max) Tunnel PMTU checking disabled Retransmission time 1, max 1 seconds Unsent queuesize 0, max 0 Resend queuesize 0, max 1 Total resends 0, ZLB ACKs sent 74 Current nosession queue check 0 of 5 Retransmit time distribution: 0 0 0 0 0 0 0 0 0 Sessions disconnected due to lack of resources 0 Tunnel id 24124 is up, remote id is 48735, 1 active sessions Tunnel state is established, time since change 00:11:00 Tunnel transport is IP (115) Remote tunnel name is R3 Internet Address 3.3.3.3, port 0 Local tunnel name is R2 Internet Address 2.2.2.2, port 0 Tunnel domain is VPDN group for tunnel is - L2TP class for tunnel is R2signal 155 packets sent, 158 received 15230 bytes sent, 17586 received Control Ns 69, Nr 67 Local RWS 1024 (default), Remote RWS 1024 (max) Tunnel PMTU checking disabled Retransmission time 1, max 1 seconds Unsent queuesize 0, max 0 Resend queuesize 0, max 2 Total resends 1, ZLB ACKs sent 65 Current nosession queue check 0 of 5 Retransmit time distribution: 0 0 1 0 0 0 0 0 0 Sessions disconnected due to lack of resources 0 R3# show l2tun tunnel all Tunnel Information Total tunnels 1 sessions 1 Tunnel id 48735 is up, remote id is 24124, 1 active sessions Tunnel state is established, time since change 00:12:36 Tunnel transport is IP (115) Remote tunnel name is R2 Internet Address 2.2.2.2, port 0 Local tunnel name is R3 Internet Address 3.3.3.3, port 0 Tunnel domain is VPDN group for tunnel is - L2TP class for tunnel is R3signal 180 packets sent, 176 received 19766 bytes sent, 17316 received Control Ns 77, Nr 79 Local RWS 1024 (default), Remote RWS 1024 (max) Tunnel PMTU checking disabled Retransmission time 1, max 1 seconds Unsent queuesize 0, max 0 Resend queuesize 0, max 1 Total resends 1, ZLB ACKs sent 78 Current nosession queue check 0 of 5 Retransmit time distribution: 0 0 1 0 0 0 0 0 0 Sessions disconnected due to lack of resources 0 -
show l2tun session all — Para exibir o estado atual de uma sessão de Camada 2 e informações do protocolo de exibição sobre um canal de controle L2TPv3, use o comando show l2tun session all no modo EXEC.
R2# show l2tun session all Session Information Total tunnels 3 sessions 3 Session id 19996 is up, tunnel id 54217 Call serial number is 1492400000 Remote tunnel name is R2 Internet address is 2.2.2.6 Session is L2TP signalled Session state is established, time since change 00:15:37 112 Packets sent, 111 received 12309 Bytes sent, 13312 received Receive packets dropped: out-of-order: 0 total: 0 Send packets dropped: exceeded session MTU: 0 total: 0 Session vcid is 16 Session Layer 2 circuit, type is Ethernet, name is Ethernet0/0 Circuit state is UP Remote session id is 19999, remote tunnel id 44186 DF bit on, ToS reflect disabled, ToS value 0, TTL value 255 Session cookie information: local cookie, size 8 bytes, value 6E 47 8C 4A BA BF 7E A4 remote cookie, size 8 bytes, value 7F 9F 65 C4 C7 5B 57 FF FS cached header information: encap size = 32 bytes 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 Sequencing is off Session id 19999 is up, tunnel id 44186 Call serial number is 1492400000 Remote tunnel name is R2 Internet address is 2.2.2.1 Session is L2TP signalled Session state is established, time since change 00:15:38 111 Packets sent, 112 received 13312 Bytes sent, 12309 received Receive packets dropped: out-of-order: 0 total: 0 Send packets dropped: exceeded session MTU: 0 total: 0 Session vcid is 16 Session Layer 2 circuit, type is Ethernet, name is Ethernet3/0 Circuit state is UP Remote session id is 19996, remote tunnel id 54217 DF bit on, ToS reflect disabled, ToS value 0, TTL value 255 Session cookie information: local cookie, size 8 bytes, value 7F 9F 65 C4 C7 5B 57 FF remote cookie, size 8 bytes, value 6E 47 8C 4A BA BF 7E A4 FS cached header information: encap size = 32 bytes 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 Sequencing is off Session id 20005 is up, tunnel id 24124 Call serial number is 1492400002 Remote tunnel name is R3 Internet address is 3.3.3.3 Session is L2TP signalled Session state is established, time since change 00:14:29 200 Packets sent, 204 received 19650 Bytes sent, 22100 received Receive packets dropped: out-of-order: 0 total: 0 Send packets dropped: exceeded session MTU: 0 total: 0 Session vcid is 12 Session Layer 2 circuit, type is Ethernet, name is Ethernet2/0 Circuit state is UP Remote session id is 17834, remote tunnel id 48735 DF bit on, ToS reflect disabled, ToS value 0, TTL value 255 Session cookie information: local cookie, size 8 bytes, value 22 09 F1 E9 BC 8C 00 94 remote cookie, size 8 bytes, value 39 DD CB 00 9C 4B 1C 8C FS cached header information: encap size = 32 bytes 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 Sequencing is off R3# show l2tun session all Session Information Total tunnels 1 sessions 1 Session id 17834 is up, tunnel id 48735 Call serial number is 1492400002 Remote tunnel name is R2 Internet address is 2.2.2.2 Session is L2TP signalled Session state is established, time since change 00:23:53 327 Packets sent, 322 received 33758 Bytes sent, 31248 received Receive packets dropped: out-of-order: 0 total: 0 Send packets dropped: exceeded session MTU: 0 total: 0 Session vcid is 12 Session Layer 2 circuit, type is Ethernet, name is Ethernet1/0 Circuit state is UP Remote session id is 20005, remote tunnel id 24124 DF bit on, ToS reflect disabled, ToS value 0, TTL value 255 Session cookie information: local cookie, size 8 bytes, value 39 DD CB 00 9C 4B 1C 8C remote cookie, size 8 bytes, value 22 09 F1 E9 BC 8C 00 94 FS cached header information: encap size = 32 bytes 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 Sequencing is off
Troubleshoot
Esta seção fornece informações que podem ser usadas para o troubleshooting da sua configuração.
É possível utilizar o Bug Tool Kit (apenas clientes registrados) para obter mais informações sobre esses bugs relacionados aos recursos do L2TPv3:
-
CSCdz01467 (somente clientes registrados) — Resolvido (R) L2TPv3: Contador de pacotes de túnel, exibe contagem imprecisa.
-
CSCeb56061 (somente clientes registrados) —Resolvido (R) L2TPv3: L2TPv3oETH gera túneis zombie.
-
CSCeb35497 (somente clientes registrados) —Sequenciamento L2TPv3 resolvido (R): O Seqnum Tx não é finalizado para 1 após 16777215.
-
CSCdz48481 (somente clientes registrados) —A configuração de hairpinning L2TPv3 resolvida (R) não é mais suportada.
-
CSCec00463 (somente clientes registrados) —Resolvido (R) L2TPv3: Falha no decap do modo de porta Ethernet Gig
-
CSCec44356 (apenas clientes registrados) —Resolvido (R) C10720: A correspondência 802.1P no hairpinning L2TPv3 está quebrada.
Informações Relacionadas
Histórico de revisões
| Revisão | Data de publicação | Comentários |
|---|---|---|
1.0 |
10-Aug-2005
|
Versão inicial |
FeedbackContate a Cisco
- Abrir um caso de suporte
- (É necessário um Contrato de Serviço da Cisco)