Showing results for 
Search instead for 
Did you mean: 

Are L2TPv3 endpoints not supported to source from VRFs?

Level 7
Level 7


I have a customer that needs to tunnel serial data from remote sites to a central site. This serial data is HDLC encapsulated and the remote site has a Cisco 1921 router with HWIC4A/S.

The central router is a Cisco 2951, also with HWIC4A/S.

This customer has several VPNs carried by a service provider through MPLS. One VPN is for operational traffic, one is for test traffic and so on.

They want to send the tunneled traffic through the operational VPN on the router doing tunneling through VRF lite. This does however not seem to be supported but I can't find any restrictions in the Cisco documentation.

Here is a working configuration:


pseudowire-class PW
 encapsulation l2tpv3
 sequencing transmit
 protocol none
 ip local interface loopback0
 ip tos value 128
 ip ttl 10

interface Loopback0
 ip address x.x.x.x

interface Serial0/0/0
 description ### redacted ###
 no ip address
 no keepalive
 ignore dtr
 clock rate 19200
 no cdp enable
 xconnect y.y.y.y 1001 encapsulation l2tpv3 manual pw-class PW
  l2tp id 61001 101

redacted#show l2tun session all

Session id 61001 is up, logical session id 65668, tunnel id n/a       
  Remote session id is 101, remote tunnel id n/a       
  Locally initiated session
  Unique ID is 24
Session Layer 2 circuit, type is HDLC, name is Serial0/0/0
  Session vcid is 1001
  Circuit state is UP
    Local circuit state is UP
    Remote circuit state is UP
Call serial number is 0
Remote tunnel name is
  Internet address is y.y.y.y
Local tunnel name is
  Internet address is x.x.x.x
IP protocol 115
  Session is manually signaled
  Session state is established, time since change 19:04:36
    1087277 Packets sent, 0 received
    21281118 Bytes sent, 0 received
  Last clearing of counters never
  Counters, ignoring last clear:
    1087277 Packets sent, 0 received
    21281118 Bytes sent, 0 received
    Receive packets dropped:
      out-of-order:             0
      other:                    0
      total:                    0
    Send packets dropped:
      exceeded session MTU:     0
      other:                    0
      total:                    0
  DF bit off, ToS reflect disabled, ToS value 128, TTL value 10
  Sending UDP checksums are disabled
  Received UDP checksums are verified
  No session cookie information available
  FS cached header information:
    encap size = 28 bytes
    45800014 00000000 0a738706 0a741822
    0a74fbe7 00000065 00000000
  Sequencing is on
    Ns 1087268, Nr 0, 0 out of order packets received
    Packets switched/dropped by secondary path: Tx 0, Rx 0
  Conditional debugging is disabled
  SSM switch id is 4226, SSM segment id is 12422

The traffic is unidirectional so it's expected to only have packets sent and not received. This works fine. However, if put the loopback in a VRF, the tunnel still comes up but no traffic is forwarded.

int loopback 0

ip vrf forwarding OPER

This would stop the traffic from passing through the tunnel. I suspect that the Cisco implementation of L2TPv3 is not VRF aware but have been unable to get any confirmation so far.

Has anyone else tried to deploy this when sourcing from a VRF?

Daniel Dib
CCIE #37149
CCDE #20160011

Please rate helpful posts.
1 Reply 1

Level 1
Level 1


The IP local interface must be a loopback interface and the loopback interface cannot be in a VRF.

Review Cisco Networking for a $25 gift card