Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2133
Views
0
Helpful
0
Replies

C1111-8P L2TPV3 configuration over IPSEC

Laurent.fr
Level 1
Level 1

‎10-15-2021 03:20 AM

Hello all.

 

I am still beginner on cisco configuration and networking. I managed a labs network and should include a Cisco C1111-8p inside. My management is limited to a Firewall and different switch.

 

Thanks to balaji.bandi and Giuseppe Larosa, I have setup my network (Solved: Re: C1111-8P how to asses to WAN from VLAN - Cisco Community)., and each VLAN acces to internet whitout difficulties.

 

My Network:

My Wan interface was the interface GigabitEthernet0/0/1

VLAN 002 was configure to use port #2, #3 and #4 on interface GigabitEthernet0/1/#

VLAN 003 was configure to use port #5, #6 and #7 on interface GigabitEthernet0/1/#

 

My work to do:

Now I have to interconnect an IPSEC /L2TPV3 partner network.

IPSEC seems to be configure properly and my L2TPV3 works on only one switch port.

 

My problem:

I hope that following explanation will be clear enough.

  • I have setup an xconnect connection on each interface.
    • VC id is concatenation on VLAN-ID and switch interface identification.
      • Ie : Int G0/x/y on vlan Z è Vc Id=Zxy
    • I try to connect myself to parter, thanks to an acces point on interface GigabitEthernet0/1/7 (VLAN 003) è Vc Id 317
    • Partner has configured his own cisco router with a trunk interface to its internal network, and a setup an xconnect rule for id 317
      • So for him all vlan use this trunk interface to acces to its internal network / VLAN and the L2 layer don’t take care at this step of VLAN source interface.

Partner see my L2TPV3 connection operational, but he ask me to put a computer on VLAN 002.

Of course, for me, doing it will broke L2TPV3 acces because I will use xconnect Vc-id 212,213 or 214

 

Accordling this, and considering I have no other switch:

- How can I create a xconnect like request on WAN interface (and so remove interface G0/1/x xconnect rules) to  be compliant to partner configuration.

 

I have try to create a tunnel interface to force xconnect on the WAN, but I have not arrived to obtain a result.

Xconnect rule on WAN interface seems refused or incomplete.( ! Incomplete or Invalid Xconnect config)

 

 Below part of my  configuration

 

!

l2tp-class L2_CLASS_TEST
authentication
password XXXXXX

!

pseudowire-class PSEUDOWIRE_CLASS_TEST
encapsulation l2tpv3
protocol l2tpv3 L2_CLASS_TEST
ip local interface Loopback1

!

interface GigabitEthernet0/1/2

 description default Vlan 002 port #0

 switchport access vlan 002

 switchport mode access

xconnect partner_Ip  212 encapsulation l2tpv3 pw-class PSEUDOWIRE_CLASS_TEST

!

…….

!

interface GigabitEthernet0/1/7

 description default Vlan 003 port #2

 switchport access vlan 003

 switchport mode access

xconnect partner_Ip  317 encapsulation l2tpv3 pw-class PSEUDOWIRE_CLASS_TEST

!

 

To resume, I have only a C1111-8p router/switch and I would like to proceed of a 'xconnect rule like' on the WAN interface

What I have (works only on interface #7 on VL003)

Laurentfr_1-1634292045934.png

 

What I want (works without switch interface reference)

Laurentfr_2-1634292045936.png

Thanks by advance for all the help you can provide to me.



 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents