cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7077
Views
0
Helpful
11
Replies

Can't connect VLAN intfc on 881 to l2tpv3 pseudowire

mmyers
Level 1
Level 1

Hi folks,

   I'm looking to build (cheaply) some l2tpv3 tunnels across a campus network.  I have a pair of 881's and I was hoping to xconnect the VLAN 1 intfcs between the two of them.   "xconnect" is not a CLI option on the interface configuration, although it is for the individual Fa0-3 interfaces.  Just for grins, I xconnected the l2tpv3 tunnel between each Fa3 on each router, and the tunnel comes up successfully and I can see a session established.  I am routing between the WAN interfaces (Fa4) on each.  However, L2 traffic is not passing between the two Fa3 interfaces.

   I can do it backwards, i.e. route between the Vlan1 interfaces and xconnect the Fa4 interfaces (i.e. WAN), and I can see broadcast traffic from the destination network appearing on the local interface.  However, I'd really rather have the four interfaces in VLAN1 tunnelled rather than the WAN interface.  I am guessing this has to do with ISL vs. 802.1q, since I'm trying to encapsulate VLAN1 as Ethernet and not as dot1q - but I'm a bit lost here and I'm not quite sure if I can make this work.

Fa3/VLAN1 - pseudowire(Fa4<>Fa4) - VLAN1/Fa3           doesn't work

Fa4 - pseudowire(VLAN1<>VLAN1) - Fa4   works

Anyone have any ideas?

Thanks,

- Mike

11 Replies 11

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Mike,

I would not consider 881 for L2TPv3 you should consider at least a C3825 or a C2821

I have been able to configure it on C3725 and C3745 with 12.3T five years ago

>> across a campus network

use 802.1Q in Q instead much more efficient and supported also on old C3550 it can be used between switches this is the key point

see

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_46_se/configuration/guide/swtunnel.html

Hope to help

Giuseppe

mmyers
Level 1
Level 1

Thanks, Giuseppe, but Q-in-Q is unfortunately not an option here.  I appreciate the answer, though!

Claus Gonnsen
Level 1
Level 1

Hi,

I have a couple of 881 routers and use L2TPv3 between them and it works just fine.

IOS 15.1(2)T1

I had to build one xconnect for the FastEthernet ports on each side

and one xconnect for the VLAN on each side.

Attach the VLANs to the FastEthernet ports (switchport access vlan xx).

The 1st XC on the FE ports let my get the Layer 2 traffic through and with the 2nd XC on the VLAN interfaces

I was able to get Layer 3 traffic through also.

Hope this helps

Hi Claus,

I have the exact same setup here with two Cisco 881-Sec-K9s with IOS 151-4.M4. I have done the following on both routers to have a transparent L2 conenctivity between the two sites and I can get ping working however not the multicast traffic i.e. OSPF Hello, would you mind sharing your config? Much appreciated.

R2

sh run int fa1

!

interface FastEthernet1

switchport access vlan 2

no ip address

xconnect 198.18.5.191 2 encapsulation l2tpv3 manual pw-class CogentPTP

  l2tp id 4 3

end

!

interface Vlan2

xconnect 198.18.5.191 1 encapsulation l2tpv3 manual pw-class CogentPTP

  l2tp id 2 1

end

R1

interface FastEthernet1

switchport access vlan 2

no ip address

xconnect 198.18.5.190 2 encapsulation l2tpv3 manual pw-class CogentPTP

  l2tp id 3 4

end

!

interface Vlan2

xconnect 198.18.5.190 1 encapsulation l2tpv3 manual pw-class CogentPTP

  l2tp id 1 2

end

Thanks

Patrick

Hi Patrick,

I have had a lot of problems getting L2TPv3 to work between my 800-series routers over time.

881 <-> 881, 881 <-> 887 and 881 <-> 891

It appears that Cisco have different ways of doing L2TPv3 depending on the platform and the IOS version.

Finally, I had to get service contracts for my routers and get the latest IOS on my routers to get everything working.

I would recommend that you get IOS 15.2 and above.

(No more xconnect on the FastEthernet interface, only on the VLAN interface).

(l2protocol-tunneling on the FastEthernet interface instead)

I have a DMVPN network with 881's and 887VA's Spoke routers and a 891 as the Hub router and use L2TPv3

to tunnel connections from my VoIP PBX to my remote IP Phones, so that can get CDP and STP packets through.

The routers run EIGRP between them, and the multicast for routing updates is configured on the tunnel interface.

The multicast traffic is sent via my Hub router.

I have not tried to move multicast traffic over the L2TPv3 tunnel yet, but I guess it should work fine.

Here is some of my config.

L2TPv3 <--------------------------------------> L2TPv3

FA2 <-> R1 (Spoke) <-> R3 (Hub) <-> R2 (Spoke) <-> FA2


R1 (CISCO881-SEC-K9, 15.2(3)T)


ip multicast-routing
!
l2tp-class xc_R1_R2
authentication
password 0 xxxx
!
!
pseudowire-class pw_port_fa2
encapsulation l2tpv3
interworking ethernet
protocol l2tpv3 xc_R1_R2
ip local interface Tunnel1
ip tos reflect
!
!
interface FastEthernet2
description xc_R1_to_R2
switchport access vlan 22
no ip address
l2protocol-tunnel cdp
l2protocol-tunnel lldp
l2protocol-tunnel stp
no keepalive
no cdp enable
no arp arpa
!
!
interface Vlan22
no ip address
no autostate
xconnect 10.1.1.2 222 pw-class pw_port_fa2
!
!
interface Tunnel1
description TUNNEL_INTERFACE
bandwidth 756
bandwidth receive 4096
ip address 10.1.1.1 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 1
no ip split-horizon eigrp 1
ip pim nbma-mode
ip pim sparse-dense-mode
ip nhrp authentication xxxxx
ip nhrp group xxxxxx
ip nhrp map multicast dynamic
ip nhrp network-id 1234
ip nhrp holdtime 600
ip nhrp nhs dynamic nbma hubrouter.mydomain.net multicast
ip nhrp registration no-unique
ip nhrp registration timeout 30
ip nhrp shortcut
ip nhrp redirect
ip virtual-reassembly in
ip virtual-reassembly out
ip tcp adjust-mss 1360
keepalive 10 3
tunnel source Dialer1
tunnel mode gre multipoint
tunnel path-mtu-discovery
!


R2 (CISCO881-SEC-K9, 15.2(4)M1)

ip multicast-routing
!
l2tp-class xc_R1_R2
authentication
password 0 xxxx
!
!
pseudowire-class pw_port_fa2
encapsulation l2tpv3
interworking ethernet
protocol l2tpv3 xc_R1_R2
ip local interface Tunnel1
ip tos reflect
!
!
interface FastEthernet2
description xc_R1_to_R2
switchport access vlan 22
no ip address
l2protocol-tunnel cdp
l2protocol-tunnel lldp
l2protocol-tunnel stp
no keepalive
no cdp enable
no arp arpa
!
!
interface Vlan22
no ip address
no autostate
xconnect 10.1.1.1 222 pw-class pw_port_fa2
!
!
interface Tunnel1
description TUNNEL_INTERFACE
bandwidth 1024
bandwidth receive 7168
ip address 10.1.1.2 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 1
no ip split-horizon eigrp 1
ip pim nbma-mode
ip pim sparse-dense-mode
ip nhrp authentication xxxxx
ip nhrp group xxxxxx
ip nhrp map multicast dynamic
ip nhrp network-id 1234
ip nhrp holdtime 600
ip nhrp nhs dynamic nbma hubrouter.mydomain.net multicast
ip nhrp shortcut
ip nhrp redirect
ip virtual-reassembly in
ip virtual-reassembly out
ip tcp adjust-mss 1360
keepalive 10 3
tunnel source Dialer1
tunnel mode gre multipoint
tunnel path-mtu-discovery
!

I hope this will help you.

regards, Claus

Thank you for your informative information, I think you've got what I am looking for!

l2protocol-tunnel is used in high grade models however never in the 880 series router until the IOS 15.2. I shall give this a try and revert! Thanks again.

Where are you doing the L3 routing at for these vlan's that have been extended via L2TPv3?

Hi Dennis,

 

This was some years ago, my network has changed since then. The L3 routing is done in the EIGRP process, and the VLAN's are cross-connected to the DMVPN Tunnel interfaces. Today I use Loopback interfaces for the XConnect's, and the Loopback's IP address' are published in EIGRP / OSPF.

 

Best regards Claus

 

patrickwu65
Level 1
Level 1

Hi Guys,

I got it working now!

The new IOS now supports "switchport mode dot1q-tunnel" therefore we can have a port that is completely transparent.This is running over a IPVPN over MPLS network. 

pseudowire-class TestP2P

encapsulation l2tpv3

protocol none

ip local interface Loopback0

interface FastEthernet1

switchport access vlan 2

switchport mode dot1q-tunnel

no ip address

no keepalive

no cdp enable

interface Vlan2

no ip address

xconnect 198.18.5.191 1 encapsulation l2tpv3 manual pw-class TestP2P

  l2tp id 2 1

Thanks

Patrick

Hi Patrick,

I'm glad you got it working. I'll try out the 'dot1q-tunneling' when I get my lab routers setup.

(I really wish that Cisco had a Step-by-Step guide on this stuff).

Best regards,

Claus

Patrick,

 

Which models and which IOS did you use?

 

I have exactly the same problem - 897 box with 15.2.4.M6 IOS. xconnect is not available on VLAN interface. I've tried everything.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco