Solved: Can't ping PCs across two cisco 2811 routers with L2TPv3 with xConnect on subinterface

Eyad Zorob · ‎03-03-2012

Hello,

I have two cisco 2811 (Version 15.1(4)M3) connected using cross-over cable with two PCs connected on the outside interfaces (Windows 7 - firewall disabled).

PC1<-----Rj-45------>Fa0/0(R1)Fa0/1<---cross-over------->F0/1(R2)Fa0/0<-------------Rj-45---->PC2

Setting up L2TPv3 across two routers worked fine and tunnel session was running perfectly. Able to ping PC1 to PC2 and back

Now,

I changed it to sub-interface becasue I need to add a 3rd cisco 2811 router (R1 to R2 and R1 to R3) and the above setup does not work any more, show l2tunn session all :

Router1#show l2tun session all

L2TP Session Information Total tunnels 2 sessions 1

Session id 4140359334 is up, logical session id 32836, tunnel id 3777163427

Remote session id is 1253026228, remote tunnel id 3141954740

Locally initiated session

Unique ID is 29

Session Layer 2 circuit, type is Ethernet Vlan, name is FastEthernet0/0.1:100

Session vcid is 1001

Interworking type is IP

Circuit state is UP

Local circuit state is UP

Remote circuit state is UP

Call serial number is 1246500057

Remote tunnel name is Router2

Internet address is 192.168.102.1

Local tunnel name is Router1

Internet address is 192.168.103.1

IP protocol 115

Session is L2TP signaled

Session state is established, time since change 00:27:16

0 Packets sent, 1632 received

0 Bytes sent, 68544 received

Last clearing of counters never

Counters, ignoring last clear:

0 Packets sent, 1632 received

0 Bytes sent, 68544 received

Receive packets dropped:

out-of-order: 0

other: 0

total: 0

Send packets dropped:

exceeded session MTU: 0

other: 0

total: 0

DF bit off, ToS reflect disabled, ToS value 0, TTL value 255

Sending UDP checksums are disabled

Received UDP checksums are verified

No session cookie information available

FS cached header information:

encap size = 24 bytes

45000014 00000000 ff736d23 c0a86701

c0a86601 4aafa9b4

Sequencing is off

Conditional debugging is disabled

SSM switch id is 4109, SSM segment id is 12315

here is configuration output:

Using 2165 out of 245752 bytes

!

! Last configuration change at 18:15:46 UTC Sat Mar 3 2012

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router1

!

boot-start-marker

boot-end-marker

!

no aaa new-model

!

dot11 syslog

ip source-route

!

ip cef

!

no ipv6 cef

l2tp-class apple

authentication

password XXXXX

!

l2tp-class orange

authentication

password XXXXX

!

multilink bundle-name authenticated

!

voice-card 0

!

crypto pki token default removal timeout 0

!

license udi pid CISCO2811 sn XXXXXXXXXXXXXX

username SSSSSSSSSSSSS privilege 15 password 0 XXXXXXXXXXX

!

redundancy

!

pseudowire-class xconnect-apple

encapsulation l2tpv3

interworking ip

protocol l2tpv3 apple

ip local interface Loopback0

!

pseudowire-class xconnect-orange

encapsulation l2tpv3

protocol l2tpv3 orange

ip local interface Loopback1

!

interface Loopback0

ip address 192.168.103.1 255.255.255.0

!

interface Loopback1

ip address 192.168.105.1 255.255.255.0

!

interface FastEthernet0/0

no ip address

duplex auto

speed auto

no keepalive

!

interface FastEthernet0/0.1

encapsulation dot1Q 100

xconnect 192.168.102.1 1001 encapsulation l2tpv3 pw-class xconnect-apple

!

interface FastEthernet0/0.2

encapsulation dot1Q 200

xconnect 192.168.104.1 2002 pw-class xconnect-orange

!

interface FastEthernet0/1

ip address 192.168.101.1 255.255.255.0

duplex auto

speed auto

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

ip route 192.168.102.1 255.255.255.255 192.168.101.2

ip route 192.168.104.1 255.255.255.255 192.168.101.3

!

access-list 1 permit any

access-list 100 permit icmp any any

access-list 199 permit ip any any

!

control-plane

!

mgcp profile default

!

line con 0

line aux 0

line vty 0 4

login

transport input all

!

scheduler allocate 20000 1000

end

akittrell1220 · ‎03-26-2012

Hi Eyad,

Can you explain what you did to resolve your issue?

I have a similar problem.

I am using two 2811's, each with a 16 port etherswitch module. I have a VLAN trunk configured between the 2811 and the etherswitch module. The two 2811's are connected via an E1 crossover. I have a client PC connected to an etherswitch module on each end (VLAN 30). My L2tpv3 tunnel is up, However I am unable to ping between my client PCs.

Any help will do,

Thanks.

Anwar

View solution in original post

Peter Paluch · ‎03-03-2012

Hi Eyad,

Configuring the xconnect on a VLAN subinterface means that only the frames that enter the physical interface tagged with the appropriate VLAN tag will be tunneled across L2TP pseudowire to the other end. I do not believe this is what you want to achieve. Remember that the interface on which the xconnect is configured is facing the customer device. By configuring the xconnect on a VLAN subinterface, you expect that the customer device (in your case, a PC) sends and receives appropriately tagged frames. That is, in your case, certainly not happening. Also keep in mind that what is tunneled (in this case, tagged frames) has absolutely no relation through what it is tunneled (another Ethernet, PPP, HDLC, whatever) because it is L2TP+UDP+IP encapsulated.

Can you draw a diagram of the network as you expect it to be connected and tunneled when all three routers are present?

Best regards,

Peter

Eyad Zorob · ‎03-05-2012

Thanks Peter for your help. I discovered it was a switch mis-match configurations mainly with cat2900Xl and 2950

akittrell1220 · ‎03-26-2012

Hi Eyad,

Can you explain what you did to resolve your issue?

I have a similar problem.

I am using two 2811's, each with a 16 port etherswitch module. I have a VLAN trunk configured between the 2811 and the etherswitch module. The two 2811's are connected via an E1 crossover. I have a client PC connected to an etherswitch module on each end (VLAN 30). My L2tpv3 tunnel is up, However I am unable to ping between my client PCs.

Any help will do,

Thanks.

Anwar

Eyad Zorob · ‎03-27-2012

for my configuration, I used two 2900XL switches behind two 2811 rotuers. I needed to enable

encapsulation on each sub-interface on 2811s with matching vlan-ids:

interface FastEthernet0/0.1

encapsulation dot1Q vlan-id native

on corresponding switch:

interface GigabitEthernet0/2

switchport trunk allowed vlan-id

switchport mode trunk

!

interface GigabitEthernet0/3

switchport access vlan vlan-id

switchport mode access

and client connected to port 3 on switch.

hope that will help.

francsompas78 · ‎05-18-2012

Hi everybody,

I think I have the same problem as you but my platform doesn't works very well.

This is my platform configuration

I have a catalyst 3750 and a routeur 2811 on Paris

I have a catalyst 3550 and a router 2811 on Lyon

3750PAR --- --- 2811PAR ----- Tunnel L2TPV3---------2811 MPLS -----tunnel L2TPV3-------2811LYO-------trunk--3550LYO

Below the configuration files that I put on router 2811PAR

!

interface FastEthernet0/0.10

encapsulation dot1Q 10 native

no cdp enable

xconnect 10.0.1.249 10 pw-class ADMIN

!

interface FastEthernet0/0.20

encapsulation dot1Q 20

no cdp enable

xconnect 10.0.2.250 20 pw-class CRON

!

interface FastEthernet0/0.30

encapsulation dot1Q 30

xconnect 10.0.2.250 20 pw-class CRON

no cdp enable

!

here the configuration file on 3750PAR

int fa1/0/22

switchport mode trunk

switchport trunk envapsulation dot1Q

switchport trunk allowed vlan 10,20,30

switchport trunk native vlan 10

ip arp inspection trust

ip dhcp snooping trust

Here the problem. When I put the command line xconnect on sub interface on router 2811PAR, I lost communication with the switch 3750PAR. If I delete the command line xconnect, data work well between router 2811PAR an switch 3750PAR.

Does someone has an idea to solve this problem?