cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3038
Views
0
Helpful
4
Replies

L2TP over ADSL

dannymcca
Level 1
Level 1

Please help!!

I have 2 887va routers which are both connected to an ADSL line and each other by VPN.

I am trying to set them up to pass layer 2 traffic. I have followed all the help I can find but they still fail to pass layer 2 traffic.

Below is the config files, please can someone correct these so that I am able to pass layer 2 traffic - I am now getting desperate as I have been trying to do this for nearly a week.

Any help is greatly appreciated.

Router 1

Building configuration...

Current configuration : 4206 bytes

!

! Last configuration change at 15:19:10 UTC Wed May 1 2013

version 15.1

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname xxx

!

boot-start-marker

boot-end-marker

!

!

enable secret 4 pozkvcqXiM/f4AVrqz8PjSI9KxXYqhSXdmI.1yi0uD2

!

no aaa new-model

memory-size iomem 10

crypto pki token default removal timeout 0

!

!

ip source-route

!

!        

ip cef

no ipv6 cef

l2tp-class l2class

hidden  

authentication

hello 100

hostname xxx

password tunnel2

receive-window 35

retransmit retries 10

timeout setup 400

!        

!        

vpdn enable

vpdn search-order domain 

!

vpdn-group vpdngroup1

accept-dialin

  protocol l2tp

  virtual-template 1

terminate-from hostname xxx

!

license udi pid CISCO887VA-K9 sn FCZ1706908Q

!

!        

username xxx password 0 pass

username xxx password 0 pass

!

!        

controller VDSL 0

!        

pseudowire-class PSClass

! Incomplete config [Encapsulation not specified]

!

pseudowire-class etherpw

encapsulation l2tpv3

sequencing both

ip local interface Dialer0

ip pmtu 

ip tos reflect

ip ttl 100

!

!        

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key VPNKEY address xxx.xxx,xxx,xxx

crypto isakmp keepalive 30 5

!        

!

crypto ipsec transform-set VPNSET esp-3des esp-sha-hmac

!

crypto map xxx 10 ipsec-isakmp

set peer xxx.xxx.xxx.xxx

set transform-set VPNSET

match address 101

!        

bridge irb

!        

!

interface Loopback1

no ip address

!        

interface Ethernet0

no ip address

shutdown

no fair-queue

!

interface ATM0

no ip address

ip nat outside

ip virtual-reassembly in

no atm ilmi-keepalive

pvc 0/38

  encapsulation aal5mux ppp dialer

  dialer pool-member 1

!      

!

interface FastEthernet0

switchport access vlan 2

no ip address

!

interface FastEthernet1

no ip address

!        

interface FastEthernet2

no ip address

!

interface FastEthernet3

no ip address

!       

interface Virtual-Template1

ip unnumbered Loopback1

ppp authentication chap

ppp chap hostname xxx

!

interface Virtual-PPP1

ip unnumbered Loopback1

ppp authentication chap

ppp chap hostname wtn-40acre

pseudowire xxx.xxx.xxx.xxx pw-class PSClass

  ! Incomplete or Invalid Xconnect config

!       

interface Vlan1

no ip address

ip nat inside

ip virtual-reassembly in

shutdown

!       

interface Vlan2

no ip address

bridge-group 1

bridge-group 1 input-address-list 700

bridge-group 1 output-address-list 700

!       

interface Dialer0

ip address xxx.xxx.xxx.xxx 255.255.255.0

no ip redirects

no ip unreachables

ip mtu 1492

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

ppp authentication chap callin

ppp chap hostname XXX

ppp chap password 0 XXX

ppp pap sent-username xxx password 0 pass

ppp ipcp route default

ppp ipcp address accept

no cdp enable

crypto map cmap

!

no ip address

shutdown

!

interface BVI1

ip address 192.168.2.1 255.255.255.0

!        

ip forward-protocol nd

no ip http server

no ip http secure-server

!       

ip nat inside source list 100 interface Dialer0 overload

ip route 0.0.0.0 0.0.0.0 Virtual-PPP1

ip route 78.105.250.120 255.255.255.255 Dialer0

ip route 192.168.1.0 255.255.255.0 Virtual-PPP1

!

access-list 50 deny   any log

access-list 100 deny   ip 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255

access-list 100 permit ip any any

access-list 101 permit ip 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255

access-list 101 permit tcp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255

access-list 101 permit udp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255

access-list 101 permit icmp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255

access-list 101 deny   ip any any

access-list 101 deny   tcp any any

access-list 101 deny   udp any any

access-list 101 deny   icmp any any

access-list 111 deny   tcp any any eq telnet

access-list 111 permit ip any any

access-list 700 permit 0000.0000.0000   ffff.ffff.ffff

dialer-list 1 protocol ip permit

!

bridge 1 protocol vlan-bridge

bridge 1 route ip

!

line con 0

line aux 0

line vty 0 4

access-class 50 in

exec-timeout 0 0

no login

transport input none

transport output none

!       

end

Router 2

Building configuration...

Current configuration : 4057 bytes

!

! Last configuration change at 15:10:56 UTC Wed May 1 2013

version 15.1

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname xxx

!

boot-start-marker

boot-end-marker

!

enable secret 4 pozkvcqXiM/f4AVrqz8PjSI9KxXYqhSXdmI.1yi0uD2

!

no aaa new-model

memory-size iomem 10

crypto pki token default removal timeout 0

!

ip source-route

!       

ip cef

no ipv6 cef

!

l2tp-class L2Class

hidden 

authentication

hello 100

hostname xxx

password tunnel2

receive-window 35

retransmit retries 10

timeout setup 400

!       

vpdn enable

!       

vpdn-group 100

accept-dialin

  protocol l2tp

  virtual-template 1

terminate-from hostname wtn-40acre

l2tp tunnel password 0 pass

!

license udi pid CISCO887VA-K9 sn FCZ170690A2

!

username xxx password 0 xxx

username xxx password 0 xxx

!

controller VDSL 0

!       

pseudowire-class PSClass

! Incomplete config [Encapsulation not specified]

!

pseudowire-class etherpw

encapsulation l2tpv3

sequencing both

ip local interface Dialer0

ip pmtu

ip tos reflect

ip ttl 100

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key VPNKEY address xxx.xxx.xxx.xxx

crypto isakmp keepalive 30 5

!       

crypto ipsec transform-set VPNSET esp-3des esp-sha-hmac

!

crypto map cmap 10 ipsec-isakmp

set peer xxx.xxx.xxx.xxx

set transform-set VPNSET

match address 101

!       

bridge irb

!       

interface Loopback1

no ip address

!       

interface Ethernet0

no ip address

shutdown

no fair-queue

!

interface ATM0

no ip address

ip virtual-reassembly in

no atm ilmi-keepalive

pvc 0/38

  encapsulation aal5mux ppp dialer

  dialer pool-member 1

!

!      

interface FastEthernet0

switchport access vlan 2

no ip address

!       

interface FastEthernet1

no ip address

!

interface FastEthernet2

no ip address

!       

interface FastEthernet3

no ip address

!

interface Virtual-Template1

ip unnumbered Loopback1

peer ip address forced

peer default ip address pool mypool

ppp authentication pap callin

!

interface Virtual-PPP1

ip unnumbered Loopback1

ppp authentication chap

pseudowire xxx.xxx.xxx.xxx 10 pw-class PSClass

  ! Incomplete or Invalid Xconnect config

!

interface Vlan1

no ip address

ip nat inside

ip virtual-reassembly in

shutdown

!

interface Vlan2

no ip address

bridge-group 1

bridge-group 1 input-address-list 700

bridge-group 1 output-address-list 700

!

interface Dialer0

ip address xxx.xxx.xxx.xxx 255.255.255.0

no ip redirects

no ip unreachables

ip mtu 1492

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

ppp authentication chap callin

ppp chap hostname XXX

ppp chap password 0 XXX

ppp ipcp route default

ppp ipcp address accept

no cdp enable

crypto map xxx

!       

interface BVI1

ip address 192.168.1.1 255.255.255.0

ip access-group 101 in

no ip unreachables

!

ip local pool mypool 192.168.2.2

ip forward-protocol nd

no ip http server

no ip http secure-server

!       

ip nat inside source list 100 interface Dialer0 overload

ip route 0.0.0.0 0.0.0.0 Virtual-PPP1

!

access-list 50 deny   any log

access-list 100 deny   ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 100 permit ip 192.168.2.0 0.0.0.255 any

access-list 101 permit ip 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255

access-list 101 permit tcp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255

access-list 101 permit udp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255

access-list 101 permit icmp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255

access-list 101 deny   ip any any

access-list 101 deny   tcp any any

access-list 101 deny   udp any any

access-list 101 deny   icmp any any

access-list 111 deny   tcp any any eq telnet

access-list 111 permit ip any any

access-list 700 permit 0000.0000.0000   ffff.ffff.ffff

dialer-list 1 protocol ip permi

!

bridge 1 protocol vlan-bridge

bridge 1 route ip

!

line con 0

line aux 0

line vty 0 4

access-class 50 in

exec-timeout 0 0

no login

transport input none

transport output none

!       

end

1 Accepted Solution

Accepted Solutions

shanemoss
Level 1
Level 1

Router 1

l2tp-class class1

authentication

password

pseudowire-class etherpw

protocol l2tpv3 class1

interface FastEthernet0

xconnect 123 pw-class etherpw


Router 2

l2tp-class class1

authentication

password

pseudowire-class etherpw

protocol l2tpv3 class1

interface FastEthernet0

xconnect 123 pw-class etherpw

View solution in original post

4 Replies 4

shanemoss
Level 1
Level 1

Router 1

l2tp-class class1

authentication

password

pseudowire-class etherpw

protocol l2tpv3 class1

interface FastEthernet0

xconnect 123 pw-class etherpw


Router 2

l2tp-class class1

authentication

password

pseudowire-class etherpw

protocol l2tpv3 class1

interface FastEthernet0

xconnect 123 pw-class etherpw

Sorry it is not relvant question regarding issue you have discussed, I have one query for you , i thing you know this ,

i m in process of doing internt using DSL. I have done the   configuration on cisco 887VA. Router port eth0 is not comming up , it is   shown as up down state .... what can be the wrong ... There are 4 LAN   ports as well they come up when i connect any device. When i connect  the  eth0 port to any device it do not show up , what can be reason , Is   this not a regualar routed prot???

if your isp gives PPPoA then you dont use the ethernet interface but ATM and Dialer.

ATM needs to be:

interface ATM0

no ip address

ip nat outside

ip virtual-reassembly in

no atm ilmi-keepalive

pvc 0/38

  encapsulation aal5mux ppp dialer

  dialer pool-member 1

PVC you will need to get from your ISP.

The Dialer needs to be:

interface Dialer0

ip address xxx.xxx.xxx.xxx 255.255.255.0

no ip redirects

no ip unreachables

ip mtu 1492

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

ppp authentication chap callin

ppp chap hostname XXX

ppp chap password 0 XXX

ppp ipcp route default

ppp ipcp address accept

no cdp enable

crypto map xxx

The IP Address is your static IP and chap hostame is the ISP username and Password is the passeord for the internet. You will also need to find out what the MTU value is from your ISP.

Sorry but haven't configured a PPPoE connection so cannot help with that.

Hope this helps.

my configuration is mention as ....

vpdn enable

vpdn-group 1

request-dialin

protocol pppoe

exit

int eth0

des DSL WAN interface

no ip add

no ip redirects

no ip unrea

no ip proxy-arp

no cdp enabl

no ip mroute-cache

pppoe enable

pppoe-client dial-pool-number 1

no sh

exit

int dialer 1

des DSL WAN Dialer

ip add negotiated

no ip unreach

ip nat outside

encap ppp

no ip mroute-cache

dialer pool 1

dialer-group 1

no cdp enabl

ip mtu 1492

ip tcp adjust-mss 1452

ppp authentication chap pap callin

ppp chap hostname xxxxxx

ppp chap password xxxxx

ppp pap sent-username xxxxxx password xxxxx

exit

dialer-list 1 protocol ip permit

int vlan 1

des  LAN

ip add 192.168.10.1 255.255.255.0

no sh

exit

access-list 1 permit 192.168.10.0 0.0.0.255

ip nat inside source list 1 int dialer1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 dialer 1

I thing my service provider is providing PPOE. You can see the eth0 configuration ....

If you know please help in this regard.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: