cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3671
Views
0
Helpful
16
Replies

L2TP over PPPoA

dannymcca
Level 1
Level 1

I am wanting to connect a layer 2 device to an 887VA which will communicate through an ADSL line (PPPoA) with another 887VA router which is connected to a PC.

My question is whether this is possible using L2TP?

If not, how can this be done as the layer 2 device does not have an ip address.

If this is possible how can I do this? I have been trying but dont seem to be making progress.

Many thanks.

16 Replies 16

anisaini
Level 1
Level 1

Hi Danny,

if you want to connect two 887(presumably in distant geographies) using L2tp then you need to have a layer 3 connectivity between LAC and LNS where the l2tp tunnels will be formed.

you may want to explore L2 Mpls .

Thanks    

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Danny,

if you want to implement a point to point L2 transport service over an IP internetwork you can use L2TPv3 for this forming an L2TPv3 tunnel between the two 887 devices.

You will need to dedicate an interface on each device for L2 termination of the service.

The two 887 will need appropriate license to run L2TPv3.

Performances will be limited to the upstream speed of the ADSL and the risk is that broadcast traffic at L2 device can easily overcome the upstream ADSL bandwidth.

So I would recommend to avoid this if possible it is not recommended having less then 1Mbps upstream to setup a L2 transport service over it.

see

http://www.cisco.com/en/US/products/ps6587/products_white_paper09186a00800a8444.shtml

Hope to help

Giuseppe

Hi,

I have setup my L2TPv3 and this is communicating (I think) as I am getting the "Hello", however, I cannot send any layer 2 traffic.

Is the "Hello" sent as layer 2? how can I debug as I believe the traffic is entering the router through the F0 port and is then being dropped. I currently am using debug l2tp all but I am not convinced this is correct.

My config is below, please can you take a look and possibly advise what I am doing wrong. Do I need to set up a mac address table or mac route somehow.

Thanks for your help.

Danny

Router 1

Building configuration...

Current configuration : 3629 bytes

!

! Last configuration change at 13:03:49 UTC Thu May 2 2013

! NVRAM config last updated at 13:04:07 UTC Thu May 2 2013

! NVRAM config last updated at 13:04:07 UTC Thu May 2 2013

version 15.1

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname XXXX

!

boot-start-marker

boot-end-marker

!

enable secret 4 pozkvcqXiM/f4AVrqz8PjSI9KxXYqhSXdmI.1yi0uD2

!

no aaa new-model

memory-size iomem 10                                                                                                                                                                                                                                                            

!        

ip source-route

!        

ip cef

no ipv6 cef

l2tp-class l2tpclass2

!        

license udi pid CISCO887VA-K9 sn FCZ170690A2     

!

controller VDSL 0

!

pseudowire-class pwclass2

encapsulation l2tpv3

sequencing both

ip local interface Dialer0

ip pmtu 

ip ttl 100

!        

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

group 2

crypto isakmp key XXXX address xxx.xxx.xxx.xxx

crypto isakmp keepalive 30 5

!        

!

crypto ipsec transform-set XXXX esp-3des esp-md5-hmac

!

crypto map cMap 10 ipsec-isakmp

set peer xxx.xxx.xxx.xxx

set transform-set XXXX

match address 101

!        

bridge irb

!

interface Loopback1

no ip address

!        

interface Ethernet0

no ip address

shutdown

no fair-queue

!

interface ATM0

no ip address

ip virtual-reassembly in

no atm ilmi-keepalive

pvc 0/38

  encapsulation aal5mux ppp dialer

  dialer pool-member 1

!

interface FastEthernet0

switchport access vlan 2

no ip address

!        

!

interface Virtual-PPP2

ip unnumbered Loopback1

ppp authentication chap

ppp chap hostname peer2

pseudowire xxx.xxx.xxx.xxx 10 pw-class pwclass2

!

!

interface Vlan2

no ip address

bridge-group 1

bridge-group 1 input-address-list 700

bridge-group 1 output-address-list 700

!

interface Dialer0

ip address xxx.xxx.xxx.xxx 255.255.255.0

no ip redirects

no ip unreachables

ip mtu 1492

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

ppp authentication chap callin

ppp chap hostname xxxxxx

ppp chap password 0 xxxxxx

ppp ipcp route default

ppp ipcp address accept

no cdp enable

crypto map cMap

!        

interface BVI1

ip address 192.168.2.1 255.255.255.0

ip access-group 101 in

no ip unreachables

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

ip nat inside source list 100 interface Dialer0 overload

ip route 0.0.0.0 0.0.0.0 Dialer0

ip route xxx.xxx.xxx.xxx 255.255.255.255 Dialer0

ip route 192.168.2.0 255.255.255.0 Virtual-PPP2

!        

access-list 50 deny   any log

access-list 100 deny   ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 100 permit ip 192.168.2.0 0.0.0.255 any

access-list 101 permit ip 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255

access-list 101 permit tcp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255

access-list 101 permit udp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255

access-list 101 permit icmp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255

access-list 101 deny   ip any any

access-list 101 deny   tcp any any

access-list 101 deny   udp any any

access-list 101 deny   icmp any any

access-list 111 deny   tcp any any eq telnet

access-list 111 permit ip any any

access-list 700 permit 0000.0000.0000   ffff.ffff.ffff

dialer-list 1 protocol ip permit

!        

bridge 1 protocol ieee

bridge 1 route ip

!        

line con 0

line aux 0

line vty 0 4

access-class 50 in

exec-timeout 0 0

no login

transport input none

transport output none

!

end      

Router 2

Building configuration...

Current configuration : 3973 bytes

!

! Last configuration change at 13:03:15 UTC Thu May 2 2013

! NVRAM config last updated at 13:04:17 UTC Thu May 2 2013

! NVRAM config last updated at 13:04:17 UTC Thu May 2 2013

version 15.1

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname XXX

!

boot-start-marker

boot-end-marker

!

enable secret 4 pozkvcqXiM/f4AVrqz8PjSI9KxXYqhSXdmI.1yi0uD2

!

no aaa new-model

memory-size iomem 10

crypto pki token default removal timeout 0

!        

ip source-route

!        

ip cef

no ipv6 cef

l2tp-class l2tpclass2

authentication

password xxx

!        

l2tp-class l

!        

vpdn enable

!        

vpdn-group vpdngroup1

accept-dialin

  protocol l2tp

  virtual-template 1

terminate-from hostname peer1

!        

license udi pid CISCO887VA-K9 sn FCZ1706908Q

!        

controller VDSL 0

!

pseudowire-class pwclass2

encapsulation l2tpv3

sequencing both

ip local interface Dialer0

ip pmtu 

ip tos reflect

ip ttl 100

!

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

group 2 

crypto isakmp key XXXX address xxx.xxx.xxx.xxx

crypto isakmp keepalive 30 5

!     

crypto ipsec transform-set XXXX esp-3des esp-md5-hmac

!        

crypto map cMap 10 ipsec-isakmp

set peer xxx.xxx.xxx.xxx

set transform-set XXXX

match address 101

!

bridge irb

!        

interface Loopback1

no ip address

!

interface Ethernet0

no ip address

shutdown

no fair-queue

!        

interface ATM0

no ip address

ip nat outside

ip virtual-reassembly in

no atm ilmi-keepalive

pvc 0/38

  encapsulation aal5mux ppp dialer

  dialer pool-member 1

!        

interface FastEthernet0

switchport access vlan 2

no ip address

!        

!

interface Virtual-Template1

ip unnumbered Loopback1

ppp authentication chap

ppp chap hostname peer2

!        

interface Virtual-PPP2

ip unnumbered Loopback1

ppp authentication chap

ppp chap hostname peer2

pseudowire xxx.xxx.xxx.xxx 10 pw-class pwclass2

!        

!        

interface Vlan2

no ip address

bridge-group 1

bridge-group 1 input-address-list 700

bridge-group 1 output-address-list 700

!        

interface Dialer0

ip address XXX.XXX.XXX.XXX 255.255.255.0

no ip redirects

no ip unreachables

ip mtu 1492

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

ppp authentication chap callin

ppp chap hostname xxxxxx

ppp chap password 0 xxxxxx

ppp ipcp route default

ppp ipcp address accept

no cdp enable

crypto map cMap

!

interface BVI1

ip address 192.168.1.1 255.255.255.0

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

ip nat inside source list 100 interface Dialer0 overload

ip route 0.0.0.0 0.0.0.0 Dialer0

ip route xxx.xxx.xxx.xxx 255.255.255.255 Dialer0

ip route 192.168.1.0 255.255.255.0 Virtual-PPP2

!        

access-list 50 deny   any log

access-list 100 deny   ip 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255

access-list 100 permit ip 192.168.1.0 0.0.0.255 any

access-list 101 permit ip 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255

access-list 101 permit tcp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255

access-list 101 permit udp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255

access-list 101 permit icmp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255

access-list 101 deny   ip any any

access-list 101 deny   tcp any any

access-list 101 deny   udp any any

access-list 101 deny   icmp any any

access-list 111 deny   tcp any any eq telnet

access-list 111 permit ip any any

access-list 700 permit 0000.0000.0000   ffff.ffff.ffff

dialer-list 1 protocol ip permit

!        

bridge 1 protocol ieee

bridge 1 route ip

!        

line con 0

line aux 0

line vty 0 4

access-class 50 in

exec-timeout 0 0

no login

transport input none

transport output none

!

end      

Hello Danny,

a correct configuration of L2TPv3 requires the use of the xconnect command under the client facing L2 interface like the following example taken from one of my tests:

interface FastEthernet3/0.651

description l2tpv3 access-link

encapsulation dot1Q 651

no cdp enable

xconnect 172.16.60.10 123 pw-class vlan-xconnect

!

The IP address that appears is that of the remote router. A configuration like the one above is able to carry frames with tag 802.1Q and vlan-id = 351 over the L2TPv3 tunnel to be delivered at remote end

A similar configuration is needed at the other end.

Your configuration misses the L2 access link and the xconnect command. This is why it doesn't work correctly.

Hope to help

Giuseppe

Hi Giuseppe,

Thanks for your reply. My tunnel is now passing data, my problem was that the routers were configured the wrong way round ie server was client and vice versa.

My problem is now that the data, although it is going accross the tunnel it is not passing out of the fast ethernet port. to the Web Ranger (which is a router using layer 2).

The fast ethernet port i am using is F0 via vlan2.

Please can you help.

Thanks,

Danny

I have run debug on the tunnel and below is a portion of the output. Are the errors stopping the trafic exiting the F0 interface?

Please can you advise how to resolve these errors.

Thanks.

May 15 14:59:18.154: L2TP tnl   08657:08558753: I SCCRP from ROUTER

May 15 14:59:18.154: L2TP tnl   08657:08558753: Auth Nonce AVP Ignored, 451

May 15 14:59:18.154: L2TP tnl   08657:08558753: Auth glob Challenge AVP Generate response fail, 330

May 15 14:59:18.154: L2TP tnl   08657:08558753: ERROR: Auth cc Overall Failed, 1

May 15 14:59:18.154: L2TP tnl   08657:08558753: ERROR: Auth glob Overall Failed, 449

May 15 14:59:18.154: L2TP 00012:08657:0826942C: 

May 15 14:59:18.154: L2TP tnl   08657:08558753: O StopCCN to wtn-40acre tnl 1233748470

May 15 14:59:18.154: L2TP tnl   08657:08558753:  IETF v2:

May 15 14:59:18.154: L2TP tnl   08657:08558753:   Result Code      

May 15 14:59:18.154: L2TP tnl   08657:08558753:     Requester is not authorized to establish a control channel(4)

May 15 14:59:18.154: L2TP tnl   08657:08558753:     Error code

May 15 14:59:18.154: L2TP tnl   08657:08558753:       No error(0)

May 15 14:59:18.154: L2TP tnl   08657:08558753:     Optional msg

May 15 14:59:18.154: L2TP tnl   08657:08558753:        "process challenge failed "

May 15 14:59:18.158: L2TP tnl   08657:08558753:  Cisco v3:

May 15 14:59:18.158: L2TP tnl   08657:08558753:   Assigned Control  0x08558753 (139822931)

May 15 14:59:18.158: L2TP tnl   08657:08558753:  IETF v3:

May 15 14:59:18.158: L2TP tnl   08657:08558753:   Assigned Control  0x08558753 (139822931)

May 15 14:59:18.158: L2TP tnl   08657:08558753: 

May 15 14:59:18.158: L2TP tnl   08657:08558753: O StopCCN, flg TLS, ver 3, len 75

May 15 14:59:18.158: L2TP tnl   08657:08558753:   tnl 1233748470, ns 1, nr 1

May 15 14:59:18.158: contiguous pak, size 79

         00 00 00 00 C8 03 00 4B 49 89 81 F6 00 01 00 01

         80 08 00 00 00 00 00 04 80 23 00 00 00 01 00 04

         00 00 70 72 6F 63 65 73 73 20 63 68 61 6C 6C 65

         6E 67 65 20 40acre-wtn66 61 69 6C 65 64 20 00 0A 00 00 00

         3D 08 55 87 53 80 0A 00 09 00 01 08 55 87 53

May 15 14:59:18.218: L2TP tnl   08657:08558753: CiscoACK: Perform early message digest validation

May 15 14:59:18.218: L2TP tnl   08657:08558753: L2TP: Parse Cisco AVP 12, len 27, flag 0x0

May 15 14:59:18.218: L2TP tnl   08657:08558753: Auth Nonce AVP Ignored, 452

May 15 14:59:18.218: L2TP tnl   08657:08558753: ERROR: No authen methods passed

May 15 14:59:18.218: L2TP tnl   08657:08558753: ERROR: Auth cc Overall Failed, 2

May 15 14:59:18.218: L2TP tnl   08657:08558753: ERROR: Auth glob Overall Failed, 450

May 15 14:59:18.218: L2TP tnl   08657:08558753: ERROR: Can't authenticate message

May 15 14:59:18.218: L2TP tnl   08657:08558753: L2TP: Parse Cisco AVP 12, len 27, flag 0x0

May 15 14:59:18.218: L2TP tnl   08657:08558753: No missing AVPs in CiscoACK

May 15 14:59:18.218: L2TP tnl   08657:08558753: CiscoACK: dropping packet

May 15 14:59:18.218: contiguous pak, size 47

Hello Danny,

I cannot help you if I cannot see the current configuration how is Vlan2 SVI configured?

Have you used the xconnect command?

Hope to help

Giuseppe

Hi,.

the xconnect is done within the pseudowire on the virtual-ppp by

pseudowire xxx.xxx.xxx.xxx 10 pw-class pwclass2

this seems to work - other than the errors.

my config is:

Router1

Building configuration...

Current configuration : 4044 bytes

!

! Last configuration change at 14:50:54 UTC Wed May 15 2013

! NVRAM config last updated at 14:39:00 UTC Wed May 15 2013

! NVRAM config last updated at 14:39:00 UTC Wed May 15 2013

version 15.1

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname xxxx

!

boot-start-marker

boot-end-marker

!

enable secret 4 pozkvcqXiM/f4AVrqz8PjSI9KxXYqhSXdmI.1yi0uD2

!

no aaa new-model

memory-size iomem 10

crypto pki token default removal timeout 0

!

ip source-route

!

ip cef

no ipv6 cef

l2tp-class l2tpclass2

authentication

digest secret 0 xxxx hash SHA1

hello 10

!

l2tp-class l

!

vpdn enable

!

vpdn-group vpdngroup1

accept-dialin

protocol l2tp

virtual-template 1

terminate-from hostname peer1

!

license udi pid CISCO887VA-K9 sn FCZ1706908Q

!

controller VDSL 0

!

pseudowire-class pwclass2

encapsulation l2tpv3

protocol l2tpv3 l2tpclass2

ip local interface Dialer0

!

crypto isakmp policy 1

authentication pre-share

group 2

crypto isakmp key KEY address 78.105.250.120

crypto isakmp keepalive 30 5

!

crypto ipsec transform-set SET esp-des

!

crypto map cmap 10 ipsec-isakmp

set peer xxx.xxx.xxx.xxx

set transform-set SET

match address 101

!

bridge irb

!

interface Loopback1

no ip address

!

interface Ethernet0

no ip address

shutdown

no fair-queue

!

interface ATM0

no ip address

ip nat outside

ip virtual-reassembly in

no atm ilmi-keepalive

pvc 0/38

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

!

interface FastEthernet0

switchport access vlan 2

no ip address

!

interface FastEthernet1

switchport access vlan 2

no ip address

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

no ip address

!

interface Virtual-Template1

ip unnumbered Loopback1

ppp authentication chap

ppp chap hostname peer2

!

interface Virtual-PPP2

ip unnumbered Loopback1

ppp authentication chap

ppp chap hostname xxxx

ppp chap password 0 xxx

pseudowire xxx.xxx.xxx.xxx 10 pw-class pwclass2

!

interface Vlan1

no ip address

ip nat inside

ip virtual-reassembly in

shutdown

!

interface Vlan2

no ip address

!

interface Vlan200

no ip address

!

interface Dialer0

ip address xxx.xxx.xxx.xxx 255.255.255.0

no ip redirects

no ip unreachables

ip mtu 1492

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

ppp authentication chap callin

ppp chap hostname xxxxx

ppp chap password 0 xxxxx

ppp ipcp route default

ppp ipcp address accept

no cdp enable

crypto map cmap

!

interface Dialer1

no ip address

!

interface Dialer9

no ip address

shutdown

!

interface BVI1

no ip address

no ip unreachables

!        

ip forward-protocol nd

no ip http server

no ip http secure-server

!

ip nat inside source list 100 interface Dialer0 overload

ip route 0.0.0.0 0.0.0.0 Virtual-PPP2

ip route xxx.xxx.xxx.xxx   255.255.255.255 Dialer0

ip route 192.6.3.0 255.255.255.0 Virtual-PPP2

!

access-list 50 deny   any log

access-list 100 deny   ip 192.6.3.0 0.0.0.255 192.6.4.0 0.0.0.255

access-list 100 permit ip 192.6.3.0 0.0.0.255 any

access-list 101 permit ip 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255

access-list 101 permit tcp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255

access-list 101 permit udp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255

access-list 101 permit icmp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255

access-list 101 deny   ip any any

access-list 101 deny   tcp any any

access-list 101 deny   udp any any

access-list 101 deny   icmp any any

dialer-list 1 protocol ip permit

mac-address-table static 0020.d239.9cde interface FastEthernet0 vlan 2

mac-address-table static 00eb.9000.0000 interface FastEthernet0 vlan 2

mac-address-table static e0cb.4e1f.34cf interface FastEthernet0 vlan 2

!

bridge 1 protocol ieee

bridge 1 route ip

!

line con 0

line aux 0

line vty 0 4

access-class 50 in

exec-timeout 0 0

no login

transport input none

transport output none

!

end

Router 2

Building configuration...

Current configuration : 3692 bytes

!

! Last configuration change at 14:36:00 UTC Wed May 15 2013

! NVRAM config last updated at 14:18:20 UTC Wed May 15 2013

! NVRAM config last updated at 14:18:20 UTC Wed May 15 2013

version 15.1

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname xxxx

!

boot-start-marker

boot-end-marker

!

enable secret 4 pozkvcqXiM/f4AVrqz8PjSI9KxXYqhSXdmI.1yi0uD2

!

no aaa new-model

memory-size iomem 10

crypto pki token default removal timeout 0

!

ip source-route

!

ip cef

no ipv6 cef

l2tp-class l2tpclass2

authentication

hello 10

!

vpdn enable

!

vpdn-group vpdngroup1

request-dialin

protocol l2tp

initiate-to ip xxx.xxx.xxx.xxx

!

license udi pid CISCO887VA-K9 sn FCZ170690A2

!

controller VDSL 0

!

pseudowire-class pwclass2

encapsulation l2tpv3

protocol l2tpv3 l2tpclass2

ip local interface Dialer0

!

!

!

crypto isakmp policy 1

authentication pre-share

group 2

crypto isakmp key KEY address xxx.xxx.xxx.xxx

crypto isakmp keepalive 30 5

!

!

crypto ipsec transform-set SET esp-des

!

crypto map xxxx 10 ipsec-isakmp

set peer xxx.xxx.xxx.xxx

set transform-set SET

match address 101

!

bridge irb

!

interface Loopback1

no ip address

!

interface Ethernet0

no ip address

shutdown

no fair-queue

!

interface ATM0

no ip address

ip virtual-reassembly in

no atm ilmi-keepalive

pvc 0/38

encapsulation aal5mux ppp dialer

dialer pool-member 1

!      

!

interface FastEthernet0

switchport access vlan 2

no ip address

no keepalive

!

interface FastEthernet1

switchport access vlan 200

switchport mode trunk

no ip address

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

no ip address

!

interface Virtual-PPP2

ip unnumbered Loopback1

ppp authentication chap

ppp chap hostname XXXX

ppp chap password 0 xxx

pseudowire xxx.xxx.xxx.xxx 10 pw-class pwclass2

!        

interface Vlan1

no ip address

ip nat inside

ip virtual-reassembly in

shutdown

!

interface Vlan2

ip address 192.6.3.10 255.255.255.0

!

interface Vlan200

no ip address

!

interface Dialer0

ip address xxx.xxx.xxx.xxx 255.255.255.0

no ip redirects

no ip unreachables

ip mtu 1492

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

ppp authentication chap callin

ppp chap hostname xxxxx

ppp chap password 0 xxxx

ppp ipcp route default

ppp ipcp address accept

no cdp enable

crypto map xxxx

!

interface BVI1

no ip address

no ip unreachables

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

ip nat inside source list 100 interface Dialer0 overload

ip route 0.0.0.0 0.0.0.0 Virtual-PPP2

ip route xxx.xxx.xxx.xxx 255.255.255.255 Dialer0

ip route 192.6.4.0 255.255.255.0 Virtual-PPP2

!

access-list 50 deny   any log

access-list 100 deny   ip 192.6.4.0 0.0.0.255 192.6.3.0 0.0.0.255

access-list 100 permit ip 192.6.4.0 0.0.0.255 any

access-list 101 permit ip 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255

access-list 101 permit tcp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255

access-list 101 permit udp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255

access-list 101 permit icmp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255

access-list 101 deny   ip any any

access-list 101 deny   tcp any any

access-list 101 deny   udp any any

access-list 101 deny   icmp any any

dialer-list 1 protocol ip permit

mac-address-table aging-time 16

!

bridge 1 protocol ieee

bridge 1 route ip

!

line con 0

line aux 0

line vty 0 4

access-class 50 in

exec-timeout 0 0

no login

transport input none

transport output none

!

end

Hello Danny,

the xconnect or other equivalent command has to be given under the L2 interface in front of  the CE.

You have:

interface Virtual-PPP2

ip unnumbered Loopback1

ppp authentication chap

ppp chap hostname xxxx

ppp chap password 0 xxx

pseudowire xxx.xxx.xxx.xxx 10 pw-class pwclass2

!

YOU SHOULD HAVE INSTEAD

interface Vlan2

no ip address

pseudowire xxx.xxx.xxx.xxx 10 pw-class pwclass2

if you really want to bridge ethernet frames, your current configuration might be able to bridge PPP frames but it cannot bridge ethernet frames

Also you don't need all the vpdn stuff you are using L2TPv3 not L2TPv2 so you can remove it

Hope to help

Giuseppe

Hi,

Thanks for your help.

Could htis be causing my problem with not seeing the frames on the web ranger router i.e. they are not exiting the F0 port? how can I change my config to bridge ethernet frames.

Your help with this is greatly appreciated as this is turning into a bigger job than I expected or wanted.

Danny

Hello Danny,

>> how can

I change my config to bridge ethernet frames.

remove the pseudowire command under interface virtual-ppp and put  the same command  under SVI interface Vlan 2

By the way,this is already explained in my previous post

Hope to help

Giuseppe

Hi Giuseppe,

I have moved the pseudowire line, but this cannot be added to the vlan so I have added to F0 - these are layer 2. I have also had to use xconnect rather than pseudowire.

Unforunately the tunnel is now shut down and will not come up.

the ip address that is used with the xconnect command, is this the outside static ip address or the internal ip address?

Thanks again,

Danny

Hello Danny,

you have a peculiar setup putting the xconnect on the fa0 may work or not.

the ip address is the outside generally speaking unless you want to put the L2TPv3 traffic under IPSec protection

>> Unforunately the tunnel is now shut down and will not come up.

I'm afraid your setup will never work.

Hope to help

Giuseppe

Hi Giuseppe,

The tunnel is now up and running with the xconnect applied to the F0 interface.

Unfortunately the traffic is still not passing out of the interface. As the router has layer 2 fastethernet interfaces do these need to be configured to pass the packets out to the network/web ranger?

Thanks again for your help.

Hello Danny,

what router model and what IOS version is running on it?

>> I see 887VA from initial post but I don't see the IOS version

the xconnect command should be given under interface Vlan2 the SVI, the switchports are only OSI layer2 so I don't think they support the xconnect command.

An IOS upgrade may be needed to achieve the desired feature support

Hope to help

Giuseppe

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco