05-02-2013 03:08 AM - edited 03-04-2019 07:47 PM
I am wanting to connect a layer 2 device to an 887VA which will communicate through an ADSL line (PPPoA) with another 887VA router which is connected to a PC.
My question is whether this is possible using L2TP?
If not, how can this be done as the layer 2 device does not have an ip address.
If this is possible how can I do this? I have been trying but dont seem to be making progress.
Many thanks.
05-07-2013 09:14 AM
Hi Danny,
if you want to connect two 887(presumably in distant geographies) using L2tp then you need to have a layer 3 connectivity between LAC and LNS where the l2tp tunnels will be formed.
you may want to explore L2 Mpls .
Thanks
05-09-2013 03:22 AM
Hello Danny,
if you want to implement a point to point L2 transport service over an IP internetwork you can use L2TPv3 for this forming an L2TPv3 tunnel between the two 887 devices.
You will need to dedicate an interface on each device for L2 termination of the service.
The two 887 will need appropriate license to run L2TPv3.
Performances will be limited to the upstream speed of the ADSL and the risk is that broadcast traffic at L2 device can easily overcome the upstream ADSL bandwidth.
So I would recommend to avoid this if possible it is not recommended having less then 1Mbps upstream to setup a L2 transport service over it.
see
http://www.cisco.com/en/US/products/ps6587/products_white_paper09186a00800a8444.shtml
Hope to help
Giuseppe
05-13-2013 07:41 AM
Hi,
I have setup my L2TPv3 and this is communicating (I think) as I am getting the "Hello", however, I cannot send any layer 2 traffic.
Is the "Hello" sent as layer 2? how can I debug as I believe the traffic is entering the router through the F0 port and is then being dropped. I currently am using debug l2tp all but I am not convinced this is correct.
My config is below, please can you take a look and possibly advise what I am doing wrong. Do I need to set up a mac address table or mac route somehow.
Thanks for your help.
Danny
Router 1
Building configuration...
Current configuration : 3629 bytes
!
! Last configuration change at 13:03:49 UTC Thu May 2 2013
! NVRAM config last updated at 13:04:07 UTC Thu May 2 2013
! NVRAM config last updated at 13:04:07 UTC Thu May 2 2013
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname XXXX
!
boot-start-marker
boot-end-marker
!
enable secret 4 pozkvcqXiM/f4AVrqz8PjSI9KxXYqhSXdmI.1yi0uD2
!
no aaa new-model
memory-size iomem 10
!
ip source-route
!
ip cef
no ipv6 cef
l2tp-class l2tpclass2
!
license udi pid CISCO887VA-K9 sn FCZ170690A2
!
controller VDSL 0
!
pseudowire-class pwclass2
encapsulation l2tpv3
sequencing both
ip local interface Dialer0
ip pmtu
ip ttl 100
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key XXXX address xxx.xxx.xxx.xxx
crypto isakmp keepalive 30 5
!
!
crypto ipsec transform-set XXXX esp-3des esp-md5-hmac
!
crypto map cMap 10 ipsec-isakmp
set peer xxx.xxx.xxx.xxx
set transform-set XXXX
match address 101
!
bridge irb
!
interface Loopback1
no ip address
!
interface Ethernet0
no ip address
shutdown
no fair-queue
!
interface ATM0
no ip address
ip virtual-reassembly in
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
interface FastEthernet0
switchport access vlan 2
no ip address
!
!
interface Virtual-PPP2
ip unnumbered Loopback1
ppp authentication chap
ppp chap hostname peer2
pseudowire xxx.xxx.xxx.xxx 10 pw-class pwclass2
!
!
interface Vlan2
no ip address
bridge-group 1
bridge-group 1 input-address-list 700
bridge-group 1 output-address-list 700
!
interface Dialer0
ip address xxx.xxx.xxx.xxx 255.255.255.0
no ip redirects
no ip unreachables
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp chap hostname xxxxxx
ppp chap password 0 xxxxxx
ppp ipcp route default
ppp ipcp address accept
no cdp enable
crypto map cMap
!
interface BVI1
ip address 192.168.2.1 255.255.255.0
ip access-group 101 in
no ip unreachables
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 100 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route xxx.xxx.xxx.xxx 255.255.255.255 Dialer0
ip route 192.168.2.0 255.255.255.0 Virtual-PPP2
!
access-list 50 deny any log
access-list 100 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
access-list 101 permit ip 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 permit tcp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 permit udp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 permit icmp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 deny ip any any
access-list 101 deny tcp any any
access-list 101 deny udp any any
access-list 101 deny icmp any any
access-list 111 deny tcp any any eq telnet
access-list 111 permit ip any any
access-list 700 permit 0000.0000.0000 ffff.ffff.ffff
dialer-list 1 protocol ip permit
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
line aux 0
line vty 0 4
access-class 50 in
exec-timeout 0 0
no login
transport input none
transport output none
!
end
Router 2
Building configuration...
Current configuration : 3973 bytes
!
! Last configuration change at 13:03:15 UTC Thu May 2 2013
! NVRAM config last updated at 13:04:17 UTC Thu May 2 2013
! NVRAM config last updated at 13:04:17 UTC Thu May 2 2013
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname XXX
!
boot-start-marker
boot-end-marker
!
enable secret 4 pozkvcqXiM/f4AVrqz8PjSI9KxXYqhSXdmI.1yi0uD2
!
no aaa new-model
memory-size iomem 10
crypto pki token default removal timeout 0
!
ip source-route
!
ip cef
no ipv6 cef
l2tp-class l2tpclass2
authentication
password xxx
!
l2tp-class l
!
vpdn enable
!
vpdn-group vpdngroup1
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname peer1
!
license udi pid CISCO887VA-K9 sn FCZ1706908Q
!
controller VDSL 0
!
pseudowire-class pwclass2
encapsulation l2tpv3
sequencing both
ip local interface Dialer0
ip pmtu
ip tos reflect
ip ttl 100
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key XXXX address xxx.xxx.xxx.xxx
crypto isakmp keepalive 30 5
!
crypto ipsec transform-set XXXX esp-3des esp-md5-hmac
!
crypto map cMap 10 ipsec-isakmp
set peer xxx.xxx.xxx.xxx
set transform-set XXXX
match address 101
!
bridge irb
!
interface Loopback1
no ip address
!
interface Ethernet0
no ip address
shutdown
no fair-queue
!
interface ATM0
no ip address
ip nat outside
ip virtual-reassembly in
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
interface FastEthernet0
switchport access vlan 2
no ip address
!
!
interface Virtual-Template1
ip unnumbered Loopback1
ppp authentication chap
ppp chap hostname peer2
!
interface Virtual-PPP2
ip unnumbered Loopback1
ppp authentication chap
ppp chap hostname peer2
pseudowire xxx.xxx.xxx.xxx 10 pw-class pwclass2
!
!
interface Vlan2
no ip address
bridge-group 1
bridge-group 1 input-address-list 700
bridge-group 1 output-address-list 700
!
interface Dialer0
ip address XXX.XXX.XXX.XXX 255.255.255.0
no ip redirects
no ip unreachables
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp chap hostname xxxxxx
ppp chap password 0 xxxxxx
ppp ipcp route default
ppp ipcp address accept
no cdp enable
crypto map cMap
!
interface BVI1
ip address 192.168.1.1 255.255.255.0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 100 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route xxx.xxx.xxx.xxx 255.255.255.255 Dialer0
ip route 192.168.1.0 255.255.255.0 Virtual-PPP2
!
access-list 50 deny any log
access-list 100 deny ip 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 permit ip 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 permit tcp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 permit udp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 permit icmp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 deny ip any any
access-list 101 deny tcp any any
access-list 101 deny udp any any
access-list 101 deny icmp any any
access-list 111 deny tcp any any eq telnet
access-list 111 permit ip any any
access-list 700 permit 0000.0000.0000 ffff.ffff.ffff
dialer-list 1 protocol ip permit
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
line aux 0
line vty 0 4
access-class 50 in
exec-timeout 0 0
no login
transport input none
transport output none
!
end
05-14-2013 11:35 AM
Hello Danny,
a correct configuration of L2TPv3 requires the use of the xconnect command under the client facing L2 interface like the following example taken from one of my tests:
interface FastEthernet3/0.651
description l2tpv3 access-link
encapsulation dot1Q 651
no cdp enable
xconnect 172.16.60.10 123 pw-class vlan-xconnect
!
The IP address that appears is that of the remote router. A configuration like the one above is able to carry frames with tag 802.1Q and vlan-id = 351 over the L2TPv3 tunnel to be delivered at remote end
A similar configuration is needed at the other end.
Your configuration misses the L2 access link and the xconnect command. This is why it doesn't work correctly.
Hope to help
Giuseppe
05-15-2013 05:14 AM
Hi Giuseppe,
Thanks for your reply. My tunnel is now passing data, my problem was that the routers were configured the wrong way round ie server was client and vice versa.
My problem is now that the data, although it is going accross the tunnel it is not passing out of the fast ethernet port. to the Web Ranger (which is a router using layer 2).
The fast ethernet port i am using is F0 via vlan2.
Please can you help.
Thanks,
Danny
I have run debug on the tunnel and below is a portion of the output. Are the errors stopping the trafic exiting the F0 interface?
Please can you advise how to resolve these errors.
Thanks.
May 15 14:59:18.154: L2TP tnl 08657:08558753: I SCCRP from ROUTER
May 15 14:59:18.154: L2TP tnl 08657:08558753: Auth Nonce AVP Ignored, 451
May 15 14:59:18.154: L2TP tnl 08657:08558753: Auth glob Challenge AVP Generate response fail, 330
May 15 14:59:18.154: L2TP tnl 08657:08558753: ERROR: Auth cc Overall Failed, 1
May 15 14:59:18.154: L2TP tnl 08657:08558753: ERROR: Auth glob Overall Failed, 449
May 15 14:59:18.154: L2TP 00012:08657:0826942C:
May 15 14:59:18.154: L2TP tnl 08657:08558753: O StopCCN to wtn-40acre tnl 1233748470
May 15 14:59:18.154: L2TP tnl 08657:08558753: IETF v2:
May 15 14:59:18.154: L2TP tnl 08657:08558753: Result Code
May 15 14:59:18.154: L2TP tnl 08657:08558753: Requester is not authorized to establish a control channel(4)
May 15 14:59:18.154: L2TP tnl 08657:08558753: Error code
May 15 14:59:18.154: L2TP tnl 08657:08558753: No error(0)
May 15 14:59:18.154: L2TP tnl 08657:08558753: Optional msg
May 15 14:59:18.154: L2TP tnl 08657:08558753: "process challenge failed "
May 15 14:59:18.158: L2TP tnl 08657:08558753: Cisco v3:
May 15 14:59:18.158: L2TP tnl 08657:08558753: Assigned Control 0x08558753 (139822931)
May 15 14:59:18.158: L2TP tnl 08657:08558753: IETF v3:
May 15 14:59:18.158: L2TP tnl 08657:08558753: Assigned Control 0x08558753 (139822931)
May 15 14:59:18.158: L2TP tnl 08657:08558753:
May 15 14:59:18.158: L2TP tnl 08657:08558753: O StopCCN, flg TLS, ver 3, len 75
May 15 14:59:18.158: L2TP tnl 08657:08558753: tnl 1233748470, ns 1, nr 1
May 15 14:59:18.158: contiguous pak, size 79
00 00 00 00 C8 03 00 4B 49 89 81 F6 00 01 00 01
80 08 00 00 00 00 00 04 80 23 00 00 00 01 00 04
00 00 70 72 6F 63 65 73 73 20 63 68 61 6C 6C 65
6E 67 65 20 40acre-wtn66 61 69 6C 65 64 20 00 0A 00 00 00
3D 08 55 87 53 80 0A 00 09 00 01 08 55 87 53
May 15 14:59:18.218: L2TP tnl 08657:08558753: CiscoACK: Perform early message digest validation
May 15 14:59:18.218: L2TP tnl 08657:08558753: L2TP: Parse Cisco AVP 12, len 27, flag 0x0
May 15 14:59:18.218: L2TP tnl 08657:08558753: Auth Nonce AVP Ignored, 452
May 15 14:59:18.218: L2TP tnl 08657:08558753: ERROR: No authen methods passed
May 15 14:59:18.218: L2TP tnl 08657:08558753: ERROR: Auth cc Overall Failed, 2
May 15 14:59:18.218: L2TP tnl 08657:08558753: ERROR: Auth glob Overall Failed, 450
May 15 14:59:18.218: L2TP tnl 08657:08558753: ERROR: Can't authenticate message
May 15 14:59:18.218: L2TP tnl 08657:08558753: L2TP: Parse Cisco AVP 12, len 27, flag 0x0
May 15 14:59:18.218: L2TP tnl 08657:08558753: No missing AVPs in CiscoACK
May 15 14:59:18.218: L2TP tnl 08657:08558753: CiscoACK: dropping packet
May 15 14:59:18.218: contiguous pak, size 47
05-15-2013 01:25 PM
Hello Danny,
I cannot help you if I cannot see the current configuration how is Vlan2 SVI configured?
Have you used the xconnect command?
Hope to help
Giuseppe
05-16-2013 12:13 AM
Hi,.
the xconnect is done within the pseudowire on the virtual-ppp by
pseudowire xxx.xxx.xxx.xxx 10 pw-class pwclass2
this seems to work - other than the errors.
my config is:
Router1
Building configuration...
Current configuration : 4044 bytes
!
! Last configuration change at 14:50:54 UTC Wed May 15 2013
! NVRAM config last updated at 14:39:00 UTC Wed May 15 2013
! NVRAM config last updated at 14:39:00 UTC Wed May 15 2013
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname xxxx
!
boot-start-marker
boot-end-marker
!
enable secret 4 pozkvcqXiM/f4AVrqz8PjSI9KxXYqhSXdmI.1yi0uD2
!
no aaa new-model
memory-size iomem 10
crypto pki token default removal timeout 0
!
ip source-route
!
ip cef
no ipv6 cef
l2tp-class l2tpclass2
authentication
digest secret 0 xxxx hash SHA1
hello 10
!
l2tp-class l
!
vpdn enable
!
vpdn-group vpdngroup1
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname peer1
!
license udi pid CISCO887VA-K9 sn FCZ1706908Q
!
controller VDSL 0
!
pseudowire-class pwclass2
encapsulation l2tpv3
protocol l2tpv3 l2tpclass2
ip local interface Dialer0
!
crypto isakmp policy 1
authentication pre-share
group 2
crypto isakmp key KEY address 78.105.250.120
crypto isakmp keepalive 30 5
!
crypto ipsec transform-set SET esp-des
!
crypto map cmap 10 ipsec-isakmp
set peer xxx.xxx.xxx.xxx
set transform-set SET
match address 101
!
bridge irb
!
interface Loopback1
no ip address
!
interface Ethernet0
no ip address
shutdown
no fair-queue
!
interface ATM0
no ip address
ip nat outside
ip virtual-reassembly in
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
switchport access vlan 2
no ip address
!
interface FastEthernet1
switchport access vlan 2
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Virtual-Template1
ip unnumbered Loopback1
ppp authentication chap
ppp chap hostname peer2
!
interface Virtual-PPP2
ip unnumbered Loopback1
ppp authentication chap
ppp chap hostname xxxx
ppp chap password 0 xxx
pseudowire xxx.xxx.xxx.xxx 10 pw-class pwclass2
!
interface Vlan1
no ip address
ip nat inside
ip virtual-reassembly in
shutdown
!
interface Vlan2
no ip address
!
interface Vlan200
no ip address
!
interface Dialer0
ip address xxx.xxx.xxx.xxx 255.255.255.0
no ip redirects
no ip unreachables
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp chap hostname xxxxx
ppp chap password 0 xxxxx
ppp ipcp route default
ppp ipcp address accept
no cdp enable
crypto map cmap
!
interface Dialer1
no ip address
!
interface Dialer9
no ip address
shutdown
!
interface BVI1
no ip address
no ip unreachables
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 100 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Virtual-PPP2
ip route xxx.xxx.xxx.xxx 255.255.255.255 Dialer0
ip route 192.6.3.0 255.255.255.0 Virtual-PPP2
!
access-list 50 deny any log
access-list 100 deny ip 192.6.3.0 0.0.0.255 192.6.4.0 0.0.0.255
access-list 100 permit ip 192.6.3.0 0.0.0.255 any
access-list 101 permit ip 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 permit tcp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 permit udp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 permit icmp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 deny ip any any
access-list 101 deny tcp any any
access-list 101 deny udp any any
access-list 101 deny icmp any any
dialer-list 1 protocol ip permit
mac-address-table static 0020.d239.9cde interface FastEthernet0 vlan 2
mac-address-table static 00eb.9000.0000 interface FastEthernet0 vlan 2
mac-address-table static e0cb.4e1f.34cf interface FastEthernet0 vlan 2
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
line aux 0
line vty 0 4
access-class 50 in
exec-timeout 0 0
no login
transport input none
transport output none
!
end
Router 2
Building configuration...
Current configuration : 3692 bytes
!
! Last configuration change at 14:36:00 UTC Wed May 15 2013
! NVRAM config last updated at 14:18:20 UTC Wed May 15 2013
! NVRAM config last updated at 14:18:20 UTC Wed May 15 2013
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname xxxx
!
boot-start-marker
boot-end-marker
!
enable secret 4 pozkvcqXiM/f4AVrqz8PjSI9KxXYqhSXdmI.1yi0uD2
!
no aaa new-model
memory-size iomem 10
crypto pki token default removal timeout 0
!
ip source-route
!
ip cef
no ipv6 cef
l2tp-class l2tpclass2
authentication
hello 10
!
vpdn enable
!
vpdn-group vpdngroup1
request-dialin
protocol l2tp
initiate-to ip xxx.xxx.xxx.xxx
!
license udi pid CISCO887VA-K9 sn FCZ170690A2
!
controller VDSL 0
!
pseudowire-class pwclass2
encapsulation l2tpv3
protocol l2tpv3 l2tpclass2
ip local interface Dialer0
!
!
!
crypto isakmp policy 1
authentication pre-share
group 2
crypto isakmp key KEY address xxx.xxx.xxx.xxx
crypto isakmp keepalive 30 5
!
!
crypto ipsec transform-set SET esp-des
!
crypto map xxxx 10 ipsec-isakmp
set peer xxx.xxx.xxx.xxx
set transform-set SET
match address 101
!
bridge irb
!
interface Loopback1
no ip address
!
interface Ethernet0
no ip address
shutdown
no fair-queue
!
interface ATM0
no ip address
ip virtual-reassembly in
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
switchport access vlan 2
no ip address
no keepalive
!
interface FastEthernet1
switchport access vlan 200
switchport mode trunk
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Virtual-PPP2
ip unnumbered Loopback1
ppp authentication chap
ppp chap hostname XXXX
ppp chap password 0 xxx
pseudowire xxx.xxx.xxx.xxx 10 pw-class pwclass2
!
interface Vlan1
no ip address
ip nat inside
ip virtual-reassembly in
shutdown
!
interface Vlan2
ip address 192.6.3.10 255.255.255.0
!
interface Vlan200
no ip address
!
interface Dialer0
ip address xxx.xxx.xxx.xxx 255.255.255.0
no ip redirects
no ip unreachables
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp chap hostname xxxxx
ppp chap password 0 xxxx
ppp ipcp route default
ppp ipcp address accept
no cdp enable
crypto map xxxx
!
interface BVI1
no ip address
no ip unreachables
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 100 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Virtual-PPP2
ip route xxx.xxx.xxx.xxx 255.255.255.255 Dialer0
ip route 192.6.4.0 255.255.255.0 Virtual-PPP2
!
access-list 50 deny any log
access-list 100 deny ip 192.6.4.0 0.0.0.255 192.6.3.0 0.0.0.255
access-list 100 permit ip 192.6.4.0 0.0.0.255 any
access-list 101 permit ip 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 permit tcp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 permit udp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 permit icmp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 deny ip any any
access-list 101 deny tcp any any
access-list 101 deny udp any any
access-list 101 deny icmp any any
dialer-list 1 protocol ip permit
mac-address-table aging-time 16
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
line aux 0
line vty 0 4
access-class 50 in
exec-timeout 0 0
no login
transport input none
transport output none
!
end
05-16-2013 12:48 AM
Hello Danny,
the xconnect or other equivalent command has to be given under the L2 interface in front of the CE.
You have:
interface Virtual-PPP2
ip unnumbered Loopback1
ppp authentication chap
ppp chap hostname xxxx
ppp chap password 0 xxx
pseudowire xxx.xxx.xxx.xxx 10 pw-class pwclass2
!
YOU SHOULD HAVE INSTEAD
interface Vlan2
no ip address
pseudowire xxx.xxx.xxx.xxx 10 pw-class pwclass2
if you really want to bridge ethernet frames, your current configuration might be able to bridge PPP frames but it cannot bridge ethernet frames
Also you don't need all the vpdn stuff you are using L2TPv3 not L2TPv2 so you can remove it
Hope to help
Giuseppe
05-16-2013 01:34 AM
Hi,
Thanks for your help.
Could htis be causing my problem with not seeing the frames on the web ranger router i.e. they are not exiting the F0 port? how can I change my config to bridge ethernet frames.
Your help with this is greatly appreciated as this is turning into a bigger job than I expected or wanted.
Danny
05-16-2013 02:34 AM
Hello Danny,
>> how can
I change my config to bridge ethernet frames.
remove the pseudowire command under interface virtual-ppp and put the same command under SVI interface Vlan 2
By the way,this is already explained in my previous post
Hope to help
Giuseppe
05-16-2013 03:07 AM
Hi Giuseppe,
I have moved the pseudowire line, but this cannot be added to the vlan so I have added to F0 - these are layer 2. I have also had to use xconnect rather than pseudowire.
Unforunately the tunnel is now shut down and will not come up.
the ip address that is used with the xconnect command, is this the outside static ip address or the internal ip address?
Thanks again,
Danny
05-16-2013 03:27 AM
Hello Danny,
you have a peculiar setup putting the xconnect on the fa0 may work or not.
the ip address is the outside generally speaking unless you want to put the L2TPv3 traffic under IPSec protection
>> Unforunately the tunnel is now shut down and will not come up.
I'm afraid your setup will never work.
Hope to help
Giuseppe
05-16-2013 05:05 AM
Hi Giuseppe,
The tunnel is now up and running with the xconnect applied to the F0 interface.
Unfortunately the traffic is still not passing out of the interface. As the router has layer 2 fastethernet interfaces do these need to be configured to pass the packets out to the network/web ranger?
Thanks again for your help.
05-16-2013 05:29 AM
Hello Danny,
what router model and what IOS version is running on it?
>> I see 887VA from initial post but I don't see the IOS version
the xconnect command should be given under interface Vlan2 the SVI, the switchports are only OSI layer2 so I don't think they support the xconnect command.
An IOS upgrade may be needed to achieve the desired feature support
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide