05-08-2013 08:09 AM - edited 03-04-2019 07:50 PM
Hi,
I am in dire need of asssistance.
I have set up a L2TP between 2 887va routers to pass layer 2 traffic from a remote site. My problem is that the traffic from my layer 2 device is entering the router through the Fastethernet 0 but doesn't go anywhere.
I am getting the "Hello" over the L2TP so the tunnel is up and working. When I attach a laptop to the layer 2 device end I can ping between that and the host at the other end, however, no layer 2 traffic is being passed over the tunnel.
I am using wireshark on the host at the far end and this sees no layer 2 traffic not even the "Hello" so I checked the ACL's but can find no reason why thes traffic shouldn't pass through.
Please can someone help. I have inluded the config files from both routers.
Thanks.
Router 1
Building configuration...
Current configuration : 3973 bytes
!
! Last configuration change at 13:03:15 UTC Thu May 2 2013
! NVRAM config last updated at 13:04:17 UTC Thu May 2 2013
! NVRAM config last updated at 13:04:17 UTC Thu May 2 2013
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname XXX
!
boot-start-marker
boot-end-marker
!
enable secret 4 pozkvcqXiM/f4AVrqz8PjSI9KxXYqhSXdmI.1yi0uD2
!
no aaa new-model
memory-size iomem 10
crypto pki token default removal timeout 0
!
ip source-route
!
ip cef
no ipv6 cef
l2tp-class l2tpclass2
authentication
password xxx
!
l2tp-class l
!
vpdn enable
!
vpdn-group vpdngroup1
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname peer1
!
license udi pid CISCO887VA-K9 sn FCZ1706908Q
!
controller VDSL 0
!
pseudowire-class pwclass2
encapsulation l2tpv3
sequencing both
ip local interface Dialer0
ip pmtu
ip tos reflect
ip ttl 100
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key XXXX address xxx.xxx.xxx.xxx
crypto isakmp keepalive 30 5
!
crypto ipsec transform-set XXXX esp-3des esp-md5-hmac
!
crypto map cMap 10 ipsec-isakmp
set peer xxx.xxx.xxx.xxx
set transform-set XXXX
match address 101
!
bridge irb
!
interface Loopback1
no ip address
!
interface Ethernet0
no ip address
shutdown
no fair-queue
!
interface ATM0
no ip address
ip nat outside
ip virtual-reassembly in
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
interface FastEthernet0
switchport access vlan 2
no ip address
!
!
interface Virtual-Template1
ip unnumbered Loopback1
ppp authentication chap
ppp chap hostname peer2
!
interface Virtual-PPP2
ip unnumbered Loopback1
ppp authentication chap
ppp chap hostname peer2
pseudowire xxx.xxx.xxx.xxx 10 pw-class pwclass2
!
!
interface Vlan2
no ip address
bridge-group 1
bridge-group 1 input-address-list 700
bridge-group 1 output-address-list 700
!
interface Dialer0
ip address XXX.XXX.XXX.XXX 255.255.255.0
no ip redirects
no ip unreachables
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp chap hostname xxxxxx
ppp chap password 0 xxxxxx
ppp ipcp route default
ppp ipcp address accept
no cdp enable
crypto map cMap
!
interface BVI1
ip address 192.168.1.1 255.255.255.0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 100 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route xxx.xxx.xxx.xxx 255.255.255.255 Dialer0
ip route 192.168.1.0 255.255.255.0 Virtual-PPP2
!
access-list 50 deny any log
access-list 100 deny ip 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 permit ip 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 permit tcp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 permit udp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 permit icmp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 deny ip any any
access-list 101 deny tcp any any
access-list 101 deny udp any any
access-list 101 deny icmp any any
access-list 111 deny tcp any any eq telnet
access-list 111 permit ip any any
access-list 700 permit 0000.0000.0000 ffff.ffff.ffff
dialer-list 1 protocol ip permit
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
line aux 0
line vty 0 4
access-class 50 in
exec-timeout 0 0
no login
transport input none
transport output none
!
end
Router 1
Building configuration...
Current configuration : 3629 bytes
!
! Last configuration change at 13:03:49 UTC Thu May 2 2013
! NVRAM config last updated at 13:04:07 UTC Thu May 2 2013
! NVRAM config last updated at 13:04:07 UTC Thu May 2 2013
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname XXXX
!
boot-start-marker
boot-end-marker
!
enable secret 4 pozkvcqXiM/f4AVrqz8PjSI9KxXYqhSXdmI.1yi0uD2
!
no aaa new-model
memory-size iomem 10
!
ip source-route
!
ip cef
no ipv6 cef
l2tp-class l2tpclass2
!
license udi pid CISCO887VA-K9 sn FCZ170690A2
!
controller VDSL 0
!
pseudowire-class pwclass2
encapsulation l2tpv3
sequencing both
ip local interface Dialer0
ip pmtu
ip ttl 100
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key XXXX address xxx.xxx.xxx.xxx
crypto isakmp keepalive 30 5
!
!
crypto ipsec transform-set XXXX esp-3des esp-md5-hmac
!
crypto map cMap 10 ipsec-isakmp
set peer xxx.xxx.xxx.xxx
set transform-set XXXX
match address 101
!
bridge irb
!
interface Loopback1
no ip address
!
interface Ethernet0
no ip address
shutdown
no fair-queue
!
interface ATM0
no ip address
ip virtual-reassembly in
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
interface FastEthernet0
switchport access vlan 2
no ip address
!
interface Virtual-PPP2
ip unnumbered Loopback1
ppp authentication chap
ppp chap hostname peer2
pseudowire xxx.xxx.xxx.xxx 10 pw-class pwclass2
!
interface Vlan2
no ip address
bridge-group 1
bridge-group 1 input-address-list 700
bridge-group 1 output-address-list 700
!
interface Dialer0
ip address xxx.xxx.xxx.xxx 255.255.255.0
no ip redirects
no ip unreachables
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp chap hostname xxxxxx
ppp chap password 0 xxxxxx
ppp ipcp route default
ppp ipcp address accept
no cdp enable
crypto map cMap
!
interface BVI1
ip address 192.168.2.1 255.255.255.0
ip access-group 101 in
no ip unreachables
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 100 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route xxx.xxx.xxx.xxx 255.255.255.255 Dialer0
ip route 192.168.2.0 255.255.255.0 Virtual-PPP2
!
access-list 50 deny any log
access-list 100 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
access-list 101 permit ip 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 permit tcp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 permit udp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 permit icmp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 deny ip any any
access-list 101 deny tcp any any
access-list 101 deny udp any any
access-list 101 deny icmp any any
access-list 111 deny tcp any any eq telnet
access-list 111 permit ip any any
access-list 700 permit 0000.0000.0000 ffff.ffff.ffff
dialer-list 1 protocol ip permit
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
line aux 0
line vty 0 4
access-class 50 in
exec-timeout 0 0
no login
transport input none
transport output none
!
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide