cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1657
Views
0
Helpful
6
Replies

layer 2 traffic from host to router. 887va

dannymcca
Level 1
Level 1

Hi,

i have set up a layer 2 tunnel on my 887va router and the traffic transmits accross this to my second 887va. unfortunately, I do not seem able to get the layer 2 traffic from my host PC and down the tunnel.

I believe the problem to be the router settings for the fastethernet aqnd forwarding this data out of the dialer port.

I am now desperate to resolve this as all of my attempts have failed, I believe this is something very simple I am missing. PLEASE HELP.

Here is my config:

Building configuration...

Current configuration : 3973 bytes

!

! Last configuration change at 13:03:15 UTC Thu May 2 2013

! NVRAM config last updated at 13:04:17 UTC Thu May 2 2013

! NVRAM config last updated at 13:04:17 UTC Thu May 2 2013

version 15.1

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname XXX

!

boot-start-marker

boot-end-marker

!

enable secret 4 pozkvcqXiM/f4AVrqz8PjSI9KxXYqhSXdmI.1yi0uD2

!

no aaa new-model

memory-size iomem 10

crypto pki token default removal timeout 0

!   

ip source-route

!        

ip cef

no ipv6 cef

l2tp-class l2tpclass2

authentication

password xxx

!        

l2tp-class l

!        

vpdn enable

!        

vpdn-group vpdngroup1

accept-dialin

  protocol l2tp

  virtual-template 1

terminate-from hostname xxxxx

!        

license udi pid CISCO887VA-K9 sn FCZ1706908Q

!        

controller VDSL 0

!

pseudowire-class pwclass2

encapsulation l2tpv3

sequencing both

ip local interface Dialer0

ip pmtu 

ip tos reflect

ip ttl 100

!

!        

!

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

group 2 

crypto isakmp key xxxx address xxx.xxx.xxx.xxx

crypto isakmp keepalive 30 5

!

!        

crypto ipsec transform-set XXX esp-3des esp-md5-hmac

!        

crypto map Cmap 10 ipsec-isakmp

set peer xxx.xxx.xxx.xxx

set transform-set XXX

match address 101

!

bridge irb

!

interface Loopback1

no ip address

!

interface Ethernet0

no ip address

shutdown

no fair-queue

!        

interface ATM0

no ip address

ip nat outside

ip virtual-reassembly in

no atm ilmi-keepalive

pvc 0/38

  encapsulation aal5mux ppp dialer

  dialer pool-member 1

!

!        

interface FastEthernet0

switchport access vlan 2

no ip address

!        

interface FastEthernet1

switchport access vlan 200

no ip address

!

interface FastEthernet2

no ip address

!        

interface FastEthernet3

no ip address

!

interface Virtual-Template1

ip unnumbered Loopback1

ppp authentication chap

ppp chap hostname xxxxx

!        

interface Virtual-PPP2

ip unnumbered Loopback1

ppp authentication chap

ppp chap hostname xxxxx

pseudowire xxx.xxx.xxx.xxx 10 pw-class pwclass2

!        

interface Vlan1

no ip address

ip nat inside

ip virtual-reassembly in

shutdown

!        

interface Vlan2

no ip address

bridge-group 1

bridge-group 1 input-address-list 700

bridge-group 1 output-address-list 700

!        

interface Vlan200

no ip address

!        

interface Dialer0

ip address xxx.xxx.xxx.xxx 255.255.255.0

no ip redirects

no ip unreachables

ip mtu 1492

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

ppp authentication chap callin

ppp chap hostname xxxx

ppp chap password 0 xxxx

ppp ipcp route default

ppp ipcp address accept

no cdp enable

crypto map Cmap

!

interface Dialer1

no ip address

!        

interface Dialer9

no ip address

shutdown

!        

interface BVI1

ip address 192.168.1.1 255.255.255.0

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

ip nat inside source list 100 interface Dialer0 overload

ip route 0.0.0.0 0.0.0.0 Dialer0

ip route 78.105.250.120 255.255.255.255 Dialer0

ip route 192.168.1.0 255.255.255.0 Virtual-PPP2

!        

access-list 50 deny   any log

access-list 100 deny   ip 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255

access-list 100 permit ip 192.168.1.0 0.0.0.255 any

access-list 101 permit ip 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255

access-list 101 permit tcp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255

access-list 101 permit udp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255

access-list 101 permit icmp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255

access-list 101 deny   ip any any

access-list 101 deny   tcp any any

access-list 101 deny   udp any any

access-list 101 deny   icmp any any

access-list 111 deny   tcp any any eq telnet

access-list 111 permit ip any any

access-list 700 permit 0000.0000.0000   ffff.ffff.ffff

dialer-list 1 protocol ip permit

!        

bridge 1 protocol ieee

bridge 1 route ip

!        

line con 0

line aux 0

line vty 0 4

access-class 50 in

exec-timeout 0 0

no login

transport input none

transport output none

!

end      

6 Replies 6

paolo bevilacqua
Hall of Fame
Hall of Fame

What is the reason why you need layer 2 instead of regular IP ?

Hi,

I have a Web Ranger which only ouputs the data in layer 2 format.

Thanks..

I don't know if you are referring to the following.

http://www.data-connect.com/RAD_WEB_RANGER.htm

If yes, that is a regular router, if not, please explain.

Hi Danny,

It is hard to say what is wrong with your setup without running debug commands. I have set up a lab with one C887va and one C888E, and successfully running L2TPv3. The relevant part of the config in C887 is as follows. I am using advipservices: c880data-universalk9-mz.152-1.T.bin.

------------------------

l2tp-class L2_CL

hello 10

password 7 02050D480809  !----->same on both ends

cookie size 8

!

pseudowire-class L2TPv3_PS

encapsulation l2tpv3

interworking ethernet  !---->you missed this in your config

protocol l2tpv3 L2_CL

ip local interface Ethernet0.10   !---->source layer3 interface

ip dfbit set

!

interface Vlan1

xconnect A.B.C.D 100 encapsulation l2tpv3 pw-class L2TPv3_PS  !----->destination IP address

----------------------------------------

The following commands can be used for checking:

show xconne all detail

show l2tp session

show l2tp tunnel

Hope this be helpful to you.

Hi,

I have made the changes, however, my traffic still will not go down the tunnel.

Is there any debug statements that will show me layer 2/ethernet traffic entering the router and if it is being filtered?

I think the tunnel is working but my traffic is not getting that far.

Please can you advise whether there is a debug statement that shows layer 2 traffic within the router not the tunnel.

Below is the output from she show L2TP command - I am correct in assuming that this is working aren't I?

Thanks,

Danny

The debug L2TP gives the following output:

L2TP Tunnel and Session Information Total tunnels 1 sessions 1

LocTunID   RemTunID   Remote Name   State  Remote Address  Sessn L2TP Class/

                                                           Count VPDN Group

2429948526 1313898432 routername    est   xxx.xxx.xxx.xxx  1     l2tp_default_cl

LocID      RemID      TunID      Username, Intf/      State  Last Chg Uniq ID 

                                 Vcid, Circuit                                

2707157308 3583248854 2429948526 10, Vp2              est    06:41:26 1   

Hi Danny,

Can you ping between the source and destination IP's used by the l2tpv3 tunnel?

try using the following debugs:

debug vpdn l2x-events

debug vpdn l2x-packets

"show l2tp session all" shows the counters that also tell you if the traffic is going through the tunnel.

------------------------------------------------------------------------------------------------------

sh l2tp session all

L2TP Session Information Total tunnels 1 sessions 1

Session id 34342 is up, tunnel id 15973    
  Remote session id is 2976301299, remote tunnel id 2129208375
  Locally initiated session
Call serial number is 2336700001
Remote tunnel name is XXXXX
  Internet address is 10.93.2.1
Local tunnel name is XXXXX

  Internet address is 10.248.119.26
IP protocol 115
  Session is L2TP signaled
  Session state is established, time since change 7w3d
    151216258 Packets sent, 36833387 received
    775473738 Bytes sent, 3111073773 received
  Last clearing of counters never
  Counters, ignoring last clear:
    151216258 Packets sent, 36833387 received
    775473738 Bytes sent, 3111073773 received
    Receive packets dropped:
      out-of-order:             0
      total:                    0
    Send packets dropped:
      exceeded session MTU:     0
      total:                    0
  DF bit on, ToS reflect disabled, ToS value 0, TTL value 255
  Sending UDP checksums are disabled
  Receiving UDP checksums are verified
  Session cookie information:
    local cookie, size 8 bytes, value 27 34 0A F5 41 17 93 3B
    remote cookie, size 8 bytes, value C2 FC D6 C0 B3 CD 77 1F
  FS cached header information:
    encap size = 32 bytes
    45000014 00004000 FF73ED06 0AF8771A
    0A5D0201 B166C0F3 C2FCD6C0 B3CD771F
   
  Sequencing is off
  Conditional debugging is disabled
  SSM switch id is 4097, SSM segment id is 8195
  Unique ID is 5
Session Layer 2 circuit, type is Ethernet, name is FastEthernet0/1
  Session vcid is 100
  Circuit state is UP
    Local circuit state is UP
    Remote circuit state is UP

------------------------------------------------------------------------------------------------------------------------

regards.

Review Cisco Networking for a $25 gift card