05-03-2013 01:55 AM - edited 03-04-2019 07:48 PM
hi,
PLEASE HELP, I am getting desperate to resolve this. Thanks
I have 2 887va routers which are both connected to an ADSL line and I have set them up to pass layer 2 traffic via L2TP.
I am injecting layer 2 traffic into one of the routers using Colasoft and the PC at the other end os monitoring the traffic with wireshark.
My problem is nothing is coming accross the tunnel, in fact I believe thast the traffic is not even getting to the tunnel as the ports are not set up crrectly.
I have configured the F1 with
# Switchport Access Vlan 200
# no shutdoen
I then connect the ethernet cable to port F1 from the PC and with Debug enabled for L2TP All only the hello traffic is shown.
Please can someone help as I think I am missing something simple.
Thanks.
Building configuration...
Current configuration : 3973 bytes
!
! Last configuration change at 13:03:15 UTC Thu May 2 2013
! NVRAM config last updated at 13:04:17 UTC Thu May 2 2013
! NVRAM config last updated at 13:04:17 UTC Thu May 2 2013
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname XXX
!
boot-start-marker
boot-end-marker
!
enable secret 4 pozkvcqXiM/f4AVrqz8PjSI9KxXYqhSXdmI.1yi0uD2
!
no aaa new-model
memory-size iomem 10
crypto pki token default removal timeout 0
!
ip source-route
!
ip cef
no ipv6 cef
l2tp-class l2tpclass2
authentication
password xxx
!
l2tp-class l
!
vpdn enable
!
vpdn-group vpdngroup1
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname xxxxx
!
license udi pid CISCO887VA-K9 sn FCZ1706908Q
!
controller VDSL 0
!
pseudowire-class pwclass2
encapsulation l2tpv3
sequencing both
ip local interface Dialer0
ip pmtu
ip tos reflect
ip ttl 100
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key xxxx address xxx.xxx.xxx.xxx
crypto isakmp keepalive 30 5
!
!
crypto ipsec transform-set XXX esp-3des esp-md5-hmac
!
crypto map Cmap 10 ipsec-isakmp
set peer xxx.xxx.xxx.xxx
set transform-set XXX
match address 101
!
bridge irb
!
interface Loopback1
no ip address
!
interface Ethernet0
no ip address
shutdown
no fair-queue
!
interface ATM0
no ip address
ip nat outside
ip virtual-reassembly in
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
switchport access vlan 2
no ip address
!
interface FastEthernet1
switchport access vlan 200
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Virtual-Template1
ip unnumbered Loopback1
ppp authentication chap
ppp chap hostname xxxxx
!
interface Virtual-PPP2
ip unnumbered Loopback1
ppp authentication chap
ppp chap hostname xxxxx
pseudowire xxx.xxx.xxx.xxx 10 pw-class pwclass2
!
interface Vlan1
no ip address
ip nat inside
ip virtual-reassembly in
shutdown
!
interface Vlan2
no ip address
bridge-group 1
bridge-group 1 input-address-list 700
bridge-group 1 output-address-list 700
!
interface Vlan200
no ip address
!
interface Dialer0
ip address xxx.xxx.xxx.xxx 255.255.255.0
no ip redirects
no ip unreachables
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp chap hostname xxxx
ppp chap password 0 xxxx
ppp ipcp route default
ppp ipcp address accept
no cdp enable
crypto map Cmap
!
interface Dialer1
no ip address
!
interface Dialer9
no ip address
shutdown
!
interface BVI1
ip address 192.168.1.1 255.255.255.0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 100 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 78.105.250.120 255.255.255.255 Dialer0
ip route 192.168.1.0 255.255.255.0 Virtual-PPP2
!
access-list 50 deny any log
access-list 100 deny ip 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 permit ip 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 permit tcp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 permit udp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 permit icmp 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 101 deny ip any any
access-list 101 deny tcp any any
access-list 101 deny udp any any
access-list 101 deny icmp any any
access-list 111 deny tcp any any eq telnet
access-list 111 permit ip any any
access-list 700 permit 0000.0000.0000 ffff.ffff.ffff
dialer-list 1 protocol ip permit
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
line aux 0
line vty 0 4
access-class 50 in
exec-timeout 0 0
no login
transport input none
transport output none
!
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide