Thanks Philip..i want to extend only one vlan but it  is on L3 switch and currently running. I want to extend this vlan over P2P circuit which is being used to connect my two sites.

5-10 Mb speed over L2tp would be good.

Could you please help me in setting up L2TP for this scenario.

A Cisco 890 series router can do this.  Depending on your Internet connection, I would consider a Cisco 891F (for RJ45 style Internet connection) or a Cisco 897 (has ADSL, VDSL and RJ45 Internet).  You can also order a rack mount bracket for them to nicely rack mount them.

I have previously been able to get up to around 90Mb/s of L2TPv3 throughput using an 890 series router.

The 897 will only be able to trunk one VLAN1.  Because the 891F has to routed WAN ports it can either do a single VLAN, or be an entire

dot1q

trunk.

If you pick a specific model, I can give you the jist of the config (its different depending on weather you do a single vlan on a switch port or use a routed port).

Thanks Philip.. I will use below router, please check license whether it support.

Currently this router is running and one

interface(G0/0)

is connected to Core switch as L3 port. Server vlan  is also configured on core switch.

One

interface(g0/1)

is free which we can use for L2TP.

Please help me with config.

(C2900-UNIVERSALK9-M),Version 15.2(4)M6

-------------------------------------------------
Device#   PID                   SN
-------------------------------------------------
*0        CISCO2921/K9          FGL18261084

Technology Package License Information for Module:'c2900'

-----------------------------------------------------------------
Technology    Technology-package           Technology-package
              Current       Type           Next reboot
------------------------------------------------------------------
ipbase        ipbasek9      Permanent      ipbasek9
security      securityk9    Permanent      securityk9
uc            uck9          Permanent      uck9
data          None          None           None

Configuration register is 0x2102

No, it doesn't have the "data" licence needed to enable L2TP.  You can buy an AppX router for this router to enable it.

Hi Philip..Thanks, I have another Router cisco 1900 which have data license installed. Please see below and share config example.

-------------------------------------------------------------------

Device#   PID                   SN
-------------------------------------------------
*1        CISCO1905/K9          FGL181523XS

Technology Package License Information for Module:'c1900'

------------------------------------------------------------------------
Technology    Technology-package                  Technology-package
              Current              Type           Next reboot
------------------------------------------------------------------------
ipbase        ipbasek9             Permanent      ipbasek9
security      securityk9           Permanent      securityk9
data          datak9               Permanent      datak9
NtwkEss       None                 None           None

Configuration register is 0x2102

That will do.  What are you going to use on the other end?

I should point out the Cisco 890 series (like the 891F) are both cheaper and have higher throughput than the 1905 ..

Hi Philip.. one side I have 1905 router and another side 2911 router with data license. Actually these devices I have already in our office. So need not buy any other devices. Please help me in  setting up the configuration on both end devices.

Please note that Vlan is running on L3 switch before router which I want to extend.

A sample config to go on one end.  a.b.c.d is the public IP address of the remote router.  

10.255.255.2 is the local tunnel interface

and 

10.255.255.1 is the remote tunnel interface

This config will build an encrypted tunnel over the Internet.  Whatever you plug into

Gigabit0/1

will be transported at layer 2 using L2TPv3 over the tunnel to the remote router, and pop out on whatever interface you have configured there.  This must be a "routed" interface (not a switch port), and can not have any other config on it.

This code is based on using IOS 15.4(3)M4.  If you are using an older IOS you will need to weaken the crypto settings.

crypto keyring site-to-site
  pre-shared-key address a.b.c.d key <key>

crypto isakmp policy 1
  encr aes 256
  hash sha256
  authentication pre-share
  group 5
crypto isakmp profile l2tp
  keyring site-to-site
  match identity address a.b.c.d 255.255.255.255 

crypto ipsec transform-set l2tp esp-aes 256 esp-sha256-hmac 
 mode transport

crypto ipsec profile l2tp
 set transform-set l2tp 
 set isakmp-profile l2tp

interface Tunnel1
 ip address 10.255.255.2 255.255.255.252
 tunnel source <outside interface>
 tunnel destination a.b.c.d
 tunnel protection ipsec profile l2tp

l2tp-class site
  hostname l2tp 
  password <password>

pseudowire-class pw-site-site
 encapsulation l2tpv3
 protocol l2tpv3 site
 ip local interface Tunnel1

interface GigabitEthernet0/1
  xconnect 10.255.255.1 1 encapsulation l2tpv3 pw-class pw-site-to-site

Thanks much Philip, so u mean to say, suppose if I want to extend segment

192.168.1.0/24

over L2TP then I need to configure this segment on

interface G0/1

But my this segment configured on core switch SVI interface. So In this case is it possible to extend this segment on other side. 

As this is layer 2, IP addresses mean nothing.

Lets say you wanted to extend VLAN100.  Configure up a port on the switch as an access port in VLAN100 (or a VLAN trunk and allow VLAN100). Then plug this port into

Gig0/1

on the router.

Whatever layer 2 frame goes in

Gig0/1

on the router will pop out the other side.

You should think of L2TP as simply provide a long patch lead.

Hi Philip.. thanks again, so router

G0/1 interface

does not have be any ip address configured? Correct.

Also

interface g0/1

should be..

interface g0/1

no ip address

xconnect .........

OR

interface g0/1.100

encapsulation dot 1q 100

no ip address

xconnect ....

please confirm which config above would work in this case.