Hi I replied to the notification email but i am not sure if that comes through.

If not here is my reply.

Hi Giuseppe

Appreciate your kind reply and promptly.

Here is my Complete Config  and Topology Attached.

Pre Explanation.

The Idea is to have a backup over satellite through the internet of our current L2 traffic from the Branch Office.

If you note the red lines are the current topology through a domestic fibre. Now we have a L3 reachability through the internet over a new satellite link, we want to make a L2 backup on top of that L3 link.

Then we will enable Spanning Tree on the L2 switches at both ends to do the automatic failover with the current domestic fibre as the primary where all VLANs will be forward on that port while blocked on the path to the satellite. As soon as fibre down, spanning tree will change the L2 topology and forward traffic on the link toward the satellite.

I hope I make my case clear.

Current Config.

Head Office Config

L3 Cisco ME3600X .

l2tp-class L2TP.CLASS

authentication

password 7 0008411214151D55

pseudowire-class L2TP.PW

encapsulation l2tpv3

protocol l2tpv3 L2TP.CLASS

ip local interface Loopback175

interface Loopback175

description ***L2TPV3 ***

vrf forwarding NAME

ip address A.B.C.D 255.255.255.248

no ip unreachables

no ip proxy-arp

end

interface GigabitEthernet0/11

description ***L2TP ***

no switchport

no ip address

no keepalive

xconnect W.X.Y.Z encapsulation l2tpv3 pw-class L2TP.PW

L2 Switche at the Head Office Port  Connected to interface GigabitEthernet0/11 above

interface GigabitEthernet0/11

description ***L2TP Trunk to Branch Office***

switchport trunk allowed vlan A

switchport mode trunk

interface GigabitEthernet0/12

description ***VLAN A Test to Branch Office***

switchport mode access

switchport access vlan A

Branch Office Config

L3 Cisco ME3600X .

l2tp-class L2TP.CLASS

authentication

password 7 0008411214151D55

pseudowire-class L2TP.PW

encapsulation l2tpv3

protocol l2tpv3 L2TP.CLASS

ip local interface G0/1

interface G0/1

description ***L2TPV3 ***

vrf forwarding NAME

ip address W.X.Y.Z 255.255.255.248

no ip unreachables

no ip proxy-arp

end

interface GigabitEthernet0/3

description ***L2TP ***

no switchport

no ip address

no keepalive

xconnect A.B.C.D encapsulation l2tpv3 pw-class L2TP.PW

L2 Switche at the Branch Office Port  Connected to interface GigabitEthernet0/3 above

interface FastEthernet1/0/1

description ***L2 VLAN Test to Tonga***

switchport trunk encapsulation dot1q

switchport trunk allowed vlan A

switchport mode trunk

interface FastEthernet1/0/2

description ***VLAN A Test Head Office***

switchport mode access

switchport access vlan A

If you note o attached a PC to both ends and assign ip address to them and try to ping . I cannot at the moment.

Also Please note on the L3 Cisco ME3600X on the Head Office is using VRF, should I add more config regarding that …

Appreciate your kind help and support.

Hello Maileh,

>> Also Please note on the L3 Cisco ME3600X on the Head Office is using VRF, should I add more config regarding that …

I don't know if L2TPv3 is supported over VRF interfaces. According to the config samples you have attached you are using a VRF also on the branch site ME3600X switch.

You need a complete end to end topology in vrf NAME to be able to setup the L2TPv3 pseudowire.

To check this use

ping vrf NAME <remote-loopback-address> source <local-loopback-address>

if this ping does not work the L2TPv3 session cannot come up.

Hope to help

Giuseppe

Hi

The ping worked and tunnel is up but no traffic pass through with the config i previously attached.

Do you think my setup should work

Hello maileh,

>> Do you think my setup should work

Without involving a VRF it should work. if you can make a test without the VRF on both sides you should see the feature working.

Hope to help

Giuseppe

I Have remove the VRF but it still the same

Here is one tunnel end command

ha-cs2#sh l2tun tunnel all

L2TP Tunnel Information Total tunnels 1 sessions 1

Tunnel id 358036468 is up, remote id is 1785436174, 1 active sessions
Remotely initiated tunnel
Tunnel state is established, time since change 00:41:16
Tunnel transport is IP (115)
Remote tunnel name is vu-cs2
Internet Address Site A, port 0
Local tunnel name is ha-cs2
Internet Address Site B, port 0
L2TP class for tunnel is L2TP.CLASS
Counters, taking last clear into account:
132 packets sent, 412 received
49354 bytes sent, 91512 received
Last clearing of counters never
Counters, ignoring last clear:
132 packets sent, 412 received
49354 bytes sent, 91512 received
Control Ns 46, Nr 13
Local RWS 1024 (default), Remote RWS 1024
Control channel Congestion Control is disabled
Tunnel PMTU checking disabled
Retransmission time 1, max 1 seconds
Unsent queuesize 0, max 0
Resend queuesize 0, max 1
Total resends 3, ZLB ACKs sent 10
Total out-of-order dropped pkts 0
Total out-of-order reorder pkts 0
Total peer authentication failures 0
Current no session pak queue check 0 of 5
Retransmit time distribution: 0 3 0 0 0 0 0 0 0
Control message authentication is disabled

If you see some packet being send to and fro but i cant ping from PC as in the previous topology

some posts says the feature is not  support on Cisco ME3600X , but all commands is accepted and also the tunnel is up and normal except the packet is not pass through the l2tp tunnel.

Does this has to do with MTU or some kind of setting i totally overlooked.

Also note the same switch (Head Office L3 Cisco ME3600X)  is part of our Core MPLS Netowrk which hasMPLS  L2VPN which are perfectly working except they are not L2TP ...

Attached is the Tunnel ID couter.

If you note there are Drop packets .

Please advice

Hello maileh,

I have used also the ME 3600X with MPLS L2VPN with good results

L2TPv3 is actually an alternative to MPLS L2VPN for point to point L2 transport over an IP only network (MPLS not enabled).

in the datasheet L2TP is mentioned and not L2TPv3

L2TPv3 is actually an alternative to MPLS L2VPN for point to point L2 transport over an IP only network (MPLS not enabled).

the datasheet mentions L2TP and not L2TPv3

see

https://www.cisco.com/c/en/us/products/collateral/switches/me-3600x-series-ethernet-access-switches/data_sheet_c78-601946.html?dtid=osscdc000283

But L2TPv2 would make no sense on a switch

You should check on feature navigator using your IOS XE image name to see if L2TPv3 should be supported or not

Hope to help

Giuseppe

Hi

So you are saying according to documents i should use L2TP instead of L2TPv3 encapsulation

since this is not a point to point link ...its not an option right ???

i should look to EoMPLSoGRE

Hello,

if you want to connect only two locations it is a point to point transport service even if the underlying network uses LAN interfaces.

also EoMPLS is point to point.

I don't know if EoMPLS over GRE is supported.

If it is, you need to take care of the MTU on the links between the two locations.

It should be great enough to avoid fragmentation of resulting EoMPLS over GRE packets to avoid performance issues,

Hope to help

Giuseppe

Hi

Actually there are two sites we need to back haul to the main site.

I still try to figure out how this L2TP works.

Is it the same LAN on the router that l2tp tunnel is configured suppose to backhaul over the tunnel. Or my scenario should still work since it is not a point to point link between the two site.

Hi LArosa

Finally it is working.

I hate to say Cisco ME3600X actually suppport the commands but still i am not sure why no traffic was pass through.

Anyway i migrate the L2TP to both Cisco ASR 1000 router and it works like charm.

Thanks for help .

Now on to real environment.

Do you think we can add ipsec later on if everything is working ok.