08-26-2019 02:12 PM
Hi
I need to do 802.1q over l2tpv3 to another location which we only have L3 connection to.
I read this posts which have this link but this seems not to exist any more
Really Appreciate any hint
08-27-2019 02:17 AM - edited 08-27-2019 02:18 AM
Hello Mailech,
for supporting 802.1Q trunking over L2TPv3 you need to configure the xconnect at physical interface level
int gi0/0
xconnect 1.1.1.1 ...
vlan based L2TVP3 has the xconnect applied to a Vlan based subinterface and in this case only frames of vlan-id 100 would be carried.
int gi0/0.100
enc dot1q 100
xconnect 1.1.1.1
Note:
You need to limit the list of allowed Vlans on the switch connecting to the router access link to avoid to carry unwanted Vlans.
Hope to help
Giuseppe
08-27-2019 01:30 PM
Hi I replied to the notification email but i am not sure if that comes through.
If not here is my reply.
Hi Giuseppe
Appreciate your kind reply and promptly.
Here is my Complete Config and Topology Attached.
Pre Explanation.
The Idea is to have a backup over satellite through the internet of our current L2 traffic from the Branch Office.
If you note the red lines are the current topology through a domestic fibre. Now we have a L3 reachability through the internet over a new satellite link, we want to make a L2 backup on top of that L3 link.
Then we will enable Spanning Tree on the L2 switches at both ends to do the automatic failover with the current domestic fibre as the primary where all VLANs will be forward on that port while blocked on the path to the satellite. As soon as fibre down, spanning tree will change the L2 topology and forward traffic on the link toward the satellite.
I hope I make my case clear.
Current Config.
Head Office Config
L3 Cisco ME3600X .
l2tp-class L2TP.CLASS
authentication
password 7 0008411214151D55
pseudowire-class L2TP.PW
encapsulation l2tpv3
protocol l2tpv3 L2TP.CLASS
ip local interface Loopback175
interface Loopback175
description ***L2TPV3 ***
vrf forwarding NAME
ip address A.B.C.D 255.255.255.248
no ip unreachables
no ip proxy-arp
end
interface GigabitEthernet0/11
description ***L2TP ***
no switchport
no ip address
no keepalive
xconnect W.X.Y.Z encapsulation l2tpv3 pw-class L2TP.PW
L2 Switche at the Head Office Port Connected to interface GigabitEthernet0/11 above
interface GigabitEthernet0/11
description ***L2TP Trunk to Branch Office***
switchport trunk allowed vlan A
switchport mode trunk
interface GigabitEthernet0/12
description ***VLAN A Test to Branch Office***
switchport mode access
switchport access vlan A
Branch Office Config
L3 Cisco ME3600X .
l2tp-class L2TP.CLASS
authentication
password 7 0008411214151D55
pseudowire-class L2TP.PW
encapsulation l2tpv3
protocol l2tpv3 L2TP.CLASS
ip local interface G0/1
interface G0/1
description ***L2TPV3 ***
vrf forwarding NAME
ip address W.X.Y.Z 255.255.255.248
no ip unreachables
no ip proxy-arp
end
interface GigabitEthernet0/3
description ***L2TP ***
no switchport
no ip address
no keepalive
xconnect A.B.C.D encapsulation l2tpv3 pw-class L2TP.PW
L2 Switche at the Branch Office Port Connected to interface GigabitEthernet0/3 above
interface FastEthernet1/0/1
description ***L2 VLAN Test to Tonga***
switchport trunk encapsulation dot1q
switchport trunk allowed vlan A
switchport mode trunk
interface FastEthernet1/0/2
description ***VLAN A Test Head Office***
switchport mode access
switchport access vlan A
If you note o attached a PC to both ends and assign ip address to them and try to ping . I cannot at the moment.
Also Please note on the L3 Cisco ME3600X on the Head Office is using VRF, should I add more config regarding that …
Appreciate your kind help and support.
08-28-2019 12:16 AM - edited 08-28-2019 12:18 AM
Hello Maileh,
>> Also Please note on the L3 Cisco ME3600X on the Head Office is using VRF, should I add more config regarding that …
I don't know if L2TPv3 is supported over VRF interfaces. According to the config samples you have attached you are using a VRF also on the branch site ME3600X switch.
You need a complete end to end topology in vrf NAME to be able to setup the L2TPv3 pseudowire.
To check this use
ping vrf NAME <remote-loopback-address> source <local-loopback-address>
if this ping does not work the L2TPv3 session cannot come up.
Hope to help
Giuseppe
08-28-2019 04:46 AM
Hi
The ping worked and tunnel is up but no traffic pass through with the config i previously attached.
Do you think my setup should work
08-28-2019 05:06 AM
Hello maileh,
>> Do you think my setup should work
Without involving a VRF it should work. if you can make a test without the VRF on both sides you should see the feature working.
Hope to help
Giuseppe
08-28-2019 03:54 PM
I Have remove the VRF but it still the same
Here is one tunnel end command
ha-cs2#sh l2tun tunnel all
L2TP Tunnel Information Total tunnels 1 sessions 1
Tunnel id 358036468 is up, remote id is 1785436174, 1 active sessions
Remotely initiated tunnel
Tunnel state is established, time since change 00:41:16
Tunnel transport is IP (115)
Remote tunnel name is vu-cs2
Internet Address Site A, port 0
Local tunnel name is ha-cs2
Internet Address Site B, port 0
L2TP class for tunnel is L2TP.CLASS
Counters, taking last clear into account:
132 packets sent, 412 received
49354 bytes sent, 91512 received
Last clearing of counters never
Counters, ignoring last clear:
132 packets sent, 412 received
49354 bytes sent, 91512 received
Control Ns 46, Nr 13
Local RWS 1024 (default), Remote RWS 1024
Control channel Congestion Control is disabled
Tunnel PMTU checking disabled
Retransmission time 1, max 1 seconds
Unsent queuesize 0, max 0
Resend queuesize 0, max 1
Total resends 3, ZLB ACKs sent 10
Total out-of-order dropped pkts 0
Total out-of-order reorder pkts 0
Total peer authentication failures 0
Current no session pak queue check 0 of 5
Retransmit time distribution: 0 3 0 0 0 0 0 0 0
Control message authentication is disabled
If you see some packet being send to and fro but i cant ping from PC as in the previous topology
08-29-2019 01:34 PM
some posts says the feature is not support on Cisco ME3600X , but all commands is accepted and also the tunnel is up and normal except the packet is not pass through the l2tp tunnel.
Does this has to do with MTU or some kind of setting i totally overlooked.
Also note the same switch (Head Office L3 Cisco ME3600X) is part of our Core MPLS Netowrk which hasMPLS L2VPN which are perfectly working except they are not L2TP ...
08-29-2019 02:28 PM
08-30-2019 02:50 AM
Hello maileh,
I have used also the ME 3600X with MPLS L2VPN with good results
L2TPv3 is actually an alternative to MPLS L2VPN for point to point L2 transport over an IP only network (MPLS not enabled).
in the datasheet L2TP is mentioned and not L2TPv3
L2TPv3 is actually an alternative to MPLS L2VPN for point to point L2 transport over an IP only network (MPLS not enabled).
the datasheet mentions L2TP and not L2TPv3
see
But L2TPv2 would make no sense on a switch
You should check on feature navigator using your IOS XE image name to see if L2TPv3 should be supported or not
Hope to help
Giuseppe
08-30-2019 03:03 AM
Hi
So you are saying according to documents i should use L2TP instead of L2TPv3 encapsulation
08-30-2019 03:11 AM
since this is not a point to point link ...its not an option right ???
i should look to EoMPLSoGRE
08-30-2019 06:57 AM
Hello,
if you want to connect only two locations it is a point to point transport service even if the underlying network uses LAN interfaces.
also EoMPLS is point to point.
I don't know if EoMPLS over GRE is supported.
If it is, you need to take care of the MTU on the links between the two locations.
It should be great enough to avoid fragmentation of resulting EoMPLS over GRE packets to avoid performance issues,
Hope to help
Giuseppe
08-30-2019 04:50 PM
Hi
Actually there are two sites we need to back haul to the main site.
I still try to figure out how this L2TP works.
Is it the same LAN on the router that l2tp tunnel is configured suppose to backhaul over the tunnel. Or my scenario should still work since it is not a point to point link between the two site.
09-01-2019 08:58 PM
Hi LArosa
Finally it is working.
I hate to say Cisco ME3600X actually suppport the commands but still i am not sure why no traffic was pass through.
Anyway i migrate the L2TP to both Cisco ASR 1000 router and it works like charm.
Thanks for help .
Now on to real environment.
Do you think we can add ipsec later on if everything is working ok.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide