[c-nsp] Need some help troubleshooting l2tpv3 tunnel
Fred Reimer
freimer at ctiusa.com
Fri Jun 13 11:42:21 EDT 2008
Although it may work with an interface address, you are really supposed
to create a loopback interface for the L2TPv3 tunnels, and point to the
other side loopback address in your xconnect statements. You would also
obviously need a route to the other end loopback addresses, either using
a dynamic protocol or just via a static route. Also, on the remote side
you have an address on the main interface, and then an xconnect on a
sub-interface. I'm not sure that is a valid configuration. The L2TPv3
tunnels I've used have one physical interface out of which the L2TPv3
encapsulated packets travel to the remote destination, and another
physical interface on which there are multiple (50+) subinterfaces
(encaps dot1q xxx) with xconnects on them, plus a sub-interface with an
assigned IP address (not on the main interface, and not an xconnect).
Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS
Senior Network Engineer
Coleman Technologies, Inc.
954-298-1697
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Steven Pfister
Sent: Friday, June 13, 2008 9:28 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Need some help troubleshooting l2tpv3 tunnel
I've got a project I'm trying to use an l2tpv3 tunnel for. The tunnel
seems to establish just fine, but it doesn't seem to do quite what I
expected it to do. I'm trying to access vlans on a remote site that's
connected via ATM. The remote side is connected by a 3640 router, plus a
8510 switch. On the local side, I've got another 3640, plus a 3500
switch.
As a possible clue, doing a 'show vlans' shows many packets output, but
only a few input on the local side. On the remote side, the counts are
zero in and out.
Here is a piece of the config on both sides. There is a vlan 77 on the
network connected to f0/0 on the remote side that I'd like to be able to
assign to the network connected to f0/0 on the local side.
Thanks!
--Steve
===========
remote side
===========
l2tp-class l2-dyn
hostname ABC
password <password>
cookie size 8
!
pseudowire-class pw-dynamic
encapsulation l2tpv3
protocol l2tpv3 l2-dyn
ip local interface FastEthernet0/0
!
interface FastEthernet0/0
ip address 10.77.0.1 255.255.0.0
no ip redirects
no ip proxy-arp
ip pim sparse-mode
ip route-cache flow
speed 100
full-duplex
!
interface FastEthernet0/0.77
encapsulation dot1Q 77
no snmp trap link-status
no cdp enable
xconnect 10.52.0.10 77 pw-class pw-dynamic
!
interface ATM1/0.2 multipoint
bandwidth 2284
ip address 10.99.60.77 255.255.255.0
ip pim sparse-mode
no ip mroute-cache
pvc data 0/277
protocol ip 10.99.60.1 broadcast
ubr 2284
broadcast
encapsulation aal5snap
!
!
==========
local side
==========
l2tp-class l2-dyn
hostname ADM
password <password>
cookie size 8
!
pseudowire-class pw-dynamic
encapsulation l2tpv3
protocol l2tpv3 l2-dyn
ip local interface FastEthernet0/0
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.77
encapsulation dot1Q 77
no snmp trap link-status
no cdp enable
xconnect 10.77.0.1 77 pw-class pw-dynamic
!
interface FastEthernet2/0
no ip address
no ip redirects
no ip proxy-arp
ip pim sparse-mode
duplex auto
speed auto
!
interface FastEthernet2/0.52
encapsulation dot1Q 52 native
ip address 10.52.0.10 255.255.0.0
no snmp trap link-status
!
Steve Pfister
Technical Coordinator,
The Office of Information Technology
Dayton Public Schools
115 S. Ludlow St.
Dayton, OH 45402
Office (937) 542-3149
Cell (937) 673-6779
Direct Connect: 137*131747*8
Email spfister at dps.k12.oh.us
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list