[c-nsp] Need help with L2TPv3

Fred Reimer freimer at ctiusa.com
Thu May 22 15:18:55 EDT 2008


It may not bring up the link without a reason to; you might need to generate
some traffic and have both Ethernet ports plugged in...

Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS
Senior Network Engineer
Coleman Technologies, Inc.
954-298-1697


> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Steven Pfister
> Sent: Thursday, May 22, 2008 3:11 PM
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Need help with L2TPv3
> 
> Thanks to all that responded. I've made changes to the config and I can
> ping the other router's ethernet and loopback addresses. The tunnel
> doesn't show up at all now, though. Do I need to have something plugged
> into the ethernet ports with the xconnect statements?
> 
> Steve Pfister
> Technical Coordinator,
> The Office of Information Technology
> Dayton Public Schools
> 115 S. Ludlow St.
> Dayton, OH 45402
> 
> Office (937) 542-3149
> Cell (937) 673-6779
> Direct Connect: 137*131747*8
> Email spfister at dps.k12.oh.us
> 
> 
> >>> "Joe Freeman" <joe at netbyjoe.com> 5/22/2008 2:16 PM >>>
> It looks like you're trying to do an 'ip unnumbered' config on those
> ethernet ports. IP unnumbered only works on p2p interfaces.
> 
> You need to have the interfaces between the two routers numbered and
> static
> routes, or a routing protocol in place to ensure reachability between
> them.
> 
> Also, I'd change the loopback addresses to /32 masks.
> 
> with the configuration you have, I'd also make sure the connection
> between
> the routers is on a different port than the vlans you are trying to
> xconnect
> at layer 2.
> 
> Joe
> 
> On Thu, May 22, 2008 at 1:10 PM, Steven Pfister
> <SPfister at dps.k12.oh.us>
> wrote:
> 
> > No I can't ping the loopbacks. That's been bothering me. I've added
> > 10.2.2.x addresses to the FastEthernet ports (which I thought I had
> problems
> > with earlier) and I can ping those from the other router. And I've
> added
> > static routes for the 10.1.1.x network pointing at the FastEthernet
> > interfaces. Still can't ping the loopback addresses.
> >
> > I thought it was strange, but that's what the sample configs had.
> >
> > Yes, the xconnect statements are on the same interfaces the crossover
> is
> > connected to. I can try adding ethernet ports to each side and see
> what
> > happens.
> >
> > Steve Pfister
> > Technical Coordinator,
> > The Office of Information Technology
> > Dayton Public Schools
> > 115 S. Ludlow St.
> > Dayton, OH 45402
> >
> > Office (937) 542-3149
> > Cell (937) 673-6779
> > Direct Connect: 137*131747*8
> > Email spfister at dps.k12.oh.us
> >
> >
> > >>> "Joe Freeman" <joe at netbyjoe.com> 5/22/2008 2:03 PM >>>
> > Can you ping the loopbacks from the opposite router? There's nothing
> in
> > either config that indicates how traffic flows from one router to the
> > other.
> >
> >
> > You said you're using an ethernet x-over to connect them, but surely
> it's
> > not on the ports on which you've setup xconn statements.
> >
> > Each router must be able to see the other's loop0 ip address for this
> to
> > work.
> >
> > Joe
> >
> > On Thu, May 22, 2008 at 12:37 PM, Steven Pfister
> <SPfister at dps.k12.oh.us>
> > wrote:
> >
> > > The configs are below.
> > >
> > > By the way... whenever I post to this list, I get replies both to
> me and
> > to
> > > the list (so I get two copies). Is this intentional? Just
> curious...
> > >
> > > Thanks!
> > >
> > > --Steve
> > >
> > > ----------
> > > router 1
> > > ----------
> > >
> > > Current configuration : 1374 bytes
> > > !
> > > version 12.3
> > > service timestamps debug datetime msec
> > > service timestamps log datetime msec
> > > no service password-encryption
> > > !
> > > hostname SanFran
> > > !
> > > boot-start-marker
> > > boot-end-marker
> > > !
> > > !
> > > no aaa new-model
> > > !
> > > resource policy
> > > !
> > > memory-size iomem 15
> > > ip subnet-zero
> > > !
> > > !
> > > ip cef
> > > no ip dhcp use vrf connected
> > > !
> > > !
> > > l2tp-class l2-dyn
> > >  password 7 15025C0600722C21
> > >  cookie size 8
> > > !
> > > pseudowire-class pw-dynamic
> > >  encapsulation l2tpv3
> > >  protocol l2tpv3 l2-dyn
> > >  ip local interface Loopback0
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > interface Loopback0
> > >  ip address 10.1.1.102 255.255.255.0
> > > !
> > > interface FastEthernet0/0
> > >  no ip address
> > >  duplex auto
> > >  speed auto
> > >  no cdp enable
> > > !
> > > interface FastEthernet0/0.200
> > >  encapsulation dot1Q 200
> > >  no snmp trap link-status
> > >  no cdp enable
> > >  xconnect 10.1.1.103 33 pw-class pw-dynamic
> > > !
> > > interface FastEthernet0/0.201
> > >  encapsulation dot1Q 201
> > >  no snmp trap link-status
> > >  no cdp enable
> > > !
> > > interface ATM2/0
> > >  no ip address
> > >  shutdown
> > >  no atm ilmi-keepalive
> > >  no scrambling-payload
> > > !
> > > interface ATM2/1
> > >  no ip address
> > >  shutdown
> > >  no atm ilmi-keepalive
> > >  no scrambling-payload
> > > !
> > > interface ATM2/2
> > >  no ip address
> > >  shutdown
> > >  no atm ilmi-keepalive
> > >  no scrambling-payload
> > > !
> > > interface ATM2/3
> > >  no ip address
> > >  shutdown
> > >  no atm ilmi-keepalive
> > >  no scrambling-payload
> > > !
> > > ip http server
> > > !
> > > ip classless
> > > !
> > > !
> > > no cdp run
> > > !
> > > !
> > > control-plane
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > line con 0
> > > line aux 0
> > > line vty 0 4
> > >  login
> > > !
> > > !
> > > end
> > >
> > > ----------
> > > router 2
> > > ----------
> > >
> > > Current configuration : 901 bytes
> > > !
> > > version 12.3
> > > service timestamps debug datetime msec
> > > service timestamps log datetime msec
> > > no service password-encryption
> > > !
> > > hostname NewYork
> > > !
> > > boot-start-marker
> > > boot-end-marker
> > > !
> > > !
> > > no aaa new-model
> > > !
> > > resource policy
> > > !
> > > memory-size iomem 15
> > > ip subnet-zero
> > > !
> > > !
> > > ip cef
> > > no ip dhcp use vrf connected
> > > !
> > > !
> > > l2tp-class l2-dyn
> > >  hostname NewYork
> > >  password 7 0616582B48160E1C
> > >  cookie size 8
> > > !
> > > pseudowire-class pw-dynamic
> > >  encapsulation l2tpv3
> > >  protocol l2tpv3 l2-dyn
> > >  ip local interface Loopback0
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > interface Loopback0
> > >  ip address 10.1.1.103 255.255.255.0
> > > !
> > > interface FastEthernet1/0
> > >  no ip address
> > >  duplex auto
> > >  speed auto
> > >  no cdp enable
> > > !
> > > interface FastEthernet1/0.201
> > >  encapsulation dot1Q 201
> > >  no cdp enable
> > >  xconnect 10.1.1.102 34 pw-class pw-dynamic
> > > !
> > > ip http server
> > > !
> > > ip classless
> > > !
> > > !
> > > no cdp run
> > > !
> > > !
> > > control-plane
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > line con 0
> > > line aux 0
> > > line vty 0 4
> > > !
> > > !
> > > end
> > >
> > > >>> "Fred Reimer" <freimer at ctiusa.com> 5/22/2008 12:21 PM >>>
> > > Yes, with 3845's, post your test config.
> > >
> > >
> > > Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS
> > > Senior Network Engineer
> > > Coleman Technologies, Inc.
> > > 954-298-1697
> > >
> > >
> > > > -----Original Message-----
> > > > From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> > > > bounces at puck.nether.net] On Behalf Of Steven Pfister
> > > > Sent: Thursday, May 22, 2008 12:11 PM
> > > > To: cisco-nsp at puck.nether.net
> > > > Subject: [c-nsp] Need help with L2TPv3
> > > >
> > > > I'm trying to get L2TPv3 figured out to help with a project. I've
> got a
> > > > test network consisting of 2 3640s (which is what is going to be
> used
> > > > as the endpoints of the tunnels in the production network)
> connect by a
> > > > crossover cable. Even using sample configs from the cisco site, I
> can't
> > > > seem to keep the tunnel from going down after about a minutes. I
> think
> > > > it may be an authentication problem.
> > > >
> > > > Does anyone have a working L2TPv3 tunnel between two 3640s?
> > > >
> > > > Thank you!
> > > >
> > > > Steve Pfister
> > > > Technical Coordinator,
> > > > The Office of Information Technology
> > > > Dayton Public Schools
> > > > 115 S. Ludlow St.
> > > > Dayton, OH 45402
> > > >
> > > > Office (937) 542-3149
> > > > Cell (937) 673-6779
> > > > Direct Connect: 137*131747*8
> > > > Email spfister at dps.k12.oh.us
> > > >
> > > >
> > > > _______________________________________________
> > > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > >
> > > Steve Pfister
> > > Technical Coordinator,
> > > The Office of Information Technology
> > > Dayton Public Schools
> > > 115 S. Ludlow St.
> > > Dayton, OH 45402
> > >
> > > Office (937) 542-3149
> > > Cell (937) 673-6779
> > > Direct Connect: 137*131747*8
> > > Email spfister at dps.k12.oh.us
> > >
> > > _______________________________________________
> > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3080 bytes
Desc: not available
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20080522/31fb1ac9/attachment.bin 


More information about the cisco-nsp mailing list