[c-nsp] Need help with L2TPv3

Steven Pfister SPfister at dps.k12.oh.us
Thu May 22 15:25:58 EDT 2008 

Yes, I should have known... connecting switches to the routers brought the tunnel up and I think everything is OK now...

Thanks to all who responded!

Steve Pfister
Technical Coordinator, 
The Office of Information Technology
Dayton Public Schools
115 S. Ludlow St. 
Dayton, OH 45402
 
Office (937) 542-3149
Cell (937) 673-6779
Direct Connect: 137*131747*8
Email spfister at dps.k12.oh.us


>>> "Fred Reimer" <freimer at ctiusa.com> 5/22/2008 3:18 PM >>>
It may not bring up the link without a reason to; you might need to generate
some traffic and have both Ethernet ports plugged in...

Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS
Senior Network Engineer
Coleman Technologies, Inc.
954-298-1697


> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Steven Pfister
> Sent: Thursday, May 22, 2008 3:11 PM
> To: cisco-nsp at puck.nether.net 
> Subject: Re: [c-nsp] Need help with L2TPv3
> 
> Thanks to all that responded. I've made changes to the config and I can
> ping the other router's ethernet and loopback addresses. The tunnel
> doesn't show up at all now, though. Do I need to have something plugged
> into the ethernet ports with the xconnect statements?
> 
> Steve Pfister
> Technical Coordinator,
> The Office of Information Technology
> Dayton Public Schools
> 115 S. Ludlow St.
> Dayton, OH 45402
> 
> Office (937) 542-3149
> Cell (937) 673-6779
> Direct Connect: 137*131747*8
> Email spfister at dps.k12.oh.us 
> 
> 
> >>> "Joe Freeman" <joe at netbyjoe.com> 5/22/2008 2:16 PM >>>
> It looks like you're trying to do an 'ip unnumbered' config on those
> ethernet ports. IP unnumbered only works on p2p interfaces.
> 
> You need to have the interfaces between the two routers numbered and
> static
> routes, or a routing protocol in place to ensure reachability between
> them.
> 
> Also, I'd change the loopback addresses to /32 masks.
> 
> with the configuration you have, I'd also make sure the connection
> between
> the routers is on a different port than the vlans you are trying to
> xconnect
> at layer 2.
> 
> Joe
> 
> On Thu, May 22, 2008 at 1:10 PM, Steven Pfister
> <SPfister at dps.k12.oh.us>
> wrote:
> 
> > No I can't ping the loopbacks. That's been bothering me. I've added
> > 10.2.2.x addresses to the FastEthernet ports (which I thought I had
> problems
> > with earlier) and I can ping those from the other router. And I've
> added
> > static routes for the 10.1.1.x network pointing at the FastEthernet
> > interfaces. Still can't ping the loopback addresses.
> >
> > I thought it was strange, but that's what the sample configs had.
> >
> > Yes, the xconnect statements are on the same interfaces the crossover
> is
> > connected to. I can try adding ethernet ports to each side and see
> what
> > happens.
> >
> > Steve Pfister
> > Technical Coordinator,
> > The Office of Information Technology
> > Dayton Public Schools
> > 115 S. Ludlow St.
> > Dayton, OH 45402
> >
> > Office (937) 542-3149
> > Cell (937) 673-6779
> > Direct Connect: 137*131747*8
> > Email spfister at dps.k12.oh.us 
> >
> >
> > >>> "Joe Freeman" <joe at netbyjoe.com> 5/22/2008 2:03 PM >>>
> > Can you ping the loopbacks from the opposite router? There's nothing
> in
> > either config that indicates how traffic flows from one router to the
> > other.
> >
> >
> > You said you're using an ethernet x-over to connect them, but surely
> it's
> > not on the ports on which you've setup xconn statements.
> >
> > Each router must be able to see the other's loop0 ip address for this
> to
> > work.
> >
> > Joe
> >
> > On Thu, May 22, 2008 at 12:37 PM, Steven Pfister
> <SPfister at dps.k12.oh.us>
> > wrote:
> >
> > > The configs are below.
> > >
> > > By the way... whenever I post to this list, I get replies both to
> me and
> > to
> > > the list (so I get two copies). Is this intentional? Just
> curious...
> > >
> > > Thanks!
> > >
> > > --Steve
> > >
> > > ----------
> > > router 1
> > > ----------
> > >
> > > Current configuration : 1374 bytes
> > > !
> > > version 12.3
> > > service timestamps debug datetime msec
> > > service timestamps log datetime msec
> > > no service password-encryption
> > > !
> > > hostname SanFran
> > > !
> > > boot-start-marker
> > > boot-end-marker
> > > !
> > > !
> > > no aaa new-model
> > > !
> > > resource policy
> > > !
> > > memory-size iomem 15
> > > ip subnet-zero
> > > !
> > > !
> > > ip cef
> > > no ip dhcp use vrf connected
> > > !
> > > !
> > > l2tp-class l2-dyn
> > >  password 7 15025C0600722C21
> > >  cookie size 8
> > > !
> > > pseudowire-class pw-dynamic
> > >  encapsulation l2tpv3
> > >  protocol l2tpv3 l2-dyn
> > >  ip local interface Loopback0
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > interface Loopback0
> > >  ip address 10.1.1.102 255.255.255.0
> > > !
> > > interface FastEthernet0/0
> > >  no ip address
> > >  duplex auto
> > >  speed auto
> > >  no cdp enable
> > > !
> > > interface FastEthernet0/0.200
> > >  encapsulation dot1Q 200
> > >  no snmp trap link-status
> > >  no cdp enable
> > >  xconnect 10.1.1.103 33 pw-class pw-dynamic
> > > !
> > > interface FastEthernet0/0.201
> > >  encapsulation dot1Q 201
> > >  no snmp trap link-status
> > >  no cdp enable
> > > !
> > > interface ATM2/0
> > >  no ip address
> > >  shutdown
> > >  no atm ilmi-keepalive
> > >  no scrambling-payload
> > > !
> > > interface ATM2/1
> > >  no ip address
> > >  shutdown
> > >  no atm ilmi-keepalive
> > >  no scrambling-payload
> > > !
> > > interface ATM2/2
> > >  no ip address
> > >  shutdown
> > >  no atm ilmi-keepalive
> > >  no scrambling-payload
> > > !
> > > interface ATM2/3
> > >  no ip address
> > >  shutdown
> > >  no atm ilmi-keepalive
> > >  no scrambling-payload
> > > !
> > > ip http server
> > > !
> > > ip classless
> > > !
> > > !
> > > no cdp run
> > > !
> > > !
> > > control-plane
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > line con 0
> > > line aux 0
> > > line vty 0 4
> > >  login
> > > !
> > > !
> > > end
> > >
> > > ----------
> > > router 2
> > > ----------
> > >
> > > Current configuration : 901 bytes
> > > !
> > > version 12.3
> > > service timestamps debug datetime msec
> > > service timestamps log datetime msec
> > > no service password-encryption
> > > !
> > > hostname NewYork
> > > !
> > > boot-start-marker
> > > boot-end-marker
> > > !
> > > !
> > > no aaa new-model
> > > !
> > > resource policy
> > > !
> > > memory-size iomem 15
> > > ip subnet-zero
> > > !
> > > !
> > > ip cef
> > > no ip dhcp use vrf connected
> > > !
> > > !
> > > l2tp-class l2-dyn
> > >  hostname NewYork
> > >  password 7 0616582B48160E1C
> > >  cookie size 8
> > > !
> > > pseudowire-class pw-dynamic
> > >  encapsulation l2tpv3
> > >  protocol l2tpv3 l2-dyn
> > >  ip local interface Loopback0
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > interface Loopback0
> > >  ip address 10.1.1.103 255.255.255.0
> > > !
> > > interface FastEthernet1/0
> > >  no ip address
> > >  duplex auto
> > >  speed auto
> > >  no cdp enable
> > > !
> > > interface FastEthernet1/0.201
> > >  encapsulation dot1Q 201
> > >  no cdp enable
> > >  xconnect 10.1.1.102 34 pw-class pw-dynamic
> > > !
> > > ip http server
> > > !
> > > ip classless
> > > !
> > > !
> > > no cdp run
> > > !
> > > !
> > > control-plane
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > !
> > > line con 0
> > > line aux 0
> > > line vty 0 4
> > > !
> > > !
> > > end
> > >
> > > >>> "Fred Reimer" <freimer at ctiusa.com> 5/22/2008 12:21 PM >>>
> > > Yes, with 3845's, post your test config.
> > >
> > >
> > > Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS
> > > Senior Network Engineer
> > > Coleman Technologies, Inc.
> > > 954-298-1697
> > >
> > >
> > > > -----Original Message-----
> > > > From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> > > > bounces at puck.nether.net] On Behalf Of Steven Pfister
> > > > Sent: Thursday, May 22, 2008 12:11 PM
> > > > To: cisco-nsp at puck.nether.net 
> > > > Subject: [c-nsp] Need help with L2TPv3
> > > >
> > > > I'm trying to get L2TPv3 figured out to help with a project. I've
> got a
> > > > test network consisting of 2 3640s (which is what is going to be
> used
> > > > as the endpoints of the tunnels in the production network)
> connect by a
> > > > crossover cable. Even using sample configs from the cisco site, I
> can't
> > > > seem to keep the tunnel from going down after about a minutes. I
> think
> > > > it may be an authentication problem.
> > > >
> > > > Does anyone have a working L2TPv3 tunnel between two 3640s?
> > > >
> > > > Thank you!
> > > >
> > > > Steve Pfister
> > > > Technical Coordinator,
> > > > The Office of Information Technology
> > > > Dayton Public Schools
> > > > 115 S. Ludlow St.
> > > > Dayton, OH 45402
> > > >
> > > > Office (937) 542-3149
> > > > Cell (937) 673-6779
> > > > Direct Connect: 137*131747*8
> > > > Email spfister at dps.k12.oh.us 
> > > >
> > > >
> > > > _______________________________________________
> > > > cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> > > > https://puck.nether.net/mailman/listinfo/cisco-nsp 
> > > > archive at http://puck.nether.net/pipermail/cisco-nsp/ 
> > >
> > > Steve Pfister
> > > Technical Coordinator,
> > > The Office of Information Technology
> > > Dayton Public Schools
> > > 115 S. Ludlow St.
> > > Dayton, OH 45402
> > >
> > > Office (937) 542-3149
> > > Cell (937) 673-6779
> > > Direct Connect: 137*131747*8
> > > Email spfister at dps.k12.oh.us 
> > >
> > > _______________________________________________
> > > cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp 
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/ 
> > >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> > https://puck.nether.net/mailman/listinfo/cisco-nsp 
> > archive at http://puck.nether.net/pipermail/cisco-nsp/ 
> >
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-nsp 
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list