[c-nsp] L2TPv3 with VLANs on one side (multipoint)

Ross Halliday ross at wtccommunications.ca
Mon Sep 14 16:23:39 EDT 2009 

Dear Internet Geniuses,

I am attempting to set up a solution for a customer where we provide a
multipoint Layer 2 bridge over several DSL connections. Unfortunately,
the DSL connections are leased and outside of our control. The wholesale
provider's network complained to no end believing there was a loop when
we simply tried to bridge them together.

So, I am looking towards L2TPv3. The equipment I've got to work with is
a 2821 and some 1721s for the L2TPv3 part. What I had intended to do was
have each of the remote sites with 1721s terminate their xconnect back
to a dot1q subinterface on the 2821, then blast that out somewhere and
hairpin the traffic with a bridge. Trouble is, when I move the xconnect
on the 2821 from the native Gi0/1 to something like Gi0/1.101 (and
change the switchport it's on to trunk mode) I lose connectivity. I am
aware of some other posters who have a similar setup (terminating
xconnects to the sub-interfaces) but I am not sure if those were tagged
or untagged on the remote end.

Terribad ASCII art of my lab setup:

 (untagged frame)
  V
 1721 Fas0
  V
 L2TPv3
  V
 1721 Eth0
  V
 2950 untagged vlan 100
  V
 2950 tagged vlan 100
  V
 2821 Gig0/0.100
  V
 L2TPv3

Now, here's what works on the 2821 end:

interface GigabitEthernet0/1
 description L2TPv3_out
 no ip address
 duplex full
 speed 100
 xconnect 172.17.1.10 1 encapsulation l2tpv3 manual pw-class test_PWC_1
  l2tp id 101 1
  l2tp hello test_CLASS_1

And here's what doesn't:

interface GigabitEthernet0/1
 description L2TPv3_VLANs
 no ip address
 duplex full
 speed 100
!
interface GigabitEthernet0/1.101
 description test_site_1
 encapsulation dot1Q 101
 xconnect 172.17.1.10 1 encapsulation l2tpv3 manual pw-class test_PWC_1
  l2tp id 101 1
  l2tp hello test_CLASS_1



The tunnels establish find on both variations, however on the tagged
version I don't get any traffic through the link and "sh l2tun tun
packets" indicates inbound only on each side.

Unfortunately the 1721s dont support 802.1q otherwise I'd give that a
go.

Any help would be appreciated, but please be kind to the newbie :)

Thanks


---
Ross Halliday
Network Operations
WTC Communications

Office: 613-547-6939 x203
Helpdesk: 866-547-6939 option 2
http://www.wtccommunications.ca

More information about the cisco-nsp mailing list