Topology:
Use configuration from L2VPN task #1 as initial configuration for this task.
Requirements:
Update the configuration from the previous task to comply with the below requirement:
1. For Customer A connection, routers R1 and R3 should not use L2TP signalling.
2. For Customer B connection:
2.1 Authenticate the L2TP control channel with password "STRONG". Use strongest available algorithm.
2.2 Drop the tunneled packets if arrive out of sequence.
2.3 Set Hello interval to 10 seconds.
Solution:
Highlight the text below to reveal the solution.
This task requires understanding of L2TPv3 Manual modes, configuration of L2TP-class, authentication options and sequencing.
Requirement #1 - configure xconnect in manual mode, set session id and cookies to any value.
Requirement #2 - configure l2tp-class for authentication (digest secret), change algorithm to SHA1 instead of default MD5. Set hello interval to 10 seconds. Enable sequencing in order to drop out-of-order packets on egress.
!
l2tp-class B-CLASS
digest secret 0 STRONG hash SHA1
hello 10
!
This task requires understanding of L2TPv3 Manual modes, configuration of L2TP-class, authentication options and sequencing.
Requirement #1 - configure xconnect in manual mode, set session id and cookies to any value.
Requirement #2 - configure l2tp-class for authentication (digest secret), change algorithm to SHA1 instead of default MD5. Set hello interval to 10 seconds. Enable sequencing in order to drop out-of-order packets on egress.
R1:
!
l2tp-class B-CLASS
digest secret 0 STRONG hash SHA1
hello 10
!
pseudowire-class CUST_A
encapsulation l2tpv3
protocol none
ip local interface Loopback0
!
pseudowire-class CUST_B
encapsulation l2tpv3
protocol none
ip local interface Loopback0
!
!
interface Ethernet1/0
no ip address
no cdp enable
xconnect 18.0.3.3 46 encapsulation l2tpv3 manual pw-class CUST_A
l2tp id 1 3
l2tp cookie local 4 11
l2tp cookie remote 4 33
!
interface Ethernet1/1
no ip address
!
interface Ethernet1/1.57
encapsulation dot1Q 57
xconnect 18.0.3.3 57 encapsulation l2tpv3 manual pw-class CUST_B sequencing both
l2tp id 11 33
l2tp cookie local 4 1111
l2tp cookie remote 4 3333
l2tp hello B-CLASS
!
interface Ethernet1/1.58
encapsulation dot1Q 58
xconnect 18.0.3.3 58 encapsulation l2tpv3 manual pw-class CUST_B sequencing both
l2tp id 111 333
l2tp cookie local 4 111111
l2tp cookie remote 4 333333
l2tp hello B-CLASS
!
R3:
!
l2tp-class B-CLASS
digest secret 0 STRONG hash SHA1
hello 10
!
pseudowire-class CUST_A
encapsulation l2tpv3
protocol none
ip local interface Loopback0
!
pseudowire-class CUST_B
encapsulation l2tpv3
protocol none
ip local interface Loopback0
!
!
interface Ethernet1/0
no ip address
no cdp enable
xconnect 18.0.1.1 46 encapsulation l2tpv3 manual pw-class CUST_A
l2tp id 3 1
l2tp cookie local 4 33
l2tp cookie remote 4 11
!
interface Ethernet1/1
no ip address
!
interface Ethernet1/1.75
encapsulation dot1Q 75
xconnect 18.0.1.1 57 encapsulation l2tpv3 manual pw-class CUST_B sequencing both
l2tp id 33 11
l2tp cookie local 4 3333
l2tp cookie remote 4 1111
l2tp hello B-CLASS
!
interface Ethernet1/2
no ip address
!
interface Ethernet1/2.85
encapsulation dot1Q 85
xconnect 18.0.1.1 58 encapsulation l2tpv3 manual pw-class CUST_B sequencing both
l2tp id 333 111
l2tp cookie local 4 333333
l2tp cookie remote 4 111111
l2tp hello B-CLASS
!
Verification:
R1# show l2tp tunnel
L2TP Tunnel Information Total tunnels 1 sessions 3
LocTunID RemTunID Remote Name State Remote Address Sessn L2TP Class/
Count VPDN Group
1712678144 1609120835 R3 est 18.0.3.3 3 B-CLASS
R1# show l2tp tunnel all
L2TP Tunnel Information Total tunnels 1 sessions 3
Tunnel id 1712678144 is up, remote id is 1609120835, 3 active sessions
Remotely initiated tunnel
Tunnel state is established, time since change 00:36:15
Tunnel transport is IP (115)
Remote tunnel name is R3
Internet Address 18.0.3.3, port 0
Local tunnel name is R1
Internet Address 18.0.1.1, port 0
L2TP class for tunnel is B-CLASS
Counters, taking last clear into account:
0 packets sent, 0 received
0 bytes sent, 0 received
Last clearing of counters never
Counters, ignoring last clear:
0 packets sent, 0 received
0 bytes sent, 0 received
Control Ns 39, Nr 217
Local RWS 1024 (default), Remote RWS 1024
Control channel Congestion Control is disabled
Tunnel PMTU checking disabled
Retransmission time 1, max 1 seconds
Unsent queuesize 0, max 0
Resend queuesize 0, max 1
Total resends 0, ZLB ACKs sent 216
Total out-of-order dropped pkts 0
Total out-of-order reorder pkts 0
Total peer authentication failures 0
Current no session pak queue check 0 of 5
Retransmit time distribution: 0 0 0 0 0 0 0 0 0
Control message authentication is enabled with 1 digest secrets
Last control message authenticated with first digest secret
R1# show l2tp session
L2TP Session Information Total tunnels 1 sessions 3
LocID RemID TunID Username, Intf/ State Last Chg Uniq ID
Vcid, Circuit
1 3 1712678144 46, Et1/0 est 00:59:33 16
111 333 1712678144 58, Et1/1.58:58 est 00:33:50 20
11 33 1712678144 57, Et1/1.57:57 est 00:33:50 17
R1# show l2tp session all
L2TP Session Information Total tunnels 1 sessions 3
Session id 1 is up, logical session id 33727, tunnel id 1712678144
Remote session id is 3, remote tunnel id 1609120835
Locally initiated session
Unique ID is 16
Session Layer 2 circuit, type is Ethernet, name is Ethernet1/0
Session vcid is 46
Circuit state is UP
Local circuit state is UP
Remote circuit state is UP
Call serial number is 0
Remote tunnel name is
Internet address is 18.0.3.3
Local tunnel name is
Internet address is 18.0.1.1
IP protocol 115
Session is manually signaled
Session state is established, time since change 00:59:45
9487 Packets sent, 9477 received
1115060 Bytes sent, 1113848 received
Last clearing of counters never
Counters, ignoring last clear:
9487 Packets sent, 9477 received
1115060 Bytes sent, 1113848 received
Receive packets dropped:
out-of-order: 0
other: 0
total: 0
Send packets dropped:
exceeded session MTU: 0
other: 0
total: 0
DF bit off, ToS reflect disabled, ToS value 0, TTL value 255
Sending UDP checksums are disabled
Received UDP checksums are verified
Session cookie information:
local cookie, size 4 bytes, value 00 00 00 0b
remote cookie, size 4 bytes, value 00 00 00 21
FS cached header information:
encap size = 28 bytes
45000014 00000000 ff739373 12000101
12000303 00000003 00000021
Sequencing is off
Conditional debugging is disabled
SSM switch id is 5053, SSM segment id is 9155
Session id 111 is up, logical session id 99295, tunnel id 1712678144
Remote session id is 333, remote tunnel id 1609120835
Locally initiated session
Unique ID is 20
Session Layer 2 circuit, type is Ethernet Vlan, name is Ethernet1/1.58:58
Session vcid is 58
Circuit state is UP
Local circuit state is UP
Remote circuit state is UP
Call serial number is 0
Remote tunnel name is
Internet address is 18.0.3.3
Local tunnel name is
Internet address is 18.0.1.1
IP protocol 115
Session is manually signaled
Session state is established, time since change 00:34:03
1004 Packets sent, 949 received
118418 Bytes sent, 111820 received
Last clearing of counters never
Counters, ignoring last clear:
1004 Packets sent, 949 received
118418 Bytes sent, 111820 received
Receive packets dropped:
out-of-order: 0
other: 0
total: 0
Send packets dropped:
exceeded session MTU: 0
other: 0
total: 0
DF bit off, ToS reflect disabled, ToS value 0, TTL value 255
Sending UDP checksums are disabled
Received UDP checksums are verified
Session cookie information:
local cookie, size 4 bytes, value 00 01 b2 07
remote cookie, size 4 bytes, value 00 05 16 15
FS cached header information:
encap size = 32 bytes
45000014 00000000 ff739373 12000101
12000303 0000014d 00051615 00000000
Sequencing is on
Ns 995, Nr 940, 0 out of order packets received
Packets switched/dropped by secondary path: Tx 0, Rx 0
Conditional debugging is disabled
SSM switch id is 13277, SSM segment id is 25607
Session id 11 is up, logical session id 66506, tunnel id 1712678144
Remote session id is 33, remote tunnel id 1609120835
Locally initiated session
Unique ID is 17
Session Layer 2 circuit, type is Ethernet Vlan, name is Ethernet1/1.57:57
Session vcid is 57
Circuit state is UP
Local circuit state is UP
Remote circuit state is UP
Call serial number is 0
Remote tunnel name is
Internet address is 18.0.3.3
Local tunnel name is
Internet address is 18.0.1.1
IP protocol 115
Session is manually signaled
Session state is established, time since change 00:34:03
200 Packets sent, 200 received
23546 Bytes sent, 23546 received
Last clearing of counters never
Counters, ignoring last clear:
200 Packets sent, 200 received
23546 Bytes sent, 23546 received
Receive packets dropped:
out-of-order: 0
other: 0
total: 0
Send packets dropped:
exceeded session MTU: 0
other: 0
total: 0
DF bit off, ToS reflect disabled, ToS value 0, TTL value 255
Sending UDP checksums are disabled
Received UDP checksums are verified
Session cookie information:
local cookie, size 4 bytes, value 00 00 04 57
remote cookie, size 4 bytes, value 00 00 0d 05
FS cached header information:
encap size = 32 bytes
45000014 00000000 ff739373 12000101
12000303 00000021 00000d05 00000000
Sequencing is on
Ns 191, Nr 191, 0 out of order packets received
Packets switched/dropped by secondary path: Tx 0, Rx 0
Conditional debugging is disabled
SSM switch id is 9160, SSM segment id is 21510
