06-22-2010 07:00 AM - edited 03-04-2019 08:51 AM
Hi folks,
I'm looking to build (cheaply) some l2tpv3 tunnels across a campus network. I have a pair of 881's and I was hoping to xconnect the VLAN 1 intfcs between the two of them. "xconnect" is not a CLI option on the interface configuration, although it is for the individual Fa0-3 interfaces. Just for grins, I xconnected the l2tpv3 tunnel between each Fa3 on each router, and the tunnel comes up successfully and I can see a session established. I am routing between the WAN interfaces (Fa4) on each. However, L2 traffic is not passing between the two Fa3 interfaces.
I can do it backwards, i.e. route between the Vlan1 interfaces and xconnect the Fa4 interfaces (i.e. WAN), and I can see broadcast traffic from the destination network appearing on the local interface. However, I'd really rather have the four interfaces in VLAN1 tunnelled rather than the WAN interface. I am guessing this has to do with ISL vs. 802.1q, since I'm trying to encapsulate VLAN1 as Ethernet and not as dot1q - but I'm a bit lost here and I'm not quite sure if I can make this work.
Fa3/VLAN1 - pseudowire(Fa4<>Fa4) - VLAN1/Fa3 doesn't work
Fa4 - pseudowire(VLAN1<>VLAN1) - Fa4 works
Anyone have any ideas?
Thanks,
- Mike
06-22-2010 09:48 AM
Hello Mike,
I would not consider 881 for L2TPv3 you should consider at least a C3825 or a C2821
I have been able to configure it on C3725 and C3745 with 12.3T five years ago
>> across a campus network
use 802.1Q in Q instead much more efficient and supported also on old C3550 it can be used between switches this is the key point
see
Hope to help
Giuseppe
06-22-2010 09:52 AM
Thanks, Giuseppe, but Q-in-Q is unfortunately not an option here. I appreciate the answer, though!
07-19-2012 05:59 AM
Hi,
I have a couple of 881 routers and use L2TPv3 between them and it works just fine.
IOS 15.1(2)T1
I had to build one xconnect for the FastEthernet ports on each side
and one xconnect for the VLAN on each side.
Attach the VLANs to the FastEthernet ports (switchport access vlan xx).
The 1st XC on the FE ports let my get the Layer 2 traffic through and with the 2nd XC on the VLAN interfaces
I was able to get Layer 3 traffic through also.
Hope this helps
01-17-2013 03:18 PM
Hi Claus,
I have the exact same setup here with two Cisco 881-Sec-K9s with IOS 151-4.M4. I have done the following on both routers to have a transparent L2 conenctivity between the two sites and I can get ping working however not the multicast traffic i.e. OSPF Hello, would you mind sharing your config? Much appreciated.
R2
sh run int fa1
!
interface FastEthernet1
switchport access vlan 2
no ip address
xconnect 198.18.5.191 2 encapsulation l2tpv3 manual pw-class CogentPTP
l2tp id 4 3
end
!
interface Vlan2
xconnect 198.18.5.191 1 encapsulation l2tpv3 manual pw-class CogentPTP
l2tp id 2 1
end
R1
interface FastEthernet1
switchport access vlan 2
no ip address
xconnect 198.18.5.190 2 encapsulation l2tpv3 manual pw-class CogentPTP
l2tp id 3 4
end
!
interface Vlan2
xconnect 198.18.5.190 1 encapsulation l2tpv3 manual pw-class CogentPTP
l2tp id 1 2
end
Thanks
Patrick
01-19-2013 04:36 AM
Hi Patrick,
I have had a lot of problems getting L2TPv3 to work between my 800-series routers over time.
881 <-> 881, 881 <-> 887 and 881 <-> 891
It appears that Cisco have different ways of doing L2TPv3 depending on the platform and the IOS version.
Finally, I had to get service contracts for my routers and get the latest IOS on my routers to get everything working.
I would recommend that you get IOS 15.2 and above.
(No more xconnect on the FastEthernet interface, only on the VLAN interface).
(l2protocol-tunneling on the FastEthernet interface instead)
I have a DMVPN network with 881's and 887VA's Spoke routers and a 891 as the Hub router and use L2TPv3
to tunnel connections from my VoIP PBX to my remote IP Phones, so that can get CDP and STP packets through.
The routers run EIGRP between them, and the multicast for routing updates is configured on the tunnel interface.
The multicast traffic is sent via my Hub router.
I have not tried to move multicast traffic over the L2TPv3 tunnel yet, but I guess it should work fine.
Here is some of my config.
L2TPv3 <--------------------------------------> L2TPv3
FA2 <-> R1 (Spoke) <-> R3 (Hub) <-> R2 (Spoke) <-> FA2
R1 (CISCO881-SEC-K9, 15.2(3)T)
ip multicast-routing
!
l2tp-class xc_R1_R2
authentication
password 0 xxxx
!
!
pseudowire-class pw_port_fa2
encapsulation l2tpv3
interworking ethernet
protocol l2tpv3 xc_R1_R2
ip local interface Tunnel1
ip tos reflect
!
!
interface FastEthernet2
description xc_R1_to_R2
switchport access vlan 22
no ip address
l2protocol-tunnel cdp
l2protocol-tunnel lldp
l2protocol-tunnel stp
no keepalive
no cdp enable
no arp arpa
!
!
interface Vlan22
no ip address
no autostate
xconnect 10.1.1.2 222 pw-class pw_port_fa2
!
!
interface Tunnel1
description TUNNEL_INTERFACE
bandwidth 756
bandwidth receive 4096
ip address 10.1.1.1 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 1
no ip split-horizon eigrp 1
ip pim nbma-mode
ip pim sparse-dense-mode
ip nhrp authentication xxxxx
ip nhrp group xxxxxx
ip nhrp map multicast dynamic
ip nhrp network-id 1234
ip nhrp holdtime 600
ip nhrp nhs dynamic nbma hubrouter.mydomain.net multicast
ip nhrp registration no-unique
ip nhrp registration timeout 30
ip nhrp shortcut
ip nhrp redirect
ip virtual-reassembly in
ip virtual-reassembly out
ip tcp adjust-mss 1360
keepalive 10 3
tunnel source Dialer1
tunnel mode gre multipoint
tunnel path-mtu-discovery
!
R2 (CISCO881-SEC-K9, 15.2(4)M1)
ip multicast-routing
!
l2tp-class xc_R1_R2
authentication
password 0 xxxx
!
!
pseudowire-class pw_port_fa2
encapsulation l2tpv3
interworking ethernet
protocol l2tpv3 xc_R1_R2
ip local interface Tunnel1
ip tos reflect
!
!
interface FastEthernet2
description xc_R1_to_R2
switchport access vlan 22
no ip address
l2protocol-tunnel cdp
l2protocol-tunnel lldp
l2protocol-tunnel stp
no keepalive
no cdp enable
no arp arpa
!
!
interface Vlan22
no ip address
no autostate
xconnect 10.1.1.1 222 pw-class pw_port_fa2
!
!
interface Tunnel1
description TUNNEL_INTERFACE
bandwidth 1024
bandwidth receive 7168
ip address 10.1.1.2 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 1
no ip split-horizon eigrp 1
ip pim nbma-mode
ip pim sparse-dense-mode
ip nhrp authentication xxxxx
ip nhrp group xxxxxx
ip nhrp map multicast dynamic
ip nhrp network-id 1234
ip nhrp holdtime 600
ip nhrp nhs dynamic nbma hubrouter.mydomain.net multicast
ip nhrp shortcut
ip nhrp redirect
ip virtual-reassembly in
ip virtual-reassembly out
ip tcp adjust-mss 1360
keepalive 10 3
tunnel source Dialer1
tunnel mode gre multipoint
tunnel path-mtu-discovery
!
I hope this will help you.
regards, Claus
01-20-2013 02:36 PM
Thank you for your informative information, I think you've got what I am looking for!
l2protocol-tunnel is used in high grade models however never in the 880 series router until the IOS 15.2. I shall give this a try and revert! Thanks again.
04-14-2015 12:51 AM
Where are you doing the L3 routing at for these vlan's that have been extended via L2TPv3?
04-14-2015 01:55 AM
Hi Dennis,
This was some years ago, my network has changed since then. The L3 routing is done in the EIGRP process, and the VLAN's are cross-connected to the DMVPN Tunnel interfaces. Today I use Loopback interfaces for the XConnect's, and the Loopback's IP address' are published in EIGRP / OSPF.
Best regards Claus
01-20-2013 04:02 PM
Hi Guys,
I got it working now!
The new IOS now supports "switchport mode dot1q-tunnel" therefore we can have a port that is completely transparent.This is running over a IPVPN over MPLS network.
pseudowire-class TestP2P
encapsulation l2tpv3
protocol none
ip local interface Loopback0
interface FastEthernet1
switchport access vlan 2
switchport mode dot1q-tunnel
no ip address
no keepalive
no cdp enable
interface Vlan2
no ip address
xconnect 198.18.5.191 1 encapsulation l2tpv3 manual pw-class TestP2P
l2tp id 2 1
Thanks
Patrick
01-21-2013 04:53 PM
Hi Patrick,
I'm glad you got it working. I'll try out the 'dot1q-tunneling' when I get my lab routers setup.
(I really wish that Cisco had a Step-by-Step guide on this stuff).
Best regards,
Claus
05-01-2014 10:44 AM
Patrick,
Which models and which IOS did you use?
I have exactly the same problem - 897 box with 15.2.4.M6 IOS. xconnect is not available on VLAN interface. I've tried everything.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide