Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3691
Views
0
Helpful
8
Replies

L2TP on 6500

Go to solution
amardram123
Level 1
Level 1

‎06-22-2010 02:32 AM - edited ‎03-06-2019 11:41 AM

Hi all Expert ..;-)

Need ur urgent help...

I have to configure a L2TP between two 6500 switch. Need configuration and confirmation that it work..

WS-C6509 is running with 72033-advipservicesk9_wan-mz.122-18.SXF17.bin

I would realy appriciate if som1 can giv me solution..

Regards

amar

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to amardram123

‎07-04-2010 04:54 AM

Hello Amar,

I don't see a way to achieve encryption in your current setup without adding expensive boxes

However, fiber based links are inherently secure that is that they cannot be sniffed by simply putting something near the fibers.

For this reason some networks are built with fiber to the PC instead of using RJ45.

Try to report this to your management, for a few days you should be able to afford the use of the fiber link without encryption.

Hope to help

Giuseppe

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Chetan Kumar Ress
Level 4
Level 4

‎06-22-2010 04:20 AM

Hi

For L2TP , Please refer the document.

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gtl2tpv3.html

Regrads

Chetan Kumar

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎06-22-2010 06:01 AM

Hello Amar,

when wondering if a feature is supported on a device you can use feature navigator

http://www.cisco.com/go/fn

Search by feature

if you are interested in L2TPv3 for transport services

L2TPv2 = L2TP is used in broadband access

according to feature navigator L2TPv3 is supported on C7600 with sup720 and MSFC3 for example on:

SERVICES

c7600s72033-advipservices-mz.122-33.SRC4.bin

on your image you should be able to run EoMPLS that is pseudowire with enc mpls I've checked on one device

see

router(config)#pseudowire-class pippo

router(config-pw-class)#enc ?

  mpls  Use MPLS encapsulation

router(config-pw-class)#enc mpls ?

 

sh ver | inc image

System image file is "disk0:s72033-advipservicesk9_wan-mz.122-18.SXF17a.bin"

if you don't see encapsulation l2tpv3 it is not supported

Hope to help

Giuseppe

0 Helpful

Go to solution
amardram123
Level 1
Level 1
In response to Giuseppe Larosa

‎06-30-2010 05:24 AM

Hi,

I have configured the L2tp on l2 trunk between 6509, (sup720 msfc3) and able to pass all the traffic...

these two switches are in two diffrent location...My query is that, can we do any encryption on it..

interface GigabitEthernet1/7
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
l2protocol-tunnel cdp
l2protocol-tunnel stp
l2protocol-tunnel vtp
no cdp enable
spanning-tree bpdufilter enable
end

Thanks

Amar...

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to amardram123

‎06-30-2010 06:04 AM

Hello Amar,

without an hardware module that provides encryption the answer is negative.

You would need a SIP linecard and to install an IPSec VPN SPA  over it

see

http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/6500series/76ovwvpn.html

But I'm not sure it would be enough, it may work with an ES linecard + the IPSEC VPN SPA in a SIP linecard (not a sip 600)

Hope to help

Giuseppe

0 Helpful

Go to solution
amardram123
Level 1
Level 1
In response to Giuseppe Larosa

‎07-03-2010 12:59 PM

Hi,

actually i an extending the data center LAN to a new location and later the old data center will be shut and same WAN IP will be assigned on similler set of WAN routers at new data center..

these location is seprated by 10 KM and 2 GB link terminated between them..

Idea was to avoid any downtime during movement of all links, routers server to new datacenter..

now with the help of l2 trunk i am able to extend my LAN and setting all servers at new location...

but the concern is that communication between these data center(L2 link between these 6500 switches) should be encrypted...

Since the data is huge and an encryption box is very costly which is just required for few days till data center is operational..

wondering how can I secure the data flowing between these switches..!!!

Regards

amar

0 Helpful

Go to solution
amardram123
Level 1
Level 1
In response to amardram123

‎07-03-2010 01:02 PM

Also want to add that, since it is LAN extention, I cant have l3 link between these switches, so cant have an l3 ipsec...

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to amardram123

‎07-04-2010 04:54 AM

Hello Amar,

I don't see a way to achieve encryption in your current setup without adding expensive boxes

However, fiber based links are inherently secure that is that they cannot be sniffed by simply putting something near the fibers.

For this reason some networks are built with fiber to the PC instead of using RJ45.

Try to report this to your management, for a few days you should be able to afford the use of the fiber link without encryption.

Hope to help

Giuseppe

0 Helpful

Go to solution
amardram123
Level 1
Level 1
In response to Giuseppe Larosa

‎07-04-2010 06:29 AM

Thanks Giuseppe....for clearing my doubts.. All the info were very helpful..I realy appreciate...

Regards

Amar..

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card