Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

what is a layer 2 vpn

what exactly is one of these ? i have never heard of it, are they all layer 2 ?

8 REPLIES

Re: what is a layer 2 vpn

Hi

(1)Layer 2 Tunneling Protocol (L2TP) is a subset of PPP(Point-to-point) protocol.

(2)The basic use of it is enabling layer 2 communication over IP(Layer 3)

(3)The advantage is that, in general routing enviroment, all the communication is done on layer 3.If you want transparent network between your tunnels.You have to implement L2 communication, so that the dial-in users have all the access to the network.

(4) http://www.cisco.com/en/US/netsol/ns588/networking_solutions_white_paper09186a00800a8444.shtml

Hope it helps.

Regards

JD

New Member

Re: what is a layer 2 vpn

does that mean you can have the same subnet both ends of the tunnel ? as its layer 2, what exactly does it allow for ?

Re: what is a layer 2 vpn

Hi

Of Course.That protocol is made for that only.It allows everything on Layer 2.

It would be helpful if you will elobrate on the "as its layer 2, what exactly does it allow for ?"

Regards

JD

New Member

Re: what is a layer 2 vpn

Hi there, What I wanted to know basically, is why is it layer 2, does that mean if I had a subnet on one end say 192.168.10.0 and the same on the other end, it would behave like a switch similar to a lan extension, but also do people normally assign a different ip at the end of the vpn ?

Re: what is a layer 2 vpn

Hi

The answer is yes.If u are having a pool of 192.168.1.0/24 and you have a VPN dial-in user having IP 192.168.1.200.He will be able to communicate with the LAN.

Below are some of excerpts from L2TP questionnire.

"Q. What is Layer 3 tunneling?

A. Layer 3 tunneling is not a new technology. Generic Routing Encapsulation (GRE) with RFC 1701 has existed for a long time. Cisco has offered this tunneling technology since Cisco IOS software version 9.21. IPSec is the new IETF standard for encryption and encrypted tunnel. Cisco is providing IPSec in Cisco IOS software version 11.3(3)T and later. Cisco is providing Mobile IP in Cisco IOS version 12.0(1)T.

Q. What is the difference between Layer 2 and Layer 3 tunneling?

A. Layer 2 leverages existing PPP technologies such as NCP and access-authentication protocols. Layer 3 loses much of this by recreating the NCP as Layer 3 tunnel endpoints within the customer network. Layer 2 does not require additional special IP software for end users, corporation, and ISP. The Layer 3 solutions require an IP substrate shared between the Corporation and the ISP. In terms of security, user authentication and tunnel authentication features in Layer two tunneling provide better resistance against hackers. In some Layer 3 solutions, authentication is done only at the SP. This solution may pose a security risk for the corporation. The emerging standard for Layer 2 tunneling protocol is L2TP.

Q. Why is Cisco pushing for Layer 2 tunneling instead of Layer 3 tunneling?

A. Cisco is providing both Layer 2 and Layer 3 tunneling solutions. Cisco does not favor one type over the other. Layer 2 tunneling is primarily an Access VPN solution while Layer 3 tunneling provides support for intranet and extranet VPNs between branch offices and a corporate headquarters. Layer 3 tunneling may also make sense in some of the Access VPN implementations such as client-initiated tunnel mode and Internet wholesale access solutions."

More answers can be found at:

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_q_and_a_item09186a00800a443e.shtml

Regards

JD

New Member

Re: what is a layer 2 vpn

So is the layer 2 vpn just switched then, Can we have the same subnet either side of the tunnel ?

Re: what is a layer 2 vpn

Hi

Yes.

Regards

JD

New Member

Re: what is a layer 2 vpn

can anyone please show me a setup in this way ? ie same subnet either side, and different subnet with dhcp assigned from the main site ? Also how would I route to the dhcp clients ? would I need any routes on the router giving out the vpn addresses or would it just see them as directly connected ?

cheers

853
Views
3
Helpful
8
Replies