- Preface
- 1 - Overview of Access Point Features
- 2 - Using the Web-Browser Interface
- 3 - Using the Command-Line Interface
- 4 - Configuring the Access Point for the First Time
- 5 - Administrating the Access Point
- 6 - Configuring Radio Settings
- 7 - Configuring Multiple SSIDs
- 8 - Configuring Spanning Tree Protocol
- 9 - Configuring an Access Point as a Local Authenticator
- 10 - Configuring WLAN Authentication and Encryption
- 11 - Configuring Authentication Types
- 12 - Configuring Other Services
- 13 - Configuring RADIUS and TACACS+ Servers
- 14 - Configuring VLANs
- 15 - Configuring QoS
- 16 - Configuring Filters
- 17 - Configuring CDP
- 18 - Configuring SNMP
- 19 - Configuring Repeater and Standby Access Points and Workgroup Bridge Mode
- 20 - Managing Firmware and Configurations
- 21 - Configuring L2TPv3 Over UDP/IP
- 22 - Configuring Ethernet over GRE
- 23 - Configuring System Message Logging
- 24 - Troubleshooting
- 25 - Miscellaneous AP-Specific Configurations
- Appendix A - Protocol Filters
- Appendix B - Supported MIBs
- Appendix C - Error and Event Messages
Configuring L2TPv3 Over UDP/IP
Layer 2 Tunneling Protocol (L2TPv3), is a tunneling protocol that enables tunneling of Layer 2 packets over IP core networks.
L2TPv3 tunnel is a control connection between the end points. One L2TPv3 tunnel can have multiple data connections, and each data connection is termed as an L2TPv3 session. The control connection is used to establish, maintain, and release sessions. Each session is identified by a unique session ID.
To provide the tunneling service to Ethernet traffic, L2TPv3 feature employs:
Prerequisites
These are the prerequisites for configuring L2TPv3:
This command enables IP routing:
These commands create subinterfaces for VLANs:
interface Dot11Radio interface number.sub-interface number
interface GigabitEthernet0. sub-interface number
Note The bridge id on interfaces with same vlan id must be the same.
The following are not supported:
- Tunnel establishment using IPv6 address
- SNMP and GUI configuration
- Multiple tunnels to same LNS (L2TP Network Server)
- Configuring xconnect on physical interfaces like Gig and Dot11
- Prol2tp versions older than 1.6.1 when sequencing or cookies are enabled.
- Xconnect allows only IPv4 address. FQDN is not supported.
- Only dynamic cookie assignment is used.
Configuring L2TP Class
Configuring the L2TP creates a template of L2TP control plane configuration settings that can be inherited by different pseudowire classes. These parameters can be configured:
- Authentication
- L2TPv3 hello interval
- Hostname
- Cookie length
- Enabling digest
- Retransmit and retries for the L2TPv3 control packets
- Timeout
- Receive-window size
- Hello interval
Beginning in privileged EXEC mode, follow these steps to configureL2TP Class
|
|
|
---|---|---|
Configure the number of times a control message is sent if no response is received. |
||
Note Multiple l2tp classes can be configured.
Examples
Configuring Pseudowire Class
Configuring the pseudowire class defines a layer 2 pseudowire class. These pseudowire parameters can be configured under pseudowire class:
- encapsulation method
- l2tp-class
- local interface
- sequencing
- IP related parameters like dfbit, tos and ttl
Beginning in privileged EXEC mode, follow these steps to configure Pseudowire Class
|
|
|
---|---|---|
Examples
Relationship between L2TP Class and Pseudowire Class
Multiple pseudowire classes can be configured. A pseudowire class can configured with any one of the available L2TP Classes. Xconnect can be configured with any one of the configured pseudowire classes.
The following points should be kept in mind:
- A pseudowire class can have only one L2TP Class attached to it.
- An L2TP Class can be attached to multiple pseudowire-classes.
- An xconnect command has a pseudowire-class attached to it, so for one xconnect command only one pseudowire and one L2TP Class is sufficient.
- An L2TP Class not attached to a pseudowire-class and a pseudowire not attached to a xconnect command have no effect on working of an AP.
- L2TP Class attached with a Pseudowire Class cannot be modified. To modify, remove the xconnect from interface which is using this Pseudowire Class.
Configuring the Tunnel interface
This is a new interface for single tunnel support. You can configure xconnect here for all L2TPv3 traffic.
Beginning in privileged EXEC mode, follow these steps to configure the tunnel interface:
|
|
|
---|---|---|
The vc id is a number which is locally significant. Every xconnect command must be configured with a unique vc id. Traffic for ssids that have xconnect VDT index configured, get tunneled through a VDT interface with same index.
Examples
Configure Tunnel management Interface
This is a new interface for secondary tunnel support.
Beginning in privileged EXEC mode, follow these steps to configure the tunnel management interface:
|
|
|
---|---|---|
This interface allows access to an AP through the tunnel. This interface is associated with a VDT interface with same index. Traffic from this interface is tunneled though a tunnel established with VDT interface with same index.
Note There will be two default routes leading to a communication failure if the default route from dhcp is not disabled using the no ip dhcp client request router command.
Examples
Mapping SSID to the Tunnel/Xconnect
Mapping the tunnel to the WLAN is done by adding Xconnect under the ssid configuration.
Beginning in privileged EXEC mode, follow these steps to map the tunnel to the VLAN:
|
|
|
---|---|---|
Examples
Configuring TCP mss adjust
To configure TCP mss adjust for tunnel clients use the dot11 l2tp tcp mss tcp mss value command in the configuration mode.
dot11 l2tp tcp mss tcp mss value
Examples
Configuring UDP checksum
To configure UDP checksum ignore for fragmented L2TPv3oUDP Data Packets use the dot11 l2tpoUdp udp checksum zero in the configuration mode.
dot11 l2tpoUdp udp checksum zero
Note This command is used when the prol2tp server version is older than 1.6.1 are used.