Ejemplo de Configuración del Método Estático de Protocolo de Tunelización de Capa 2 (Versión 3) y del Método de Hairpinning
Contenido
Introducción
Este documento ofrece una configuración de ejemplo para el Protocolo estático de tunelización de capa 2 versión 3 (L2TPv3) y métodos de devolución de llamada (hairpinning).
Esta tabla describe el soporte de modificación de la versión del software Cisco IOS® para L2TPv3:
| Versión de software del IOS de Cisco | Descripción de Soporte de L2TPv3 |
|---|---|
| 12.0(21)S | El soporte inicial del plano de datos para L2TPv3 se introdujo en las plataformas Cisco 7200 Series, Cisco 7500 Series, Cisco 10720 y Cisco 12000 Series. |
| 12.0(23)S | El soporte del plano de control L2TPv3 se introdujo en las plataformas Cisco 7200 Series, Cisco 7500 Series, Cisco 10720 y Cisco 12000 Series. |
| 12,3(2)T | Esta función se integró en Cisco IOS Software Release 12.3(2)T. |
Para utilizar la función L2TPv3, debe habilitar Cisco Express Forwarding (CEF). La configuración del submodo Xconnect está bloqueada hasta que se habilite el CEF. En plataformas distribuidas, como la serie 7500 de Cisco, si CEF está deshabilitado cuando se establece una sesión, la sesión se derriba y permanece sin funcionar hasta que se vuelve a habilitar CEF. Utilice el comando ip cef o ip cef distributed para habilitar CEF.
Se recomienda encarecidamente especificar una dirección IP de origen para configurar una interfaz de loopback. Si no configura una interfaz de loopback, el router selecciona la mejor dirección local disponible, que podría ser cualquier dirección IP configurada en una interfaz de núcleo. Esta configuración puede evitar el establecimiento de un canal de control. La dirección de loopback debe ser accesible desde las redes centrales.
Prerequisites
Requirements
Antes de intentar esta configuración, asegúrese de que conoce lo siguiente:
Componentes Utilizados
Este documento no tiene restricciones específicas en cuanto a versiones de software y de hardware.
Convenciones
Para obtener más información sobre las convenciones del documento, consulte Convenciones de Consejos Técnicos de Cisco.
Configurar
En esta sección encontrará la información para configurar las funciones descritas en este documento.
Nota: Para encontrar información adicional sobre los comandos usados en este documento, utilice la Command Lookup Tool (sólo clientes registrados) .
Diagrama de la red
En este documento, se utiliza esta configuración de red:
Nota: El proveedor utiliza los routers R2 y R3. Los routers R1, R4, R5 y R6 son clientes finales. Al utilizar L2TPv3, el router R4 parece tener una conexión directa a R5; esto también se aplica a la conexión entre el router R1 y el router R6.
Configuraciones
En este documento, se utilizan estas configuraciones:
-
Pseudo cable estático a través de una nube IP. Parte importante de la configuración se puede encontrar en R2 y R3 donde se configuran dos túneles unidireccionales.
-
Pseudo cable de anclaje o conmutación local (de un puerto a otro en el mismo router). La configuración se realiza sólo en R2 y consiste en configurar dos túneles unidireccionales que se dirigen a dos loops de retorno los que se encuentran en el router R2.
| R2 |
|---|
R2# show running-config Building configuration... service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname R2 ! ! clock timezone EST 10 ip subnet-zero ip cef no ip domain-lookup l2tp-class R2signal hello 10 password 0 cisco cookie size 8 ! pseudowire-class wireR5R4 encapsulation l2tpv3 protocol l2tpv3 R2signal ip local interface Loopback0 ip dfbit set ! pseudowire-class wireR6R1 encapsulation l2tpv3 protocol l2tpv3 R2signal ip local interface Loopback1 ip dfbit set ! pseudowire-class wireR1R6 encapsulation l2tpv3 protocol l2tpv3 R2signal ip local interface Loopback2 ip dfbit set ! interface Loopback0 description Used by wireR5R4 for Static Connection ip address 2.2.2.2 255.255.255.255 no ip directed-broadcast ! interface Loopback1 description Used by wireR6R1 for Hair Pinning Connection ip address 2.2.2.6 255.255.255.255 no ip directed-broadcast ! interface Loopback2 description Used by wireR1R6 for Hair Pinning Connection ip address 2.2.2.1 255.255.255.255 no ip directed-broadcast ! interface Ethernet0/0 description Connection to R1 no ip address no ip directed-broadcast xconnect 2.2.2.6 16 encapsulation l2tpv3 pw-class wireR1R6 ! interface Ethernet1/0 description Connection to Pretend Cloud. ip address 20.20.20.2 255.255.255.0 no ip directed-broadcast no cdp enable ! interface Ethernet2/0 description Connection to R5 no ip address no ip directed-broadcast no cdp enable xconnect 3.3.3.3 12 encapsulation l2tpv3 pw-class wireR5R4 ! interface Ethernet3/0 description Connection to R6 no ip address no ip directed-broadcast xconnect 2.2.2.1 16 encapsulation l2tpv3 pw-class wireR6R1 ! ip classless ip route 3.3.3.3 255.255.255.255 20.20.20.3 !--- The other end of wireR5R4 loopback (3.3.3.3) must be !--- reachable from this router. Hair Pinning loopbacks !--- are reachable—there is no need for additional routes. ! ! line con 0 exec-timeout 0 0 privilege level 15 line aux 0 line vty 0 4 login ! end |
| R3 |
|---|
R3# show running-config Building configuration... version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname R3 ! ! clock timezone EST 10 ip subnet-zero ip cef ! l2tp-class R3signal hello 10 password 0 cisco cookie size 8 ! pseudowire-class wireR4R5 encapsulation l2tpv3 protocol l2tpv3 R3signal ip local interface Loopback0 ip dfbit set ! interface Loopback0 description Use by wireR4R5 for static connection ip address 3.3.3.3 255.255.255.255 no ip directed-broadcast ! interface Ethernet0/0 ip address 20.20.20.3 255.255.255.0 no ip directed-broadcast ! interface Ethernet1/0 no ip address no ip directed-broadcast no cdp enable xconnect 2.2.2.2 12 encapsulation l2tpv3 pw-class wireR4R5 ! ip classless ip route 2.2.2.2 255.255.255.255 Ethernet0/0 !--- The other end of wireR4R5 loopback (3.3.3.3) must be !--- reachable from this router. ! line con 0 exec-timeout 0 0 privilege level 15 line aux 0 line vty 0 4 login ! end |
Configuración del router final del túnel R1R6 del cliente (pseudo-cable):
| R1 |
|---|
R1# show running-config Building configuration... version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname R1 ! ! clock timezone EST 10 ip subnet-zero no ip domain-lookup ! interface Ethernet0/0 ip address 10.10.10.1 255.255.255.0 no ip directed-broadcast ! ip classless ! line con 0 exec-timeout 0 0 privilege level 15 line aux 0 line vty 0 4 login ! end |
| R6 |
|---|
R6# show running-config Building configuration... version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname R6 ! ! clock timezone EST 10 ip subnet-zero no ip domain-lookup ! interface Ethernet0/0 ip address 10.10.10.6 255.255.255.0 no ip directed-broadcast ! ip classless ! line con 0 exec-timeout 0 0 privilege level 15 line aux 0 line vty 0 4 login ! end |
Configuración del router final del túnel R4R5 del cliente (pseudo-cable):
| R4 |
|---|
R4# show running-config Building configuration... version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname R4 ! ! ip subnet-zero ! interface Ethernet0/0 ip address 30.30.30.4 255.255.255.0 no ip directed-broadcast ! router ospf 1 log-adjacency-changes network 30.30.30.0 0.0.0.255 area 0 ! ip classless ! line con 0 exec-timeout 0 0 privilege level 15 line aux 0 line vty 0 4 login ! end |
| R5 |
|---|
R5# show running-config Building configuration... version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname R5 ! ! ip subnet-zero ! interface Ethernet0/0 ip address 30.30.30.5 255.255.255.0 no ip directed-broadcast ! router ospf 1 log-adjacency-changes network 30.30.30.0 0.0.0.255 area 0 ! ip classless ! line con 0 exec-timeout 0 0 privilege level 15 line aux 0 line vty 0 4 login ! end |
Verificación
En esta sección encontrará información que puede utilizar para confirmar que su configuración esté funcionando correctamente.
R4# show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
30.30.30.5 1 FULL/DR 00:00:39 30.30.30.5 Ethernet0/0
R5# show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
30.30.30.4 1 FULL/BDR 00:00:38 30.30.30.4 Ethernet0/0
R1# show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
R6 Eth 0/0 158 R 7206VXR Eth 0/0
La herramienta Output Interpreter (sólo para clientes registrados) permite utilizar algunos comandos “show” y ver un análisis del resultado de estos comandos.
-
show l2tun tunnel all: para mostrar el estado actual de una sesión L2TPv3 y mostrar información sobre las sesiones configuradas actualmente, incluidos los nombres de host L2TP locales y remotos, los recuentos de paquetes agregados y los canales de control L2TP, utilice el comando show l2tun tunnel all en el modo EXEC.
R2# show l2tun tunnel all Tunnel Information Total tunnels 3 sessions 3 Tunnel id 54217 is up, remote id is 44186, 1 active sessions Tunnel state is established, time since change 00:12:07 Tunnel transport is IP (115) Remote tunnel name is R2 Internet Address 2.2.2.6, port 0 Local tunnel name is R2 Internet Address 2.2.2.1, port 0 Tunnel domain is VPDN group for tunnel is - L2TP class for tunnel is R2signal 88 packets sent, 87 received 10086 bytes sent, 11092 received Control Ns 76, Nr 74 Local RWS 1024 (default), Remote RWS 1024 (max) Tunnel PMTU checking disabled Retransmission time 1, max 1 seconds Unsent queuesize 0, max 0 Resend queuesize 0, max 2 Total resends 0, ZLB ACKs sent 72 Current nosession queue check 0 of 5 Retransmit time distribution: 0 0 0 0 0 0 0 0 0 Sessions disconnected due to lack of resources 0 Tunnel id 44186 is up, remote id is 54217, 1 active sessions Tunnel state is established, time since change 00:12:08 Tunnel transport is IP (115) Remote tunnel name is R2 Internet Address 2.2.2.1, port 0 Local tunnel name is R2 Internet Address 2.2.2.6, port 0 Tunnel domain is VPDN group for tunnel is - L2TP class for tunnel is R2signal 87 packets sent, 88 received 11092 bytes sent, 10086 received Control Ns 74, Nr 76 Local RWS 1024 (default), Remote RWS 1024 (max) Tunnel PMTU checking disabled Retransmission time 1, max 1 seconds Unsent queuesize 0, max 0 Resend queuesize 0, max 1 Total resends 0, ZLB ACKs sent 74 Current nosession queue check 0 of 5 Retransmit time distribution: 0 0 0 0 0 0 0 0 0 Sessions disconnected due to lack of resources 0 Tunnel id 24124 is up, remote id is 48735, 1 active sessions Tunnel state is established, time since change 00:11:00 Tunnel transport is IP (115) Remote tunnel name is R3 Internet Address 3.3.3.3, port 0 Local tunnel name is R2 Internet Address 2.2.2.2, port 0 Tunnel domain is VPDN group for tunnel is - L2TP class for tunnel is R2signal 155 packets sent, 158 received 15230 bytes sent, 17586 received Control Ns 69, Nr 67 Local RWS 1024 (default), Remote RWS 1024 (max) Tunnel PMTU checking disabled Retransmission time 1, max 1 seconds Unsent queuesize 0, max 0 Resend queuesize 0, max 2 Total resends 1, ZLB ACKs sent 65 Current nosession queue check 0 of 5 Retransmit time distribution: 0 0 1 0 0 0 0 0 0 Sessions disconnected due to lack of resources 0 R3# show l2tun tunnel all Tunnel Information Total tunnels 1 sessions 1 Tunnel id 48735 is up, remote id is 24124, 1 active sessions Tunnel state is established, time since change 00:12:36 Tunnel transport is IP (115) Remote tunnel name is R2 Internet Address 2.2.2.2, port 0 Local tunnel name is R3 Internet Address 3.3.3.3, port 0 Tunnel domain is VPDN group for tunnel is - L2TP class for tunnel is R3signal 180 packets sent, 176 received 19766 bytes sent, 17316 received Control Ns 77, Nr 79 Local RWS 1024 (default), Remote RWS 1024 (max) Tunnel PMTU checking disabled Retransmission time 1, max 1 seconds Unsent queuesize 0, max 0 Resend queuesize 0, max 1 Total resends 1, ZLB ACKs sent 78 Current nosession queue check 0 of 5 Retransmit time distribution: 0 0 1 0 0 0 0 0 0 Sessions disconnected due to lack of resources 0 -
show l2tun session all: para mostrar el estado actual de una sesión de Capa 2 y mostrar información de protocolo sobre un canal de control L2TPv3, utilice el comando show l2tun session all en el modo EXEC.
R2# show l2tun session all Session Information Total tunnels 3 sessions 3 Session id 19996 is up, tunnel id 54217 Call serial number is 1492400000 Remote tunnel name is R2 Internet address is 2.2.2.6 Session is L2TP signalled Session state is established, time since change 00:15:37 112 Packets sent, 111 received 12309 Bytes sent, 13312 received Receive packets dropped: out-of-order: 0 total: 0 Send packets dropped: exceeded session MTU: 0 total: 0 Session vcid is 16 Session Layer 2 circuit, type is Ethernet, name is Ethernet0/0 Circuit state is UP Remote session id is 19999, remote tunnel id 44186 DF bit on, ToS reflect disabled, ToS value 0, TTL value 255 Session cookie information: local cookie, size 8 bytes, value 6E 47 8C 4A BA BF 7E A4 remote cookie, size 8 bytes, value 7F 9F 65 C4 C7 5B 57 FF FS cached header information: encap size = 32 bytes 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 Sequencing is off Session id 19999 is up, tunnel id 44186 Call serial number is 1492400000 Remote tunnel name is R2 Internet address is 2.2.2.1 Session is L2TP signalled Session state is established, time since change 00:15:38 111 Packets sent, 112 received 13312 Bytes sent, 12309 received Receive packets dropped: out-of-order: 0 total: 0 Send packets dropped: exceeded session MTU: 0 total: 0 Session vcid is 16 Session Layer 2 circuit, type is Ethernet, name is Ethernet3/0 Circuit state is UP Remote session id is 19996, remote tunnel id 54217 DF bit on, ToS reflect disabled, ToS value 0, TTL value 255 Session cookie information: local cookie, size 8 bytes, value 7F 9F 65 C4 C7 5B 57 FF remote cookie, size 8 bytes, value 6E 47 8C 4A BA BF 7E A4 FS cached header information: encap size = 32 bytes 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 Sequencing is off Session id 20005 is up, tunnel id 24124 Call serial number is 1492400002 Remote tunnel name is R3 Internet address is 3.3.3.3 Session is L2TP signalled Session state is established, time since change 00:14:29 200 Packets sent, 204 received 19650 Bytes sent, 22100 received Receive packets dropped: out-of-order: 0 total: 0 Send packets dropped: exceeded session MTU: 0 total: 0 Session vcid is 12 Session Layer 2 circuit, type is Ethernet, name is Ethernet2/0 Circuit state is UP Remote session id is 17834, remote tunnel id 48735 DF bit on, ToS reflect disabled, ToS value 0, TTL value 255 Session cookie information: local cookie, size 8 bytes, value 22 09 F1 E9 BC 8C 00 94 remote cookie, size 8 bytes, value 39 DD CB 00 9C 4B 1C 8C FS cached header information: encap size = 32 bytes 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 Sequencing is off R3# show l2tun session all Session Information Total tunnels 1 sessions 1 Session id 17834 is up, tunnel id 48735 Call serial number is 1492400002 Remote tunnel name is R2 Internet address is 2.2.2.2 Session is L2TP signalled Session state is established, time since change 00:23:53 327 Packets sent, 322 received 33758 Bytes sent, 31248 received Receive packets dropped: out-of-order: 0 total: 0 Send packets dropped: exceeded session MTU: 0 total: 0 Session vcid is 12 Session Layer 2 circuit, type is Ethernet, name is Ethernet1/0 Circuit state is UP Remote session id is 20005, remote tunnel id 24124 DF bit on, ToS reflect disabled, ToS value 0, TTL value 255 Session cookie information: local cookie, size 8 bytes, value 39 DD CB 00 9C 4B 1C 8C remote cookie, size 8 bytes, value 22 09 F1 E9 BC 8C 00 94 FS cached header information: encap size = 32 bytes 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 Sequencing is off
Troubleshoot
En esta sección encontrará información que puede utilizar para solucionar problemas de configuración.
Se puede utilizar el Juego de herramientas para errores de programación (sólo clientes registrados) para obtener más información sobre errores de programación relacionados a las características de L2TPv3:
-
CSCdz01467 (sólo clientes registrados) —Resuelto (R) L2TPv3: Contador de paquetes de túnel, muestra un conteo inexacto.
-
CSCeb56061 (sólo clientes registrados) —Resolved (R) L2TPv3: L2TPv3oETH genera túneles zombi.
-
CSCeb35497 (sólo clientes registrados) —Secuencia resuelta (R) L2TPv3: Tx Seqnum no se ajusta a 1 después de 16777215.
-
CSCdz48481 (sólo clientes registrados) —La configuración de hairpinning resuelto (R) L2TPv3 ya no es compatible.
-
CSCec00463 (sólo clientes registrados) —Resolved (R) L2TPv3: Falla de descap del modo de puerto Ethernet Gig
-
CSCec44356 (sólo clientes registrados) —Resuelto (R) C10720: La coincidencia 802.1P en L2TPv3 hairpinning está rota.
Información Relacionada
Historial de revisiones
| Revisión | Fecha de publicación | Comentarios |
|---|---|---|
1.0 |
10-Aug-2005 |
Versión inicial |
ComentariosContacte a Cisco
- Abrir un caso de soporte
- (Requiere un Cisco Service Contract)