第2層通道通訊協定(第3版)靜態方法和迴轉方法組態範例
簡介
本檔案將提供第2層通道通訊協定第3版(L2TPv3)靜態和迴轉方法的範例組態。
下表介紹適用於L2TPv3的Cisco IOS®軟體版本修改支援:
| Cisco IOS軟體版本 | L2TPv3支援說明 |
|---|---|
| 12.0(21)S | L2TPv3的初始資料平面支援是在Cisco 7200系列、Cisco 7500系列、Cisco 10720和Cisco 12000系列平台上引入的。 |
| 12.0(23)S | L2TPv3控制平面支援是在Cisco 7200系列、Cisco 7500系列、Cisco 10720和Cisco 12000系列平台上引入的。 |
| 12.3(2)公噸 | 此功能已整合到Cisco IOS軟體版本12.3(2)T中。 |
您必須啟用思科快速轉發(CEF)才能使用L2TPv3功能。Xconnect配置子模式被阻止,直到啟用CEF。在分散式平台(例如Cisco 7500系列)上,如果建立作業階段時停用CEF,作業階段就會關閉並一直關閉,直到CEF重新啟用。使用ip cef或ip cef distributed命令啟用CEF。
強烈建議指定源IP地址以配置環回介面。如果不配置環回介面,路由器將選擇最佳可用本地地址,該地址可以是面向核心的介面上配置的任何IP地址。此配置可能會阻止建立控制通道。環回地址必須從核心網路訪問。
必要條件
需求
在嘗試此配置之前,請確保您對以下內容瞭如指掌:
採用元件
本文件所述內容不限於特定軟體和硬體版本。
慣例
如需文件慣例的詳細資訊,請參閱思科技術提示慣例。
設定
本節提供用於設定本文件中所述功能的資訊。
注意:要查詢有關本文檔中使用的命令的其他資訊,請使用命令查詢工具(僅限註冊客戶)。
網路圖表
本檔案會使用以下網路設定:
注意:路由器R2和R3由提供商使用。路由器R1、R4、R5和R6是最終客戶。使用L2TPv3時,路由器R4似乎與R5有直接連線;路由器R1與路由器R6之間的連線也是如此。
組態
本檔案會使用以下設定:
-
通過IP雲的靜態偽線。在R2和R3中可找到配置的相關部分,其中配置了兩個單向隧道。
-
髮夾偽線或本地交換(從同一路由器中的一個埠到另一個埠)。 該配置僅在R2上完成,包括配置兩個指向兩個環回的單向隧道,這兩個隧道都位於路由器R2上。
| R2 |
|---|
R2# show running-config Building configuration... service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname R2 ! ! clock timezone EST 10 ip subnet-zero ip cef no ip domain-lookup l2tp-class R2signal hello 10 password 0 cisco cookie size 8 ! pseudowire-class wireR5R4 encapsulation l2tpv3 protocol l2tpv3 R2signal ip local interface Loopback0 ip dfbit set ! pseudowire-class wireR6R1 encapsulation l2tpv3 protocol l2tpv3 R2signal ip local interface Loopback1 ip dfbit set ! pseudowire-class wireR1R6 encapsulation l2tpv3 protocol l2tpv3 R2signal ip local interface Loopback2 ip dfbit set ! interface Loopback0 description Used by wireR5R4 for Static Connection ip address 2.2.2.2 255.255.255.255 no ip directed-broadcast ! interface Loopback1 description Used by wireR6R1 for Hair Pinning Connection ip address 2.2.2.6 255.255.255.255 no ip directed-broadcast ! interface Loopback2 description Used by wireR1R6 for Hair Pinning Connection ip address 2.2.2.1 255.255.255.255 no ip directed-broadcast ! interface Ethernet0/0 description Connection to R1 no ip address no ip directed-broadcast xconnect 2.2.2.6 16 encapsulation l2tpv3 pw-class wireR1R6 ! interface Ethernet1/0 description Connection to Pretend Cloud. ip address 20.20.20.2 255.255.255.0 no ip directed-broadcast no cdp enable ! interface Ethernet2/0 description Connection to R5 no ip address no ip directed-broadcast no cdp enable xconnect 3.3.3.3 12 encapsulation l2tpv3 pw-class wireR5R4 ! interface Ethernet3/0 description Connection to R6 no ip address no ip directed-broadcast xconnect 2.2.2.1 16 encapsulation l2tpv3 pw-class wireR6R1 ! ip classless ip route 3.3.3.3 255.255.255.255 20.20.20.3 !--- The other end of wireR5R4 loopback (3.3.3.3) must be !--- reachable from this router. Hair Pinning loopbacks !--- are reachable—there is no need for additional routes. ! ! line con 0 exec-timeout 0 0 privilege level 15 line aux 0 line vty 0 4 login ! end |
| R3 |
|---|
R3# show running-config Building configuration... version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname R3 ! ! clock timezone EST 10 ip subnet-zero ip cef ! l2tp-class R3signal hello 10 password 0 cisco cookie size 8 ! pseudowire-class wireR4R5 encapsulation l2tpv3 protocol l2tpv3 R3signal ip local interface Loopback0 ip dfbit set ! interface Loopback0 description Use by wireR4R5 for static connection ip address 3.3.3.3 255.255.255.255 no ip directed-broadcast ! interface Ethernet0/0 ip address 20.20.20.3 255.255.255.0 no ip directed-broadcast ! interface Ethernet1/0 no ip address no ip directed-broadcast no cdp enable xconnect 2.2.2.2 12 encapsulation l2tpv3 pw-class wireR4R5 ! ip classless ip route 2.2.2.2 255.255.255.255 Ethernet0/0 !--- The other end of wireR4R5 loopback (3.3.3.3) must be !--- reachable from this router. ! line con 0 exec-timeout 0 0 privilege level 15 line aux 0 line vty 0 4 login ! end |
客戶R1R6隧道(偽線)終端路由器配置:
| R1 |
|---|
R1# show running-config Building configuration... version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname R1 ! ! clock timezone EST 10 ip subnet-zero no ip domain-lookup ! interface Ethernet0/0 ip address 10.10.10.1 255.255.255.0 no ip directed-broadcast ! ip classless ! line con 0 exec-timeout 0 0 privilege level 15 line aux 0 line vty 0 4 login ! end |
| R6 |
|---|
R6# show running-config Building configuration... version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname R6 ! ! clock timezone EST 10 ip subnet-zero no ip domain-lookup ! interface Ethernet0/0 ip address 10.10.10.6 255.255.255.0 no ip directed-broadcast ! ip classless ! line con 0 exec-timeout 0 0 privilege level 15 line aux 0 line vty 0 4 login ! end |
客戶R4R5通道(偽線)終端路由器配置:
| R4 |
|---|
R4# show running-config Building configuration... version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname R4 ! ! ip subnet-zero ! interface Ethernet0/0 ip address 30.30.30.4 255.255.255.0 no ip directed-broadcast ! router ospf 1 log-adjacency-changes network 30.30.30.0 0.0.0.255 area 0 ! ip classless ! line con 0 exec-timeout 0 0 privilege level 15 line aux 0 line vty 0 4 login ! end |
| R5 |
|---|
R5# show running-config Building configuration... version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname R5 ! ! ip subnet-zero ! interface Ethernet0/0 ip address 30.30.30.5 255.255.255.0 no ip directed-broadcast ! router ospf 1 log-adjacency-changes network 30.30.30.0 0.0.0.255 area 0 ! ip classless ! line con 0 exec-timeout 0 0 privilege level 15 line aux 0 line vty 0 4 login ! end |
驗證
本節提供的資訊可用於確認您的組態是否正常運作。
R4# show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
30.30.30.5 1 FULL/DR 00:00:39 30.30.30.5 Ethernet0/0
R5# show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
30.30.30.4 1 FULL/BDR 00:00:38 30.30.30.4 Ethernet0/0
R1# show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
R6 Eth 0/0 158 R 7206VXR Eth 0/0
輸出直譯器工具(僅供註冊客戶使用)支援某些show命令,此工具可讓您檢視show命令輸出的分析。
-
show l2tun tunnel all — 要顯示L2TPv3會話的當前狀態並顯示有關當前配置的會話的資訊,包括本地和遠端L2TP主機名、聚合資料包計數和L2TP控制通道,請在EXEC模式下使用show l2tun tunnel all命令。
R2# show l2tun tunnel all Tunnel Information Total tunnels 3 sessions 3 Tunnel id 54217 is up, remote id is 44186, 1 active sessions Tunnel state is established, time since change 00:12:07 Tunnel transport is IP (115) Remote tunnel name is R2 Internet Address 2.2.2.6, port 0 Local tunnel name is R2 Internet Address 2.2.2.1, port 0 Tunnel domain is VPDN group for tunnel is - L2TP class for tunnel is R2signal 88 packets sent, 87 received 10086 bytes sent, 11092 received Control Ns 76, Nr 74 Local RWS 1024 (default), Remote RWS 1024 (max) Tunnel PMTU checking disabled Retransmission time 1, max 1 seconds Unsent queuesize 0, max 0 Resend queuesize 0, max 2 Total resends 0, ZLB ACKs sent 72 Current nosession queue check 0 of 5 Retransmit time distribution: 0 0 0 0 0 0 0 0 0 Sessions disconnected due to lack of resources 0 Tunnel id 44186 is up, remote id is 54217, 1 active sessions Tunnel state is established, time since change 00:12:08 Tunnel transport is IP (115) Remote tunnel name is R2 Internet Address 2.2.2.1, port 0 Local tunnel name is R2 Internet Address 2.2.2.6, port 0 Tunnel domain is VPDN group for tunnel is - L2TP class for tunnel is R2signal 87 packets sent, 88 received 11092 bytes sent, 10086 received Control Ns 74, Nr 76 Local RWS 1024 (default), Remote RWS 1024 (max) Tunnel PMTU checking disabled Retransmission time 1, max 1 seconds Unsent queuesize 0, max 0 Resend queuesize 0, max 1 Total resends 0, ZLB ACKs sent 74 Current nosession queue check 0 of 5 Retransmit time distribution: 0 0 0 0 0 0 0 0 0 Sessions disconnected due to lack of resources 0 Tunnel id 24124 is up, remote id is 48735, 1 active sessions Tunnel state is established, time since change 00:11:00 Tunnel transport is IP (115) Remote tunnel name is R3 Internet Address 3.3.3.3, port 0 Local tunnel name is R2 Internet Address 2.2.2.2, port 0 Tunnel domain is VPDN group for tunnel is - L2TP class for tunnel is R2signal 155 packets sent, 158 received 15230 bytes sent, 17586 received Control Ns 69, Nr 67 Local RWS 1024 (default), Remote RWS 1024 (max) Tunnel PMTU checking disabled Retransmission time 1, max 1 seconds Unsent queuesize 0, max 0 Resend queuesize 0, max 2 Total resends 1, ZLB ACKs sent 65 Current nosession queue check 0 of 5 Retransmit time distribution: 0 0 1 0 0 0 0 0 0 Sessions disconnected due to lack of resources 0 R3# show l2tun tunnel all Tunnel Information Total tunnels 1 sessions 1 Tunnel id 48735 is up, remote id is 24124, 1 active sessions Tunnel state is established, time since change 00:12:36 Tunnel transport is IP (115) Remote tunnel name is R2 Internet Address 2.2.2.2, port 0 Local tunnel name is R3 Internet Address 3.3.3.3, port 0 Tunnel domain is VPDN group for tunnel is - L2TP class for tunnel is R3signal 180 packets sent, 176 received 19766 bytes sent, 17316 received Control Ns 77, Nr 79 Local RWS 1024 (default), Remote RWS 1024 (max) Tunnel PMTU checking disabled Retransmission time 1, max 1 seconds Unsent queuesize 0, max 0 Resend queuesize 0, max 1 Total resends 1, ZLB ACKs sent 78 Current nosession queue check 0 of 5 Retransmit time distribution: 0 0 1 0 0 0 0 0 0 Sessions disconnected due to lack of resources 0 -
show l2tun session all — 要顯示第2層會話的當前狀態以及顯示有關L2TPv3控制通道的協定資訊,請在EXEC模式下使用show l2tun session all命令。
R2# show l2tun session all Session Information Total tunnels 3 sessions 3 Session id 19996 is up, tunnel id 54217 Call serial number is 1492400000 Remote tunnel name is R2 Internet address is 2.2.2.6 Session is L2TP signalled Session state is established, time since change 00:15:37 112 Packets sent, 111 received 12309 Bytes sent, 13312 received Receive packets dropped: out-of-order: 0 total: 0 Send packets dropped: exceeded session MTU: 0 total: 0 Session vcid is 16 Session Layer 2 circuit, type is Ethernet, name is Ethernet0/0 Circuit state is UP Remote session id is 19999, remote tunnel id 44186 DF bit on, ToS reflect disabled, ToS value 0, TTL value 255 Session cookie information: local cookie, size 8 bytes, value 6E 47 8C 4A BA BF 7E A4 remote cookie, size 8 bytes, value 7F 9F 65 C4 C7 5B 57 FF FS cached header information: encap size = 32 bytes 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 Sequencing is off Session id 19999 is up, tunnel id 44186 Call serial number is 1492400000 Remote tunnel name is R2 Internet address is 2.2.2.1 Session is L2TP signalled Session state is established, time since change 00:15:38 111 Packets sent, 112 received 13312 Bytes sent, 12309 received Receive packets dropped: out-of-order: 0 total: 0 Send packets dropped: exceeded session MTU: 0 total: 0 Session vcid is 16 Session Layer 2 circuit, type is Ethernet, name is Ethernet3/0 Circuit state is UP Remote session id is 19996, remote tunnel id 54217 DF bit on, ToS reflect disabled, ToS value 0, TTL value 255 Session cookie information: local cookie, size 8 bytes, value 7F 9F 65 C4 C7 5B 57 FF remote cookie, size 8 bytes, value 6E 47 8C 4A BA BF 7E A4 FS cached header information: encap size = 32 bytes 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 Sequencing is off Session id 20005 is up, tunnel id 24124 Call serial number is 1492400002 Remote tunnel name is R3 Internet address is 3.3.3.3 Session is L2TP signalled Session state is established, time since change 00:14:29 200 Packets sent, 204 received 19650 Bytes sent, 22100 received Receive packets dropped: out-of-order: 0 total: 0 Send packets dropped: exceeded session MTU: 0 total: 0 Session vcid is 12 Session Layer 2 circuit, type is Ethernet, name is Ethernet2/0 Circuit state is UP Remote session id is 17834, remote tunnel id 48735 DF bit on, ToS reflect disabled, ToS value 0, TTL value 255 Session cookie information: local cookie, size 8 bytes, value 22 09 F1 E9 BC 8C 00 94 remote cookie, size 8 bytes, value 39 DD CB 00 9C 4B 1C 8C FS cached header information: encap size = 32 bytes 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 Sequencing is off R3# show l2tun session all Session Information Total tunnels 1 sessions 1 Session id 17834 is up, tunnel id 48735 Call serial number is 1492400002 Remote tunnel name is R2 Internet address is 2.2.2.2 Session is L2TP signalled Session state is established, time since change 00:23:53 327 Packets sent, 322 received 33758 Bytes sent, 31248 received Receive packets dropped: out-of-order: 0 total: 0 Send packets dropped: exceeded session MTU: 0 total: 0 Session vcid is 12 Session Layer 2 circuit, type is Ethernet, name is Ethernet1/0 Circuit state is UP Remote session id is 20005, remote tunnel id 24124 DF bit on, ToS reflect disabled, ToS value 0, TTL value 255 Session cookie information: local cookie, size 8 bytes, value 39 DD CB 00 9C 4B 1C 8C remote cookie, size 8 bytes, value 22 09 F1 E9 BC 8C 00 94 FS cached header information: encap size = 32 bytes 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 Sequencing is off
疑難排解
本節提供的資訊可用於對組態進行疑難排解。
您可以使用Bug工具套件(僅供註冊客戶使用)取得這些L2TPv3功能相關錯誤的詳細資訊:
-
CSCdz01467(僅限註冊客戶) — 已解決(R)L2TPv3:隧道資料包計數器,顯示不準確的計數。
-
CSCeb56061(僅供註冊客戶) — 已解決(R)L2TPv3:L2TPv3oETH生成殭屍隧道。
-
CSCeb35497(僅限註冊客戶) — 已解決(R)L2TPv3排序:Tx Seqnum完成後不換行16777215。
-
CSCdz48481(僅限註冊客戶) — 不再支援「已解決」(R)L2TPv3迴轉配置。
-
CSCec00463(僅供註冊客戶) — 已解決(R)L2TPv3:千兆乙太網埠模式解碼器故障
-
CSCec44356(僅供註冊客戶) — 已解決(R)C10720:L2TPv3迴轉中的802.1P匹配已中斷。
相關資訊
修訂記錄
| 修訂 | 發佈日期 | 意見 |
|---|---|---|
1.0 |
10-Aug-2005 |
初始版本 |
意見