L2TPv3 (Layer 2 Tunnel Protocol Version 3)

L2TPv3 (Layer Two Tunneling Protocol Version 3) is a point-to-point layer two over IP tunnel.

This means you can tunnel L2 protocols like Ethernet, Frame-relay, ATM, HDLC, PPP, etc. over an IP network. This can be pretty useful…For example, let’s say you have two remote sites and an application that requires that hosts are on the same subnet. With L2TPv3, it’s no problem to “bridge” two remote sites together, putting them in the same broadcast domain/subnet.

L2TPv3 is an IETF standard (RFC3931) that has a separate protocol number (115) and combines some technology from:

• Cisco L2F (Layer 2 Forwarding)
• Microsoft Point to Point Tunneling Protocol (PPTP)

Configuration

The configuration of L2TPv3 is pretty straightforward. Let’s use the following topology:

We have two routers, R1 and R2. We’ll configure L2TPv3 on these two routers so that H1 and H2 can reach each other.

Our hosts will be in the same L2 domain so let’s configure an IP address on each so that they are on the same subnet:

H1(config)#interface GigabitEthernet 0/1
H1(config-if)#ip address 192.168.1.101 255.255.255.0

H2(config)#interface GigabitEthernet 0/1
H2(config-if)#ip address 192.168.1.102 255.255.255.0

Let’s configure the link in between R1 and R2:

R1(config)#interface GigabitEthernet 0/1
R1(config-if)#ip address 192.168.12.1 255.255.255.0

R2(config)#interface GigabitEthernet 0/1
R2(config-if)#ip address 192.168.12.2 255.255.255.0

Now we can focus on the L2TPv3 configuration. First, we create a new pseudowire class. This is the template for the tunnel where we set the source interface and encapsulation type:

R1 & R2
(config)#pseudowire-class R1_R2
(config-pw-class)#encapsulation l2tpv3
(config-pw-class)#ip local interface GigabitEthernet 0/1

Now we need to bind the pseudowire to the interface where we want to bridge our L2 traffic. In our topology, that’s the GigabitEthernet 0/2 interface. This is done with the xconnect command. We also have to set a unique virtual circuit ID (I’ll use 12), set the remote peer IP address, and refer to the pseudowire class we created:

R1(config)#interface GigabitEthernet 0/2
R1(config-if)#xconnect 192.168.12.2 12 pw-class R1_R2

R2(config)#interface GigabitEthernet 0/2
R2(config-if)#xconnect 192.168.12.1 12 pw-class R1_R2

This completes our configuration. When you configure the xconnect command, you’ll see that it supports some sub-commands:

R1(config-if-xconn)#

We don’t have to use this for our simple topology but this is where you can configure a backup pseudowire if you want.

Verification

Let’s see if our L2TPv3 configuration is working or not. Let’s start with a quick ping:

H1#ping 192.168.1.102
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.102, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 6/7/11 ms

Our ping from H1 to H2 is working so that’s looking good. Let’s take a look at some show commands on our routers.

There are a couple of commands you can try:

• show l2tp
• show l2tun
• show xconnect

Let’s try some:

R1#show l2tp session 

L2TP Session Information Total tunnels 1 sessions 1

LocID      RemID      TunID      Username, Intf/      State  Last Chg Uniq ID   
                                 Vcid, Circuit                                  
925791518  1078883537 296005772  12, Gi0/2            est    00:00:51 0

This gives a quick overview that shows our virtual circuit ID and the interface that the pseudowire is connected to. If you want more detail, add the “all” parameter to this command:

R1#show l2tp session all

L2TP Session Information Total tunnels 1 sessions 1

Session id 925791518 is up, logical session id 32777, tunnel id 296005772 
  Remote session id is 1078883537, remote tunnel id 3566820914
  Remotely initiated session
  Unique ID is 0
Session Layer 2 circuit, type is Ethernet, name is GigabitEthernet0/2
  Session vcid is 12
  Circuit state is UP
    Local circuit state is UP
    Remote circuit state is UP
Call serial number is 255000001
Remote tunnel name is R2
  Internet address is 192.168.12.2
Local tunnel name is R1
  Internet address is 192.168.12.1
IP protocol 115
  Session is L2TP signaled
  Session state is established, time since change 00:05:45
    16 Packets sent, 17 received
    3216 Bytes sent, 3293 received
  Last clearing of counters never
  Counters, ignoring last clear:
    16 Packets sent, 17 received
    3216 Bytes sent, 3293 received
    Receive packets dropped:
      out-of-order:             0
      other:                    0
      total:                    0
    Send packets dropped:
      exceeded session MTU:     0
      other:                    0
      total:                    0
  DF bit off, ToS reflect disabled, ToS value 0, TTL value 255
  Sending UDP checksums are disabled
  Received UDP checksums are verified
  No session cookie information available
  FS cached header information:
    encap size = 24 bytes
    45000014 00000000 ff732223 c0a80c01
    c0a80c02 404e74d1 
  Sequencing is off
  Conditional debugging is disabled
  SSM switch id is 4096, SSM segment id is 8204

This gives us some interesting output. We see the L2 type (Ethernet), that the tunnel is up, and the number of packets that are sent/received. You can also see the protocol number here (115).

The show xconnect command is a bit similar to the first command. It is a nice quick way to see if the pseudowire is up though:

R1#show xconnect all
Legend:    XC ST=Xconnect State  S1=Segment1 State  S2=Segment2 State
  UP=Up       DN=Down            AD=Admin Down      IA=Inactive
  SB=Standby  HS=Hot Standby     RV=Recovering      NH=No Hardware

XC ST  Segment 1                         S1 Segment 2                         S2
------+---------------------------------+--+---------------------------------+--
UP pri   ac Gi0/2:4(Ethernet)            UP l2tp 192.168.12.2:12              UP

What does this L2TPv3 encapsulated traffic look like in Wireshark? Here’s an example of the ICMP traffic that I captured: