====== Configurando túnel L2TP ======
L2TPv3 (Layer Two Tunneling Protocol Version 3) é um ponto-a-ponto camada 2 sobre um tunnel ip(camada 3).
Por este túnel camada 2 você pode trafegar protocolos como: Ethernet, Frame-relay, ATM, HDLC, PPP, etc.
Isto é útil caso você precise que duas subnets remotas fiquei no mesmo dominio de broadcast (estender uma subnet para outro site), ou ainda para aplicações que requerem que as duas subnets estejam na mesma subnet.
L2TPv3 é um padrão IETF(RFC3931) com o número de protocolo 115(https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml) e combina duas tecnologias:
* Cisco L2F (Layer 2 Forwarding)
* Microsoft Point to Point Tunneling Protocol (PPTP)
Para teste de um túnel L2TP utilizaremos o seguinte ambiente abaixo.
{{ :l2tp.png?direct&600 |}}
===== Configurando R1 =====
Para a configuração do R1 utilizaremos a seguinte conf.
pseudowire-class R1_R2
encapsulation l2tpv3
ip local interface Ethernet0/1
!
interface Ethernet0/0
no ip address
no keepalive
xconnect 192.168.12.2 12 pw-class R1_R2
!
interface Ethernet0/1
ip address 192.168.12.1 255.255.255.0
!
===== Configurando R2 =====
Para o R2 da mesma forma
pseudowire-class R2_R1
encapsulation l2tpv3
ip local interface Ethernet0/1
!
interface Ethernet0/0
no ip address
no keepalive
xconnect 192.168.12.1 12 pw-class R2_R1
!
interface Ethernet0/1
ip address 192.168.12.2 255.255.255.0
!
===== Testando o túnel L2TP =====
Pingando a partir do 192.168.1.101 para o endereço 192.168.1.102
PC-1> ping 192.168.1.102
84 bytes from 192.168.1.102 icmp_seq=1 ttl=64 time=1.500 ms
84 bytes from 192.168.1.102 icmp_seq=2 ttl=64 time=1.500 ms
84 bytes from 192.168.1.102 icmp_seq=3 ttl=64 time=1.501 ms
84 bytes from 192.168.1.102 icmp_seq=4 ttl=64 time=1.500 ms
84 bytes from 192.168.1.102 icmp_seq=5 ttl=64 time=1.500 ms
PC-1>
Pingando a partir do 192.168.1.102 para o endereço 192.168.1.101
PC-2> ping 192.168.1.101
84 bytes from 192.168.1.101 icmp_seq=1 ttl=64 time=1.500 ms
84 bytes from 192.168.1.101 icmp_seq=2 ttl=64 time=1.500 ms
84 bytes from 192.168.1.101 icmp_seq=3 ttl=64 time=1.500 ms
84 bytes from 192.168.1.101 icmp_seq=4 ttl=64 time=1.501 ms
84 bytes from 192.168.1.101 icmp_seq=5 ttl=64 time=1.500 ms
PC-2>
===== Visualizando o tunel L2TP =====
Visualizando a sessão L2TP(show l2tp e show l2tp session)
R2#show l2tp
L2TP Tunnel and Session Information Total tunnels 1 sessions 1
LocTunID RemTunID Remote Name State Remote Address Sessn L2TP Class/
Count VPDN Group
998253310 1122394201 R1 est 192.168.12.1 1 l2tp_default_cl
LocID RemID TunID Username, Intf/ State Last Chg Uniq ID
Vcid, Circuit
4205256635 472596089 998253310 12, Et0/0 est 00:23:51 1
R2#
R2#
R2#show l2tp session
L2TP Session Information Total tunnels 1 sessions 1
LocID RemID TunID Username, Intf/ State Last Chg Uniq ID
Vcid, Circuit
4205256635 472596089 998253310 12, Et0/0 est 00:23:55 1
R2#
* show l2tp session all*
R2#show l2tp session all
L2TP Session Information Total tunnels 1 sessions 1
Session id 4205256635 is up, logical session id 32768, tunnel id 998253310
Remote session id is 472596089, remote tunnel id 1122394201
Locally initiated session
Unique ID is 1
Session Layer 2 circuit, type is Ethernet, name is Ethernet0/0
Session vcid is 12
Circuit state is UP
Local circuit state is UP
Remote circuit state is UP
Call serial number is 6800001
Remote tunnel name is R1
Internet address is 192.168.12.1
Local tunnel name is R2
Internet address is 192.168.12.2
IP protocol 115
Session is L2TP signaled
Session state is established, time since change 00:24:46
24 Packets sent, 24 received
2860 Bytes sent, 2860 received
Last clearing of counters never
Counters, ignoring last clear:
24 Packets sent, 24 received
2860 Bytes sent, 2860 received
Receive packets dropped:
out-of-order: 0
other: 0
total: 0
Send packets dropped:
exceeded session MTU: 0
other: 0
total: 0
DF bit off, ToS reflect disabled, ToS value 0, TTL value 255
Sending UDP checksums are disabled
Received UDP checksums are verified
No session cookie information available
FS cached header information:
encap size = 24 bytes
45000014 00000000 ff732223 c0a80c02
c0a80c01 1c2b3e79
Sequencing is off
Conditional debugging is disabled
SSM switch id is 4096, SSM segment id is 8193
R2#
*show l2tun*
R2#show l2tun counters tunnel l2tp
Global L2TP tunnel control message statistics:
XMIT RE-XMIT RCVD DROP
========== ========== ========== ==========
ZLB 2 0 27 0
SCCRQ 1 1 0 0
SCCRP 0 0 1 0
SCCCN 1 0 0 0
StopCCN 0 0 0 0
Hello 24 0 0 0
OCRQ 0 0 0 0
OCRP 0 0 0 0
OCCN 0 0 0 0
ICRQ 1 0 0 0
ICRP 0 0 1 0
ICCN 1 0 0 0
CDN 0 0 0 0
WEN 0 0 0 0
SLI 1 0 1 0
EXP ACK 0 0 0 0
SRRQ 0 0 0 0
SRRP 0 0 0 0
CiscoACK 0 0 0 0
Total 31 1 30 0
R2#
*show l2tun session brief*
R2#show l2tun session brief
L2TP Session Information Total tunnels 1 sessions 1
LocID TunID Peer-address State Username, Intf/
sess/cir Vcid, Circuit
4205256635 998253310 192.168.12.1 est,UP 12, Et0/0
R2#
* show xconnect *
R2#show xconnect interface ethernet 0/0
Legend: XC ST=Xconnect State S1=Segment1 State S2=Segment2 State
UP=Up DN=Down AD=Admin Down IA=Inactive
SB=Standby RV=Recovering NH=No Hardware
XC ST Segment 1 S1 Segment 2 S2
------+---------------------------------+--+---------------------------------+--
UP ac Et0/0(Ethernet) UP l2tp 192.168.12.1:12 UP
R2#
R2#
R2#show xconnect interface ethernet 0/1
Legend: XC ST=Xconnect State S1=Segment1 State S2=Segment2 State
UP=Up DN=Down AD=Admin Down IA=Inactive
SB=Standby RV=Recovering NH=No Hardware
XC ST Segment 1 S1 Segment 2 S2
------+---------------------------------+--+---------------------------------+--
Xconnect entry does not exist
R2#
R2#show xconnect peer 192.168.12.1 all
Legend: XC ST=Xconnect State S1=Segment1 State S2=Segment2 State
UP=Up DN=Down AD=Admin Down IA=Inactive
SB=Standby RV=Recovering NH=No Hardware
XC ST Segment 1 S1 Segment 2 S2
------+---------------------------------+--+---------------------------------+--
UP ac Et0/0(Ethernet) UP l2tp 192.168.12.1:12 UP
R2#