Hi all,
I am trying to establish a l2t between MT RB (v2.9.26) [l2tp client]
and a Cisco 38xx [l2tp server]. The client config seems to be very
easy (not a lot of parameters) but the cisco site seems to be tricky.
Is there anybody who is able to provide some simple cisco config
lines (vpdn-group and virtual-template parts)? Thanx in advance.
A configuration of LNS-LAC-Client topology (Client-LNS could be easy derived from this):
Client
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$HwpA$2eNLsT/iZwHySc9SVtBXF1
!
no aaa new-model
ip subnet-zero
ip cef
!
!
!
!
no ftp-server write-enable
!
!
!
!
interface Ethernet0/0
ip address 1.1.1.21 255.255.255.0
half-duplex
pppoe enable
pppoe-client dial-pool-number 1
!
interface Serial0/0
no ip address
shutdown
!
interface Ethernet0/1
no ip address
shutdown
half-duplex
!
interface Dialer1
mtu 1492
ip address negotiated
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username pppoe@example.com password 0 pppoe
!
ip classless
ip http server
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
exec-timeout 0 0
password enable
login
!
!
end
LAC
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router2
!
enable secret 5 $1$kB1F$Vdg/lWkIjhunBs0HhHxjA0
!
username LNS password 0 LNS
ip subnet-zero
!
!
!
vpdn enable
!
vpdn-group 2
request-dialin
protocol l2tp
domain example.com
initiate-to ip 1.1.1.23
local name LAC
l2tp tunnel password 7 022A2578
!
vpdn-group pppoe
accept-dialin
protocol pppoe
virtual-template 1
local name lac
!
call rsvp-sync
!
!
!
!
!
!
!
!
interface Loopback0
ip address 10.0.0.1 255.255.255.0
!
interface Ethernet0/0
ip address 1.1.1.22 255.255.255.0
half-duplex
pppoe enable
!
interface Serial0/0
no ip address
shutdown
!
interface Ethernet0/1
no ip address
shutdown
half-duplex
!
interface Virtual-Template1
mtu 1492
ip unnumbered Loopback0
no peer default ip address
ppp authentication pap chap
!
ip local pool pppoe 10.0.0.100 10.0.0.200
ip classless
ip http server
!
!
!
dial-peer cor custom
!
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
exec-timeout 0 0
password enable
login
!
end
LNS
!
version 12.2
service timestamps debug datetime msec
service timestamps log uptime
no service password-encryption
!
hostname Router3
!
enable secret 5 $1$DlK.$pP97tuKL0k6X9lbMV1//W1
enable password enable1
!
username pppoe@example.com password 0 pppoe
username LAC password 0 LAC
ip subnet-zero
!
!
!
frame-relay switching
vpdn enable
!
vpdn-group 1
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname LAC
local name LNS
lcp renegotiation on-mismatch
l2tp tunnel password 7 062A2112
!
call rsvp-sync
!
!
!
!
!
!
!
!
interface Loopback0
ip address 10.1.0.1 255.255.255.0
!
interface Ethernet0/0
ip address 1.1.1.23 255.255.255.0
no ip mroute-cache
half-duplex
!
interface Serial0/0
no ip address
encapsulation frame-relay IETF
no ip mroute-cache
no fair-queue
no arp frame-relay
no frame-relay inverse-arp
frame-relay lmi-type ansi
frame-relay intf-type dce
!
interface Serial0/0.1 point-to-point
ip address 2.2.2.2 255.255.255.0
no ip mroute-cache
no arp frame-relay
frame-relay interface-dlci 42
!
interface Ethernet0/1
no ip address
no ip mroute-cache
shutdown
half-duplex
!
interface Virtual-Template1
ip unnumbered Loopback0
ip mtu 1492
peer default ip address pool example
ppp authentication pap
!
ip local pool example 10.1.0.100 10.1.0.200
ip classless
ip route 2.2.2.0 255.255.255.0 Serial0/0.1
ip http server
!
!
!
dial-peer cor custom
!
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
exec-timeout 0 0
password enable
login
!
end
Dear Eugene,
thx, but using the above LNS config on Cisco and l2tp client on RB wont work.
The reason is a problem in the tunnel authorization. BTW, pptp
works fine with the above config (protocol any in vpdn-group). Is
there anyone who uses Cisco and RB with a l2tp?
you have to add something like:
no l2tp tunnel authentication
Eugene