peer

Configures the L2TPv3 tunnel‘s peers. At least one peer must be specified.

Supported in the following platforms:

  • Access Points — AP505i, AP510i/e, AP560i/h
  • Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000

Syntax

peer <1-2> {hostname|ip-address|ipsec-secure|router-id|udp}
peer <1-2> {hostname [<HOSTNAME>|any]} {ipsec-secure|router-id|udp}
peer <1-2> {ip-address <IP>} {hostname|ipsec-secure|router-id|udp}
peer <1-2> {ipsec-secure} {gw [<IP>|<WORD>]}
peer <1-2> {router-id [<IP>|<WORD>|any]} {ipsec-secure|udp}
peer <1-2> {udp} {ipsec-secure|port <1-65535>}

Parameters

peer <1-2> {hostname [<HOSTNAME>|any]} {ipsec-secure|router-id|udp}

peer <1-2>

Configures the tunnel‘s peer ID
  • <1-2> – Specify the ID from 1 - 2. The peer ID identifies the primary (ID 1) secondary (ID 2) peers. The L2TPv3 tunnel is established with the primary peer. The secondary peer is used for tunnel failover. If the peer is not specified, tunnel establishment does not occur.
Note: At any time the tunnel is established with only one peer, unless fast-failover support is configured on the L2TPv3 tunnel. For more information, see fast-failover.

hostname [<HOSTNAME>|any]

Optional. Configures the peers‘ hostname. The hostname options are:

  • <HOSTNAME> – Specifies the hostname as FQDN (Fully Qualified Domain Name) or partial DN or any other name

  • any – Peer name is not specified. If the hostname is ‘any‘ this tunnel is considered as responder only and will allow incoming connection from any host.

ipsec-secure {gw [<IP>|<WORD>]}

After specifying the peer hostname, optionally specify the IPSec settings:

  • ipsec-secure – Optional. Enables auto IPSec on the L2TPv3 tunnel

    • gw – Optional. Configures the IPSec gateway. Use one of the following options to configure the IPSec gateway:

      • <IP> – Configures IPSec gateway‘s IP address

      • <WORD> – Configures IPSec gateway‘s hostname

router-id [<IP>|<WORD>|any]

After specifying the peer hostname, optionally specify router ID settings:

  • router-id – Optional. Configures the peer‘s router ID in one of the following formats:

    • <IP> – Peer router ID in the IP address (A.B.C.D) format

    • <WORD> – Peer router ID range (for example, 100-120)

    • any – Peer router ID is not specified. This allows incoming connection from any router ID.

udp {ipsec-secure gw|port <1-65535> {ipsec-secure}}

After specifying the peer hostname, optionally specify UDP settings:

The UDP option configures the encapsulation mode for this tunnel.

  • UDP – Optional. Configures UDP encapsulation (default encapsulation is IP)

    • ipsec-secure gw – Optional. Enables auto IPSec

    • port <1-65535> {ipsec-secure} – Optional. Configures the peer‘s UDP port running the L2TPv3 service from 1 - 65535. After specifying the peer UDP port, optionally configure the IPSec settings.

peer <1-2> {ip-address <IP>} {hostname|ipsec-secure|router-id|udp}

peer <1-2>

Configures the tunnel‘s peer ID from 1 - 2. At any time the tunnel is established with only one peer.

ip-address <IP>

Optional. Configures the peer‘s IP address in the A.B.C.D format
  • <IP> – Specify the peer‘s IP address.

hostname [<FQDN>|any]

After specifying the peer IP address, optionally specify the peer‘s hostname:

Optional. Configures the peers‘ hostname. The hostname options are:

  • <FQDN> – Specifies the hostname as FQDN or partial DN

  • any – Peer name is not specified. If the hostname is ‘any‘ this tunnel is considered as responder only and will allow incoming connection from any host.

ipsec-secure {gw [<IP>|<WORD>]}

After specifying the peer IP address, optionally specify the IPSec settings:

  • ipsec-secure – Optional. Enables auto IPSec

    • gw – Optional. Configures the IPSec gateway. Use one of the following options to configure the IPSec gateway:

      • <IP> – Configures IPSec gateway‘s IP address

      • <WORD> – Configures IPSec gateway‘s hostname

router-id [<A.B.C.D>|<WORD>| any]

After specifying the peer IP address, optionally specify the router ID using one of the following options:

  • router-id – Optional. Configures the peer‘s router-id in one of the following formats:

    • <A.B.C.D> – Peer router ID in the IP address (A.B.C.D) format

    • <WORD> – Peer router ID range (for example, 100-120)

    • any – Peer router ID is not specified. This allows incoming connection from any router ID.

udp {ipsec-secure gw|port <1-65535> {ipsec-secure}}

After specifying the peer IP address, optionally specify the peer‘s UDP port settings:

The UDP option configures the encapsulation mode for this tunnel.

  • UDP – Optional. Configures UDP encapsulation (default encapsulation is IP)

    • ipsec-secure gw – Optional. Enables auto IPSec

    • port <1-65535> – Optional. Configures the peer‘s UDP port running the L2TPv3 service from 1 - 65535. After specifying the peer UDP port, optionally configure the IPSec settings.

peer <1-2> {ipsec-secure} {gw [<IP>|<WORD>]}

peer <1-2>

Configures the tunnel‘s peer ID from 1 - 2. At any time the tunnel is established with only one peer.

ipsec-secure {gw [<IP>|<WORD>]}

Optional. Enables auto IPSec for this peer

  • gw – Optional. Configures the IPSec gateway. Use one of the following options to configure the IPSec gateway:

    • <IP> – Configures IPSec gateway‘s IP address

    • <WORD> – Configures IPSec gateway‘s hostname

peer <1-2> {router-id [<IP>|<WORD>|any]} {ipsec-secure|udp}

peer <1-2>

Configures the tunnel peer ID from 1 - 2. At any time the tunnel is established with only one peer.

router-id [<A.B.C.D>|<WORD>| any]

Optional. Configures the peer‘s router-id in one of the following formats:

  • <A.B.C.D> – Peer router ID in the IP address (A.B.C.D) format

  • <WORD> – Peer router ID range (for example, 100-120)

  • any – Peer router ID is not specified. This allows incoming connection from any router ID.

ipsec-secure {gw [<IP>|<WORD>]}

After specifying the peer‘s router ID, optionally specify the IPSec settings.

  • ipsec-secure – Optional. Enables auto IPSec

    • gw – Optional. Configures the IPSec gateway. Use one of the following options to configure the IPSec gateway:

      • <IP> – Configures IPSec gateway‘s IP address

      • <WORD> – Configures IPSec gateway‘s hostname

udp {ipsec-secure gw| port <1-65535> {ipsec-secure}}

After specifying the peer‘s router ID, optionally specify the IPSec settings.

The UDP option configures the encapsulation mode for this tunnel.

  • UDP – Optional. Configures UDP encapsulation (default encapsulation is IP)

    • ipsec-secure gw – Optional. Enables auto IPSec

    • port <1-65535> – Optional. Configures the peer‘s UDP port running the L2TPv3 service from 1 - 65535. After specifying the peer UDP port, optionally configure the IPSec settings.

peer <1-2> {udp} {ipsec-secure|port <1-65535>}

peer <1-2>

Configures the tunnel peer ID from 1 - 2. At any time the tunnel is established with only one peer.

udp {ipsec-secure| port <1-65535> {ipsec-secure}}

Optional. Configures UDP encapsulation for this tunnel‘s pee (default encapsulation is IP)

  • ipsec-secure – Optional. Configures IPSec gateway on this peer UDP port

  • port <1-65535> – Optional. Configures the peer‘s UDP port running the L2TPv3 service from 1 - 65535. After specifying the peer UDP port, optionally configure the IPSec settings.

Examples

nx9500-6C8809(config-profile default-rfs4000-l2tpv3-tunnel-Tunnel1)#peer 2 hostname tunnel1peer1 udp port 100
nx9500-6C8809(config-profile default-rfs4000-l2tpv3-tunnel-Tunnel1))#show context
 l2tpv3 tunnel Tunnel1
  peer 2 hostname tunnel1peer1 udp port 100
  establishment-criteria cluster-master
nx9500-6C8809(config-profile default-rfs4000-l2tpv3-tunnel-Tunnel1)#

Related Commands

no

Removes the peer configured for this tunnel