L2TP V3 Configuration

About this task

L2TP V3 is an Internet Engineering Task Force (IETF) standard used for transporting different types of layer 2 frames in an IP network and profile. L2TP V3 defines control and encapsulation protocols for tunneling layer 2 frames between two IP nodes.

Use L2TP V3 to create tunnels for transporting layer 2 frames. L2TP V3 enables controllers, service platforms, and access points to create tunnels for transporting Ethernet frames to and from bridge VLANs and physical ports. L2TP V3 tunnels can be defined between WiNG managed devices and other vendor devices supporting the L2TP V3 protocol.

Multiple pseudowires can be created within an L2TP V3 tunnel. The access points support an Ethernet VLAN pseudowire type exclusively.
Note

Note

A pseudowire is an emulation of a layer 2 point-to-point connection over a packet-switching network (PSN). A pseudowire was developed out of the necessity to encapsulate and tunnel layer 2 protocols across a layer 3 network.

Ethernet VLAN pseudowires transport Ethernet frames to and from a specified VLAN. One or more L2TP V3 tunnels can be defined between tunnel end points. Each tunnel can have one or more L2TP V3 sessions. Each tunnel session corresponds to one pseudowire. An L2TP V3 control connection (a L2TP V3 tunnel) needs to be established between the tunneling entities before creating a session.

For optimal pseudowire operation, both the L2TP V3 session originator and responder must know the psuedowire type and identifier. These two parameters are communicated during L2TP V3 session establishment. An L2TP V3 session created within an L2TP V3 connection also specifies multiplexing parameters for identifying a pseudowire type and ID.

The working status of a pseudowire is reflected by the state of the L2TP V3 session. If a L2TP V3 session is down, the pseudowire associated with it must be shut down. The L2TP V3 control connection keep alive mechanism can serve as a monitoring mechanism for the pseudowires associated with a control connection.
Note

Note

If connecting an Ethernet port to another Ethernet port, the pseudowire type must be Ethernet port. If connecting an Ethernet VLAN to another Ethernet VLAN, the pseudowire type must be Ethernet VLAN.

Procedure

  1. Select a profile or device from the list.
  2. Select Network > L2TP V3.
    The L2TP V3 Basic Configuration dashboard opens.
  3. Configure L2TP V3 basic settings:
    Field Description
    Hostname Define a 64 character maximum hostname to specify the name of the host that sent tunnel messages. Tunnel establishment involves exchanging 3 message types (SCCRQ, SCCRP, and SCCN) with the peer. Tunnel IDs and capabilities are exchanged during the tunnel establishment with the host
    Router ID Set either the numeric IP address or the integer used as an identifier for tunnel AVP messages. AVP messages assist in the identification of a tunneled peer
    Integer Select IP Address from the Router ID drop-down to configure the IP address filed
    UDP listen port Select this option to set the port used for listening to incoming traffic. Select a port from 1,024 to 65,535. The default port is 1701
    Bridge tunnels Select or deselect this option to enable or deactivate bridge packets between two tunnel end points. This setting is unselected by default
  4. Select the Logging slider to configure logging settings:
    Field Description
    Logging slider Select this option to enable the logging of Ethernet frame events to and from bridge VLANs and physical ports on a defined IP address, host or router ID. This setting is grayed out by default
    IP Address Use a peer tunnel ID address to capture and log L2TP V3 events
    Hostname If not using an IP address for event logging, optionally use a peer tunnel hostname to capture and log L2TP V3 events
    Router ID If not using an IP address or a hostname for event logging, use a router ID to capture and log L2TP V3 events
  5. Set Tunnel configuration:

    Use the tunnel configuration settings to create or override a profile's L2TPv3 tunnel configuration at the device level.

    1. Select Add or existing L2TPv3 configuration. The Basic Configuration dashboard opens.
      L2TPv3 tunnel basic configuration settings:
      Field Description
      Name Displays the name of each listed L2TPv3 tunnel assigned upon creation

      For new configuration, assign a name
      Local IP Address Lists the IP address assigned as the local tunnel end point address, not the interface IP address. This IP is used as the tunnel source IP address. If this parameter is not specified, the source IP address is chosen automatically based on the tunnel peer IP address
      MTU Displays the MTU size for each listed tunnel. The MTU is the size (in bytes) of the largest protocol data unit that the layer can pass between tunnel peers. The range is 128 to 1460
      Tunnel Policy Lists the L2TPv3 tunnel policy assigned to each listed tunnel
      Router ID Specifies the router ID sent in the tunnel establishment messages
      Hostname Lists the tunnel specific hostname used by each listed tunnel. This is the hostname advertised in tunnel establishment messages
      Establishment Criteria Specifies tunnel criteria between two peers
      VRRP group Select VRRP group between 1 and 255
    2. Set Peer configuration settings:
      Field Description
      ID Set peer ID to 1 or 2.

      If the peer is not specified, tunnel establishment does not occur. However, if a peer tries to establish a tunnel with this access point, it creates the tunnel if the hostname and/or Router ID matches
      IP Address Lists the IP address of the remote peer
      Hostname List the tunnel specific hostname used by the remote peer
      Router ID Specify the router ID sent in the tunnel establishment messages
      Encapsulation (IP or UDP)

      Select the IP option to enter the numeric IP address used as the destination peer address for tunnel establishment

      Select UDP encapsulation between 1,024 and 65,535. The default value is 1071
      IPSec Secure/Gateway

      Select this option to enable security on the connection between the access point and the Virtual Controller

      Specify the IP Address of the IPSec Secure Gateway
      Action Use the trash can delete icon option to delete an entry
    3. Set the Rate Limit information:

      Rate limit manages the maximum rate sent to or received from L2TPv3 tunnel members. Select Add to configure rate limit settings:

      Field Description
      Session Name Use the drop-down menu to select the tunnel session that will have the direction, burst size, and traffic rate settings applied
      Direction Select the direction for L2TPv3 tunnel traffic rate limit.

      Egress traffic is outbound L2TPv3 tunnel data coming to the controller, service platform or access point.

      Ingress traffic is inbound L2TPv3 tunnel data coming to the controller, service platform, or access point
      Rate Set the data rate (from 50 to 1,000,000 kbps) for egress or ingress traffic rate limit (depending on which direction is selected) for an L2TPv3 tunnel.

      The default setting is 5000 kbps
      Max Burst Size Set the maximum burst size for egress or ingress traffic rate limit (depending on which direction is selected) on a L2TPv3 tunnel.

      Set a maximum burst size between 2 to 1024 kbytes. The smaller the burst, the less likely the upstream packet transmission will result in congestion for L2TPv3 tunnel traffic.

      The default setting is 320 bytes
      Background Set the random early detection threshold in % for background traffic. Set a value from 1% to 100%.

      The default is 50%
      Best Effort Set the random early detection threshold in % for best effort traffic. Set a value from 1% to 100%.

      The default is 50%
      Video Set the random early detection threshold in % for video traffic. Set a value from 1% to 100%.

      The default is 25%
      Voice Set the random early detection threshold in % for voice traffic. Set a value from 1% to 100%.

      The default is 25%
    4. Configure Session settings:
      Field Description
      Name Type a 31 character maximum session name. There is no idle timeout for a tunnel. A tunnel is not usable without a session and a subsequent session name. The tunnel is closed when the last session tunnel session is closed
      Psuedowire ID Define a psuedowire ID for this session from 1 to 4,294,967,295. A pseudowire is an emulation of a layer 2 point-to-point connection over a PSN. A pseudowire was developed out of the necessity to encapsulate and tunnel layer 2 protocols across a layer 3 network
      Traffic Source Type Select traffic type tunneled in this session (VLAN)
      Traffic Source Value Define a VLAN range to include in the tunnel session. Available VLAN ranges are from 1 to 4,094
      Native VLAN Select this option to provide a VLAN ID that will not be tagged in tunnel establishment and packet transfer
    5. Select Save to apply Tunnel configuration settings.
    6. Configure Manual Session settings. Select a manual session from the list or Add.
    7. Configure or edit Manual Session Basic Configuration settings:
      Field Description
      Name Name for the manual session. You can define it or edit it
      Tunnel IP address Specify the IP address used as the tunnel source IP address. If not specified, the tunnel source IP address is selected automatically based on the tunnel peer IP address
      Local session ID Set the numeric identifier for the tunnel session between 1 to 63. This is the pseudowire ID for the session. This pseudowire ID is sent in session establishment message to the L2TP peer
      Remote session ID Define a remote session ID for this manual session from 1 to 4,294,967,295.
      MTU Define the session MTU as the size (in bytes) of the largest protocol data unit the layer can pass between tunnel peers in this session. The range is 128 to 1460.
      IP address Set the IP address of an L2TP tunnel peer. This is the peer allowed to establish the tunnel
      Encapsulation Select either IP or UDP as the peer encapsulation protocol. The default setting is IP. UDP uses a simple transmission model without implicit handshakes
      UDP port If UDP encapsulation is selected, use the UDP port drop-down to define the UDP encapsulation port. This is the port where the L2TP service is running. The range is 1,024 to 65,535. The default port is 1,701
      Traffic source type Select traffic type tunneled in this session (VLAN)
      Traffic source value Define the VLAN range (1 to 4,094) to include in the tunnel. Tunnel session data includes VLAN tagged frames
      Native VLAN Select Native VLAN to define the native VLAN that will not be tagged. The range is 1 to 4.094
    8. Configure Manual Session Cookie settings. Select Add to configure cookie configuration:
      Field Description
      Size Set the size of the cookie field within each L2TP data packet. Options include 0, 4, and 8. The default setting is 0
      Value 1 Set the cookie value's first word
      Value 2 Set the cookie value's second word
      End Point Define whether the tunnel end point is local or remote
  6. Select Save to apply all the settings and save it to the L2TP v3 configuration.
9037026-03 Rev AA