The l2tpv3 local cookie command configures a local cookie value.
The undo l2tpv3 local cookie command deletes a local cookie value.
By default, no local cookie value is configured for an L2TPv3 tunnel.
l2tpv3 local cookie { key cipher local-cookie | length 4 plain lower-value local-low-value | length 8 plain lower-value local-low-value upper-value local-high-value }
undo l2tpv3 local cookie [ key cipher local-cookie | length 4 plain lower-value local-low-value | length 8 plain lower-value local-low-value upper-value local-high-value ]
| Parameter | Description | Value |
|---|---|---|
| key |
Specifies the local cookie. |
- |
| cipher local-cookie |
Specifies a local cookie value. |
The value is a string of 1 to 8 case-sensitive characters. f a root key is configured, the local cookie value is encrypted as a string of 108 characters using SHA256. Otherwise, the value is encrypted as a string of 48 characters. |
| length |
Specifies the length of the local cookie. |
- |
| 4 |
Specifies a 4-byte local cookie value in plaintext. When configuring an authentication password, select the ciphertext mode because the password is saved in the configuration file as a simple text if you select the simple text mode, which has a high risk. To ensure device security, change the password periodically. |
- |
| plain |
Indicates the simple text mode. Only the simple text can be entered. The password in the configuration file is displayed as a simple text. Simple authentication uses the simple text mode by default. When configuring an authentication password, select the ciphertext mode because the password is saved in the configuration file as a simple text if you select the simple text mode, which has a high risk. To ensure device security, change the password periodically. |
- |
| lower-value local-low-value |
Specifies a 4-byte local cookie value in simple text. When configuring an authentication password, select the ciphertext mode because the password is saved in the configuration file as a simple text if you select the simple text mode, which has a high risk. To ensure device security, change the password periodically. |
The value is a hexadecimal integer ranging from 0 to 0xffffffff. |
| 8 |
Specifies the four high-order bytes of an 8-byte local cookie value in plaintext. |
- |
| upper-value local-high-value |
Specifies the four high-order bytes of an 8-byte local cookie value in simple text. When configuring an authentication password, select the ciphertext mode because the password is saved in the configuration file as a simple text if you select the simple text mode, which has a high risk. To ensure device security, change the password periodically. |
The value is a hexadecimal integer ranging from 0 to 0xffffffff. |
Usage Scenario
All packets must match the configured cookie value or be discarded. Cookies are used in security checks performed at the endpoints of a tunnel to prevent network spoofing and attacks.The local and remote cookie values must be the same.
Prerequisites
L2TPv3 has been enabled using the l2tpv3 enable command.
An L2TPv3 tunnel has been configured using the l2tpv3 pw command.Precautions
Services will be temporarily interrupted when a cookie value is configured on a device the first time. Services recover after the remote cookie value is correctly configured.
If you want to change the password after configuring a cookie value on a device the first time, run the l2tpv3 local cookie secondary command, so that services will not be interrupted. Tunnel authentication helps ensure tunnel security. Determine whether to enable tunnel authentication based on actual requirements.