The l2tpv3 remote cookie command configures the remote cookie value.
The undo l2tpv3 remote cookie command deletes the remote cookie value.
By default, the remote cookie value is not configured for an L2TPv3 tunnel.
l2tpv3 remote cookie { key cipher remote-cookie | length 4 plain lower-value remote-low-value | length 8 plain lower-value remote-low-value upper-value remote-high-value }
undo l2tpv3 remote cookie [ key cipher remote-cookie | length 4 plain lower-value remote-low-value | length 8 plain lower-value remote-low-value upper-value remote-high-value ]
| Parameter | Description | Value |
|---|---|---|
| key |
Specifies the local cookie. |
- |
| cipher remote-cookie |
Specifies the remote cookie value to be in ciphertext. |
The value is a string of 1 to 8 case-sensitive characters. After the configuration, the value is saved in the configuration file as a string of 48/108 case-sensitive characters in ciphertext. SHA256 is used to encrypt the value, providing high security. When the root key is configured, a string of 108 characters in ciphertext is generated. When the root key is not configured, a string of 48 characters in ciphertext is generated. |
| length |
Specifies the length of the local cookie. |
- |
| 4 |
Specifies a 4-byte local cookie value in plaintext. When configuring an authentication password, select the ciphertext mode because the password is saved in the configuration file as a simple text if you select the simple text mode, which has a high risk. To ensure device security, change the password periodically. |
- |
| plain |
Indicates the simple text mode. Only the simple text can be entered. The password in the configuration file is displayed as a simple text. Simple authentication uses the simple text mode by default. When configuring an authentication password, select the ciphertext mode because the password is saved in the configuration file as a simple text if you select the simple text mode, which has a high risk. To ensure device security, change the password periodically. |
- |
| lower-value remote-low-value |
Specifies a 4-byte remote cookie value in plaintext. When configuring an authentication password, select the ciphertext mode because the password is saved in the configuration file as a simple text if you select the simple text mode, which has a high risk. To ensure device security, change the password periodically. |
The value is a hexadecimal integer ranging from 0 to 0xffff. |
| 8 |
Specifies the four high-order bytes of an 8-byte local cookie value in plaintext. |
- |
| upper-value remote-high-value |
Specifies the four high-order bytes of an 8-byte remote cookie value in plaintext. |
The value is a hexadecimal integer ranging from 0 to 0xffff. |
Usage Scenario
All packets must match the configured cookie value or be discarded. Cookies are used in security checks performed at the endpoints of a tunnel to prevent network spoofing and attacks. The local and remote cookie values must be the same. Otherwise, services are interrupted.
Prerequisites
L2TPv3 has been enabled using the l2tpv3 enable command.
An L2TPv3 tunnel has been configured using the l2tpv3 pw command.Precautions
When changing cookie values, you must change the local cookie value before changing the remote cookie value. Otherwise, services are interrupted.
Tunnel authentication helps ensure tunnel security. Determine whether to configure tunnel authentication based on actual requirements when creating a tunnel.