Configuring Basic L2TPv3 over IPv6 Functions

L2TPv3 over IPv6 is used to establish L2TPv3 tunnels on an IPv6 public network, so that Layer 2 user packets can be transparently transmitted across the IPv6 public network.

Usage Scenario

Layer 2 Ethernet services need to be transmitted over an L2TPv3 tunnel on a public IPv6 network. Tags are used for flexible access.

Prerequisites

Before configuring L2TPv3 over IPv6, complete the following tasks:

  • Connect interfaces and configure physical interface parameters for interfaces to go Up at the physical layer.

  • Configure link-layer protocol parameters for interfaces to go Up at the link layer.

  • Configure static IPv6 routes for devices to communicate.

  • Enable IPv6 both globally and on specific interfaces.

  • Configure IPv6 addresses for devices.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run l2tpv3 enable

    L2TPv3 is enabled.

  3. Run commit

    The configuration is committed.

  4. Run l2tpv3 pw pwname

    An L2TPv3 tunnel is created and the L2TPv3 tunnel view is displayed.

  5. (Optional) Run l2tpv3 local session-id local-session-id

    The local session ID is configured.

  6. (Optional) Run l2tpv3 remote session-id remote-session-id

    The remote session ID is configured.

  7. Run source interface { interface-type interface-number | interface-name } ipv6 source-address

    The source interface of the L2TPv3 tunnel is configured.

    The IP address must be an IPv6 address.

  8. Run destination destination-address

    The destination IPv6 address of the L2TPv3 tunnel is configured.

  9. Configure L2TPv3 tunnel security.
    1. Run l2tpv3 local cookie { key cipher local-cookie | length 4 plain lower-value local-low-value | length 8 plain lower-value local-low-value upper-value local-high-value }

      The local cookie of the L2TPv3 tunnel is configured.

      The cookie value can be in either plaintext or ciphertext. If the cookie value carried in a packet does not match the configured cookie value, the L2TPv3 tunnel drops the packet. Cookies are used in security checks performed at the endpoints of a tunnel to prevent network spoofing and attacks. The local and remote cookie values must be the same.

      When configuring an authentication password, select the ciphertext mode because the password is saved in the configuration file as a simple text if you select the simple text mode, which has a high risk. To ensure device security, change the password periodically.

    2. (Optional) Run l2tpv3 local cookie secondary { key cipher local-cookie | length 4 plain lower-value local-low-value | length 8 plain lower-value local-low-value upper-value local-high-value }

      After local cookie is configured, you can change the local cookie value without interrupting services

      When configuring an authentication password, select the ciphertext mode because the password is saved in the configuration file as a simple text if you select the simple text mode, which has a high risk. To ensure device security, change the password periodically.

    3. Run l2tpv3 remote cookie { key cipher remote-cookie | length 4 plain lower-value remote-low-value | length 8 plain lower-value remote-low-value upper-value remote-high-value }

      The remote cookie of the L2TPv3 tunnel is configured.

      The cookie value can be in either plaintext or ciphertext. If the cookie value carried in a packet does not match the configured cookie value, the L2TPv3 tunnel drops the packet. Cookies are used in security checks performed at the endpoints of a tunnel to prevent network spoofing and attacks. The local and remote cookie values must be the same.

      When configuring an authentication password, select the ciphertext mode because the password is saved in the configuration file as a simple text if you select the simple text mode, which has a high risk. To ensure device security, change the password periodically.

  10. Bind services to the L2TPv3 tunnel.
    1. Run interface interface-type interface-number mode l2

      The Layer 2 sub-interface view is displayed.

    2. Run l2tpv3 instance instance-name

      An L2TPv3 instance is configured on the interface.

      The instance-name value must begin with a letter.

    3. Run l2tpv3 static binding pw pwname

      The L2TPv3 instance is bound to the L2TPv3 tunnel.

  11. Run commit

    The configuration is committed.

  12. Run quit

    Return to the Layer 2 sub-interface view.

  13. Run encapsulation [ default | dot1q [ vid low-pe-vid [ to high-pe-vid ] | qinq [ vid pe-vid ce-vid { low-ce-vid [ to high-ce-vid ] | default } ] | untag ]

    The encapsulation type on an EVC Layer 2 sub-interface is configured.

  14. Run rewrite pop { single | double }

    The traffic behavior is "pop" so that an EVC Layer 2 sub-interface removes VLAN tags from received packets.

    If L2TPv3 is configured on a Layer 3 sub-interface, you only need to configure an encapsulation type for the sub-interface. Step 13 or 14 does not need to be performed.

  15. Run commit

    The configuration is committed.

Verifying the Configuration

Run the display l2tpv3 pw pwname command to check whether the L2TPv3 tunnel is correctly configured.

Run the display l2tpv3 statistics pw pwname command. The command output shows packet statistics about the L2TPv3 tunnel.

Parent Topic: L2TPv3 Configuration
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >