Configuring Basic L2TPv3 over IPv4 Functions

L2TPv3 over IPv4 is used to establish L2TPv3 tunnels on an IPv4 public network, so that Layer 2 user packets can be transparently transmitted across the IPv4 public network.

Usage Scenario

Layer 2 Ethernet services need to be transmitted over an L2TPv3 tunnel on a public IPv4 network. Tags are used for flexible access.

Prerequisites

Before configuring L2TPv3 over IPv4, complete the following tasks:

  • Configure link-layer protocol parameters for interfaces and IPv4 addresses.

  • Configure static IPv4 routes for devices to communicate.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run l2tpv3 enable

    L2TPv3 is enabled.

  3. Run commit

    The configuration is committed.

  4. Run l2tpv3 pw pwname

    An L2TPv3 tunnel is created and the L2TPv3 tunnel view is displayed.

  5. (Optional) Run l2tpv3 local session-id local-session-id

    The local session ID is configured.

    In L2TPv3 over IPv4, local-session-id is globally unique.

  6. (Optional) Run l2tpv3 remote session-id remote-session-id

    The remote session ID is configured.

  7. Run source interface { interface-type interface-number } source-address

    The source interface of the L2TPv3 tunnel is configured.

    The IP address must be an IPv4 address.

  8. Run destination ipv4-address

    The destination IPv4 address of the L2TPv3 tunnel is configured.

  9. Configure L2TPv3 tunnel security.
    1. Run l2tpv3 local cookie { key cipher local-cookie | length 4 plain lower-value local-low-value | length 8 plain lower-value local-low-value upper-value local-high-value }

      The local cookie of the L2TPv3 tunnel is configured.

      The cookie value can be in either plaintext or ciphertext. If the cookie value carried in a packet does not match the configured cookie value, the L2TPv3 tunnel drops the packet. Cookies are used in security checks performed at the endpoints of a tunnel to prevent network spoofing and attacks. The local and remote cookie values must be the same.

      When configuring an authentication password, select the ciphertext mode because the password is saved in the configuration file as a simple text if you select the simple text mode, which has a high risk. To ensure device security, change the password periodically.

    2. (Optional) Run l2tpv3 local cookie secondary { key cipher local-cookie | length 4 plain lower-value local-low-value | length 8 plain lower-value local-low-value upper-value local-high-value }

      After local cookie is configured, you can change the local cookie value without interrupting services

      When configuring an authentication password, select the ciphertext mode because the password is saved in the configuration file as a simple text if you select the simple text mode, which has a high risk. To ensure device security, change the password periodically.

    3. Run l2tpv3 remote cookie { key cipher remote-cookie | length 4 plain lower-value remote-low-value | length 8 plain lower-value remote-low-value upper-value remote-high-value }

      The remote cookie of the L2TPv3 tunnel is configured.

      The cookie value can be in either plaintext or ciphertext. If the cookie value carried in a packet does not match the configured cookie value, the L2TPv3 tunnel drops the packet. Cookies are used in security checks performed at the endpoints of a tunnel to prevent network spoofing and attacks. The local and remote cookie values must be the same.

      When configuring an authentication password, select the ciphertext mode because the password is saved in the configuration file as a simple text if you select the simple text mode, which has a high risk. To ensure device security, change the password periodically.

  10. Bind services to the L2TPv3 tunnel.
    1. Run interface interface-type interface-number mode l2

      The Layer 2 sub-interface view is displayed.

    2. Run l2tpv3 instance instance-name

      An L2TPv3 instance is configured on the interface.

      The instance-name value must begin with a letter.

    3. Run l2tpv3 static binding pw pwname

      The L2TPv3 instance is bound to the L2TPv3 tunnel.

  11. Run commit

    The configuration is committed.

  12. Run quit

    Return to the Layer 2 sub-interface view.

  13. Run encapsulation [ default | dot1q [ vid low-pe-vid [ to high-pe-vid ] | qinq [ vid pe-vid ce-vid { low-ce-vid [ to high-ce-vid ] | default } ] | untag ]

    The encapsulation type on an EVC Layer 2 sub-interface is configured.

  14. Run ,rewrite pop { single | double }

    The traffic behavior is "pop" so that an EVC Layer 2 sub-interface removes VLAN tags from received packets.

    If L2TPv3 is configured on a Layer 3 sub-interface, you only need to configure an encapsulation type for the sub-interface. Step 13 or 14 does not need to be performed.

  15. Run commit

    The configuration is committed.

Verifying the Configuration

Run the display l2tpv3 pw pwname command to check whether the L2TPv3 tunnel is correctly configured.

Run the display l2tpv3 statistics pw pwname command. The command output shows packet statistics about the L2TPv3 tunnel.

Parent Topic: L2TPv3 Configuration
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >