The information contained in this document is subject to change. This document contains proprietary information, which is protected by copyright
laws. All rights are reserved. No part of this document may be photocopied, reproduced or translated to another language or program language
without prior written consent of RFI Engineering B.V.
Page: 6(
8)
session-limit 32767
l2tp sequencing
l2tp tunnel password 0 PASSWORD
l2tp tunnel timeout no-session 5
The first of the settings that needs to be executed is
'vpdn enabled'
. This enables, amongst
others, the Cisco routers' ability to act as an LNS. Then, a so-called VPDN group needs to be
configured with the parameters for establishing an L2TP tunnel.
The first entry gives the vpdn-group its name. Since only one vpdn-group is defined in this
example, this serves a cosmetic purpose, as does the 'description' parameter.
The
'accept-dialin'
parameter indicates that the LAC is allowed to initiate the L2TP tunnel, with
'protocol l2tp' indicating the desired tunneling protocol to use (the Cisco supports multiple
protocols, L2TP is one of them).
The
'virtual-template 1'
setting indicates that the settings for the PPP session that runs over
the L2TP tunnel should be taken from the Virtual-Template 1 interface.
The
'session-limit'
parameter indicates the maximum amount of sessions that can be
established to the LNS. This should be changed to suit your setup. L2TP sequencing can be
enabled by the 'l2tp sequencing' command. It is not mandatory for operation with a RFI C-
router/G-router LAC.
The L2TP tunnel secret can be enabled using the
'l2tp tunnel password'
command. The secret
must be identical to the value specified in the
Configuration
→
Network Configuration
→
L2TP
VPN
→
Tunnel Secret
setting. If the secret is not used, this entry must be empty.
On the Cisco router, the following commands must be entered while the router is enabled:
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#vpdn-group SDR-Access
Router(config-vpdn)#no l2tp tunnel password
Router(config-vpdn)#no l2tp tunnel authentication
Router(config-vpdn)#^Z
Router#
It is recommended (but not required) to set a tunnel session timeout using the 'l2tp tunnel
timeout no-session' command. This will ensure that L2TP tunnels without a corresponding PPP
session will be deleted by the router.
2.4 PPP Session Settings
As mentioned in the previous paragraph, the PPP session running on top of a L2TP tunnel takes
its settings from the Virtual-Template 1 interface. Important to the PPP session are the settings
below:
interface Loopback0
ip address 10.0.0.1 255.255.255.0
!
interface Virtual-Template1
mtu 1516
ip unnumbered Loopback0
peer default ip address pool lac
!
ip local pool lac 10.0.0.2 10.0.0.99
When a L2TP tunnel has been established, the Cisco IOS software 'copies' the settings from the
Virtual-Template interface specified in the 'vpdn-group' into a so-called 'Virtual-Access' interface.
This interface is then used by the Cisco router to communicate with the C-router or G-router.
The first setting of note is the 'mtu' setting. The MTU defines the maximum number of bytes that
can be sent using a single PPP over L2TP packet before the Cisco router is forced to use IP
fragmentation. IP fragmentation is something that should be avoided on the Cisco router as it
consumes CPU power which will degrade performance. Hence, the mtu for the interface is chosen
