Download PDF
Home

1. Introduction

This document describes how to configure and operate PPPoE access services with PPP tunneling using the Layer Two Tunneling Protocol version 2 (L2TPv2) on RtBRick FullStack (RBFS).

Typically, a user obtains a Layer 2 (L2) point-to-point connection to a Broadband Network Gateway (BNG) using the PPPoE protocol as described in RFC 2516 and runs PPP over that connection. In the most common case, the L2 termination point and PPP session endpoint reside on the same physical device. Tunneling protocols, such as L2TPv2 provide a dynamic mechanism for extending PPP by allowing the L2 and PPP endpoints to reside on different devices that are interconnected by an IP network. This separation allows the actual processing of PPP packets to be divorced from the termination of the L2 circuit. The L2TP access concentrator (LAC) physically terminates the L2 connection and tunnels the PPP packets across an IP network to the L2TP network server (LNS). The LNS then terminates the logical PPP connection.

L2TP-PPPoE

1.1. Supported Standards (RFCs)

1.1.1. RFC 2661 - Layer Two Tunneling Protocol "L2TPv2"

RFC compliant L2TPv2 Access Concentrator (LAC) with the following protocol limitations:

  • No support for LNS initiated outbound calls (OCRQ, OCRP and OCCN)

  • No support for WAN-Error-Notify (WEN) Messages send by LAC to LNS

  • No support for Set-Link-Info (SLI) Messages send by LNS to LAC

  • No support for L2TP over IPv6

  • No support for L2TP offset values other than 0.

1.1.2. RFC 5515 - L2TP Access Line Information AVP Extensions

  • Support for access line AVP send (LAC) and received (LNS) as part of the L2TP Incoming-Call- Request (ICRQ) message.

  • Connect-Speed-Update-Notification (CSUN) or Connect-Speed-Update-Request (CSURQ) L2TP messages are currently not supported.

1.1.3. RFC 2868 - RADIUS Attributes for Tunnel Protocol Support

RADIUS support for L2TP with the following limitations:

  • No support of FQDN format for IP addresses

  • No support Tunnel-Medium-Type other than IPv4

1.2. Supported Hardware

  • Edgecore AS5916-XKS, based on Broadcom BCM 88670 (Qumran)

  • Virtual Platform (VPP)

2. L2TP Configuration

PPPoE tunneling using L2TPv2 requires to configure PPPoE access services as described in the RtBrick Subscriber Management Configuration Guide extended by L2TP configurations described below.

L2TP-PPPoE
Access Interface Configuration

The access configuration is based on multiple interface configuration objects with each referencing different profiles defining the actual service offered on the matching interface and VLAN range defined in this configuration object.

  • Defines matching physical interface (ifp) and VLANs

  • Assigns the access, service, and AAA profiles

  • Supports multiple interface configurations for each IFP and also disjoint VLAN ID ranges

For more information see, Interface Configuration.

Access Profile Configuration
  • Defines access protocols configuration

  • Assigns L2TP configuration profile

For more information see, Access Profile Configuration.

AAA Profile Configuration
  • Holds profile for Authentication, Authorization, and Accounting

  • Controls selection of AAA type and order

  • Assigns a RADIUS profile to the AAA profile

For more information see, AAA Profile Configuration.

RADIUS Profile Configuration
  • Holds RADIUS server address and ports

  • Holds RADIUS secret and more

For more information see, RADIUS Profile Configuration.

L2TP Profile Configuration
  • Controls L2TP protocol configurations like retransmit-interval receive-window, session-limit, hello-interval, idle-timeout-interval.

  • Controls L2TP tunnel configurations

  • Assigns the optional L2TP tunnel pool

For more information see, L2TP Profile Configuration.

User Profile Configuration

The user profile configuration defines the users for local authentication.

  • User profiles for local authentication

  • User information including tunnel-type and pool name.

For more information see, User Profile Configuration.

L2TP Tunnel Pool Configuration

Defines the local defined L2TP tunnel endpoints.

For more information see, L2TP Tunnel Pool Configuration.

2.1. Interface Configuration

Configuring interface involves the following tasks:

  • Defining matching IFP and VLANs

  • Assigning the access, service, and AAA profiles

  • Supporting multiple interface configurations for each IFP and also disjoint VLAN ID ranges

Syntax
user@r1:confd> set access interface-name <interface name>
  aaa-profile-name            AAA profile name associated with interface
  access-profile-name         Access profile name associated with interface
  max-subscribers-per-mac     Restrict maximum subscribers per mac
  max-subscribers-per-vlan    Restrict maximum subscribers per vlan
  outer-vlan                  Outer VLAN Range (Minimum Value)
  service-profile-name        Service profile name associated with interface
  vlan-profile-enable         Enable VLAN profiles
  [<Enter>]                   Execute the command
[ ]

If you want to enable access on interface ifp-0/0/3, where you can expect a range of VLAN’s, see the example below.

Example
rtb confd set access interface-name ifp-0/0/3 outer-vlan 1 - 2000 inner-vlan 1 - 2000 access-profile-name access-profile1
rtb confd set access interface-name ifp-0/0/3 outer-vlan 1 - 2000 inner-vlan 1 - 2000 aaa-profile-name aaa-profile1n

The example below shows the running-config of interface configuration:

   "interface-name:ifp-0/0/3 1 2000 1 2000": {
        "aaa-profile-name": "aaa-profile1",
        "access-profile-name": "access-profile1"
    },

2.2. Access Profile Configuration

  • Defines access protocols configuration

  • Assigns L2TP configuration profile

Example
rtb confd set access access-profile access-profile1
rtb confd set access access-profile access-profile1 access-type PPPoE
rtb confd set access access-profile access-profile1 protocol ppp lcp authentication-protocol PAP
rtb confd set access access-profile access-profile1 protocol pppoe enable
rtb confd set access access-profile access-profile1 protocol l2tp tunnel-profile l2tp_config

The example below shows the running-config of access profile configuration:

        "access-profile:access-profile1": {
          "access-type": "PPPoE",
          "address-family ipv4": {
            "enable": true,
            "framed-instance": "public"
          },
          "address-family ipv6": {
            "enable": true,
            "framed-instance": "public"
          },
          "protocol ppp": {
            "ip6cp": {
              "enable": true
            },
            "ipcp": {
              "ipcp-enable": true,
              "source-ifl": "lo-0/0/4/1"
            },
            "lcp": {
              "authentication-protocol": "PAP"
            }
          },
          "protocol pppoe": {
            "enable": true
          },
          "protocol l2tp": {
            "tunnel-profile": "l2tp_config"
          },
          "protocol ipv6-router-advertisement": {
            "enable": true
          },
          "protocol dhcpv6": {
            "enable": true
          }
        },

2.3. AAA Profile Configuration

  • Holds profile for Authentication, Authorization, and Accounting

  • Controls selection of AAA type and order

  • Assigns a RADIUS profile to the AAA profile

Example
rtb confd set access aaa-profile aaa-profile1 aaa-radius-profile aaa-radius1
rtb confd set access aaa-profile aaa-profile1 accounting order RADIUS
rtb confd set access aaa-profile aaa-profile1 authentication order RADIUS
rtb confd set access aaa-profile aaa-profile1 accounting interim-interval 60

The example below shows the running-config of AAA profile configuration:

        "aaa-profile:aaa-profile1": {
          "aaa-radius-profile": "aaa-radius1",
          "accounting": {
            "order": "RADIUS",
            "interim-interval": 60
          },
          "authentication": {
            "order": "RADIUS"
          }
        },

2.4. RADIUS Profile Configuration

RADIUS profile configuration involves the following:

  • Holds the RADIUS server address and ports

  • Holds the RADIUS secret and more

Example
rtb confd set access radius-profile aaa-radius1 nas-identifier 10.0.0.2
rtb confd set access radius-profile aaa-radius1 nas-port-type Ethernet
rtb confd set access radius-profile aaa-radius1 authentication radius-server-profile-name radius-srv1
rtb confd set access radius-profile aaa-radius1 accounting radius-server-profile-name radius-srv1

The example below shows the running-config of RADIUS profile configuration:

        "radius-profile:aaa-radius1": {
          "nas-identifier": "10.0.0.2",
          "nas-port-type": "Ethernet",
          "authentication": {
            "radius-server-profile-name": [
              "radius-srv1"
            ]
          },
          "accounting": {
            "radius-server-profile-name": [
              "radius-srv1"
            ]
          }
        },

2.5. RADIUS Server Configuration

The first step is to give the RADIUS server a name. This name must match the name of the RADIUS server configured in the RADIUS profile if the RADIUS server is used for that profile. That is, the name forms the link between the RADIUS profile and a particular server.

Example
rtb confd set access radius-server radius-srv1 address 10.0.0.1
rtb confd set access radius-server radius-srv1 source-address 10.0.0.2
rtb confd set access radius-server radius-srv1 secret rtbrick
rtb confd set access radius-server radius-srv1 routing-instance public
rtb confd set access radius-server radius-srv1 accounting enable
rtb confd set access radius-server radius-srv1 accounting retry 10
rtb confd set access radius-server radius-srv1 accounting timeout 10
rtb confd set access radius-server radius-srv1 authentication enable
rtb confd set access radius-server radius-srv1 authentication retry 10
rtb confd set access radius-server radius-srv1 authentication timeout 10

2.6. User Profile Configuration

User profile captures the access user information including tunnel-type and pool name. The user profile configure is only needed for local authentication.

Syntax
user@r1:confd> set access user-profile <name>
  l2tp-pool-name                  	L2TP pool name
  password                        	Secret password
  tunnel-type                     	Tunnel type
  [<Enter>]                       	Execute the command
Example
rtb confd set access user-profile l2tp-user@rtbrick.com password test
rtb confd set access user-profile l2tp-user@rtbrick.com tunnel-type L2TP
rtb confd set access user-profile l2tp-user@rtbrick.com l2tp-pool-name l2tp_pool

The example below shows the running-config of user profile configuration:

     "user-profile:l2tp-user@rtbrick.com": {
          "password": "test",
          "l2tp-pool-name": "l2tp_pool",
          "tunnel-type": "L2TP"
        },

2.7. L2TP Profile Configuration

L2TP Profile holds the configuration related to L2TP protocol, tunnel and session parameters.

Syntax
user@r1:confd> set access l2tp-profile <profile-name>
  client-ipv4                     	Optional default value for L2TP tunnel ipv4 address
  client-name                     	Optional default value for L2TP tunnel client name
  congestion-window               	L2TP tunnel congestion window
  dead-timeout-interval           	L2TP tunnel dead timeout interval (ms)
  hello-interval                  	L2TP tunnel hello interval
  hide-authentication             	Hide L2TP tunnel authentication
  idle-timeout-interval           	L2TP tunnel idle timeout interval (ms)
  inactive-timeout-interval       	L2TP tunnel inactive timeout interval (ms)
  instance                        	Instance name
  pool-name                       	L2TP tunnel pool name
  receive-window                  	L2TP tunnel receive window
  request-retries                 	L2TP session request retries
  request-timeout-interval        	L2TP session request timeout interval (ms)
  retransmit-interval             	L2TP tunnel retransmission interval
  selection-algorithm             	L2TP tunnel selection algorithm`
  service-label                   	MPLS service label
  session-limit                   	L2TP tunnel session limit
  [<Enter>]                       	Execute the command
[ ]
Example
rtb confd set access l2tp-profile l2tp_config receive-window 8
rtb confd set access l2tp-profile l2tp_config session-limit 64000
rtb confd set access l2tp-profile l2tp_config retransmit-interval 1000
rtb confd set access l2tp-profile l2tp_config hello-interval 30000
rtb confd set access l2tp-profile l2tp_config inactive-timeout-interval 900000
rtb confd set access l2tp-profile l2tp_config idle-timeout-interval 600000
rtb confd set access l2tp-profile l2tp_config pool-name l2tp_pool

The example below shows the running-config of L2TP profile configuration:

        "l2tp-profile:l2tp_config": {
          "receive-window": 8,
          "session-limit": 64000,
          "retransmit-interval": "1000",
          "hello-interval": "30000",
          "idle-timeout-interval": "600000",
          "inactive-timeout-interval": "900000",
          "pool-name": "l2tp_pool",
          "instance": "public",
          "service-label": 12345
        }
      }

2.8. L2TP Pool Configuration

L2TP pool holds the configuration related to tunnel endpoints.

Syntax
user@r1:confd> set access l2tp-pool
  <pool-name>       L2tp pool name
[ ]
Example
rtb confd set access l2tp-pool l2tp_pool client-name BNG server-name LNS1
rtb confd set access l2tp-pool l2tp_pool client-name BNG server-name LNS1 client-ipv4 10.0.0.1
rtb confd set access l2tp-pool l2tp_pool client-name BNG server-name LNS1 server-ipv4 10.0.0.2
rtb confd set access l2tp-pool l2tp_pool client-name BNG server-name LNS1 secret rtbrick

The example below shows the running-config of L2TP pool configuration:

        "l2tp-pool:l2tp_pool BNG LNS1": {
          "client-ipv4": "10.0.0.1",
          "server-ipv4": "10.0.0.2",
          "secret": "rtbrick"
        }

2.9. L2TP Tunnel Pool Configuration

The L2TP tunnel pool configuration is an optional step in subscriber management configuration allowing local defined L2TP tunnel endpoints.

Generally, the L2TP tunnel pool configuration involves the following:

  • Holding the L2TP LAC and LNS configuration

  • Providing the shared secret

  • Controlling the session limit, tunnel preference and more

2.9.1. Configuring the L2TP Pool Client and Server Names

The first step is to give the L2TP pool, client and server a name. This example assigns the the client lac1 and server server1 to the pool l2tp_pool.

Each pool supports up to 32 tunnel endpoints.

#
# Setting the L2TP pool configuration of client and server
# Option 1: Setting L2TP pool configuration of client and server from global mode
#
[ ]
user@rtbrick:confd> set access l2tp-pool l2tp_pool client-name lac1 server-name server1
[ ]
user@rtbrick:confd> commit
Commit succeed

# Option 2: Setting l2tp pool configuration of client and server from global access mode
user@rtbrick:confd> edit access
[ access ]
user@rtbrick:confd> set l2tp-pool l2tp_pool client-name lac1 server-name server1
[ access ]
user@rtbrick:confd> end
[ ]
user@rtbrick:confd> commit
Commit succeed

# Running Configurations:
[ ]
user@rtbrick:confd> show running-configuration
{
    "running-configuration": {
        "access": [
            {
                "l2tp-pool:l2tp_pool lac1 server1": {
                }
            }
        ]
    }
}

2.9.2. Configuring the L2TP Pool Client IPv4 Address

This example assigns the IPv4 address 10.0.0.1.

#
# Setting the L2TP pool client ipv4 address configuration
# Option 1: Setting L2TP pool client ipv4 address configuration from global mode#
[ ]
user@rtbrick:confd> set access l2tp-pool l2tp_pool client-name lac1 server-name server1 client-ipv4 10.0.0.1
[ ]
user@rtbrick:confd> commit
Commit succeed

# Option 2: Setting l2tp pool client ipv4 address configuration from global access mode
user@rtbrick:confd> edit access
[ access ]
user@rtbrick:confd> set l2tp-pool l2tp_pool client-name lac1 server-name server1 client-ipv4 10.0.0.1
[ access ]
user@rtbrick:confd> end
[ ]
user@rtbrick:confd> commit
Commit succeed

# Option 3: Setting l2tp pool client ipv4 address configuration from l2tp-pool mode user@rtbrick:confd> edit access
[ access ]
user@rtbrick:confd> edit l2tp-pool l2tp_pool client-name lac1 server-name server1
[ access l2tp-pool l2tp_pool client-name lac1 server-name server1 ] user@rtbrick:confd> set client-ipv4 10.0.0.1
[ access l2tp-pool l2tp_pool client-name lac1 server-name server1 ]
user@rtbrick:confd> end
[ ]
user@rtbrick:confd> commit
Commit succeed

# Running Configurations:
[ ]
user@rtbrick:confd> show running-configuration
{
    "running-configuration": {
        "access": [
            {
                "l2tp-pool:l2tp_pool lac1 server1": {
                    "client-ipv4": "10.0.0.1"
                }
            }
        ]
    }
}

2.9.3. Configuring the L2TP Pool Preference

Do the following to assign a pool preference value to the L2TP pool. This example assigns the preference of the pool entry/tunnel endpoint within the pool.

#
# Setting the L2TP pool preference value configuration
# Option 1: Setting L2TP pool preference value configuration from global mode
#
[ ]
user@rtbrick:confd> set access l2tp-pool l2tp_pool client-name lac1 server-name server1 preference 7
[ ]
user@rtbrick:confd> commit
Commit succeed

# Option 2: Setting l2tp pool preference value configuration from global access mode user@rtbrick:confd> edit access
[ access ]
user@rtbrick:confd> set l2tp-pool l2tp_pool client-name lac1 server-name server1 preference 7
[ access ]
user@rtbrick:confd> end
[ ]
user@rtbrick:confd> commit
Commit succeed

# Option 3: Setting l2tp pool preference value configuration from l2tp-pool mode user@rtbrick:confd> edit access
[ access ]
user@rtbrick:confd> edit l2tp-pool l2tp_pool client-name lac1 server-name server1
[ access l2tp-pool l2tp_pool client-name lac1 server-name server1 ] user@rtbrick:confd> set preference 7
[ access l2tp-pool l2tp_pool client-name lac1 server-name server1 ]
user@rtbrick:confd> end
[ ]
user@rtbrick:confd> commit
Commit succeed

# Running Configurations:
[ ]
user@rtbrick:confd> show running-configuration
{
    "running-configuration": {
        "access": [
            {
                "l2tp-pool:l2tp_pool lac1 server1": {
                    "preference": 7
                }
            }
        ]
    }
}

2.9.4. Configuring the L2TP Pool Shared Secret

Do the following to assign the shared secret of the tunnel endpoint.

#
# Setting the L2TP pool secret password configuration
# Option 1: Setting L2TP pool secret password configuration from global mode
#
[ ]
user@rtbrick:confd> set access l2tp-pool l2tp_pool client-name lac1 server-name server1 secret lac1
[ ]
user@rtbrick:confd> commit
Commit succeed

# Option 2: Setting l2tp pool secret password configuration from global access mode user@rtbrick:confd> edit access
[ access ]
user@rtbrick:confd> set l2tp-pool l2tp_pool client-name lac1 server-name server1 secret lac1
[ access ]
user@rtbrick:confd> end
[ ]
user@rtbrick:confd> commit
Commit succeed

# Option 3: Setting l2tp pool secret password configuration from l2tp-pool mode user@rtbrick:confd> edit access
[ access ]
user@rtbrick:confd> edit l2tp-pool l2tp_pool client-name lac1 server-name server1
[ access l2tp-pool l2tp_pool client-name lac1 server-name server1 ] user@rtbrick:confd> set secret lac1
[ access l2tp-pool l2tp_pool client-name lac1 server-name server1 ]
user@rtbrick:confd> end
[ ]
user@rtbrick:confd> commit
Commit succeed

# Running Configurations:
[ ]
user@rtbrick:confd> show running-configuration
{
    "running-configuration": {
        "access": [
            {
                "l2tp-pool:l2tp_pool lac1 server1": {
                    "secret": "lac1"
                }
            }
        ]
    }
}

2.9.5. Configuring the L2TP Pool Server IPv4 Address

Do the following to assign the L2TP LNS IPv4 address of the endpoint.

#
# Setting the L2TP pool server ipv4 address configuration
# Option 1: Setting L2TP pool server ipv4 address configuration from global mode
#
[ ]
user@rtbrick:confd> set access l2tp-pool l2tp_pool client-name lac1 server-name server1 server-ipv4 10.0.0.3
[ ]
user@rtbrick:confd> commit
Commit succeed

# Option 2: Setting l2tp pool server ipv4 address configuration from global access mode
user@rtbrick:confd> edit access
[ access ]
user@rtbrick:confd> set l2tp-pool l2tp_pool client-name lac1 server-name server1 server-ipv4 10.0.0.3
[ access ]
user@rtbrick:confd> end
[ ]
user@rtbrick:confd> commit
Commit succeed

# Option 3: Setting l2tp pool server ipv4 address configuration from l2tp-pool mode user@rtbrick:confd> edit access
[ access ]
user@rtbrick:confd> edit l2tp-pool l2tp_pool client-name lac1 server-name server1
[ access l2tp-pool l2tp_pool client-name lac1 server-name server1 ] user@rtbrick:confd> set server-ipv4 10.0.0.3
[ access l2tp-pool l2tp_pool client-name lac1 server-name server1 ]
user@rtbrick:confd> end
[ ]
user@rtbrick:confd> commit
Commit succeed

# Running Configurations:
[ ]
user@rtbrick:confd> show running-configuration
{
    "running-configuration": {
        "access": [
            {
                "l2tp-pool:l2tp_pool lac1 server1": {
                    "server-ipv4": "10.0.0.3"
                }
            }
        ]
    }
}

2.9.6. Configuring the Tunnel Session Limit

Do the following to configure the tunnel session limit. This example sets the session limit number to 10.

#
# Setting the L2TP pool session limit value configuration
# Option 1: Setting L2TP pool session limit value configuration from global mode
#
[ ]
user@rtbrick:confd> set access l2tp-pool l2tp_pool client-name lac1 server-name server1 session-limit 1000
[ ]
user@rtbrick:confd> commit
Commit succeed

# Option 2: Setting l2tp pool session limit value configuration from global access mode
user@rtbrick:confd> edit access
[ access ]
user@rtbrick:confd> set l2tp-pool l2tp_pool client-name lac1 server-name server1 session-limit 1000
[ access ]
user@rtbrick:confd> end
[ ]
user@rtbrick:confd> commit
Commit succeed

# Option 3: Setting l2tp pool session limit value configuration from l2tp-pool mode user@rtbrick:confd> edit access
[ access ]
user@rtbrick:confd> edit l2tp-pool l2tp_pool client-name lac1 server-name server1
[ access l2tp-pool l2tp_pool client-name lac1 server-name server1 ] user@rtbrick:confd> set session-limit 1000
[ access l2tp-pool l2tp_pool client-name lac1 server-name server1 ]
user@rtbrick:confd> end
[ ]
user@rtbrick:confd> commit
Commit succeed

# Running Configurations:
[ ]
user@rtbrick:confd> show running-configuration
{
    "running-configuration": {
        "access": [
            {
                "l2tp-pool:l2tp_pool lac1 server1": {
                    "session-limit": 1000
                }
            }
        ]
    }
}

2.10. L2TP Tunnel Profile Configuration

The L2TP profile configuration is an optional step in subscriber management configuration but mandatory to use L2TP.

Generally, the L2TP profile configuration involves the following:

  • Holding the L2TP protocol configuration

  • Providing the tunnel selection algorithm

  • Controlling the default session limit

  • Establishing other parameters

2.10.1. Configuring the L2TP Profile Name

The first step is to give the L2TP profile a name. This example assigns the name l2tp-profile1.

#
# Setting the L2TP profile name
# Option 1: Setting L2TP profile name from global mode
#
[ ]
user@rtbrick:confd> set access l2tp-profile l2tp-profile1
[ ]
user@rtbrick:confd> commit
Commit succeed

# Option 2: Setting l2tp-profile name from global access mode user@rtbrick:confd> edit access
[ access ]
user@rtbrick:confd> set l2tp-profile l2tp-profile1
[ access ]
user@rtbrick:confd> end
[ ]
user@rtbrick:confd> commit
Commit succeed

# Running Configurations:
[ ]
user@rtbrick:confd> show running-configuration

{
    "running-configuration": {
        "access": [
            {
                "l2tp-profile:l2tp-profile1": {
                }
            }
        ]
    }
}

2.10.2. Configuring the L2TP VRF Instance Profile

The L2TP profile allows to define the VRF instance used to lookup the tunnel endpoints. Do the following to configure the VRF instance for the L2TP tunnel profile. This example sets the VRF instance to public.

#
# Setting the L2TP vrf instance of the profile
# Option 1: Setting L2TP vrf instance of the profile from global mode
#
[ ]
user@rtbrick:confd> set access l2tp-profile l2tp-profile1 instance public
[ ]
user@rtbrick:confd> commit
Commit succeed

# Option 2: Setting l2tp vrf instance of the profile from global access mode user@rtbrick:confd> edit access
[ access ]
user@rtbrick:confd> set l2tp-profile l2tp-profile1 instance public
[ access ]
user@rtbrick:confd> end
[ ]
user@rtbrick:confd> commit
Commit succeed
# Option 3: Setting l2tp vrf instance of the profile from l2tp-profile mode user@rtbrick:confd> edit access
[ access ]
user@rtbrick:confd> edit l2tp-profile l2tp-profile1
[ access l2tp-profile l2tp-profile1 ]
user@rtbrick:confd> set instance public
[ access l2tp-profile l2tp-profile1 ]
user@rtbrick:confd> end
[ ]
user@rtbrick:confd> commit
Commit succeed

# Running Configurations:
[ ]
user@rtbrick:confd> show running-configuration
{
    "running-configuration": {
        "access": [
            {
                "l2tp-profile:l2tp-profile1": {
                    "instance": "public"
                }
            }
        ]
    }
}

2.10.3. Configuring the L2TP Profile Address Pool Name

This configuration allows to assign a default local L2TP pool name which can be overwritten by user defined pool names such as local profile or RADIUS. This example sets the pool name to l2tp-pool.

#
# Setting the L2TP pool name of the profile
# Option 1: Setting L2TP pool name of the profile from global mode
#
[ ]
user@rtbrick:confd> set access l2tp-profile l2tp-profile1 pool-name l2tp_pool
[ ]
user@rtbrick:confd> commit
Commit succeed

# Option 2: Setting l2tp pool name of the profile from global access mode user@rtbrick:confd> edit access
[ access ]
user@rtbrick:confd> set l2tp-profile l2tp-profile1 pool-name l2tp_pool
[ access ]
user@rtbrick:confd> end
[ ]
user@rtbrick:confd> commit
Commit succeed

# Option 3: Setting l2tp pool name of the profile from l2tp-profile mode user@rtbrick:confd> edit access
[ access ]
user@rtbrick:confd> edit l2tp-profile l2tp-profile1
[ access l2tp-profile l2tp-profile1 ]
user@rtbrick:confd> set pool-name l2tp_pool
[ access l2tp-profile l2tp-profile1 ]
user@rtbrick:confd> end
[ ]
user@rtbrick:confd> commit
Commit succeed

# Running Configurations:
[ ]
user@rtbrick:confd> show running-configuration
{
    "running-configuration": {
        "access": [
            {
                "l2tp-profile:l2tp-profile1": {
                    "pool-name": "l2tp_pool"
                }
            }
        ]
    }
}

2.10.4. Configuring the L2TP Profile Hello Timer

This option configures the L2TP tunnel hello interval in milliseconds for all tunnels associated with this profile.

#
# Setting the L2TP hello timer of the profile
# Option 1: Setting L2TP hello timer of the profile from global mode
#
[ ]
user@rtbrick:confd> set access l2tp-profile l2tp-profile1 hello-interval 30000
[ ]
user@rtbrick:confd> commit
Commit succeed

# Option 2: Setting l2tp hello timer of the profile from global access mode user@rtbrick:confd> edit access
[ access ]
user@rtbrick:confd> set l2tp-profile l2tp-profile1 hello-interval 30000
[ access ]
user@rtbrick:confd> end
[ ]
user@rtbrick:confd> commit
Commit succeed

# Option 3: Setting l2tp hello timer of the profile from l2tp-profile mode user@rtbrick:confd> edit access
[ access ]
user@rtbrick:confd> edit l2tp-profile l2tp-profile1
[ access l2tp-profile l2tp-profile1 ]
user@rtbrick:confd> set hello-interval 30000
[ access l2tp-profile l2tp-profile1 ]
user@rtbrick:confd> end
[ ]
user@rtbrick:confd> commit
Commit succeed

# Running Configurations:
[ ]
user@rtbrick:confd> show running-configuration
{
    "running-configuration": {
        "access": [
            {
                "l2tp-profile:l2tp-profile1": {
                    "hello-interval": "30000"
                }
            }
        ]
    }
}

2.10.5. Configuring the L2TP Profile Hide Authentication Indicator

This option enables to hide all authentication related L2TP AVP as defined in section 4.3 of RFC2661.

#
# Setting the L2TP hide authentication of the profile
# Option 1: Setting L2TP hide authentication of the profile from global mode
#
[ ]
user@rtbrick:confd> set access l2tp-profile l2tp-profile1 hide-authentication
[ ]
user@rtbrick:confd> commit
Commit succeed

# Option 2: Setting l2tp hide authentication of the profile from global access mode user@rtbrick:confd> edit access
[ access ]
user@rtbrick:confd> set l2tp-profile l2tp-profile1 hide-authentication
[ access ]
user@rtbrick:confd> end
[ ]
user@rtbrick:confd> commit
Commit succeed

# Option 3: Setting l2tp hide authentication of the profile from l2tp-profile mode user@rtbrick:confd> edit access
[ access ]
user@rtbrick:confd> edit l2tp-profile l2tp-profile1
[ access l2tp-profile l2tp-profile1 ]
user@rtbrick:confd> set hide-authentication
[ access l2tp-profile l2tp-profile1 ]
user@rtbrick:confd> end
[ ]
user@rtbrick:confd> commit
Commit succeed

# Running Configurations:
[ ]
user@rtbrick:confd> show running-configuration
{
    "running-configuration": {
        "access": [
            {
                "l2tp-profile:l2tp-profile1": {
                    "hide-authentication": true
                }
            }
        ]
    }
}

2.10.6. Configuring the L2TP Profile Idle Timeout Interval

This option defines how long to keep a tunnel established which has no sessions (is idle) in milliseconds.

#
# Setting the L2TP idle timeout of the profile
# Option 1: Setting L2TP idle timeout of the profile from global mode
#
[ ]
user@rtbrick:confd> set access l2tp-profile l2tp-profile1 idle-timeout-interval 600000
[ ]
user@rtbrick:confd> commit
Commit succeed

# Option 2: Setting l2tp idle timeout of the profile from global access mode user@rtbrick:confd> edit access
[ access ]
user@rtbrick:confd> set l2tp-profile l2tp-profile1 idle-timeout-interval 600000
[ access ]
user@rtbrick:confd> end
[ ]
user@rtbrick:confd> commit
Commit succeed
# Option 3: Setting l2tp idle timeout of the profile from l2tp-profile mode user@rtbrick:confd> edit access
[ access ]
user@rtbrick:confd> edit l2tp-profile l2tp-profile1
[ access l2tp-profile l2tp-profile1 ]
user@rtbrick:confd> set idle-timeout-interval 600000
[ access l2tp-profile l2tp-profile1 ]
user@rtbrick:confd> end
[ ]
user@rtbrick:confd> commit
Commit succeed

# Running Configurations:
[ ]
user@rtbrick:confd> show running-configuration
{
    "running-configuration": {
        "access": [
            {
                "l2tp-profile:l2tp-profile1": {
                    "idle-timeout-interval": "600000"
                }
            }
        ]
    }
}

2.10.7. Configuring the L2TP Profile Receive Window Size

This option refers to the reliable delivery of L2TP control messages as defined in section 5.8 of RFC2661.

#
# Setting the L2TP receive window of the profile
# Option 1: Setting L2TP receive window of the profile from global mode
#
[ ]
user@rtbrick:confd> set access l2tp-profile l2tp-profile1 receive-window 8
[ ]
user@rtbrick:confd> commit
Commit succeed

# Option 2: Setting l2tp receive window of the profile from global access mode user@rtbrick:confd> edit access
[ access ]
user@rtbrick:confd> set l2tp-profile l2tp-profile1 receive-window 8
[ access ]
user@rtbrick:confd> end
[ ]
user@rtbrick:confd> commit
Commit succeed

# Option 3: Setting l2tp receive window of the profile from l2tp-profile mode user@rtbrick:confd> edit access
[ access ]
user@rtbrick:confd> edit l2tp-profile l2tp-profile1
[ access l2tp-profile l2tp-profile1 ]
user@rtbrick:confd> set receive-window 8
[ access l2tp-profile l2tp-profile1 ]
user@rtbrick:confd> end
[ ]
user@rtbrick:confd> commit
Commit succeed

# Running Configurations:
[ ]
user@rtbrick:confd> show running-configuration
{
    "running-configuration": {
        "access": [
            {
            "l2tp-profile:l2tp-profile1": {
                "receive-window": 8
             }
          }
      ]
   }
}

2.10.8. Configuring the L2TP Profile Retransmit Interval

The L2TP profile is associated with a retransmit interval. Do the following to configure the retransmit interval for the L2TP tunnel profile. This example sets the retransmit interval to 1 second.

#
# Setting the L2TP retransmit interval of the profile
# Option 1: Setting L2TP retransmit interval of the profile from global mode
#
[ ]
user@rtbrick:confd> set access l2tp-profile l2tp-profile1 retransmit-interval 1000
[ ]
user@rtbrick:confd> commit
Commit succeed

# Option 2: Setting l2tp retransmit interval of the profile from global access mode user@rtbrick:confd> edit access
[ access ]
user@rtbrick:confd> set l2tp-profile l2tp-profile1 retransmit-interval 1000
[ access ]
user@rtbrick:confd> end
[ ]
user@rtbrick:confd> commit
Commit succeed

# Option 3: Setting l2tp retransmit interval of the profile from l2tp-profile mode user@rtbrick:confd> edit access
[ access ]
user@rtbrick:confd> edit l2tp-profile l2tp-profile1
[ access l2tp-profile l2tp-profile1 ]
user@rtbrick:confd> set retransmit-interval 1000
[ access l2tp-profile l2tp-profile1 ]
user@rtbrick:confd> end
[ ]
user@rtbrick:confd> commit
Commit succeed

# Running Configurations:
[ ]
user@rtbrick:confd> show running-configuration
{
    "running-configuration": {
        "access": [
            {
                "l2tp-profile:l2tp-profile1": {
                    "retransmit-interval": "1000"
                }
            }
        ]
    }
}

2.10.9. Configuring the L2TP Profile Session Limit

The L2TP profile is associated with a default tunnel session limit. Do the following to configure the session limit number for the L2TP profile. This example sets the session limit number to 1000.

#
# Setting the L2TP session limit of the profile
# Option 1: Setting L2TP session limit of the profile from global mode
#
[ ]
user@rtbrick:confd> set access l2tp-profile l2tp-profile1 session-limit 1000
[ ]
user@rtbrick:confd> commit
Commit succeed
# Option 2: Setting l2tp session limit of the profile from global access mode user@rtbrick:confd> edit access
[ access ]
user@rtbrick:confd> set l2tp-profile l2tp-profile1 session-limit 1000
[ access ]
user@rtbrick:confd> end
[ ]
user@rtbrick:confd> commit
Commit succeed
# Option 3: Setting l2tp session limit of the profile from l2tp-profile mode user@rtbrick:confd> edit access
[ access ]
user@rtbrick:confd> edit l2tp-profile l2tp-profile1
[ access l2tp-profile l2tp-profile1 ]
user@rtbrick:confd> set session-limit 1000
[ access l2tp-profile l2tp-profile1 ]
user@rtbrick:confd> end
[ ]
user@rtbrick:confd> commit
Commit succeed

# Running Configurations:
[ ]
user@rtbrick:confd> show running-configuration
{
    "running-configuration": {
        "access": [
            {
                "l2tp-profile:l2tp-profile1": {
                    "session-limit": 1000
                }
            }
        ]
    }
}

2.10.10. Configuring the L2TP Profile Selection Algorithm

The L2TP profile is associated with an algorithm used to select L2TP tunnels. This algorithm can be configured as BALANCED (choose tunnels in order to balance the sessions) or RANDOM (choose tunnels at random regardless of active sessions). This section shows how to configure both algorithms.

2.10.10.1. Configuring the BALANCED L2TP Profile Selection Algorithm

The L2TP profile is associated with an algorithm used to select L2TP tunnels. Do the following to configure the BALANCED selection algorithm for the L2TP tunnel profile.

#
# Setting the L2TP selection algorithm type balanced of the profile
# Option 1: Setting L2TP selection algorithm type balanced of the profile from global mode

#
[ ]
user@rtbrick:confd> set access l2tp-profile l2tp-profile1 selection-algorithm BALANCED
[ ]
user@rtbrick:confd> commit
Commit succeed

# Option 2: Setting l2tp selection algorithm type balanced of the profile from global access mode
user@rtbrick:confd> edit access
[ access ]
user@rtbrick:confd> set l2tp-profile l2tp-profile1 selection-algorithm BALANCED
[ access ]
user@rtbrick:confd> end
[ ]
user@rtbrick:confd> commit
Commit succeed

# Option 3: Setting l2tp selection algorithm type balanced of the profile from
l2tp-profile mode
user@rtbrick:confd> edit access
[ access ]
user@rtbrick:confd> edit l2tp-profile l2tp-profile1
[ access l2tp-profile l2tp-profile1 ]
user@rtbrick:confd> set selection-algorithm BALANCED
[ access l2tp-profile l2tp-profile1 ]
user@rtbrick:confd> end
[ ]
user@rtbrick:confd> commit
Commit succeed

# Running Configurations:
[ ]
user@rtbrick:confd> show running-configuration
{
    "running-configuration": {
        "access": [
            {
                "l2tp-profile:l2tp-profile1": {
                    "selection-algorithm": "BALANCED"
                }
            }
        ]
    }
}
2.10.10.2. Configuring the RANDOM L2TP Profile Selection Algorithm

The L2TP profile is associated with an algorithm used to select L2TP tunnels. Do the following to configure the RANDOM selection algorithm for the L2TP tunnel profile.

#
# Setting the L2TP selection algorithm type random of the profile
# Option 1: Setting L2TP selection algorithm type random of the profile from global mode
#
[ ]
user@rtbrick:confd> set access l2tp-profile l2tp-profile1 selection-algorithm RANDOM
[ ]
user@rtbrick:confd> commit
Commit succeed

# Option 2: Setting l2tp selection algorithm type random of the profile from global access mode
user@rtbrick:confd> edit access
[ access ]
user@rtbrick:confd> set l2tp-profile l2tp-profile1 selection-algorithm RANDOM
[ access ]
user@rtbrick:confd> end
[ ]
user@rtbrick:confd> commit
Commit succeed

# Option 3: Setting l2tp selection algorithm type random of the profile from
l2tp-profile mode
user@rtbrick:confd> edit access
[ access ]
user@rtbrick:confd> edit l2tp-profile l2tp-profile1
[ access l2tp-profile l2tp-profile1 ]
user@rtbrick:confd> set selection-algorithm RANDOM
[ access l2tp-profile l2tp-profile1 ]
user@rtbrick:confd> end
[ ]
user@rtbrick:confd> commit
Commit succeed

# Running Configurations:
[ ]
user@rtbrick:confd> show running-configuration
{
    "running-configuration": {
        "access": [
            {
                "l2tp-profile:l2tp-profile1": {
                    "selection-algorithm": "RANDOM"
                }
            }
        ]
    }
}
2.10.10.3. Configuring the L2TP MPLS Service Label

The service-label parameter is mandatory to support L2TP encapsulated traffic over MPLS and defines the label which must be used for L2TP encapsulated traffic. This label is automatically used and advertised by BGP application.

#
# Setting the L2TP MPLS service label
# Option 1: Setting L2TP service label 1000 of the profile from global mode
#
[ ]
user@rtbrick:confd> set access l2tp-profile l2tp-profile1 service-label 1000
[ ]
user@rtbrick:confd> commit
Commit succeed

# Option 2: Setting L2TP service label 1000of the profile from global access mode
user@rtbrick:confd> edit access
[ access ]
user@rtbrick:confd> set l2tp-profile l2tp-profile1 service-label 1000
[ access ]
user@rtbrick:confd> end
[ ]
user@rtbrick:confd> commit
Commit succeed

# Option 3: Setting L2TP service label 1000 of the profile from
l2tp-profile mode
user@rtbrick:confd> edit access
[ access ]
user@rtbrick:confd> edit l2tp-profile l2tp-profile1
[ access l2tp-profile l2tp-profile1 ]
user@rtbrick:confd> set service-label 1000
[ access l2tp-profile l2tp-profile1 ]
user@rtbrick:confd> end
[ ]
user@rtbrick:confd> commit
Commit succeed

# Running Configurations:
[ ]
user@rtbrick:confd> show running-configuration
{
    "running-configuration": {
        "access": [
            {
                "l2tp-profile:l2tp-profile1": {
                    "service-label": 1000
                }
            }
        ]
    }
}

3. L2TP Show Commands

3.1. show l2tp session all

This command lists all L2TP sessions.

ubuntu@rtbrick:~$ rtb l2tpd.1  show  l2tp  session all
+----------+----------+----------+----------------+----------------------+
  Local TID  Local SID  Peer SID        State           Subscriber ID
+----------+----------+----------+----------------+----------------------+
    35478      60391        1        ESTABLISHED      72339069014638595
+----------+----------+----------+----------------+----------------------+
ubuntu@rtbrick:~$ rtb l2tpd.1  show  l2tp  tunnel  all
+------+---------+---------+----------------+--------------------+--------------------+----------+-----------+-----------+
  Role  Local TID  Peer TID       State           Local Name            Peer Name      Preference   Sessions  Established
+------+---------+---------+----------------+--------------------+--------------------+----------+-----------+-----------+
   LAC    35478       1        ESTABLISHED            BNG                 LNS1            10000         1           1
+------+---------+---------+----------------+--------------------+--------------------+----------+-----------+-----------+
ubuntu@rtbrick:~$ rtb pppoed.1  show  ppp session  all
+----------------------+----------------------+------+------------+------------+------------+------------+
 User Name              Subscriber ID          Type   LCP State    Auth State   IPCP State   IP6CP State
+----------------------+----------------------+------+------------+------------+------------+------------+
 l2tp10server@rtbrick.c 72339069014638595      PPPOE  TUNNELLED    TUNNELLED    N/A          N/A

ubuntu@rtbrick:~$

3.2. show l2tp tunnel detail

This command provides detailed information about L2TP tunnels.

ubuntu@rtbrick:~$ rtb l2tpd.1  show  l2tp  tunnel  detail

Local TID: 35478, Peer TID: 1, State: ESTABLISHED, Role: LAC
  Local Name: BNG, Client Auth Id: BNG
  Peer Name: LNS1, Server Auth Id: LNS1
  Instance: default, Local IP: 192.168.0.3, Peer IP: 10.0.0.2
  Local Parameters:
    Receive Window: 32
    Preference: 10000
    Session Limit: 4000
  Peer Parameters:
    Receive Window: 10
    Framing: SYNC, Bearer: DIGITAL,ANALOG
    Firmware: 256, Vendor: IXIA
ubuntu@rtbrick:~$

3.3. show l2tp tunnel packet statistics

This command provides detailed information about all L2TP tunnel packets.

ubuntu@rtbrick:~$ rtb l2tpd.1  show  l2tp  tunnel  packet  statistics

Packets Received:
    sccrq                     : 0
    sccrp                     : 2
    scccn                     : 0
    hello                     : 0
    zlb                       : 13
    stopccn                   : 0

Packets Queued:
    sccrq                     : 2
    sccrp                     : 0
    scccn                     : 2
    hello                     : 0
    zlb                       : 0
    stopccn                   : 0

Packets Send:
    sccrq                     : 2
    sccrp                     : 0
    scccn                     : 2
    hello                     : 10
    zlb                       : 0
    stopccn                   : 0

Packets Retransmitted:
    sccrq                     : 0
    sccrp                     : 0
    scccn                     : 0
    hello                     : 6
    stopccn                   : 0

3.4. show l2tp session packet statistics

This command provides information about the l2tp session packets.

ubuntu@rtbrick:~$ rtb l2tpd.1  show  l2tp  session packet  statistics

Packets Received:
    icrq                      : 0
    icrp                      : 2
    iccn                      : 0
    cdn                       : 0

Packets Queued:
    icrq                      : 2
    icrp                      : 0
    iccn                      : 2
    cdn                       : 0

Packets Send:
    icrq                      : 2
    icrp                      : 0
    iccn                      : 2
    cdn                       : 0

Packets Retransmitted:
    icrq                      : 0
    icrp                      : 0
    iccn                      : 0
    cdn                       : 0

ubuntu@rtbrick:~$

3.5. show ppp session statistics

This command provides information about the PPP session.

ubuntu@rtbrick:~$ rtb pppoed.1  show  ppp session  statistics  subscriber-id 72339069014638595
 LCP configure-request received                        : 1
 LCP configure-ack received                            : 1
 LCP configure-request sent                            : 1
 LCP configure-ack sent                                : 1
 LCP MRU negotiation failed                            : 1
 LCP magic number negotiation successful               : 1
 PAP authentication-request received                   : 1
ubuntu@rtbrick:~$

3.6. show ppp statistics

This command provides information about PPP.

ubuntu@rtbrick:~$ rtb pppoed.1  show  ppp statistics
 LCP configure-request received                        : 2
 LCP configure-ack received                            : 2
 LCP echo-reply received                               : 2
 LCP configure-request sent                            : 2
 LCP configure-ack sent                                : 2
 LCP echo-request sent                                 : 2
 LCP MRU negotiation failed                            : 2
 LCP magic number negotiation successful               : 2
 PAP authentication-request received                   : 7
 PAP in wrong state received                           : 1
ubuntu@rtbrick:~$

©Copyright 2020 RtBrick, Inc. All rights reserved. The information contained herein is subject to change without notice. The trademarks, logos and service marks ("Marks") displayed in this documentation are the property of RtBrick in the United States and other countries. Use of the Marks are subject to RtBrickā€™s Term of Use Policy, available at https://www.rtbrick.com/privacy. Use of marks belonging to other parties is for informational purposes only.