Manual

ManualsBrandsCisco ManualsSoftwareCisco IOS Software Release 12.0(29)S

Layer 2 Tunnel Protocol Version 3

How to Configure Layer 2 Tunnel Protocol Version 3

Cisco IOS Releases 12.0(29)S and 12.2(25)S

Configuring L2TPv3 Control Channel Authentication Parameters

Two methods of control channel authentication are available in Cisco IOS Release 12.0(29)S. The

L2TPv3 Control Channel Hashing feature introduces a more robust authentication method than the older

CHAP-style L2TP control channel method of authentication. You may choose to enable both methods

of authentication to ensure interoperability with peers that support only one of these methods of

authentication, but this configuration will yield control of which authentication method is used to the

peer PE router. Enabling both methods of authentication should be considered an interim solution to

solve backward-compatibility issues during software upgrades.

The principal difference between the L2TPv3 Control Connection Authentication feature and

CHAP-style L2TP control channel authentication is that, instead of computing the hash over selected

contents of a received control message, the L2TPv3 Control Connection Authentication feature uses the

entire message in the hash. In addition, instead of including the hash digest in only the SCCRP and

SCCCN messages, it includes it in all L2TP messages.

Step 3

l2tp-class [l2tp-class-name]

Example:

Router(config)# l2tp-class class1

Specifies the L2TP class name and enters L2TP class

configuration mode.

• The l2tp-class-name argument is optional. However, if

you want to configure multiple L2TP classes you must

specify a unique l2tp-class-name for each one.

Step 4

receive-window size

Example:

Router(config-l2tp-class)# receive-window 30

(Optional) Configures the number of packets that can be

received by the remote peer before backoff queueing occurs.

• The valid values range from 1 to the upper limit the peer

has for receiving packets. The default value is the upper

limit.

Step 5

retransmit {initial retries initial-retries |

retries retries | timeout {max | min} timeout}

Example:

Router(config-l2tp-class)# retransmit retries

(Optional) Configures parameters that affect the

retransmission of control packets.

• initial retries—specifies how many SCCRQs are

re-sent before giving up on the session. Valid values for

the initial-retries argument range from 1 to 1000. The

default value is 2.

• retries—specifies how many retransmission cycles

occur before determining that the peer PE router does

not respond. Valid values for the retries argument range

from 1 to 1000. The default value is 15.

• timeout {max | min}—specifies maximum and

minimum retransmission intervals (in seconds) for

resending control packets. Valid values for the timeout

argument range from 1 to 8. The default maximum

interval is 8; the default minimum interval is 1.

Step 6

timeout setup seconds

Example:

Router(config-l2tp-class)# timeout setup 400

(Optional) Configures the amount of time, in seconds,

allowed to set up a control channel.

• Valid values for the seconds argument range from 60 to

6000. The default value is 300.

Command or Action Purpose