Manual
Layer 2 Tunnel Protocol Version 3
How to Configure Layer 2 Tunnel Protocol Version 3
28
Cisco IOS Releases 12.0(29)S and 12.2(25)S
Support for the L2TPv3 Control Connection Authentication feature is introduced in Cisco IOS
Release 12.0(29)S. Support for L2TP control channel authentication is maintained for backward
compatibility. Either or both authentication methods can be enabled to allow interoperability with peers
supporting only one of the authentication methods.
Table 4 shows a compatibility matrix for the different L2TPv3 authentication methods. PE1 is running
Cisco IOS 12.0(29)S, and the different possible authentication configurations for PE1 are shown in the
first column. Each remaining column represents PE2 running software with different available
authentication options, and the intersections indicate the different compatible configuration options for
PE2. If any PE1/PE2 authentication configuration poses ambiguity on which method of authentication
will be used, the winning authentication method is indicated in bold. If both the old and new
authentication methods are enabled on PE1 and PE2, both types of authentication will occur.
Table 4 Compatibility Matrix for L2TPv3 Authentication Methods
PE1
Authentication
Configuration
PE2 Supporting Old
Authentication
1
1. Any PE software that supports only the old CHAP-like authentication system.
PE2 Supporting New
Authentication
2
2. Any PE software that supports only the new message digest authentication and integrity checking authentication system,
but does not understand the old CHAP-like authentication system. This type of software may be implemented by other
vendors based on the latest L2TPv3 draft.
PE2 Supporting Old and
New Authentication
3
3. Any PE software that supports both the old CHAP-like authentication and the new message digest authentication and
integrity checking authentication system, such as Cisco IOS 12.0(29)S or later releases.
None None None
New integrity check
None
New integrity check
Old
authentication
Old authentication — Old authentication
Old authentication and
new authentication
Old authentication and
new integrity check
New
authentication
— New authentication New authentication
Old authentication and
new authentication
New integrity
check
None None
New integrity check
None
New integrity check
Old and new
authentication
Old authentication New authentication Old authentication
New authentication
Old and new
authentication
Old authentication and
new integrity check
Old
authentication
and new integrity
check
Old authentication — Old authentication
Old authentication and
new authentication
Old authentication and
new integrity check