Manual

ManualsBrandsCisco ManualsSoftwareCisco IOS Software Release 12.0(29)S

Layer 2 Tunnel Protocol Version 3

How to Configure Layer 2 Tunnel Protocol Version 3

Cisco IOS Releases 12.0(29)S and 12.2(25)S

Configuring L2TPv3 Control Channel Hashing

The L2TPv3 Control Channel Hashing feature introduced in Cisco IOS Release 12.0(29)S is a new

authentication system that is more secure than the CHAP-style L2TP control channel method of

authentication. L2TPv3 Control Connection Hashing incorporates an optional authentication or integrity

check for all control messages. This per-message authentication is designed to guard against control

message spoofing and replay attacks that would otherwise be trivial to mount against the network.

Enabling the L2TPv3Control Channel Hashing feature will impact performance during control

connection and session establishment because additional digest calculation of the full message content

is required for each sent and received control message. This is an expected trade-off for the additional

security afforded by this feature. In addition, network congestion may occur if the receive window size

Step 3

l2tp-class [l2tp-class-name]

Example:

Router(config)# l2tp-class class1

Specifies the L2TP class name and enters L2TP class

configuration mode.

• The l2tp-class-name argument is optional. However, if

you want to configure multiple L2TP classes you must

specify a unique l2tp-class-name for each one.

Step 4

authentication

Example:

Router(config-l2tp-class)# authentication

(Optional) Enables authentication for the control channel

between PE routers.

Step 5

password [0 | 7] password

Example:

Router(config-l2tp-class)# password cisco

(Optional) Configures the password used for control

channel authentication.

• [0 | 7]—(Optional) Specifies the input format of the

shared secret. The default value is 0.

–

0—Specifies that a plain-text secret will be

entered.

–

7—Specifies that an encrypted secret will be

entered.

• password—Defines the shared password between peer

routers.

Step 6

hostname name

Example:

Router(config-l2tp-class)# hostname yb2

(Optional) Specifies a host name used to identify the router

during L2TP control channel authentication.

• If you do not use this command, the default host name

of the router is used.

Command or Action Purpose