Manual

ManualsBrandsCisco ManualsSoftwareCisco IOS Software Release 12.0(29)S

Layer 2 Tunnel Protocol Version 3

digest

Cisco IOS Releases 12.0(29)S and 12.2(25)S

of authentication, but this configuration will yield control of which authentication method is used to the

peer PE router. Enabling both methods of authentication should be considered an interim solution to

solve backward-compatibility issues during software upgrades.

Table 6 shows a compatibility matrix for the different L2TPv3 authentication methods. PE1 is running

Cisco IOS 12.0(29)S, and the different possible authentication configurations for PE1 are shown in the

first column. Each remaining column represents PE2 running software with different available

authentication options, and the intersections indicate the different compatible configuration options for

PE2. If any PE1/PE2 authentication configuration poses ambiguity on which method of authentication

will be used, the winning authentication method is indicated in bold. If both the old and new

authentication methods are enabled on PE1 and PE2, both types of authentication will occur.

Table 6 Compatibility Matrix for L2TPv3 Authentication Methods

PE1

Authentication

Configuration

PE2 Supporting Old

Authentication

PE2 Supporting New

Authentication

PE2 Supporting Old and

New Authentication

None None None

New integrity check

None

New integrity check

Old

authentication

Old authentication — Old authentication

Old authentication and

new authentication

Old authentication and

new integrity check

New

authentication

— New authentication New authentication

Old authentication and

new authentication

New integrity

check

None None

New integrity check

None

New integrity check

Old and new

authentication

Old authentication New authentication Old authentication

New authentication

Old and new

authentication

Old authentication and

new integrity check

Old

authentication

and new integrity

check

Old authentication — Old authentication

Old authentication and

new authentication

Old authentication and

new integrity check

1. Any PE software that supports only the old CHAP-like authentication system.

2. Any PE software that supports only the new message digest authentication and integrity checking authentication system,

but does not understand the old CHAP-like authentication system. This type of software may be implemented by other

vendors based on the latest L2TPv3 draft.

3. Any PE software that supports both the old CHAP-like authentication and the new message digest authentication and

integrity checking authentication system, such as Cisco IOS 12.0(29)S or later releases.