Manualshelf

Manual

ManualsBrandsCisco ManualsSoftwareCisco IOS Software Release 12.0(29)S
919293949596979899100
Layer 2 Tunnel Protocol Version 3
hidden
96
Cisco IOS Releases 12.0(29)S and 12.2(25)S
hidden
To enable attribute-value pair (AVP) hiding when sending control messages to a Layer 2 Tunneling
Protocol Version 3(L2TPv3) peer, use the hidden command in L2TP class configuration mode. To
unhide AVPs, use the no form of this command.
hidden
no hidden
Syntax Description This command has no arguments or keywords.
Defaults L2TP AVP hiding is disabled.
Command Modes L2TP class configuration
Command History
Usage Guidelines Use the hidden command to provide additional security for the exchange of control messages between
provider edge routers in a Layer 2 Tunnel Protocol Version 3 (L2TPv3) control channel. Because
username and password information is exchanged between devices in clear text, it is useful to encrypt
L2TP AVP values with the hidden command.
In Cisco IOS Release 12.0(29)S, only the hiding of the cookie AVP is supported.
In Cisco IOS Release 12.0(29)S, this command was modified to function only with the authentication
method configured using the digest secret command and keyword combination. AVP hiding is enabled
only when both the digest secret command and keyword combination and the hidden command have
been issued. If another method of authentication is also configured, such as Challenge Handshake
Authentication Protocol (CHAP) style authentication configured with the L2TP class command
authentication, AVP hiding will not be enabled.
If AVP hiding is configured, the session local cookie will be hidden when sent in incoming-call-request
(ICRQ) and incoming-call-reply (ICRP) messages.
Whether or not AVP hiding is enabled, if a hidden AVP is received the AVP will be unhidden using the
shared secret configured with the digest secret command and keyword combination. If no shared secret
is configured, the AVP will not be unhidden and an error will be reported. If the M-bit is set in the
received hidden AVP, the control connection or tunnel will be torn down.
Release Modification
12.0(23)S This command was introduced.
12.0(29)S This command was modified to function only with the authentication
method configured with the digest secret command and keyword
combination.
12.2(25)S This command was integrated into Cisco IOS Release 12.2(25)S.