Professional Documents
Culture Documents
1 of 5
HOME
ABOUT
PRIORITY QUEUE
FAQ
ADVERTISE
http://packetpushers.net/extending-layer-2-across-layer-3-with-l2tpv3-ps...
COMMUNITY PODCASTS
IRC
WEEKLY SHOW
SUBSCRIBE
BACK CATALOGUE
@PACKETPUSHERS
Search
4 Comments
Imagine one day your boss comes to you wanting to provide Internet access for a tenant in a
distant building location that your organization has a presence (WAN connectivity) at. You think
for a moment how to accomplish this task while keeping the following points in mind. How can
we do this
1. securely,
2. across a Layer 3 segment,
3. connect them to the company guest internet router at the main site,
4. keep the configuration/setup relatively non-complex,
5. and of course with-in a budget.
As you begin to research how you would like to approach this scenario with the points above in
mind, the greatest technical challenge you see is the across a layer 3 segment point.
While researching solutions, you remember some of the new benefits the more recent L2TPv3
can provide. As you research some of the benefits of L2TPv3 you learn that a Layer 2 connection
can be extended across a Layer 3 network using a feature called x-connect or a pseudo-wire . As
you investigate further the requirements and configuration you realize you have everything
needed to make this connectivity scenario happen. The hardware involved is a Cisco 2811 router
at the remote distant building (across a L3 WAN) with the guest Internet router at the main site
also being a 2811 both running a 12.4 T code that supports L2TPv3. An obvious requirement is IP
connectivity between each 2811 router for the pseudo-wire to function. The remote router at
the distant location is reachable already since its within your companys routing (table) domain
while the guest Internet router is L3 reachable via a management interface.
For the network diagram used in this scenario see the below link:
L2TPv3_Pseudowire_Diagram
First off, heres some quick definitions for L2TPv3 and Pseudo-wire:
Source Wikipedia.org
L2TPv3 -Layer 2 Tunneling Protocol Version 3 is an IETF standard related to
L2TP that can be used as an alternative protocol to Multiprotocol Label Switching
(MPLS) for encapsulation of multiprotocol Layer 2 communications traffic over IP
networks. Like L2TP, L2TPv3 provides a pseudo-wire service, but scaled to fit
ETHEREALMIND.COM
carrier requirements.
to-point connection over a packet-switching network. The service being carried over
the wire may be Asynchronous Transfer Mode (ATM), Frame Relay, Ethernet or
Note: in this scenario, the Guest Internet Router has an HWIC-2FE and HWIC-4ESW card installed
10/03/2015 6:35 PM
2 of 5
http://packetpushers.net/extending-layer-2-across-layer-3-with-l2tpv3-ps...
where FA0/3/0 (HWIC-2FE) connects to FA0/1/2 (HWIC-4ESW) on the Guest Internet Router with a
small straight-thru patch cable. Here we are going to configure the pseudo-wire tunnel between
routers Savannah and Guest Internet Router with the tunnel configured on the LAN side
interface of each router, this will be FA0/1 on the Savannah Router and FA0/3/0 on the Guest
Internet Routers FE port. Our source of the tunnel will be the WAN facing interface G0/0/0 on
Savannah and a vlan (mgt) interface (vlan 1) FA0/0/0 on the Guest Internet Routers switch card.
ETHANCBANKS.COM
The Why Talented Employees Stay Listicle
ORLY?
As stated earlier, L3 connectivity is a requirement, and we can ping between Savannahs G0/0/0
and the Guest Internet Routers FA0/0/0 (vlan1) interfaces. In this scenario, EIGRP is the WAN
goodput?
authentication
password L2TPv3
RECENT COMMENTS
life
encapsulation l2tpv3
protocol l2tpv3 networkstV3class
ip local interface Vlan1
speed auto
xconnect 10.100.10.1 1 encapsulation l2tpv3 pw-class NETWO RKPW
- the xconnect cmd associates interface vlan1 to the Guest Internet Routers pseudo-wire located
at 10.100.10.1
the VC ID of 1 is a virtual circuit ID and needs to match at both ends.
-Guest Internet Routerinterface FastEthernet0/3/0
description LAN Facing
no ip address
duplex auto
speed auto
xconnect 10.200.255.2 1 encapsulation l2tpv3 pw-class NETWO RKPW
- the xconnect cmd associates interface g0/0/0 to Savannahs pseudo-wire located at
10.200.255.2
Go
10/03/2015 6:35 PM
3 of 5
http://packetpushers.net/extending-layer-2-across-layer-3-with-l2tpv3-ps...
S1 Segment 2
S2
++++
UP
ac Fa0/1(Ethernet)
UP l2tp 10.100.10.1:1
UP
Bio
Latest Posts
Brandon Roberson
Brandon is a Sr. Network Engineer, focused mostly on Route Switch, Data
Center, and network Security. Brandon currently works in the healthcare
industry and teaches networking courses from time to time. He is currently
working on his CCIE (R&S) and holds CCNP, CCDP, CCNP Security, and CWNA
credentials.
10/03/2015 6:35 PM
4 of 5
http://packetpushers.net/extending-layer-2-across-layer-3-with-l2tpv3-ps...
Share this:
tunneling, x-connect
5 Comments
Ivan Pepelnjak
And what exactly is wrong with VRFs and GRE tunnels (apart from being
old-school and actually working on any platform there is out there)?
Brandon Roberson
GRE and VRF's which most everyone knows about would in-deed both be
good approaches.This scenario is just showing another way to accomplish the
same task. Actually in this particular scenario the PW was an overall better
and more simplified approach.
Ben
Thank you for presenting and explaining this interesting design solution.
Brent Salisbury
Appreciate the time spent writing this up Brandon. That will be handy to have
for reference.
Cheers.
striker2204
nice solution. although regarding your requirements I don't see the need to
stretch your L2-Domain. Wouldn't be a GRE-Tunnel from the Branch Router a
better solution, assuming that you have more Guest-Internet from other
locations ? Services such as DHCP provided by the Guest-Internet-Router
which still allows central management.
10/03/2015 6:35 PM
5 of 5
http://packetpushers.net/extending-layer-2-across-layer-3-with-l2tpv3-ps...
BLOG CATEGORIES
Book Review
Certification
Data Center
Jobs
E-Mail Address
Go
Routing
Security
Service Provider
Show News
Switching
Virtualization
Voice
Network Management
IPv6
WAN Optimization
Work Life
10/03/2015 6:35 PM