This guide details configuring the L2TP tunnel service on a Cisco router running IOS or IOS-XE. This process may require an Apex license depending on your platform. There are two ways to do this, with and without front door VRF. Front door VRF should be used if you would like to send all traffic to MERTANDHOUSE, as you will be able to seperate your WAN and tunnel routing table.
With Front Door VRF:
- Define the pseudowire class:
pseudowire-class MERTANDHOUSE encapsulation l2tpv2 ip local interface <WAN-INTERFACE> - Define the VRF for the LAN side (the WAN side will use the default VRF):
vrf definition LAN ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! - Configure the tunnel interface for L2TP:
interface Virtual-PPP1 description MERTANDHOUSE TUNNEL vrf forwarding LAN ip address negotiated ipv6 address autoconfig ipv6 enable ppp chap hostname <username> ppp chap password 0 <password> ppp direction callout ppp ipcp address accept pseudowire <MERTANDHOUSE-POP-IP> 1 encapsulation l2tpv2 pw-class MERTANDHOUSE
- Define the pseudowire class:
Without Front Door VRF:
- Define the pseudowire class:
pseudowire-class MERTANDHOUSE encapsulation l2tpv2 ip local interface <WAN-INTERFACE> - Configure the tunnel interface for L2TP:
interface Virtual-PPP1 description MERTANDHOUSE TUNNEL ip address negotiated ipv6 address autoconfig ipv6 enable ppp chap hostname <username> ppp chap password 0 <password> ppp direction callout ppp ipcp address accept pseudowire <MERTANDHOUSE-POP-IP> 1 encapsulation l2tpv2 pw-class MERTANDHOUSE
Verification Steps:
- Check to make sure you are reciving the IP that you can view in the client portal on your PPP interface
Router#show ip interface brief | include PPP Virtual-PPP1 100.64.0.200 YES IPCP up up - Ensure you have a route pointing at the far end of the tunnel
Router#show run | i route ip route vrf LAN 0.0.0.0 0.0.0.0 Virtual-PPP1 ipv6 route vrf LAN ::/0 Virtual-PPP1
