For feedback and comments:
documentation.feedback@alcatel-lucent.com

Table of Contents Previous Next PDF

L2TP Configuration Commands
Global Commands
description
Syntax
 
description description-string
no description
Context
 
config>aaa>l2tp-acct-plcy
Description
 
This command creates a text description stored in the configuration file for a configuration context.
The description command associates a text string with a configuration context to help identify the content in the configuration file.
The no form of this command removes the string from the configuration.
Default
 
No description associated with the configuration context.
Parameters
 
description-string
The description character string. Allowed values are any string up to 80 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.
shutdown
Syntax
 
[no] shutdown
Context
 
config>aaa>l2tp-acct-plcy
Description
 
This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.
The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.
The no form of this command places the entity into an administratively enabled state.
L2TP Tunnel Account Commands
next-attempt
Syntax
 
next-attempt {same-preference-level | next-preference-level}
no next-attempt
Context
 
configure>router>l2tp
configure>service>vprn>l2tp
Description
 
This command enables tunnel selection algorithm based on the tunnel preference level.
Parameters
 
same-preference-level
In case that the tunnel-spec selection algorithm evaluates into a tunnel that is currently unavailable (for example tunnel in a blacklist) then the next elected tunnel, if available, will be chosen within the same preference-level as the last attempted tunnel. Only when all tunnels within the same preference level are exhausted, the tunnel selection algorithm will move to the next preference level.
In case that a new session setup request is received while all tunnels on the same preference level are blacklisted, the L2TP session will try to be established on blacklisted tunnels before the tunnel selection moves to the next preference level.
next-preference-level
In case that the tunnel-spec selection algorithm evaluates into a tunnel that is currently unavailable (for example tunnel in a blacklist) then the selection algorithm will try to select the tunnel from the next preference level, even though the tunnels on the same preference level might be available for selection.
Default next-preference-level
replace-result-code
Syntax
 
replace-result-code code [code...(upto 3 max)]
no replace-result-code
Context
 
configure>router>l2tp
configure>service>vprn>l2tp
Description
 
This command will replace CDN Result-Code 4, 5 and 6 on LNS with the Result Code 2. This is needed for interoperability with some implementation of LAC which only take action based on CDN Result-Code 2, while ignore CDN Result-Code 4, 5 and 6.
Default
 
no replace-result-code
Parameters
 
code
Specifies the L2TP Result codes that need to be replaced.
Values
cdn-tmp-no-facilities — CDN Result-Code 4 on LNS will be replaced with the result code 2 before it is sent to LAC.
cdn-prem-no-facilities — CDN Result-Code 5 on LNS will be replaced with the result code 2 before it is sent to LAC.
cdn-inv-dest — CDN Result-Code 6 on LNS will be replaced with the result code 2 before it is sent to LAC.
df-bit-lac
Syntax
 
df-bit-lac {always|never}
no df-bit-lac
Context
 
config>router>l2tp
config>service>vprn>l2tp
Description
 
By default, the LAC df-bit-lac is always set and sends all L2TP packets with the DF bit set to 1. The DF bit is configurable to allow downstream routers to fragment the L2TP packets. The LAC itself will not fragment L2TP packets. L2TP packets that have a larger MTU size than what the LAC egress ports allows are dropped.
Default
 
df-bit-lac always
Parameters
 
always
Specifies that the LAC will send all L2TP packets with the DF bit set to 1.
never
Specifies that the LAC will send all L2TP packets with the DF bit set to 0.
df-bit-lac
Syntax
 
df-bit-lac {always|never|default}
no df-bit-lac
Context
 
config>router/service>vprn>l2tp>group
config>router/service>vprn>l2tp>group>tunnel
Description
 
By default, the LAC df-bit-lac is set to default and sends all L2TP packets with the DF bit set to 1. The DF bit is configurable to allow downstream routers to fragment the L2TP packets. The LAC itself will not fragment L2TP packets. L2TP packets that have a larger MTU size than what the LAC egress ports allows are dropped. The configuration of the df-bit can be overridden at different levels: l2tp, tunnel, and group. The configuration at the tunnel level overrides the configuration on both group and l2tp. The configuration at the group level overrides the configuration on l2tp.
Default
 
df-bit-lac default
Parameters
 
always
Specifies that the LAC will send all L2TP packets with the DF bit set to 1.
never
Specifies that the LAC will send all L2TP packets with the DF bit set to 0.
default
Follows the DF-bit configuration specified on upper levels.
group
Syntax
 
group tunnel-group-name [create]
no group tunnel-group-name
Context
 
config>router>l2tp
config>service>vprn>l2tp
Description
 
This command configures an L2TP tunnel group.
Parameters
 
tunnel-group-name
Specifies a name string to identify a L2TP group up to 63 characters in length.
create
This keyword is mandatory when creating a tunnel group name. The create keyword requirement can be enabled/disabled in the environment>create context.
tunnel
Syntax
 
tunnel tunnel-name [create]
no tunnel tunnel-name
Context
 
config>router>l2tp>group
config>service>vprn>l2tp>group
Description
 
This command configures an L2TP tunnel. A tunnel exists between a LAC-LNS pair and consists of a Control Connection and zero or more L2TP sessions. The tunnel carries encapsulated PPP datagrams and control messages between the LAC and the L2TP Network Server (LNS).
Parameters
 
tunnel-name
Specifies a valid string to identify a L2TP up to 32 characters in length.
create
mandatory while creating a new tunnel
tunnel-selection-blacklist
Syntax
 
tunnel-selection-blacklist
Context
 
config>router>l2tp
Description
 
This command enables the context to configure L2TP Tunnel Selection Blacklist parameters.
add-tunnel
Syntax
 
add-tunnel never
add-tunnel on reason [reason...(upto 8 max)]
no add-tunnel
Context
 
configure>router>l2tp>tunnel-selection-blacklist
configure>service>vprn>l2tp>tunnel-selection-blacklist
Description
 
This command will force the tunnel to the blacklist and render it unavailable for new sessions for the duration of pre-configured time. Peers are always forced to the black list in case that they time out (failure to receive response to control packets). In addition to time outs, certain events can be used to trigger placement of the tunnel on the black list.
Parameters
 
reason
Specifies the return codes or events that determine which tunnels are added to the blacklist
Values
cdn-err-code — A tunnel will be forced to the blacklist in case that CDN message with the Result Code 2 ( Call disconnected for the reasons indicated in error code) is received.
cdn-inv-dest — A tunnel will be forced to the blacklist in case that CDN message with the Result Codes 6 ( Invalid destination) is received.
cdn-tmp-no-facilities — A tunnel will be forced to the blacklist in case that CDN message with the Result Code 4 is received ( Call failed due to lack of appropriate facilities being available - temporary condition) is received.
cdn-perm-no-facilities — A tunnel will be forced to the blacklist in case that CDN message with the Result Codes 5 ( Call failed due to lack of appropriate facilities being available - permanent condition) is received.
tx-cdn-not-established-in-time — A tunnel will be forced to the blacklist in case that CDN message with the Result Code 10 (Call was not established within time allotted by LAC) is sent from the LAC to the LNS.
stop-ccn-err-code — A tunnel will be forced to the blacklist in case that StopCCN message with the Result Code 2 (General error – Error Code indicates the problem) is sent or received.
stop-ccn-other — A tunnel will be forced to the blacklist in case that StopCCN message with the following Result Codes is received:
(1) General request to clear control connection
(4) Requestor is not authorized to establish a control channel
(5) Protocol version not supported
(6) Requestor is being shutdown
Or in the case that the StopCCN with the following result codes is transmitted:
(4) Requestor is not authorized to establish a control channel.
(5) Protocol version not supported
The receipt of the following Result Codes will NEVER blacklist a tunnel:
(0) Reserved
(3) Control channel already exist
(7) Finite state machine error
(8) Undefined
Transmission of the following Result Codes will NEVER blacklist a tunnel:
(1) General request to clear control connection
(3) Control channel already exist
(6) Requestor is being shutdown
(7) Finite state machine error

addr-change-timeout — A timed-out tunnel for which the peer IP address has changed mid-session (from the one that is provided initially during configuration) will be forced to the blacklist. In absence of this configuration option, only the configured peer for the tunnel will be blacklisted, but not the tunnel itself which now has a different peer address than the one initially configured.
never
When specified, no tunnels will be placed on blacklist under any circumstance. This parameter will available to preserve backward compatibility.
 
max-list-length
Syntax
 
max-list-length unlimited
max-list-length count
no max-list-length
Context
 
configure>router>l2tp>tunnel-selection-blacklist
configure>service>vprn>l2tp>tunnel-selection-blacklist
Description
 
This command configured the maximum length of the peer/tunnel blacklist.
This command specifies how many items (tunnels or peers) can be in the tunnel-selection-blacklist. If a tunnel or peer needs to be added to the tunnel-selection-blacklist and the tunnel-selection-blacklist is full, the system will remove the item (tunnel or peer) from the blacklist that was in this blacklist forthe longest time.
Default
 
unlimited
Parameters
 
unlimited
Specifies there is no limit.
count
Specifies how many items (tunnels or peers) can be in the tunnel-selection-blacklist.
Values
1..65635
max-time
Syntax
 
max-time minutes
no max-time
Context
 
configure>router>l2tp>tunnel-selection-blacklist
configure>service>vprn>l2tp>tunnel-selection-blacklist
Description
 
This command configures time for which an entity (peer or a tunnel) are kept in the blacklist.
Default
 
5 minutes
Parameters
 
minutes
Specifies the maximum time a tunnel or peer may remain in the blacklist
Values
1..60
timeout-action
Syntax
 
timeout-action action
no timeout-action
Context
 
configure>router>l2tp>tunnel-selection-blacklist
configure>service>vprn>l2tp>tunnel-selection-blacklist
Description
 
This command defines an action that will be executed on the entity (peer/tunnel) in the blacklist once the entity becomes eligible for selection again.
Default
 
remove-from-blacklist
Parameters
 
action
Specifies the Action to be taken when a tunnel or peer has been in the blacklist for the max-period of time.
Values
remove-from-blacklist — The peer or tunnel in the blacklist will be removed completely from the blacklist and made eligible for the selection process once the max-time expires. In this mode of operation, multiple new sessions can be mapped into the same, newly released tunnel from the blacklist. The first such session will try to setup the tunnel, while the other will be buffered until the tunnel establishment process is completed. In case that the tunnel remains unavailable, it will be placed in the blacklist again. Consequently all new sessions will have be re-negotiated over an alternate tunnel.
try-one-session — Once the max-time expired, the peer or tunnel in the blacklist is made available for selection only to a single new session request. Only upon successful tunnel establishment will the incoming new sessions be eligible to be mapped into this tunnel. This behavior will avoid session establishment delays in case that the tunnel just removed from the blacklist is still unavailable.
non-multi-chassis-tunnel-id-range
Syntax
 
non-multi-chassis-tunnel-id-range start l2tp-tunnel-id end l2tp-tunnel-id
non-multi-chassis-tunnel-id-range default
no non-multi-chassis-tunnel-id-range
Context
 
config>system>l2tp
Description
 
This command sets the tunnel-id range that will be used to allocate a new tunnel-id for a tunnel for which no multi-chassis redundancy is configured.
Default
 
Sets the tunnel-id range to the full tunnel-id range available on this system
The default for start l2tp-tunnel-id is 1. No tunnel-ids are available for which no multi-chassis redundancy is configured when set to 0.
The default for end l2tp-tunnel-id is the maximum tunnel-id allowed on this system. The end l2tp-tunnel-id must be set to 0 when the start l2tp-tunnel-id is set to 0 and vice versa.
l2tp-tunnel-id-range
Syntax
 
l2tp-tunnel-id-range start l2tp-tunnel-id end l2tp-tunnel-id
no l2tp-tunnel-id-range
Context
 
config>redundancy>multi-chassis>peer>sync>track-srrp-instances>track-srrp
Description
 
This command sets the tunnel-id range that will be used to allocate a new tunnel-id for a tunnel for which multi-chassis redundancy is configured to this MCS peer.
Default
 
Makes the tunnel ID empty.
Parameters
 
start l2tp-tunnel-id
Specifies the start of the range of L2TP tunnel identifiers that can be allocated by L2TP on this system, to be synchronized with Multi Chassis Redundancy Synchronization (MCS).
Values
1 — 16383
end l2tp-tunnel-id
Specifies the end of the range of L2TP tunnel identifiers that can be allocated by L2TP on this system, to be synchronized with Multi Chassis Redundancy Synchronization (MCS).
Values
1 — 16383
recovery-method
Syntax
 
recovery-method method
no recovery-method
Context
 
configure>router>l2tp>failover
configure>service>vprn>l2tp>failover
configure>router>l2tp>group>failover
configure>service>vprn>l2tp>group>failover
configure>router>l2tp>group>tunnel>failover
configure>service>vprn>l2tp>group>tunnel>failover
Description
 
This command sets the recovery method to be used for newly created tunnels.
Default
 
mcs on configure>router>l2tp>failover
default on configure>service>vprn>l2tp>failover
Parameters
 
method
Describes how a pair of redundant LAC peers recover tunnel and session state (sequence numbers, for example) immediately after a failover; note that, while failover is enabled, the tunnels and sessions proper are always kept synchronized between the redundant pair, regardless of the recovery method for the sequence numbers when a failover really occurs.
Values
mcs — Specifies that the stateful information is recovered from the failover peer directly, using Multi-Chassis Redundancy Synchronization (MCS).
recovery-tunnel — Specifies that the stateful information is recovered as described in RFC 4951, Fail Over Extensions for Layer 2 Tunneling Protocol (L2TP). This method uses a recovery tunnel to the L2TP peer to pass the stateful information.
default — Specifies that the actual value must be derived from another object of the same type with a wider scope. Takes the value of the next higher level (not available in configure>router>l2tp>failover and configure>service>vprn>l2tp>failover).
recovery-time
Syntax
 
recovery-time seconds
no recovery-time
Context
 
configure>router>l2tp>failover
configure>service>vprn>l2tp>failover
configure>router>l2tp>group>failover
configure>service>vprn>l2tp>group>failover
configure>router>l2tp>group>tunnel>failover
configure>service>vprn>l2tp>group>tunnel>failover
Description
 
This command sets the recovery time to be negotiated via RFC 4951. It represents the extra time this L2TP peer (LAC or LNS) needs to recover all its tunnels.
Default
 
0 on configure>router>l2tp>failover
configure>service>vprn>l2tp>failover
Parameters
 
seconds
The period of time, expressed in seconds, an endpoint asks its peer to wait before assuming the recovery process has failed.
Values
0 — 900
track-srrp
Syntax
 
track-srrp srrp-instance peer ip-address sync-tag sync-tag
no track-srrp srrp-instance
Context
 
configure>router>l2tp>failover
configure>service>vprn>l2tp>failover
Description
 
This command sets the sync-tag to be used to synchronize the tunnels with track-srrp <srrp-id> to MCS peer <IP-@>. The same sync-tag should be configured on the MCS peer.
Default
 
Removes the sync-tag for the indicated track-srrp.
Parameters
 
srrp-instance
Specifies the Simple Router Redundancy Protocol (SRRP) instance used for Multi-Chassis redundancy failover that is associated with this Layer Two Tunneling Protocol Tunnel.
sync-tag sync-tag
Specifies a synchronization tag to be used while synchronizing with the peer.
tunnel
Syntax
 
tunnel tunnel-name [create]
no tunnel tunnel-name
Context
 
config>router>l2tp>group
Description
 
This command configures an L2TP tunnel.
Parameters
 
tunnel-name
Specifies a string to identify a L2TP tunnel up to 32 characters in length.
L2TP Tunnel RADIUS Accounting Commands
l2tp-tunnel-accounting-policy
Syntax
 
l2tp-accounting-policy policy-name [create]
no l2tp-accounting-policy
Context
 
config>aaa
Description
 
This command enables the L2TP accounting.
The no form of this command disables accounting.
Default
 
None
Parameters
 
name
The name of L2TP tunnel accounting policy.
create
Mandatory keyword to create a policy name.
accounting-type
Syntax
 
accounting-type [session] [tunnel]
no accounting-type
Context
 
config>aaa>l2tp-acct-plcy
Description
 
This command specifies the accounting type for the L2TP tunnel accounting policy.
The no form of the command reverts to the default.
Default
 
session tunnel
Parameters
 
session
Enables tunnel level accounting, including:
Tunnel-Link-Start
Tunnel-Link-Stop
Tunnel-Link-Reject
tunnel
Enables link level accounting, including:
Tunnel-Start
Tunnel-Stop
Tunnel-Reject
include-radius-attribute
Syntax
 
[no] include-radius-attribute
Context
 
config>aaa>l2tp-acct-plcy
Description
 
This command enables the context to specify the RADIUS parameters that the system should include into RADIUS authentication-request messages.
The no form of the command rdisables
nas-identifier
Syntax
 
[no] nas-identifier
Context
 
config>aaa>l2tp-acct-plcy>include-radius-attribute
Description
 
This command enables the generation of the nas-identifier RADIUS attribute.
nas-port
Syntax
 
[no] nas-port bit-specification binary-spec
Context
 
config>aaa>l2tp-acct-plcy>include-radius-attribute
Description
 
This command enables the generation of the nas-port RADIUS attribute. You enter decimal representation of a 32-bit string that indicates your port information. This 32-bit string can be compiled based on different information from the port (data types). By using syntax number-of-bits data-type you indicate how many bits from the 32 bits are used for the specific data type. These data types can be combined up to 32 bits in total. In between the different data types 0's and/or 1's as bits can be added.
The no form of this command disables your nas-port configuration.
Parameters
 
bit-specification binary-spec
Specifies the NAS-Port attribute
Values
binary-spec <bit-specification> <binary-spec>
bit-specification 0 | 1 | <bit-origin>
bit-origin *<number-of-bits><origin>
number-of-bits 1 — 32
origin o | i | s | m | p
outer VLAN ID
i inner VLAN ID
s slot number
m MDA number
p port number or lag-id
Sample
*12o*12i00*2s*2m*2p => oooo oooo oooo iiii iiii iiii 00ss mmpp
If outer vlan = 0 & inner vlan = 1 & slot = 3 & mda = 1 & port = 1
=>  0000 0000 0000 0000 0000 0001 0011 0101 => nas-port = 309
nas-port-id
Syntax
 
nas-port-id
nas-port-id [prefix-string string] [suffix suffix-option]
no nas-port-id
Context
 
config>aaa>l2tp-acct-plcy>include-radius-attribute
Description
 
This command enables the generation of the nas-port-id RADIUS attribute. Optionally, the value of this attribute (the SAP-id) can be prefixed by a fixed string and suffixed by the circuit-id or the remote-id of the client connection. If a suffix is configured, but no corresponding data is available, the suffix used will be 0/0/0/0/0/0.
Parameters
 
prefix-string string
Specifies that a user configurable string will be added to the RADIUS NAS port attribute, up to 8 characters in length.
suffix suffix-option
Specifies the suffix type to be added to the RADIUS NAS oort attribute.
Values
circuit-id, remote-id
nas-port-type
Syntax
 
nas-port-type
nas-port-type [0..255]
no nas-port-type
Context
 
config>aaa>l2tp-acct-plcy>include-radius-attribute
Description
 
This command enables the generation of the nas-port-type RADIUS attribute. If set to nas-port-type, the following will be sent: values: 32 (null-encap), 33 (dot1q), 34 (qinq), 15 (DHCP hosts). The nas-port-type can also be set as a specified value, with an integer from 0 to 255.
The no form of the command reverts to the default.
Default
 
no nas-port-type
Parameters
 
0 — 255
Specifies an enumerated integer that specifies the value that will be put in the RADIUS nas-port-type attribute.
radius-accounting-server
Syntax
 
radius-accounting-server
Context
 
config>aaa>l2tp-acct-plcy>include-radius-attribute
Description
 
This command creates the context for defining RADIUS accounting server attributes under a given session authentication policy.
access-algorithm
Syntax
 
access-algorithm {direct | round-robin}
no access-algorithm
Context
 
config>aaa>l2tp-acct-plcy>include-radius-attribute
Description
 
This command configures the algorithm used to access the list of configured RADIUS servers.
Default
 
direct
Parameters
 
direct
Specifies that the first server will be used as primary server for all requests, the second as secondary and so on.
round-robin
Specifies that the first server will be used as primary server for the first request, the second server as primary for the second request, and so on. If the router gets to the end of the list, it starts again with the first server.
retry
Syntax
 
retry count
Context
 
config>aaa>l2tp-acct-plcy>radius-acct-server
Description
 
This command configures the number of times the router attempts to contact the RADIUS server for authentication. Note that the retry count includes the first attempt.
The no form of the command reverts to the default value.
Default
 
3 (the initial attempt as well as two retried attempts)
Parameters
 
count
Specifies the retry count.
Values
1 — 10
router
Syntax
 
router router-instance
router service-name service-name
no router
Context
 
config>aaa>l2tp-acct-plcy>radius-acct-server
Description
 
This command specifies the number of times the router attempts to contact the RADIUS server for authentication, if not successful the first time.
The no form of the command reverts to the default value.
server
Syntax
 
server server-index address ip-address secret key [hash | hash2] [port port] [create]
no server server-index
Context
 
config>aaa>l2tp-acct-plcy>radius-acct-server
Description
 
This command adds a RADIUS server and configures the RADIUS server IP address, index, and key values.
Up to five RADIUS servers can be configured at any one time. RADIUS servers are accessed in order from lowest to highest index for authentication requests until a response from a server is received. A higher indexed server is only queried if no response is received from a lower indexed server (which implies that the server is not available). If a response from a server is received, no other RADIUS servers are queried.
The no form of the command removes the server from the configuration.
Default
 
none
Parameters
 
server-index
The index for the RADIUS server. The index determines the sequence in which the servers are queried for authentication requests. Servers are queried in order from lowest to highest index.
Values
1 — 16 (a maximum of 5 accounting servers)
address ip-address
The IP address of the RADIUS server. Two RADIUS servers cannot have the same IP address. An error message is generated if the server address is a duplicate.
secret key
Values
The secret key to access the RADIUS server. This secret key must match the password on the RADIUS server.
secret-key — A string up to 20 characters in length.
hash-key — A string up to 33 characters in length.
hash2-key — A string up to 55 characters in length.
hash
Specifies the key is entered in an encrypted form. If the hash parameter is not used, the key is assumed to be in a non-encrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash parameter specified.
hash2
Specifies the key is entered in a more complex encrypted form. If the hash2 parameter is not used, the less encrypted hash form is assumed.
port
Specifies the UDP port number on which to contact the RADIUS server for authentication.
Values
1 — 65535
source-address-range
Syntax
 
source-address-range start-ip-address end-ip-address
no source-address
Context
 
config>aaa>l2tp-acct-plcy>radius-acct-server
Description
 
This command configures the source address range of the RADIUS messages.
The no form of the command reverts to the default value.
Default
 
systemIP address
Parameters
 
start-ip-address
Specifies the start of the the range of source addresses to be used for NAT RADIUS accounting.
end-ip-address
Specifies the end of the the range of source addresses to be used for NAT RADIUS accounting.
timeout
Syntax
 
timeout seconds
Context
 
config>aaa>l2tp-acct-plcy>radius-acct-server
Description
 
This command configures the number of seconds the router waits for a response from a RADIUS server.
The no form of the command reverts to the default value.
Default
 
5
Parameters
 
seconds
Specifies the time the router waits for a response from a RADIUS server.
Values
1 — 90
request-script-policy
Syntax
 
request-script-policy radius-script-policy-name
no request-script-policy
Context
 
config>aaa>l2tp-acct-plcy>radius-acct-server
Description
 
This command specifies the RADIUS script policy to be used for accounting-request packets.
The no form of the ocmmand removes the policy from the configuration.
Parameters
 
radius-script-policy-name
Configure a Python script policy name to modify Access-Request messages.
 
Show Commands
peer
Syntax
 
peer ip-address [udp-port port]
peer ip-address statistics [udp-port port]
peer [draining] [blacklisted|selectable|unreachable]
Context
 
show>router>l2tp
Description
 
This comand displays L2TP peer operational information/
Values
ip-address ipv4-address - a.b.c.d
ipv6-address x:x:x:x:x:x:x:x (eight 16-bit pieces)
x:x:x:x:x:x:d.d.d.d
x - [0..FFFF]H
d - [0..255]D
draining keyword
statistics keyword
port [1..65535]
Sample Output
 
 
show router l2tp peer 10.100.0.2
===============================================================================
Peer IP: 10.100.0.2
===============================================================================
Roles capab/actual: LAC LNS /LAC  -     Draining          : false
Tunnels           : 1                   Tunnels Active    : 0
Sessions          : 1                   Sessions Active   : 0
Reachability      : blacklisted         Time Unreachable  : 01/31/2013 08:55:06
Time Blacklisted  : 01/31/2013 08:55:06 Remaining (s)     : 34
===============================================================================
Conn ID                      Loc-Tu-ID Rem-Tu-ID State              Ses Active
  Group                                                             Ses Total
    Assignment
-------------------------------------------------------------------------------
977207296                    14911     0         closed             0
  base_lac_base_lns                                                 1
    t1
-------------------------------------------------------------------------------
No. of tunnels: 1
===============================================================================
 
 
show router l2tp tunnel detail
===============================================================================
L2TP Tunnel Status
==============================================================================
Connection ID: 831782912
State        : closedByPeer
IP           : 10.0.0.1
Peer IP      : 10.100.0.2
Tx dst-IP    : 10.100.0.2
Rx src-IP    : 10.100.0.2
Name         : lac
Remote Name  :
Assignment ID: t1
Group Name   : base_lac_base_lns
Acct. Policy : l2tp-base
Error Message: N/A
 
                                        Remote Conn ID    : 4294901760
Tunnel ID         : 12692               Remote Tunnel ID  : 65535
UDP Port          : 1701                Remote UDP Port   : 1701
Preference        : 50                  Receive Window    : 64
Hello Interval (s): 300
Idle TO (s)       : 5                   Destruct TO (s)   : 60
Max Retr Estab    : 5                   Max Retr Not Estab: 5
Session Limit     : 32767               AVP Hiding        : sensitive
Transport Type    : udpIp               Challenge         : never
Time Started      : 01/31/2013 08:56:58 Time Idle         : 01/31/2013 08:56:58
Time Established  : N/A                 Time Closed       : 01/31/2013 08:56:58
Stop CCN Result   : reqShutDown         General Error     : noError
Blacklist-state   : blacklisted
Blacklist Time    : 01/31/2013 08:56:58 Remaining (s)     : 49
-------------------------------------------------------------------------------
No. of tunnels: 1
===============================================================================
 
l2tp
Syntax
 
l2tp
Context
 
show>system
Description
 
This command displays L2TP system information.
Sample Output
 
 
*A:Dut-C# show system l2tp
===============================================================================
L2TP system
===============================================================================
Non MC tunnel ID range                                  : 8193-16383
Max number of tunnels                                   : 16383
Max number of sessions                                  : 131071
Max number of sessions per tunnel                       : 32767
===============================================================================
 
sync
Syntax
 
sync [peer ip-address] [statistics]
sync peer ip-address detail
Context
 
show>redundancy>multi-chassis
Description
 
This command displays synchronization information.
Parameters
 
ip-address
Specifies the IP address of the peer.
Values
ipv4-address - a.b.c.d
detail
Keyword to display detailed output.
statistics
Keyword to display statistics.
Sample Output
 
 
*A:Dut-C# show redundancy multi-chassis sync peer 2.1.2.2 detail 
 
===============================================================================
Multi-chassis Peer Table
===============================================================================
Peer
-------------------------------------------------------------------------------
Peer IP Address         : 2.1.2.2
Description             : Mc-Lag peer 2.1.2.2
Authentication          : Disabled
Source IP Address       : 1.1.1.1
Admin State             : Enabled
-------------------------------------------------------------------------------
Sync-status
-------------------------------------------------------------------------------
Client Applications     : SUBMGMT-PPPOE SRRP l2tp
Sync Admin State        : Up
Sync Oper State         : Up
Sync Oper Flags         : 
DB Sync State           : inSync
Num Entries             : 2028
Lcl Deleted Entries     : 0
Alarm Entries           : 0
OMCR Standby Entries    : 0
OMCR Alarm Entries      : 0
Rem Num Entries         : 2028
Rem Lcl Deleted Entries : 0
Rem Alarm Entries       : 0
Rem OMCR Standby Entries: 0
Rem OMCR Alarm Entries  : 0
 
===============================================================================
MCS Application Stats
===============================================================================
Application             : igmp
Num Entries             : 0
Lcl Deleted Entries     : 0
Alarm Entries           : 0
OMCR Standby Entries    : 0
OMCR Alarm Entries      : 0
-------------------------------------------------------------------------------
Rem Num Entries         : 0
Rem Lcl Deleted Entries : 0
Rem Alarm Entries       : 0
Rem OMCR Standby Entries: 0
Rem OMCR Alarm Entries  : 0
-------------------------------------------------------------------------------
Application             : igmpSnooping
Num Entries             : 0
Lcl Deleted Entries     : 0
Alarm Entries           : 0
OMCR Standby Entries    : 0
OMCR Alarm Entries      : 0
-------------------------------------------------------------------------------
Rem Num Entries         : 0
Rem Lcl Deleted Entries : 0
Rem Alarm Entries       : 0
Rem OMCR Standby Entries: 0
Rem OMCR Alarm Entries  : 0
-------------------------------------------------------------------------------
Application             : subMgmtIpoe
Num Entries             : 0
Num Entries             : 0
Lcl Deleted Entries     : 0
Alarm Entries           : 0
OMCR Standby Entries    : 0
OMCR Alarm Entries      : 0
-------------------------------------------------------------------------------
Rem Num Entries         : 0
Rem Lcl Deleted Entries : 0
Rem Alarm Entries       : 0
Rem OMCR Standby Entries: 0
Rem OMCR Alarm Entries  : 0
-------------------------------------------------------------------------------
Application             : srrp
Num Entries             : 26
Lcl Deleted Entries     : 0
Alarm Entries           : 0
OMCR Standby Entries    : 0
OMCR Alarm Entries      : 0
-------------------------------------------------------------------------------
Rem Num Entries         : 26          
Rem Lcl Deleted Entries : 0
Rem Alarm Entries       : 0
Rem OMCR Standby Entries: 0
Rem OMCR Alarm Entries  : 0
-------------------------------------------------------------------------------
Application             : mcRing
Num Entries             : 0
Lcl Deleted Entries     : 0
Alarm Entries           : 0
OMCR Standby Entries    : 0
OMCR Alarm Entries      : 0
-------------------------------------------------------------------------------
Rem Num Entries         : 0
Rem Lcl Deleted Entries : 0
Rem Alarm Entries       : 0
Rem OMCR Standby Entries: 0
Rem OMCR Alarm Entries  : 0
-------------------------------------------------------------------------------
Application             : mldSnooping
Num Entries             : 0
Lcl Deleted Entries     : 0
Alarm Entries           : 0
OMCR Standby Entries    : 0
OMCR Alarm Entries      : 0
-------------------------------------------------------------------------------
Rem Num Entries         : 0
Rem Lcl Deleted Entries : 0
Rem Alarm Entries       : 0
Rem OMCR Standby Entries: 0
Rem OMCR Alarm Entries  : 0
-------------------------------------------------------------------------------
Application             : dhcpServer
Num Entries             : 0
Lcl Deleted Entries     : 0
Alarm Entries           : 0
OMCR Standby Entries    : 0
OMCR Alarm Entries      : 0
-------------------------------------------------------------------------------
Rem Num Entries         : 0
Rem Lcl Deleted Entries : 0           
Rem Alarm Entries       : 0
Rem OMCR Standby Entries: 0
Rem OMCR Alarm Entries  : 0
-------------------------------------------------------------------------------
Application             : subHostTrk
Num Entries             : 0
Lcl Deleted Entries     : 0
Alarm Entries           : 0
OMCR Standby Entries    : 0
OMCR Alarm Entries      : 0
-------------------------------------------------------------------------------
Rem Num Entries         : 0
Rem Lcl Deleted Entries : 0
Rem Alarm Entries       : 0
Rem OMCR Standby Entries: 0
Rem OMCR Alarm Entries  : 0
-------------------------------------------------------------------------------
Application             : subMgmtPppoe
Num Entries             : 2000
Lcl Deleted Entries     : 0
Alarm Entries           : 0
OMCR Standby Entries    : 0
OMCR Alarm Entries      : 0
-------------------------------------------------------------------------------
Rem Num Entries         : 2000
Rem Lcl Deleted Entries : 0
Rem Alarm Entries       : 0
Rem OMCR Standby Entries: 0
Rem OMCR Alarm Entries  : 0
-------------------------------------------------------------------------------
Application             : mcIpsec
Num Entries             : 0
Lcl Deleted Entries     : 0
Alarm Entries           : 0
OMCR Standby Entries    : 0
OMCR Alarm Entries      : 0
-------------------------------------------------------------------------------
Rem Num Entries         : 0
Rem Lcl Deleted Entries : 0
Rem Alarm Entries       : 0           
Rem OMCR Standby Entries: 0
Rem OMCR Alarm Entries  : 0
-------------------------------------------------------------------------------
Application             : mld
Num Entries             : 0
Lcl Deleted Entries     : 0
Alarm Entries           : 0
OMCR Standby Entries    : 0
OMCR Alarm Entries      : 0
-------------------------------------------------------------------------------
Rem Num Entries         : 0
Rem Lcl Deleted Entries : 0
Rem Alarm Entries       : 0
Rem OMCR Standby Entries: 0
Rem OMCR Alarm Entries  : 0
-------------------------------------------------------------------------------
Application             : python
Num Entries             : 0
Lcl Deleted Entries     : 0
Alarm Entries           : 0
OMCR Standby Entries    : 0
OMCR Alarm Entries      : 0
-------------------------------------------------------------------------------
Rem Num Entries         : 0
Rem Lcl Deleted Entries : 0
Rem Alarm Entries       : 0
Rem OMCR Standby Entries: 0
Rem OMCR Alarm Entries  : 0
-------------------------------------------------------------------------------
Application             : l2tp
Num Entries             : 2
Lcl Deleted Entries     : 0
Alarm Entries           : 0
OMCR Standby Entries    : 0
OMCR Alarm Entries      : 0
-------------------------------------------------------------------------------
Rem Num Entries         : 2
Rem Lcl Deleted Entries : 0
Rem Alarm Entries       : 0
Rem OMCR Standby Entries: 0           
Rem OMCR Alarm Entries  : 0
-------------------------------------------------------------------------------
Application             : diamProxy
Num Entries             : 0
Lcl Deleted Entries     : 0
Alarm Entries           : 0
OMCR Standby Entries    : 0
OMCR Alarm Entries      : 0
-------------------------------------------------------------------------------
Rem Num Entries         : 0
Rem Lcl Deleted Entries : 0
Rem Alarm Entries       : 0
Rem OMCR Standby Entries: 0
Rem OMCR Alarm Entries  : 0
-------------------------------------------------------------------------------
===============================================================================
 
===============================================================================
Ports synced on peer 2.1.2.2
===============================================================================
Port/Encap                    Tag
-------------------------------------------------------------------------------
3/2/5                         
  1-999                       pppoe1
  1000-1000                   srrp1
3/2/6                         
  1-999                       pppoe2
===============================================================================
 
===============================================================================
DHCP Server instances synced on peer 2.1.2.2
===============================================================================
Router-Name                      Server-Name
  Tag
-------------------------------------------------------------------------------
No instances found
===============================================================================
 
===============================================================================
Python cache instances synced on peer 2.1.2.2
===============================================================================
Python-Policy                    Tag
-------------------------------------------------------------------------------
No instances found
===============================================================================
 
===============================================================================
L2TP instances
===============================================================================
Router         Tag                              SRRP
-------------------------------------------------------------------------------
Base           lac1                             1
Base           lac2                             2
===============================================================================
 
===============================================================================
Track SRRP instances
===============================================================================
SRRP                    : 1
-------------------------------------------------------------------------------
L2TP tunnel ID start    : 1
L2TP tunnel ID end      : 1
 
SRRP                    : 2
-------------------------------------------------------------------------------
L2TP tunnel ID start    : 2
L2TP tunnel ID end      : 2
 
===============================================================================
 
===============================================================================
Diameter proxy instances synced on peer 2.1.2.2
===============================================================================
Diameter-Peer-Policy             Tag
-------------------------------------------------------------------------------
No instances found
===============================================================================
===============================================================================
*A:Dut-C# 
 
Debug Commands
assignment-id
Syntax
 
assignment-id assignment-id
Context
 
debug>router>l2tp
Description
 
This command enables and configures debugging for the L2TP tunnel with a given assignment-id.
Parameters
 
assignment-id
Specifies a string that distinguishes this L2TP tunnel.
event
Syntax
 
[no] event
Context
 
debug>router>l2tp
debug>router>l2tp>assignment-id
debug>router>l2tp>group
debug>router>l2tp>peer
debug>router>l2tp>tunnel
Description
 
This command configures an L2TP debugging event.
group
Syntax
 
group tunnel-group-name
Context
 
debug>router>l2tp
Description
 
This command enables and configures debugging for an L2TP group.
Parameters
 
tunnel-group-name
Specifies the tunnel group name up to 63 characters in length.
peer
Syntax
 
peer ip-address [udp-port port]
Context
 
debug>router>l2tp
Description
 
This command enables and configures debugging for an L2TP peer.
Parameters
 
ip-address
Specifies the IP address of the session.
Values
<ip-address> : ipv4-address - a.b.c.d
ipv6-address - x:x:x:x:x:x:x:x (eight 16-bit
pieces)
x:x:x:x:x:x:d.d.d.d
x - [0..FFFF]H
d - [0..255]D
udp-port port
Specifies the local UDP port of this L2TP.
Values
1 — 65535
tunnel
Syntax
 
tunnel connection-id
Context
 
debug>router>l2tp
Description
 
This command enables and configures debugging for an L2TP tunnel.
Parameters
 
connection-id
Specifies the connection ID of the L2TP session associated with this session.
Values
1 — 4294967295
recovery
Syntax
 
[no] recovery
Context
 
debug>router>l2tp>assignment-id>event
debug>router>l2tp>event
debug>router>l2tp>group>event
debug>router>l2tp>peer>event
debug>router>l2tp>tunnel>event
Description
 
This command configures L2TP LAC state recovery event debugging.
recovery-failed
Syntax
 
[no] recovery-failed
Context
 
debug>router>l2tp>assignment-id>event
debug>router>l2tp>event
debug>router>l2tp>group>event
debug>router>l2tp>peer>event
debug>router>l2tp>tunnel>event
Description
 
This command configures L2TP LAC state recovery failed event debugging.