No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Understanding L2TPv3

Understanding L2TPv3

In Figure 2-1, enterprise branch LANs need to exchange Layer 2 data over the IP network; therefore, L2TPv3 is configured on the egress gateways.

Figure 2-1  L2TPv3 tunnel


  • LCCE

    An L2TP Control Connection Endpoint (LCCE) is a node at either end of an L2TP control connection tunnel (L2TPv3 tunnel). An LCCE can be an L2TP access concentrator (LAC) or an L2TP network server (LNS). The LCCE is an LAC if frames to be forwarded over the tunnel are processed at the data link layer and is an LNS if the frames are processed at the network layer.

  • PW

    A pseudo wire (PW) is a directly connected virtual data channel between two AC interfaces, used to transparently transmit Layer 2 data. Each L2TPv3 session corresponds to a PW.

  • AC interface

    An AC interface is connected to a user-side device, to receive and forward user-side traffic. In this document, only Layer 3 Ethernet interfaces, including WAN interfaces, sub-interfaces (not in selective QinQ mode), and VLANIF interfaces can be used as AC interfaces.

  • PW interface

    A PW interface is connected to the remote LCCE, to receive and forward L2TPv3 packets from the network side.

  • Static tunnel

    A static tunnel is established by manually configuring local and remote parameters. Data is directly forwarded over a static tunnel without the packet negotiation process.

    Only one tunnel can be established on an interface, and one tunnel supports only one session. Multiple tunnels can be created at different interfaces of a device.

Working Process

In Figure 2-1, the gateways of enterprise branch A and branch B are LCCE1 and LCCE2 respectively. To establish an L2TPv3 tunnel between LCCE1 and LCCE2, perform the following operations:

  1. Enable L2TPv3 globally on the LCCEs.
  2. Create a tunnel interface on each LCCE. Set the tunneling protocol to L2TPv3 and the working mode to static. Configure the tunnel source address, tunnel destination address, session ID and other parameters.
    An L2TPv3 tunnel can be established only when the same parameters are configured on the two ends.
  3. Bind an AC interface to the tunnel interface on each LCCE.
  4. The AC interface forwards traffic to the remote device through the L2TPv3 tunnel.

L2TPv3 Packet Format

Figure 2-2 shows the L2TPv3 encapsulation format.

Figure 2-2  L2TPv3 packet format

L2TPv3 Packet Encapsulation

Figure 2-3  L2TPv3 packet encapsulation
In Figure 2-3, packets sent from branch A to branch B are forwarded as follows:
  1. Branch A sends a data packet to branch B.
  2. LCCE1 receives the packet and adds VLAN encapsulation to it on the AC interface. The AC interface then adds an L2TPv3 header to the data packet based on the tunnel encapsulation table, and forwards the packet through the tunnel interface based on the routing table.
  3. LCCE2 receives the packet and checks whether it is an L2TPv3 packet. If the packet is an L2TPv3 packet, LCCE2 searches the tunnel decapsulation table and checks whether the local parameters of the LCCE1 are the same as the remote parameters of the LCCE2. If they are the same, LCCE2 removes the L2TPv3 header. The AC interface on LCCE2 then processes the packet based on the VLAN encapsulation rule and forwards it to branch B. If the packet is not an L2TPv3 packet or the local parameters of the sender are different from the remote parameters of the remote device, LCCE2 discards the packet.

Service Access Modes

When two branches in different VLANs need to communicate, the branch devices send packets to the L2TPv3 tunnel in either of the following ways:

  • Directly forwarding packets: When the AC interface is a WAN interface, that is, it has been bound to the tunnel using the link-bridge command, the L2TPv3 tunnel can transparently transmit untagged, single-tagged, or double-tagged Layer 2 packets.
  • Terminating one tag: The sub-interface of the AC interface removes the outer tag from single-tagged or double-tagged packets and adds an L2TPv3 header before sending them to the L2TPv3 tunnel. The sub-interface adds one tag to packets received from the L2TPv3 tunnel before forwarding them.
    • If the received packets contain one tag, the sub-interface removes the C-Tag.
    • If the received packets contain double tags, the sub-interface removes the S-Tag.
  • Terminating double tags: The sub-interface of the AC interface removes both S-Tag and C-Tag from packets and adds an L2TPv3 header before sending them to the L2TPv3 tunnel. The sub-interface adds both S-Tag and C-Tag to packets received from the L2TPv3 tunnel before forwarding them.

For details about tag termination on sub-interfaces, see VLAN Termination Configuration in the Huawei AR Series Access Routers CLI-based Configuration - Configuration Guide - Ethernet Switching.

Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 153316

Downloads: 369

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next