- About This Document
- L2TP Configuration
- Overview of L2TP
- Understanding L2TP
- Application Scenarios for L2TP
- Client-Initiated L2TP Connection
- LAC-Initiated L2TP Connection upon Receiving a Call Connection Request
- LAC-Initiated L2TP Connection upon Receiving a Call from a PPPoE User
- L2TP Client-Initiated L2TP Connection
- LAC-Initiated L2TP Connection When Users from Multiple Domains Are Connected
- Authenticating VPDN Users Using the RADIUS Server
- Allocating the Frame-IP and Frame-Route Attributes and the Specified Address Pool Name to L2TP Users by the RADIUS Server
- Setting Up a Secure Tunnel Connection Using L2TP over IPSec Encapsulation
- Setting Up a Secure Tunnel Connection Using IPSec over L2TP Encapsulation
- Licensing Requirements and Limitations for L2TP
- Default Settings for L2TP
- Configuring L2TP
- Maintaining L2TP
- Configuration Examples for L2TP
- Example for Configuring Client-Initiated L2TP Connections
- Example for Configuring the LAC to Initiate Call-Triggered L2TP Connections (Dial-Up Users)
- Example for Configuring the LAC to Initiate Call-Triggered L2TP Connections (PPPoE Users)
- Example for Configuring an L2TP Client-Initiated L2TP Connection
- Example for Configuring L2TP Client-Initiated L2TP Connections
- Example for Configuring L2TP Client-Initiated L2TP Connections Using the 3G Interface
- Troubleshooting L2TP
- FAQ About L2TP
- Starting from Which Version Does the device Support NAT Traversal in L2TP?
- L2TP Dialup Is Successful After Dozens of Attempts and Error 691 Is Displayed. Why?
- How Can I Quickly Locate Why the LAC Cannot Set Up an L2TP Tunnel with the LNS?
- How Do I Configure the LNS That Trusts the LAC Not to Perform Second Authentication on Remote Users?
- What Can I Do If a PC Running the Windows 7 or XP Operating System Fails to Establish an L2TP over IPSec Tunnel with the Device?
- L2TPv3 Configuration
- GRE Configuration
- Overview of GRE
- Understanding GRE
- Application Scenarios for GRE
- Transmitting Data of Multi-Protocol Local Networks Through a GRE Tunnel
- Enlarging the Operation Scope of a Network with a Hop Limit
- Combining GRE with IPSec to Protect Multicast Data
- Setting Up an L2VPN and an L3VPN Using a GRE Tunnel
- Connecting CE Devices to an MPLS VPN Network
- Ethernet over GRE Application
- Ethernet over mGRE Application
- Licensing Requirements and Limitations for GRE
- Default Settings for GRE
- Configuring a GRE Tunnel
- Configuring a Tunnel Interface
- Configuring a Route on a Tunnel Interface
- (Optional) Configuring the Link Bridge Function
- (Optional) Configuring a Security Mechanism for GRE
- (Optional) Enabling the Keepalive Detection Function for GRE
- (Optional) Configuring Ethernet over GRE
- (Optional) Configuring Ethernet over mGRE
- (Optional) Configuring the DF Flag Bit for GRE Packets
- Verifying the GRE Tunnel Configuration
- Maintaining the GRE Tunnel
- Configuration Examples for GRE
- Example for Configuring a Static Route for GRE to Implement Interworking Between IPv4 Networks
- Example for Configuring OSPF for GRE to Implement Interworking Between IPv4 Networks
- Example for Configuring a GRE Tunnel to Implement Interworking Between IPv6 Networks
- Example for Enlarging the Operation Scope of a Network with a Hop Limit
- Example for Configuring BGP/MPLS IP VPN to Use a GRE Tunnel
- Example for Configuring VLL to Use a GRE Tunnel
- Example for Connecting a CE to a VPN Through a GRE Tunnel over a Public Network
- Example for Connecting a CE to a VPN Through a GRE Tunnel over a VPN
- Example for Configuring GRE to Implement Communication Between FR Networks
- Example for Configuring an Ethernet over GRE Tunnel
- Example for Configuring an Ethernet over mGRE Tunnel
- Troubleshooting GRE
- FAQ About GRE
- DSVPN Configuration
- Overview of DSVPN
- Understanding DSVPN
- Application Scenarios for DSVPN
- Licensing Requirements and Limitations for DSVPN
- Default Settings for DSVPN
- Configuring DSVPN
- Maintaining DSVPN
- Configuration Examples for DSVPN
- Example for Configuring Non-Shortcut Scenario of DSVPN (Static Route)
- Example for Configuring Non-Shortcut Scenario of DSVPN (RIP)
- Example for Configuring Non-Shortcut Scenario of DSVPN (OSPF)
- Example for Configuring Non-Shortcut Scenario of DSVPN (BGP)
- Example for Configuring Shortcut Scenario of DSVPN (RIP)
- Example for Configuring Shortcut Scenario of DSVPN (OSPF)
- Example for Configuring Shortcut Scenario of DSVPN (BGP)
- Example for Configuring DSVPN NAT traversal
- Example for Configuring Dual Hubs in Active/Standby Mode
- Example for Configuring DSVPN Protected by IPSec
- Example for Configuring a Dual-Hub DSVPN Protected by IPSec
- Example for Configuring a DSVPN Based on the LTE Dialup Status
- Troubleshooting DSVPN
- IPSec Configuration
- Overview of IPSec
- Understanding IPSec
- Application Scenarios for IPSec
- Summary of IPSec Configuration Tasks
- Licensing Requirements and Limitations for IPSec
- Default Settings for IPSec
- Using an ACL to Establish an IPSec Tunnel
- Defining Data Flows to Be Protected
- Configuring an IPSec Proposal
- Configuring an IPSec Policy
- (Optional) Setting the IPSec SA Lifetime
- (Optional) Enabling the Anti-replay Function
- (Optional) Configuring IPSec Fragmentation Before Encryption
- (Optional) Configuring Route Injection
- (Optional) Configuring IPSec Check
- (Optional) Enabling the QoS Function for IPSec Packets
- (Optional) Configuring IPSec VPN Multi-instance
- (Optional) Allowing New Users with the Same Traffic Rule as Original Branch Users to Access the Headquarters Network
- (Optional) Configuring a Multi-link Shared IPSec Policy Group
- (Optional) Configuring Redundancy Control of IPSec Tunnels
- (Optional) Configuring IPSec Gateway Redundancy Control
- (Optional) Configuring IPSec Mask Filtering
- Applying an IPSec Policy Group to an Interface
- Verifying the Configuration of IPSec Tunnel Establishment
- Using a Virtual Tunnel Interface to Establish an IPSec Tunnel
- Configuring an IPSec Proposal
- Configuring an IPSec Profile
- (Optional) Setting the SA Lifetime
- (Optional) Enabling the Anti-replay Function
- (Optional) Configuring IPSec Fragmentation Before Encryption
- (Optional) Configuring IPSec Check
- (Optional) Enabling the QoS Function for IPSec Packets
- (Optional) Configuring Requesting, Sending or Accepting of Subnet Route Information
- Configuring a Tunnel Interface or a Tunnel Template Interface
- Verifying the Configuration of IPSec Tunnel Establishment Using a Virtual Tunnel Interface
- Establishing an IPSec Tunnel Using an Efficient VPN Policy
- Configuring IKE
- Configuring an IKE Proposal
- Configuring an IKE Peer
- (Optional) Setting the IKE SA Lifetime
- (Optional) Configuring IKE Peer Status Detection
- (Optional) Configuring an Identity Filter Set
- (Optional) Configuring DSCP Priority for IKE Packets
- (Optional) Configuring NAT Traversal
- (Optional) Configuring IPSec VPN Multi-instance
- (Optional) Configuring Network Resource Delivery
- (Optional) Configuring ACL Delivery
- (Optional) Enabling Dependency Between IPSec SA and IKE SA During IKEv1 Negotiation
- (Optional) Configuring Rapid Switchover and Revertive Switching of an IKE Peer
- (Optional) Disabling Validity Verification on Certificates
- Verifying the IKE Configuration
- Configuring IPSec for OSPFv3 Data Encryption
- Maintaining IPSec
- Configuration Examples for IPSec
- Example for Manually Establishing an IPSec Tunnel
- Example for Establishing an IPSec Tunnel in IKE Negotiation Mode Using Default Settings
- Example for Establishing an IPSec Tunnel Between the Enterprise Headquarters and Branch Using an IPSec Policy Template
- Example for Establishing Multiple IPSec Tunnels Between the Enterprise Headquarters and Branches Using IPSec Policy Groups
- Example for Establishing IPSec Tunnels for Branch Access to the Headquarters Using Different Pre-shared Keys
- Example for Establishing an IPSec Tunnel Between the Branch and Headquarters with a Redundant Gateway
- Example for Establishing an IPSec Tunnel Between the Enterprise Headquarters and Branch Using a Multi-Link Shared IPSec Policy Group
- Example for Establishing an IPSec Tunnel Between the Enterprise Headquarters and Branch Through PPPoE
- Example for Establishing an IPSec Tunnel Through NAT Traversal
- Example for Establishing an IPSec Tunnel in IKE Negotiation Mode by Specifying DNs
- Example for Establishing an IPSec Tunnel Through Negotiation Initiated by the Branch User That Dynamically Obtains an IP Address
- Example for Establishing an IPSec Tunnel Using a Tunnel Interface
- Example for Establishing GRE over IPSec Using a Tunnel Interface
- Example for Establishing IPSec over GRE Using a Tunnel Interface
- Example for Establishing an IPSec over GRE Tunnel Between the Headquarters and Branch (Based on ACL)
- Example for Establishing IPSec over DSVPN Tunnels Between Hub and Spokes (Based on ACL)
- Example for Configuring L2TP Over IPSec to Implement Secure Communication Between the Headquarters and Branch
- Example for Configuring a Tunnel Template Interface for IPSec Tunnel Setup
- Example for Establishing an IPSec Tunnel Using an Efficient VPN Policy in Client Mode
- Example for Configuring an IPSec Tunnel Using an Efficient VPN Policy in Network Mode
- Example for Configuring an IPSec Tunnel Using an Efficient VPN Policy in Network-Plus Mode
- Example for Configuring Efficient VPN in Network-auto-cfg Mode to Establish an IPSec Tunnel
- Example for Configuring Automatic Upgrade of the Efficient VPN Remote Device
- Example for Configuring Rapid Switchover and Revertive Switching
- Example for Configuring Redundancy Control of IPSec Tunnels
- Example for Configuring IPSec Gateway Redundancy Control
- Example for Connecting iPhones of Mobile Office Users to the Headquarters Through L2TP over IPSec
- Example for Connecting Android Phones of Mobile Office Users to the Headquarters Through L2TP over IPSec
- Example for Configuring IPSec for OSPFv3
- Troubleshooting IPSec
- FAQ About IPSec
- Private Network Communication Fails After IPSec Is Configured. What Are the Causes?
- How Do I Rectify the Failure to View SA Information by Running the display ipsec sa Command After IPSec Is Configured?
- Does the Interface with a Dynamic IP Address Support IPSec?
- IPSec Does Not Take Effect When Both IPSec and NAT Are Configured on a Device Interface. How This Problem Is Solved?
- Why Cannot an IPSec Tunnel Be Established Until It Is Restarted?
- A2A VPN Configuration
- BGP/MPLS IP VPN Configuration
- Overview of BGP/MPLS IP VPN
- Understanding BGP/MPLS IP VPN
- Application Scenarios for BGP/MPLS IP VPN
- Summary of BGP/MPLS IP VPN Configuration Tasks
- Licensing Requirements and Limitations for BGP/MPLS IP VPN
- Default Settings for BGP/MPLS IP VPN
- Configuring BGP/MPLS IP VPN
- Configuring Basic BGP/MPLS IP VPN Functions
- Configuring Hub and Spoke
- Configuring Inter-AS VPN Option A
- Configuring Inter-AS VPN Option B
- Configuring Inter-AS VPN Option C (Solution 1)
- Configuring Inter-AS VPN Option C (Solution 2)
- Configuring an MCE Device
- Configuring HoVPN
- Configuring PBR to an LSP for VPN Packets
- Configuring an OSPF Sham Link
- Configuring Route Reflection to Optimize the VPN Backbone Layer
- Configuring IP FRR for VPN Routes
- Configuring VPN FRR
- Configuring VPN GR
- Configuring Tunnel Policies
- Connecting a VPN to the Internet
- Maintaining BGP/MPLS IP VPN
- Collecting Statistics About L3VPN Traffic
- Checking L3VPN Traffic
- Clearing L3VPN Traffic
- Displaying BGP/MPLS IP VPN Information
- Checking Network Connectivity and Reachability
- Viewing the Integrated Route Statistics of IPv4 VPN Instances
- Resetting BGP Statistics of a VPN Instance IPv4 Address Family
- Resetting BGP Connections
- Monitoring the Running Status of VPN Tunnels
- Configuration Examples for BGP/MPLS IP VPN
- Example for Configuring BGP/MPLS IP VPN
- Example for Configuring BGP/MPLS IP VPNs with Overlapping Address Spaces
- Example for Configuring Communication Between Local VPNs
- Example for Configuring Hub and Spoke
- Example for Configuring Inter-AS VPN Option A
- Example for Configuring Inter-AS VPN Option B
- Example for Configuring Inter-AS VPN Option C (Solution 1)
- Example for Configuring Inter-AS VPN Option C (Solution 2)
- Example for Configuring MCE
- Example for Configuring PBR to an LSP for VPN Packets
- Example for Configuring HoVPN
- Example for Configuring an OSPF Sham Link
- Example for Configuring BGP AS Number Substitution
- Example for Configuring the BGP SoO Attribute
- Example for Configuring CE Dual-homing
- Example for Configuring VPN FRR
- Example for Configuring IP FRR for VPN Routes
- Example for Configuring VPN GR
- Example for Configuring Double RRs to Optimize the VPN Backbone Layer
- Example for Connecting a VPN to the Internet
- Example for Configuring BGP/MPLS IP VPN to Use a GRE Tunnel
- Example for Configuring L3VPN Using LDP Signaling over GRE
- Example for Configuring L3VPN with LDP Signals Carried by DSVPN
- Example for Configuring L3VPN with LDP Signals Carried by DSVPN and Protected by IPSec
- Example for Configuring a Tunnel Policy for an L3VPN
- FAQ About BGP/MPLS IP VPN
- MCE IPv6 Configuration
- EVPN Configuration
- VLL Configuration
- Overview of VLL
- Understanding VLL
- Application Scenarios for VLL
- Summary of VLL Configuration Tasks
- Licensing Requirements and Limitations for VLL
- Default Settings for VLL
- Configuring VLL
- Maintaining VLL
- Configuration Examples for VLL
- Example for Configuring a Local CCC Connection
- Example for Configuring a VLL Connection in SVC Mode
- Example for Configuring a VLL Connection in Martini Mode
- Example for Configuring Inter-AS Martini VLL (Option A)
- Example for Configuring Martini VLL FRR (Asymmetrically Connected CEs)
- Example for Configuring VLL to Use a GRE Tunnel
- Example for Configuring a VLL Using an MPLS TE Tunnel
- Troubleshooting VLL
- PWE3 Configuration
- Overview of PWE3
- Relationship Between PWE3 and L2VPN
- Understanding PWE3
- Application Scenarios for PWE3
- Summary of PWE3 Configuration Tasks
- Licensing Requirements and Limitations for PWE3
- Default Settings for PWE3
- Configuring PWE3
- Maintaining PWE3
- Configuration Examples for PWE3
- Example for Configuring a Dynamic Single-Segment PW
- Example for Configuring a Static Multi-Segment PW
- Example for Configuring a Dynamic Multi-Segment PW
- Example for Configuring a Mixed Multi-Segment PW
- Example for Configuring Inter-AS PWE3 Option A
- Example for Configuring TDM PWE3 (Using the 8E1T1-M Interface Card)
- Example for Configuring TDM PWE3 (Using the 8SA interface card)
- VPLS Configuration
- Overview of VPLS
- Understanding VPLS
- Application Scenarios for VPLS
- Licensing Requirements and Limitations for VPLS
- Default Settings for VPLS
- Configuring Martini VPLS
- (Optional) Configuring Inter-AS Martini VPLS
- (Optional) Setting Related Parameters for a VSI
- Maintaining VPLS
- Collecting Traffic Statistics on a VPLS PW
- Clearing the Traffic Statistics
- Checking Traffic Statistics on a VPLS PW
- Enabling or Disabling VSI
- Clearing MAC Address Entries
- Checking Connectivity of the VPLS Network
- Configuring the Upper and Lower Alarm Thresholds for VPLS VCs
- Checking MPLS L2VPN Usage Information
- Configuration Examples for VPLS
- Troubleshooting VPLS
- VXLAN Configuration
- Overview of VXLANs
- Understanding VXLANs
- Application Scenario
- Licensing Requirements and Limitations for VXLAN
- Configuring VXLAN (in Static Mode)
- Configuring VXLAN (in BGP EVPN Mode)
- Configuration Examples for VXLANs
- Example for Configuring Communication Within a Network Segment Through a VXLAN Tunnel
- Example for Configuring a Layer 3 VXLAN Gateway to Enable Communication Between Users in Different Network Segments
- Example for Dynamically Establishing a VXLAN Tunnel in BGP EVPN Mode to Implement Communication Between Users in Different Network Segments
- Example for Configuring the Headquarters and Branch to Communicate Using VXLAN over IPSec Tunnels
- Further Reading