Cisco Systems UBR900 L2TP Configuration

Configuration Examples

54 Cisco IOS Release 12.0(7)T

crypto ipsec transform-set test-transform ah-md5-hmac esp-des esp-md5-hmac

!

crypto map test-ipsec local-address cable-modem0

crypto map test-ipsec 10 ipsec-isakmp

set peer 30.1.1.1

set transform-set test-transform

match address 100

!

interface Ethernet0

ip address 24.1.0.1 255.255.0.0

no ip directed-broadcast

!

interface cable-modem0

ip address 10.1.0.25 255.255.0.0

no ip directed-broadcast

no keepalive

cable-modem downstream saved channel 213000000 30

no cable-modem compliant bridge

crypto map test-ipsec

router rip

version 2

network 10.0.0.0

network 24.0.0.0

!

ip classless

no ip http server

!

access-list 100 permit ip host 10.1.0.25 30.1.1.0 0.0.0.255

!

line con 0

exec-timeout 0 0

transport input none

line vty 0 4

login

!

end

L2TP Configuration

Note Encryption/decryption is subject to export licensing controls. To support L2TP and Firewall,

the Cisco uBR900 series must be configured in routing mode. Software images running at both the

headend and the subscriber end must support the feature set.

Note Careful address assignment on user equipment and policy routing at the headend is required.

The headend may or may not use tunnels to convey traffic back to the corporate gateway.

For detailed information on IP security, L2TP, and Firewall, refer to the Security Configuration

Guide.

Contents

Main Configuring the Cisco uBR900 Series Cable Access Routers Feature Overview Cisco IOS Software Feature Sets Base IP Bridging Home Office (Easy IP) Small Office Tel e c o m mu t e r Data Operations Operating Modes Data Specifications Service Assignments Downstream and Upstream Data Transfer Bridging Applications Routing Applications Layer 2 Tunneling Protocol Easy IP Dynamic Host Configuration Protocol (DHCP) Server Network Address Translation and Port Address Translation (NAT/PAT) Voice Over IP Operations Page H.323 Protocol Stack SGCP Protocol Stack Voice Specifications Backup POTS Connection Security Features DOCSIS Baseline Privacy IPSec Network Security Triple Data Encryption Standard Page Configuration Options Initial Power-On Sequence Page Page Basic Troubleshooting Feature Overview 24 Cisco IOS Release 12.0(7)T Basic Troubleshooting Configuring the Cisco uBR900 Series Cable Access Routers 25 Page Event 3Obtain Upstream Parameters Event 4Start Ranging for Power Adjustments Event 5Establish IP Connectivity Event 6Establish the Time of Day Event 7Establish Security Event 8Transfer Operational Parameters Event 9Perform Registration Event 10Comply with Baseline Privacy Event 11Enter the Maintenance State Benefits Restrictions Related Features and Technologies Related Documents Supported Platforms Prerequisites Supported MIBs and RFCs Page Page Configuration Tasks Configuring a Host Name and Password Verifying the Host Name and Password Configuration, Verification, and Troubleshooting Tips Configuring Ethernet and Cable Access Router Interfaces Verifying IP Address Configuration Configuration, Verification, and Troubleshooting Tips Configuring Routing Configuring Routing 40 Cisco IOS Release 12.0(7)T Verifying Routing Configuring Bridging Configuring Bridging Step Command Purpose 42 Cisco IOS Release 12.0(7)T Verifying Bridging terminals you want to configure. Reestablishing DOCSIS-Compliant Bridging Verifying DOCSIS-Compliant Bridging Customizing the Cable Access Router Interface Using Multiple PCs with the Cable Access Router Configuration Examples Basic Internet Access Bridging Configuration Basic Internet Access Routing Configuration Configuring the Cisco uBR900 Series Cable Access Routers 47 Basic Internet Access Routing Configuration Note To configure the Cisco uBR900 series to act as a router, the no cable-modem compliant Multicast-Enabled Routing Configuration VoIP Bridging Configuration Using H.323v2 Configuring the Cisco uBR900 Series Cable Access Routers 49 VoIP Bridging Configuration Using H.323v2 VoIP Routing Configuration Using H.323v2 NAT/PAT Configuration Configuring the Cisco uBR900 Series Cable Access Routers 51 NAT/PAT Configuration VoIP Bridging Configuration Using SGCP To configure this application via DHCP, the following fields must also be set: IPSec Configuration IPSec Configuration Note Encryption/decryption is subject to export licensing controls. To support IPSec, the Note Careful address assignment on user equipment and policy routing at the headend is required. 54 Cisco IOS Release 12.0(7)T L2TP Configuration Note Encryption/decryption is subject to export licensing controls. To support L2TP and Firewall, Note Careful address assignment on user equipment and policy routing at the headend is required. L2TP Configuration Configuring the Cisco uBR900 Series Cable Access Routers 55 Command Reference cable-modem compliant bridge Page cable-modem downstream saved channel Page cable-modem fast-search Page cable-modem upstream preamble qpsk Page cable-modem voip best-effort Page interface cable-modem Page show bridge cable-modem Page show controllers cable-modem show controllers cable-modem 72 Cisco IOS Release 12.0(7)T Following is sample output for the show controllers cable-modem 0 command: Page Page Page Page show controllers cable-modem bpkm Page show controllers cable-modem des Configuring the Cisco uBR900 Series Cable Access Routers 79 show controllers cable-modem des No default behavior or values. Privileged EXEC DES engine registers are displayed in the following example: number Controller number inside the Cisco uBR900 series. Page show controllers cable-modem filters MAC and SID filter information is displayed in the following example: Page show controllers cable-modem lookup-table show controllers cable-modem lookup-table Configuring the Cisco uBR900 Series Cable Access Routers 85 The mini-slot lookup table is displayed in the following example: show controllers cable-modem lookup-table 86 Cisco IOS Release 12.0(7)T Page show controllers cable-modem mac Example 1 If the DHCP server cannot not be reached, the error will look like this in the MAC log: The fields in this display are explained in the section Basic Troubleshooting on page23. Example 2 MAC error log information is displayed in the following example, which is also reported via SNMP: Example 3 Page Page Example 4 Page Page Example 5 Page Table12 describes the fields shown in the display. Page Page Page show controllers cable-modem phy show controllers cable-modem phy 104 Cisco IOS Release 12.0(7)T Physical transmit registers are displayed in the following example: Page show controllers cable-modem tuner Page show dhcp Following is sample output for the show dhcp server command: Table15 describes the significant fields shown in the display. Page show interfaces cable-modem Traffic passing through the cable access router interface is shown in the following example: Table16 describes the significant fields shown in the display. Page Page Table17 describes the fields shown in this display. Table18 describes the counters shown in this display. MIB counters on the cable interface are displayed in the next example: Table19 describes the software MAC address filter information for the cable access router interface. Page Debug Commands debug cable-modem bpkm Page debug cable-modem bridge Page debug cable-modem error Page debug cable-modem interrupts Page debug cable-modem mac Example 1 Example 2 Example 3 Page Page Page debug cable-modem map Page Glossary