Configuring L2Tpv3 Control-Channel Authentication Parameters; Configuring Authentication For The L2Tp Control-Channel - Cisco CRS Configuration Manual

Configuring L2TP Control-Channel Parameters
Example:
RP/0/RP0/CPU0:router(config-l2tp-class)# timeout setup 400
Configures the amount of time, in seconds, allowed to set up a control-channel.
• Range is 60 to 6000. Default value is 300.

Configuring L2TPv3 Control-Channel Authentication Parameters

Two methods of control-channel message authentication are available:
• L2TP Control-Channel (see Configuring Authentication for the L2TP Control-Channel )
• L2TPv3 Control Message Hashing (see Configuring L2TPv3 Control Message Hashing )
You can enable both methods of authentication to ensure interoperability with peers that support only one of
these methods of authentication, but this configuration will yield control of which authentication method is
used to the peer PE router. Enabling both methods of authentication should be considered an interim solution
to solve backward-compatibility issues during software upgrades.
The principal difference between the L2TPv3 Control Message Hashing feature and CHAP-style L2TP
control-channel authentication is that, instead of computing the hash over selected contents of a received
control message, the L2TPv3 Control Message Hashing feature uses the entire message in the hash. In addition,
instead of including the hash digest in only the SCCRP and SCCCN messages, it includes it in all messages.
This section also describes how to configure L2TPv3 digest secret graceful switchover (see Configuring
L2TPv3 Digest Secret Graceful Switchover) which lets you make the transition from an old L2TPv3
control-channel authentication password to a new L2TPv3 control-channel authentication password without
disrupting established L2TPv3 tunnels.
Support for L2TP control-channel authentication is maintained for backward compatibility. Either or both
Note
authentication methods can be enabled to allow interoperability with peers supporting only one of the
authentication methods.

Configuring Authentication for the L2TP Control-Channel

The L2TP control-channel method of authentication is the older, CHAP-like authentication system inherited
from L2TPv2.
The following L2TP control-channel authentication parameters can be configured in L2TP class configuration
mode:
• Authentication for the L2TP control-channel
• Password used for L2TP control-channel authentication
• Local hostname used for authenticating the control-channel
Cisco IOS XR Virtual Private Network Configuration Guide for the Cisco CRS Router, Release 6.1.x
156
Implementing Layer 2 Tunnel Protocol Version 3