Configuring L2Tpv3 Control Message Hashing - Cisco CRS Configuration Manual

Ios xr virtual private network

Hide thumbs Also See for CRS:

Configuration manual (430 pages)

User manual (304 pages)

Command reference manual (155 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

page of 292

/ 292
Contents
Table of Contents
Bookmarks

Table of Contents

Configuring L2TP Control-Channel Parameters

Step 5

hostname name

Example:

RP/0/RP0/CPU0:router(config-l2tp-class)# hostname yb2

Specifies a hostname used to identify the router during L2TP control-channel authentication.

• If you do not use this command, the default hostname of the router is used.

Configuring L2TPv3 Control Message Hashing

Perform this task to configure L2TPv3 Control Message Hashing feature for an L2TP class.

L2TPv3 control message hashing incorporates authentication or integrity check for all control messages. This

per-message authentication is designed to guard against control message spoofing and replay attacks that

would otherwise be trivial to mount against the network.

Enabling the L2TPv3Control Message Hashing feature will impact performance during control-channel and

session establishment because additional digest calculation of the full message content is required for each

sent and received control message. This is an expected trade-off for the additional security afforded by this

feature. In addition, network congestion may occur if the receive window size is too small. If the L2TPv3

Control Message Hashing feature is enabled, message digest validation must be enabled. Message digest

validation deactivates the data path received sequence number update and restricts the minimum local receive

window size to 35.

You can configure control-channel authentication or control message integrity checking; however,

control-channel authentication requires participation by both peers, and a shared secret must be configured

on both routers. Control message integrity check is unidirectional, and requires configuration on only one of

the peers.

SUMMARY STEPS

1. configure

2. l2tp-class word

3. digest { check disable | hash { MD5 | SHA1 } ] | secret { 0 | 7 } password ]

4. hidden

DETAILED STEPS

Step 1

configure

Example:

RP/0/RP0/CPU0:router# configure

Enters the Global Configuration mode.

Step 2

l2tp-class word

Cisco IOS XR Virtual Private Network Configuration Guide for the Cisco CRS Router, Release 6.1.x

158

Implementing Layer 2 Tunnel Protocol Version 3

Table of Contents

Configuring L2Tpv3 Control Message Hashing - Cisco CRS Configuration Manual

Configuring L2TPv3 Control Message Hashing

Related Manuals for Cisco CRS

Related Content for Cisco CRS

Table of Contents