Table of Contents
Advertisement
Tunneling Protocols
About Changing Managed VPN Modes
Managed VPNs can only exist in either VLAN symmetric classify or MPLS VPN auto-learn mode, but
these two modes cannot be enabled simultaneously. When changing from one of these VPN-related
modes to another, keep the following guidelines in mind:
•
•
How to Restore the Default VLAN or MPLS Environment
Use this command to restore the default VLAN or MPLS configuration.
It is not usually necessary to explicitly restore the default environment, as this is done automatically
when executing a VLAN or MPLS command. When such an automatic reset to default occurs, a warning
message appears similar to the following:
Warning Disabled previously configured IP-tunnel support or tunneling classification mode
From the SCE(config if)# prompt, type default {mpls | vlan} and press Enter.
Step 1
Configuring the L2TP Environment
Use this command to set the port number that the LNS and LAC use for L2TP tunnels.
Non-first fragments of pure IP traffic (not tunneled) are not handled correctly when the system is in
Note
L2TP skip mode. Incorrect UDP/TCP ports are assumed, and the fragment is mapped to the wrong flow.
•
•
External Fragmentation in the L2TP Environment
If external fragmentation exists in the L2TP environment, it is required to configure a '
quick-forwarding-ignore ' Traffic Rule (see
bypasses all IP traffic targeted to either the LNS or LAC IP address. This will make sure that any packets
not having the L2TP port indication (i.e. non-first fragments) will not require handling by the traffic
processors.
In addition, in order to prevent reordering of L2TP tunneled fragments, it is advised to define a '
quick-forwarding ' traffic-rule for all the L2TP traffic. This can be done based on the IP ranges in use by
the internal IPs in the tunnel (as allocated by the LNS), or simply for all of the traffic passing through
the SCE platform.
Note that flow redirection and flow blocking cannot be performed on quick-forwarded traffic.
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
6-12
All VPN-based subscribers must be cleared to change the tunneling mode. If the connection with
the SM is down, use the
no subscriber all with-vpn-mappings
VPN-based Subscribers, page
All VPN mappings must also be removed. This can only be done via the SM CLU (which means that
the connection with the SM must be up). (See
External Fragmentation in the L2TP Environment, page 6-12
Options, page 6-13
9-13)
How to Manage VPN Mappings, page 13-26
Configuring Traffic Rules and Counters, page
Chapter 6
Configuring the Line Interface
CLI command (see
About
6-17) that
OL-7827-12
Advertisement
Table of Contents
