Home > Wireless LAN > Client Addressing and Bridging > L2TPv3 Concentration for SSIDs

L2TPv3 Concentration for SSIDs

Stateless Layer 2 Tunneling Protocol version 3 (L2TPv3) is an unencrypted stateless layer 2 tunneling technology, which is typically used for aggregating WiFi traffic from hotspots to a centralized gateway. This solution enables Customer Premises Equipment (CPE) to bridge the Layer 2 traffic from an end host to an aggregation gateway. The encapsulated traffic consists of Ethernet frames with an L2TPv3 header, creating a virtual tunnel.

Availability

Stateless L2TPv3 is generally used by service providers and is not normally used in most enterprise deployments. In order to keep the dashboard simple to use, this feature is hidden by default. 

Note: This feature is currently in a service provider-only closed beta.

Configuration

There are two pieces to configuring the stateless L2TPv3 feature: Configuration of Customer Premise Equipment (CPE), and the configuration of the (Non-Meraki) core concentrator. The configuration below outlines the configuration of Meraki MR access Points acting as the Customer Premise Equipment. 

Stateless L2TPv3 is enabled on on a per-SSID basis. In Dashboard, under Wireless > Configure > Access control, select Stateless L2TPv3 in the Addressing and Traffic section of the page:

Access control - L2TPv3 radio button

Once the above fields have been configured, the AP will establish a connection to the primary concentrator on UDP port 1701. By default, the AP will include its MAC address and the SSID name in DHCP messages via DHCP option 82. 

Concentrator

The primary concentrator field is a mandatory configuration element that defines the destination for L2TPv3 encapsulated traffic. FQDNs are not supported in this field at this time. The secondary concentrator is an optional field that will be used if the connection to the primary concentrator is lost. For information on the tunnel failure detection mechanism, please see the Advanced Settings section below.

VLAN ID

A VLAN tag is required when using an L2TPv3 tunnel. Different VLAN tags can be used to differentiate SSID traffic within the L2TPv3 tunnel. 

Tunnel Monitoring and Failover 

The AP will monitor its connection to the core concentrator in two ways. First, if the core concentrator is actively replying to client traffic, the AP will mark the tunnel as up. If the AP has not detected tunneled client traffic for 160 seconds, the AP will send a DHCPREQUEST frame for 0.0.0.0 through the tunnel. Any response from the core concentrator will result in the tunnel being marked as good. If there is no response to the health check within 10 seconds, the AP will attempt to use the secondary concentrator. If there is no response on the secondary or there is no secondary configured, the AP will bring the SSID down until it can contact a concentrator.

Event Log Messages

When the AP initiates or tears down a tunnel, event log messages will be generated in addition to an SNMP trap if configured. 
L2TPv3 event log

 

  • VPN_type: Defines the type of VPN. For stateless L2TPv3, this is reported as l2tpv3. Other options could be site-to-site, teleworker (MR to MX), or client VPN. 
  • vap: Defines which SSID the log corresponds to. The first SSID slot under Wireless > SSIDs is VAP 0. The second is VAP 1. 
  • connectivity : True if the AP has a tunnel to a concentrator. False if there is no connectivity to either configured concentrator.
  • on_secondary: True if the tunnel is up but using the secondary concentrator. False if the tunnel is up and using the primary concentrator. 
  • primary_endpoint: The configured IP address of the primary concentrator.
  • secondary_endpoint: The configured IP address of the secondary concentrator.

Advanced settings

By default, the AP will send the DHCPREQUEST health check packet to 0.0.0.0. Advanced settings allows an administrator to:

  • Define which IP is requested in the DHCPREQUEST health check packet.
  • Define the DHCP server IP that the AP should make the request to.
  • Configure the AP to disassociate clients during a transition from the primary to the secondary concentrator.

 

You must to post a comment.
Last modified
12:57, 7 Feb 2017

Tags

This page has no custom tags.

Classifications

This page has no classifications.

Article ID

ID: 5397

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case