Stateless Layer 2 Tunneling Protocol version 3 (L2TPv3) is an unencrypted stateless layer 2 tunneling technology, which is typically used for aggregating WiFi traffic from hotspots to a centralized gateway. This solution enables Customer Premises Equipment (CPE) to bridge the Layer 2 traffic from an end host to an aggregation gateway. The encapsulated traffic consists of Ethernet frames with an L2TPv3 header, creating a virtual tunnel.
Stateless L2TPv3 is generally used by service providers and is not normally used in most enterprise deployments. In order to keep the dashboard simple to use, this feature is hidden by default.
Note: This feature is currently in a service provider-only closed beta.
There are two pieces to configuring the stateless L2TPv3 feature: Configuration of Customer Premise Equipment (CPE), and the configuration of the (Non-Meraki) core concentrator. The configuration below outlines the configuration of Meraki MR access Points acting as the Customer Premise Equipment.
Stateless L2TPv3 is enabled on on a per-SSID basis. In Dashboard, under Wireless > Configure > Access control, select Stateless L2TPv3 in the Addressing and Traffic section of the page:
Once the above fields have been configured, the AP will establish a connection to the primary concentrator on UDP port 1701. By default, the AP will include its MAC address and the SSID name in DHCP messages via DHCP option 82.
The primary concentrator field is a mandatory configuration element that defines the destination for L2TPv3 encapsulated traffic. FQDNs are not supported in this field at this time. The secondary concentrator is an optional field that will be used if the connection to the primary concentrator is lost. For information on the tunnel failure detection mechanism, please see the Advanced Settings section below.
A VLAN tag is required when using an L2TPv3 tunnel. Different VLAN tags can be used to differentiate SSID traffic within the L2TPv3 tunnel.
The AP will monitor its connection to the core concentrator in two ways. First, if the core concentrator is actively replying to client traffic, the AP will mark the tunnel as up. If the AP has not detected tunneled client traffic for 160 seconds, the AP will send a DHCPREQUEST frame for 0.0.0.0 through the tunnel. Any response from the core concentrator will result in the tunnel being marked as good. If there is no response to the health check within 10 seconds, the AP will attempt to use the secondary concentrator. If there is no response on the secondary or there is no secondary configured, the AP will bring the SSID down until it can contact a concentrator.
When the AP initiates or tears down a tunnel, event log messages will be generated in addition to an SNMP trap if configured.
By default, the AP will send the DHCPREQUEST health check packet to 0.0.0.0. Advanced settings allows an administrator to: