L2TP - Layer 2 Tunneling Protocol
What is L2TP?
L2TP (Layer 2 Tunneling Protocol) is a tunneling protocol that encapsulates Layer 2 frames for transmission over IP networks. When used outside of VPN, L2TP provides tunneling functionality without encryption, often for transporting non-IP traffic or enabling ISP services. Think of it as a virtual tunnel that carries data link layer frames across IP networks.
Why is L2TP important outside VPN?
Protocol Flexibility: Can tunnel non-IP protocols like PPP.
Service Delivery: Used by ISPs to deliver broadband services.
Separation of Tunneling and Security: Allows modular design—encryption can be added separately (e.g., IPsec).
Lightweight: Minimal overhead when encryption is not required.
How L2TP works (in simple steps):
A tunnel is established between two L2TP endpoints (e.g., client and LNS).
Layer 2 frames (e.g., PPP) are encapsulated into L2TP packets.
These packets are transmitted over an IP network.
The receiving endpoint decapsulates the frames.
The original Layer 2 data is delivered to the destination.
Where is L2TP used (outside VPN)?
ISP Broadband Services: For DSL or fiber access aggregation.
PPP Tunneling: To carry PPP sessions over IP networks.
Remote Access Aggregation: Centralizing access from multiple dial-in servers.
Non-IP Traffic Transport: Useful in legacy systems or hybrid networks.
MPLS and Carrier Networks: As part of Layer 2 VPN services.
Which OSI Layer does this protocol belong to?
L2TP operates at Layer 2 of the OSI model.
It encapsulates data link layer frames, not just IP packets.
This allows it to tunnel non-IP protocols and maintain link-layer characteristics.
Is L2TP Windows specific?
No, L2TP is not Windows-specific.
L2TP is supported on multiple platforms, including Windows, Linux, macOS, and others.
It is commonly used in VPN implementations across different operating systems.
Is L2TP Linux specific?
No, L2TP is not Linux-specific.
L2TP is cross-platform and can be implemented on various operating systems, including Linux, Windows, macOS, and others.
Linux supports L2TP through various tools and VPN implementations, such as the xl2tpd daemon.
Which Transport Protocol is used by L2TP?
L2TP uses UDP (User Datagram Protocol) as its transport protocol.
Specifically, L2TP packets are encapsulated in UDP packets for transport between devices.
UDP provides the transport layer for L2TP, allowing tunneling of data over networks.
Which Port is used by L2TP?
L2TP uses UDP port 1701 for tunneling data.
In addition to this, L2TP is often combined with IPsec for encryption, and in such cases, other ports such as UDP 500 and UDP 4500 may also be used for the IPsec portion of the VPN connection.
Is L2TP using Client-server model?
Yes, L2TP uses the client-server model.
In this model, the client initiates the connection to the server, which then handles the tunneling and routing of data between the client and the destination network.
L2TP is commonly used in VPN setups where the client connects to an L2TP server to create a secure tunnel.
Topics in this section,
In this section, you are going to learn
Terminology
Version Info
L2TP Version |
RFC |
Year |
Core Idea / Contribution |
|---|---|---|---|
L2TP v1 (Initial Draft) |
|||
RFC 2341 |
1998 |
Framework for L2TP tunneling over IP networks |
|
(superseded by RFC 2661). |
|||
L2TP v2 (Standardized) |
|||
RFC 2661 |
1999 |
Official specification of L2TP; supports tunneling of PPP over IP networks. |
|
L2TPv3 (Layer 2 Transport) |
|||
RFC 3931 |
2005 |
Enhanced version supporting transport of Layer 2 frames |
|
|
|||
L2TP MIB (Management Info Base) |
|||
RFC 3371 |
2002 |
Defines SNMP MIB for managing L2TP tunnels and sessions. |
|
L2TPv3 over IP |
|||
RFC 4349 |
2006 |
Specifies how to encapsulate L2TPv3 directly over IP |
|
|
|||
L2TP Extensions for PPP LCP Negotiation |
|||
RFC 3308 |
2002 |
Adds support for LCP negotiation over L2TP tunnels. |
|
Updated L2TPv2 Specification |
|||
RFC 9601 |
2024 |
Updates and clarifies RFC 2661 with modern practices |
|
and corrections. |
Setup
Setup
L2TP Control Message
S.No |
Protocol Packets |
Description |
Size(Bytes) |
|---|---|---|---|
1 |
L2TP Control Message |
Used for session establishment, maintenance, and teardown between LAC (L2TP Access Concentrator) and LNS (L2TP Network Server). |
1240+ |
Header |
Contains flags, version, length, tunnel/session IDs, and control message type. |
612 |
|
Flags and Version |
Indicates message type (control/data), presence of length, sequence numbers, etc. |
2 |
|
Length (optional) |
Total length of the message (if L bit is set). |
2 |
|
Tunnel ID |
Identifies the control connection. |
2 |
|
Session ID |
Identifies the session within the tunnel. |
2 |
|
Ns (optional) |
Sequence number for reliable delivery. |
2 |
|
Nr (optional) |
Acknowledgment number. |
2 |
|
AVPs (Attribute-Value Pairs) |
Carries control information like hostname, framing type, etc. |
Variable |
L2TP Data Message
S.No |
Protocol Packets |
Description |
Size(Bytes) |
|---|---|---|---|
2 |
L2TP Data Message |
Used to carry encapsulated PPP frames between endpoints |
640+ |
Header |
Similar to control message but without AVPs |
612 |
|
PPP Payload |
Encapsulated PPP frame (e.g., IP packet) |
Variable |
|
Tunnel ID |
Identifies the tunnel |
2 |
|
Session ID |
Identifies the session |
2 |
|
Payload |
Actual user data (e.g., IP packet). |
Variable |
S.no |
Use Case |
Description |
|---|---|---|
1 |
ISP Tunneling Services |
Used by ISPs to tunnel customer traffic over shared infrastructure. |
2 |
PPP Encapsulation |
Transports PPP frames over IP networks, supporting authentication and compression. |
3 |
Remote Access Aggregation |
Centralizes access from multiple dial-in servers to a single network point. |
4 |
Legacy Protocol Support |
Tunnels non-IP protocols over IP networks, useful in legacy systems. |
5 |
Network Virtualization |
Separates and tunnels traffic between virtual networks in data centers. |
6 |
Lightweight Tunneling |
Provides tunneling without encryption, reducing overhead. |
7 |
MPLS and Carrier Networks |
Used in service provider networks for Layer 2 VPN services. |
8 |
Broadband Access Delivery |
Supports DSL and fiber access aggregation for customer traffic. |
S.no |
Feature |
Description |
|---|---|---|
1 |
Tunneling |
Encapsulates Layer 2 frames (like PPP) for transmission over IP networks. |
2 |
Session Multiplexing |
Supports multiple sessions within a single tunnel, allowing efficient use of resources. |
3 |
Control and Data Separation |
Uses separate messages for control (setup, teardown) and data (payload transmission). |
4 |
Protocol Independence |
Can tunnel various Layer 2 protocols, not just IP, making it versatile for legacy systems. |
5 |
UDP-Based Transport |
Operates over UDP (port 1701), enabling NAT traversal and easier firewall handling. |
6 |
No Native Encryption |
L2TP itself does not provide encryption; security must be added externally (e.g., IPsec). |
7 |
AVP-Based Control Messages |
Uses Attribute-Value Pairs (AVPs) for flexible and extensible control signaling. |
8 |
Reliability for Control Messages |
Supports sequencing and acknowledgment for reliable delivery of control messages. |
9 |
Tunnel and Session IDs |
Identifies and manages multiple logical connections within a single physical tunnel. |
10 |
Extensibility (L2TPv3) |
L2TPv3 extends support to transport Ethernet, Frame Relay, and ATM over IP networks. |
Tunneling - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
L2TP Tunnel Initiation |
Start L2TP tunnel between two endpoints |
Tunnel established |
2 |
L2TP Control Message Exchange |
Exchange control messages |
ACKs received |
3 |
L2TP Data Message Transmission |
Send data messages through tunnel |
Data received correctly |
4 |
L2TP Tunnel Teardown |
Terminate tunnel |
Tunnel closed |
5 |
L2TP Session Establishment |
Establish session within tunnel |
Session created |
6 |
L2TP Session Termination |
Terminate session |
Session closed |
7 |
L2TP with IPv4 |
Use IPv4 for tunnel transport |
Tunnel works over IPv4 |
8 |
L2TP with IPv6 |
Use IPv6 for tunnel transport |
Tunnel works over IPv6 |
9 |
L2TP with Ethernet Frames |
Encapsulate Ethernet frames |
Frames transmitted successfully |
10 |
L2TP with PPP Frames |
Encapsulate PPP frames |
Frames transmitted successfully |
11 |
L2TP with VLAN Tags |
Send VLAN-tagged frames |
Tags preserved |
12 |
L2TP with Fragmented Packets |
Send large packets |
Packets reassembled |
13 |
L2TP with MTU Constraints |
Use small MTU |
Tunnel handles fragmentation |
14 |
L2TP with NAT |
Tunnel through NAT |
Tunnel established |
15 |
L2TP with Firewall |
Tunnel through firewall |
Tunnel established if ports allowed |
16 |
L2TP Port Availability |
Check UDP port 1701 |
Port open and listening |
17 |
L2TP Control Message Validation |
Validate control message format |
Message accepted |
18 |
L2TP Data Message Validation |
Validate data message format |
Message accepted |
19 |
L2TP with Multiple Sessions |
Establish multiple sessions |
All sessions active |
20 |
L2TP with Multiple Tunnels |
Establish multiple tunnels |
All tunnels active |
21 |
L2TP with Session ID Collision |
Use duplicate session ID |
Session rejected |
22 |
L2TP with Tunnel ID Collision |
Use duplicate tunnel ID |
Tunnel rejected |
23 |
L2TP with Keepalive |
Send periodic keepalive |
Tunnel maintained |
24 |
L2TP with Timeout |
Simulate timeout |
Tunnel closed |
25 |
L2TP with Packet Loss |
Drop packets intentionally |
Tunnel recovers |
26 |
L2TP with Reordered Packets |
Send packets out of order |
Packets reassembled correctly |
27 |
L2TP with Duplicate Packets |
Send duplicate packets |
Duplicates ignored |
28 |
L2TP with Invalid Header |
Send malformed header |
Packet dropped |
29 |
L2TP with Invalid Length |
Send incorrect length field |
Packet dropped |
30 |
L2TP with Invalid Session ID |
Use non-existent session ID |
Packet dropped |
31 |
L2TP with Invalid Tunnel ID |
Use non-existent tunnel ID |
Packet dropped |
32 |
L2TP with Logging Enabled |
Enable logging |
Tunnel activity logged |
33 |
L2TP with Debugging Enabled |
Enable debug mode |
Detailed logs available |
34 |
L2TP with Wireshark |
Capture L2TP packets |
Packets visible on UDP 1701 |
35 |
L2TP with TCP Transport |
Attempt L2TP over TCP |
Fails (UDP only) |
36 |
L2TP with Encryption Disabled |
Use L2TP without encryption |
Tunnel established |
37 |
L2TP with Compression Enabled |
Enable compression |
Data compressed |
38 |
L2TP with Authentication Disabled |
No authentication |
Tunnel established |
39 |
L2TP with Authentication Enabled |
Use CHAP/PAP |
Authentication successful |
40 |
L2TP with Dynamic IP |
Use dynamic IP on client |
Tunnel established |
41 |
L2TP with Static IP |
Use static IP on client |
Tunnel established |
42 |
L2TP with Mobile Client |
Use mobile device |
Tunnel established |
43 |
L2TP with Embedded Device |
Use embedded system |
Tunnel established |
44 |
L2TP with Virtual Machine |
Use VM with bridged/NAT mode |
Bridged: works; NAT: may fail |
45 |
L2TP with Docker Container |
Run L2TP in container |
Depends on network mode |
46 |
L2TP with Vendor Interop |
Test with different vendor implementations |
Tunnel established if compliant |
47 |
L2TP with High Latency |
Simulate high latency |
Tunnel stable |
48 |
L2TP with Low Bandwidth |
Simulate low bandwidth |
Tunnel stable |
49 |
L2TP with DoS Simulation |
Flood with L2TP packets |
Tunnel may drop or throttle |
50 |
L2TP with Session Recovery |
Recover session after failure |
Session re-established |
Session Multiplexing - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Single Tunnel, Single Session |
Establish one session over one tunnel |
Session established successfully |
2 |
Single Tunnel, Multiple Sessions |
Establish multiple sessions over one tunnel |
All sessions active |
3 |
Session ID Uniqueness |
Use unique session IDs |
Sessions created without conflict |
4 |
Session ID Collision |
Use duplicate session IDs |
Session rejected |
5 |
Session Teardown |
Terminate one session |
Only that session is closed |
6 |
Tunnel Teardown |
Terminate tunnel with multiple sessions |
All sessions closed |
7 |
Session Isolation |
Send data to one session |
Other sessions unaffected |
8 |
Session Reuse |
Reuse session ID after teardown |
New session established |
9 |
Session Timeout |
Let session idle beyond timeout |
Session closed |
10 |
Session Keepalive |
Send keepalive for session |
Session maintained |
11 |
Session with Different Protocols |
Use different protocols per session (e.g., PPP, Ethernet) |
All sessions function correctly |
12 |
Session with Fragmented Packets |
Send large packets in one session |
Packets reassembled |
13 |
Session with Packet Loss |
Drop packets in one session |
Other sessions unaffected |
14 |
Session with Reordered Packets |
Reorder packets in one session |
Session handles reordering |
15 |
Session with Duplicate Packets |
Send duplicate packets |
Duplicates ignored |
16 |
Session with Invalid ID |
Use non-existent session ID |
Packet dropped |
17 |
Session with Invalid Length |
Send incorrect length field |
Packet dropped |
18 |
Session with Invalid Header |
Send malformed session header |
Packet dropped |
19 |
Session Logging |
Enable logging |
Session activity logged |
20 |
Session Debugging |
Enable debug mode |
Detailed logs available |
21 |
Session with NAT |
Use sessions behind NAT |
Sessions established |
22 |
Session with Firewall |
Sessions through firewall |
Sessions established if ports open |
23 |
Session with IPv4 |
Use IPv4 transport |
Sessions function correctly |
24 |
Session with IPv6 |
Use IPv6 transport |
Sessions function correctly |
25 |
Session with VLAN Tags |
Send VLAN-tagged frames |
Tags preserved |
26 |
Session with Compression |
Enable compression |
Data compressed |
27 |
Session with Encryption Disabled |
No encryption used |
Sessions established |
28 |
Session with Authentication |
Use CHAP/PAP per session |
Sessions authenticated |
29 |
Session with High Latency |
Simulate high latency |
Sessions remain stable |
30 |
Session with Low Bandwidth |
Simulate low bandwidth |
Sessions remain stable |
31 |
Session with DoS Simulation |
Flood one session |
Other sessions unaffected |
32 |
Session with Dynamic IP |
Change client IP mid-session |
Session may drop or recover |
33 |
Session with Static IP |
Use static IP |
Session stable |
34 |
Session with Mobile Client |
Use mobile device |
Session established |
35 |
Session with Embedded Device |
Use embedded system |
Session established |
36 |
Session with Virtual Machine |
Use VM with bridged/NAT mode |
Bridged: works; NAT: may fail |
37 |
Session with Docker Container |
Run session in container |
Depends on network mode |
38 |
Session with Vendor Interop |
Test with different vendor implementations |
Sessions established if compliant |
39 |
Session with Re-keying |
Re-key session encryption |
Session continues securely |
40 |
Session with MTU Constraints |
Use small MTU |
Session handles fragmentation |
41 |
Session with Replay Packets |
Replay session packets |
Packets dropped |
42 |
Session with Sequence Gaps |
Skip sequence numbers |
Session handles gaps |
43 |
Session with Sequence Wraparound |
Force sequence number wrap |
Session continues |
44 |
Session with Control Message Loss |
Drop control messages |
Session retries or fails |
45 |
Session with Control Message Delay |
Delay control messages |
Session established with delay |
46 |
Session with Mixed Traffic Types |
Send mixed traffic (ICMP, TCP, UDP) |
All traffic types handled |
47 |
Session with QoS Tags |
Apply QoS tags to sessions |
Tags preserved |
48 |
Session with Load Balancing |
Distribute sessions across tunnels |
Sessions balanced |
49 |
Session with Tunnel Migration |
Move sessions to new tunnel |
Sessions re-established |
50 |
Session with Resource Limits |
Exceed session limits |
New sessions rejected |
Control and Data Separation - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Control Channel Initialization |
Establish control channel |
Control channel established |
2 |
Data Channel Initialization |
Establish data channel after control |
Data channel established |
3 |
Control Message Exchange |
Exchange control messages |
ACKs received |
4 |
Data Message Transmission |
Send data through data channel |
Data received correctly |
5 |
Control Channel Teardown |
Close control channel |
Tunnel and sessions terminated |
6 |
Data Channel Teardown |
Close data channel only |
Data stops, control remains |
7 |
Control and Data Port Separation |
Use different ports for control and data |
Channels operate independently |
8 |
Control Channel Timeout |
Simulate control channel timeout |
Tunnel closed |
9 |
Data Channel Timeout |
Simulate data channel timeout |
Data flow stops |
10 |
Control Channel Keepalive |
Send keepalive on control channel |
Tunnel maintained |
11 |
Data Channel Keepalive |
Send keepalive on data channel |
Data session maintained |
12 |
Control Channel Packet Loss |
Drop control packets |
Retransmission occurs |
13 |
Data Channel Packet Loss |
Drop data packets |
Data retransmitted or lost |
14 |
Control Channel Reordering |
Reorder control packets |
Messages processed correctly |
15 |
Data Channel Reordering |
Reorder data packets |
Data reassembled correctly |
16 |
Control Channel Duplication |
Duplicate control packets |
Duplicates ignored |
17 |
Data Channel Duplication |
Duplicate data packets |
Duplicates ignored |
18 |
Control Channel Corruption |
Corrupt control message |
Message rejected |
19 |
Data Channel Corruption |
Corrupt data message |
Packet dropped |
20 |
Control Channel Logging |
Enable logging |
Control messages logged |
21 |
Data Channel Logging |
Enable logging |
Data flow logged |
22 |
Control Channel Debugging |
Enable debug mode |
Detailed control logs |
23 |
Data Channel Debugging |
Enable debug mode |
Detailed data logs |
24 |
Control Channel with NAT |
Use control channel behind NAT |
Channel established |
25 |
Data Channel with NAT |
Use data channel behind NAT |
Channel established |
26 |
Control Channel with Firewall |
Control through firewall |
Allowed if port open |
27 |
Data Channel with Firewall |
Data through firewall |
Allowed if port open |
28 |
Control Channel with IPv4 |
Use IPv4 for control |
Channel established |
29 |
Data Channel with IPv4 |
Use IPv4 for data |
Channel established |
30 |
Control Channel with IPv6 |
Use IPv6 for control |
Channel established |
31 |
Data Channel with IPv6 |
Use IPv6 for data |
Channel established |
32 |
Control Channel with Encryption |
Encrypt control messages |
Messages secured |
33 |
Data Channel with Encryption |
Encrypt data messages |
Data secured |
34 |
Control Channel with Compression |
Compress control messages |
Messages compressed |
35 |
Data Channel with Compression |
Compress data messages |
Data compressed |
36 |
Control Channel Flooding |
Flood control channel |
Throttling or drop |
37 |
Data Channel Flooding |
Flood data channel |
Throttling or drop |
38 |
Control Channel Authentication |
Authenticate control messages |
Authenticated successfully |
39 |
Data Channel Authentication |
Authenticate data messages |
Authenticated successfully |
40 |
Control Channel Replay Attack |
Replay control messages |
Messages rejected |
41 |
Data Channel Replay Attack |
Replay data messages |
Packets dropped |
42 |
Control Channel with Invalid ID |
Use invalid tunnel/session ID |
Message dropped |
43 |
Data Channel with Invalid ID |
Use invalid session ID |
Packet dropped |
44 |
Control Channel with Vendor Interop |
Test control with different vendor |
Channel established |
45 |
Data Channel with Vendor Interop |
Test data with different vendor |
Channel established |
46 |
Control Channel with High Latency |
Simulate high latency |
Channel stable |
47 |
Data Channel with High Latency |
Simulate high latency |
Channel stable |
48 |
Control Channel with Packet Sniffing |
Capture control packets |
Control messages visible |
49 |
Data Channel with Packet Sniffing |
Capture data packets |
Data visible |
50 |
Control/Data Channel Sync Test |
Monitor sync between control and data |
Channels remain in sync |
Protocol Independence - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
L2TP over IPv4 |
Use IPv4 as transport protocol |
Tunnel established |
2 |
L2TP over IPv6 |
Use IPv6 as transport protocol |
Tunnel established |
3 |
L2TP over UDP |
Use UDP as transport protocol |
Tunnel established |
4 |
L2TP over Ethernet |
Use Ethernet as transport |
Tunnel established |
5 |
L2TP over MPLS |
Use MPLS as transport |
Tunnel established |
6 |
L2TP over Frame Relay |
Use Frame Relay as transport |
Tunnel established |
7 |
L2TP over ATM |
Use ATM as transport |
Tunnel established |
8 |
L2TP over GRE |
Encapsulate L2TP in GRE |
Tunnel established |
9 |
L2TP over IPsec Transport Mode |
Use IPsec transport mode (without VPN) |
Tunnel established |
10 |
L2TP over Soft GRE Tunnel |
Use software-based GRE tunnel |
Tunnel established |
11 |
L2TP over VXLAN |
Encapsulate L2TP in VXLAN |
Tunnel established |
12 |
L2TP over GTP |
Use GTP as transport (e.g., mobile networks) |
Tunnel established |
13 |
L2TP over PPP |
Use PPP as transport |
Tunnel established |
14 |
L2TP over L2TP |
Nest L2TP inside another L2TP |
Inner tunnel established |
15 |
L2TP over SCTP |
Use SCTP as transport |
Tunnel established |
16 |
L2TP with PPP Payload |
Carry PPP frames |
Frames transmitted successfully |
17 |
L2TP with Ethernet Payload |
Carry Ethernet frames |
Frames transmitted successfully |
18 |
L2TP with IP Payload |
Carry IP packets |
Packets transmitted successfully |
19 |
L2TP with VLAN Payload |
Carry VLAN-tagged frames |
Tags preserved |
20 |
L2TP with MPLS Payload |
Carry MPLS frames |
Frames transmitted successfully |
21 |
L2TP with IPv6 Payload |
Carry IPv6 packets |
Packets transmitted successfully |
22 |
L2TP with IPv4 Payload |
Carry IPv4 packets |
Packets transmitted successfully |
23 |
L2TP with Mixed Payload Types |
Carry mixed payloads (PPP, Ethernet, IP) |
All payloads transmitted correctly |
24 |
L2TP with Fragmented Payload |
Send large payloads |
Reassembled correctly |
25 |
L2TP with Compressed Payload |
Compress payload before sending |
Decompressed correctly |
26 |
L2TP with Encrypted Payload |
Encrypt payload before sending |
Decrypted correctly |
27 |
L2TP with Tagged Payload |
Use tagged frames (e.g., VLAN) |
Tags preserved |
28 |
L2TP with Jumbo Frames |
Send jumbo Ethernet frames |
Frames transmitted successfully |
29 |
L2TP with Control/Data Separation |
Separate control and data over different protocols |
Channels operate independently |
30 |
L2TP with NAT Traversal |
Use NAT-T with protocol independence |
Tunnel established |
31 |
L2TP with Firewall Traversal |
Use protocol-independent transport through firewall |
Tunnel established |
32 |
L2TP with IPv4/IPv6 Dual Stack |
Use dual stack for transport |
Tunnel established on both |
33 |
L2TP with Protocol Negotiation |
Negotiate transport protocol dynamically |
Compatible protocol selected |
34 |
L2TP with Protocol Fallback |
Fallback to alternate protocol if primary fails |
Tunnel re-established |
35 |
L2TP with Protocol Mismatch |
Use mismatched protocols |
Tunnel fails |
36 |
L2TP with Protocol Logging |
Log transport and payload protocols |
Logs show correct protocols |
37 |
L2TP with Protocol Debugging |
Enable debug mode |
Protocol details visible |
38 |
L2TP with Vendor Interoperability |
Test with different vendor stacks |
Tunnel established if compliant |
39 |
L2TP with High Latency Protocol |
Use high-latency transport (e.g., satellite) |
Tunnel stable |
40 |
L2TP with Low Bandwidth Protocol |
Use low-bandwidth transport |
Tunnel stable |
41 |
L2TP with Packet Loss |
Simulate packet loss |
Tunnel recovers |
42 |
L2TP with Protocol Switching |
Switch transport protocol mid-session |
Tunnel re-established |
43 |
L2TP with Protocol Multiplexing |
Use multiple protocols simultaneously |
All tunnels operate |
44 |
L2TP with Protocol Encapsulation |
Encapsulate L2TP in another protocol |
Tunnel established |
45 |
L2TP with Protocol Filtering |
Filter specific protocols |
Tunnel fails if blocked |
46 |
L2TP with Protocol Prioritization |
Prioritize certain protocols |
Preferred protocol used |
47 |
L2TP with Protocol Monitoring |
Monitor protocol usage |
Protocol stats visible |
48 |
L2TP with Protocol Spoofing |
Spoof transport protocol headers |
Tunnel rejected |
49 |
L2TP with Protocol Replay |
Replay protocol-level packets |
Packets dropped |
50 |
L2TP with Protocol Negotiation Fail |
Force negotiation failure |
Tunnel not established |
UDP-Based Transport - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
UDP Port Availability |
Check if UDP port 1701 is open |
Port is listening |
2 |
Basic UDP Tunnel Establishment |
Establish L2TP tunnel over UDP |
Tunnel established |
3 |
UDP Packet Transmission |
Send L2TP packets over UDP |
Packets received correctly |
4 |
UDP Packet Loss |
Drop UDP packets intentionally |
Tunnel remains stable or recovers |
5 |
UDP Packet Reordering |
Reorder UDP packets |
Tunnel reassembles correctly |
6 |
UDP Packet Duplication |
Duplicate UDP packets |
Duplicates ignored |
7 |
UDP Packet Corruption |
Corrupt UDP packet payload |
Packet dropped |
8 |
UDP NAT Traversal |
Use L2TP over UDP behind NAT |
Tunnel established |
9 |
UDP Firewall Traversal |
Use L2TP over UDP through firewall |
Tunnel established if port allowed |
10 |
UDP with IPv4 |
Use IPv4 as transport for UDP |
Tunnel established |
11 |
UDP with IPv6 |
Use IPv6 as transport for UDP |
Tunnel established |
12 |
UDP with Fragmentation |
Send large UDP packets |
Packets reassembled |
13 |
UDP with MTU Constraints |
Use small MTU |
Tunnel handles fragmentation |
14 |
UDP with High Latency |
Simulate high latency |
Tunnel remains stable |
15 |
UDP with Low Bandwidth |
Simulate low bandwidth |
Tunnel remains stable |
16 |
UDP with Jitter |
Introduce jitter in packet timing |
Tunnel remains stable |
17 |
UDP with Keepalive |
Send keepalive packets |
Tunnel maintained |
18 |
UDP with Timeout |
Simulate timeout |
Tunnel closed or re-established |
19 |
UDP with Control/Data Separation |
Use separate UDP streams for control and data |
Channels operate independently |
20 |
UDP with Logging Enabled |
Enable logging |
UDP activity logged |
21 |
UDP with Debugging Enabled |
Enable debug mode |
Detailed logs available |
22 |
UDP with Packet Sniffing |
Capture UDP packets |
L2TP packets visible on port 1701 |
23 |
UDP with NAT Keepalive |
Send NAT keepalive packets |
NAT binding maintained |
24 |
UDP with Port Mapping |
NAT remaps UDP port |
Tunnel still established |
25 |
UDP with Port Blocking |
Block UDP port 1701 |
Tunnel fails |
26 |
UDP with Port Forwarding |
Forward UDP port to internal host |
Tunnel established |
27 |
UDP with Dynamic IP |
Change IP during session |
Tunnel may drop or recover |
28 |
UDP with Static IP |
Use static IP |
Tunnel stable |
29 |
UDP with Mobile Client |
Use mobile device |
Tunnel established |
30 |
UDP with Embedded Device |
Use embedded system |
Tunnel established |
31 |
UDP with Virtual Machine |
Use VM with bridged/NAT mode |
Bridged: works; NAT: may need NAT-T |
32 |
UDP with Docker Container |
Run L2TP over UDP in container |
Depends on network mode |
33 |
UDP with Vendor Interop |
Test with different vendor stacks |
Tunnel established if compliant |
34 |
UDP with Replay Attack |
Replay UDP packets |
Packets dropped |
35 |
UDP with DoS Simulation |
Flood UDP port |
Tunnel may throttle or drop |
36 |
UDP with Encryption |
Encrypt L2TP payload |
Data secured |
37 |
UDP with Compression |
Compress L2TP payload |
Data compressed |
38 |
UDP with Authentication |
Authenticate L2TP messages |
Authenticated successfully |
39 |
UDP with Invalid Header |
Send malformed UDP header |
Packet dropped |
40 |
UDP with Invalid Length |
Send incorrect length field |
Packet dropped |
41 |
UDP with Invalid Checksum |
Send packet with bad checksum |
Packet dropped |
42 |
UDP with VLAN Tags |
Send VLAN-tagged packets |
Tags preserved |
43 |
UDP with QoS Marking |
Apply QoS tags to UDP packets |
Tags preserved |
44 |
UDP with IPv4/IPv6 Dual Stack |
Use dual stack for transport |
Tunnel established on both |
45 |
UDP with Protocol Switching |
Switch from UDP to another protocol mid-session |
Tunnel re-established or fails |
46 |
UDP with Protocol Negotiation |
Negotiate UDP as transport |
UDP selected |
47 |
UDP with Protocol Fallback |
Fallback to UDP if primary fails |
Tunnel re-established |
48 |
UDP with Mixed Traffic |
Send mixed traffic types over UDP |
All traffic handled |
49 |
UDP with Session Multiplexing |
Use multiple sessions over single UDP tunnel |
All sessions active |
50 |
UDP with Control Message Loss |
Drop control messages over UDP |
Retransmission occurs |
No Native Encryption - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Basic Tunnel Without Encryption |
Establish L2TP tunnel without encryption |
Tunnel established |
2 |
Data Transmission in Plaintext |
Send data through unencrypted tunnel |
Data visible in transit |
3 |
Packet Sniffing |
Capture L2TP packets on network |
Payload readable |
4 |
Control Message Visibility |
Inspect control messages |
Headers and content visible |
5 |
Data Message Visibility |
Inspect data messages |
Payload visible |
6 |
No IPsec Layer |
Confirm absence of IPsec |
No encryption or authentication applied |
7 |
Compatibility with Legacy Devices |
Connect to legacy L2TP device |
Tunnel established |
8 |
Performance Benchmark |
Measure performance without encryption |
Higher throughput |
9 |
CPU Usage Comparison |
Compare CPU usage with/without encryption |
Lower CPU usage |
10 |
Latency Measurement |
Measure latency without encryption |
Lower latency |
11 |
MTU Overhead Check |
Check MTU without encryption overhead |
Larger payloads supported |
12 |
Fragmentation Behavior |
Send large packets |
Packets reassembled |
13 |
NAT Traversal Without Encryption |
Use L2TP behind NAT without IPsec |
Tunnel established |
14 |
Firewall Traversal Without IPsec |
Pass through firewall without IPsec |
Tunnel established if port open |
15 |
Replay Attack Simulation |
Replay captured packets |
Packets accepted |
16 |
Packet Tampering Test |
Modify packet in transit |
Packet accepted |
17 |
No Authentication Test |
Establish tunnel without auth |
Tunnel established |
18 |
Session Hijacking Attempt |
Attempt to hijack session |
Possible if not protected |
19 |
Man-in-the-Middle Simulation |
Intercept and modify traffic |
Traffic altered |
20 |
Logging Without Encryption |
Enable logging |
Full payload visible in logs |
21 |
Debugging Without Encryption |
Enable debug mode |
Full protocol details visible |
22 |
Wireshark Analysis |
Analyze traffic with Wireshark |
Full packet content visible |
23 |
Protocol Compliance Check |
Validate against L2TP RFC |
Compliant without encryption |
24 |
Vendor Interoperability |
Test with different vendor stacks |
Tunnel established |
25 |
IPv4 Transport Without Encryption |
Use IPv4 as transport |
Tunnel established |
26 |
IPv6 Transport Without Encryption |
Use IPv6 as transport |
Tunnel established |
27 |
VLAN Support Without Encryption |
Send VLAN-tagged frames |
Tags preserved |
28 |
Jumbo Frame Support |
Send large Ethernet frames |
Frames transmitted |
29 |
Compression Without Encryption |
Enable compression |
Data compressed |
30 |
Control/Data Separation |
Separate control and data channels |
Both operate without encryption |
31 |
Session Multiplexing |
Use multiple sessions |
All sessions unencrypted |
32 |
Protocol Independence |
Use various payload types |
All transmitted in clear |
33 |
UDP Transport Without Encryption |
Use UDP as transport |
Tunnel established |
34 |
Packet Loss Handling |
Drop packets |
Tunnel recovers |
35 |
Packet Reordering |
Reorder packets |
Tunnel reassembles |
36 |
Duplicate Packet Handling |
Send duplicate packets |
Duplicates ignored |
37 |
Invalid Packet Handling |
Send malformed packets |
Dropped or ignored |
38 |
Control Message Replay |
Replay control messages |
May be accepted |
39 |
Data Message Replay |
Replay data messages |
May be accepted |
40 |
No Encryption Policy Enforcement |
Enforce no-encryption policy |
Tunnel established only if policy matches |
41 |
Mixed Encryption Environment |
Connect to encrypted peer |
Tunnel fails |
42 |
Security Audit Logging |
Log all unencrypted traffic |
Full visibility |
43 |
Application Layer Encryption |
Use HTTPS or SSH over L2TP |
Data protected at higher layer |
44 |
DNS Leak Test |
Send DNS queries through tunnel |
Queries visible |
45 |
IP Leak Test |
Send IP packets through tunnel |
IP visible |
46 |
Authentication with PAP |
Use PAP without encryption |
Credentials visible |
47 |
Authentication with CHAP |
Use CHAP without encryption |
Challenge-response visible |
48 |
Session Timeout Without Encryption |
Let session idle |
Session closed |
49 |
Tunnel Teardown Without Encryption |
Terminate tunnel |
Tunnel closed |
50 |
Compliance with Security Policy |
Check against org security policy |
May fail due to lack of encryption |
AVP-Based Control Messages - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
AVP Message Format Validation |
Send control message with valid AVP format |
Message accepted |
2 |
AVP Mandatory Bit Set |
Send AVP with mandatory bit set |
Must be recognized or message rejected |
3 |
AVP Hidden Bit Set |
Send AVP with hidden bit set |
AVP encrypted or obfuscated |
4 |
AVP Vendor ID Check |
Use AVP with specific vendor ID |
Vendor-specific AVP processed |
5 |
AVP Attribute Type Validation |
Use known attribute type |
AVP processed correctly |
6 |
AVP Unknown Attribute Type |
Use unknown attribute type |
Ignored if not mandatory |
7 |
AVP Length Field Validation |
Send AVP with correct length field |
AVP accepted |
8 |
AVP Length Mismatch |
Send AVP with incorrect length |
Message rejected |
9 |
AVP Value Field Validation |
Use valid value for attribute |
AVP processed correctly |
10 |
AVP Value Field Corruption |
Corrupt value field |
AVP rejected or ignored |
11 |
AVP Order Flexibility |
Change AVP order in message |
Message still accepted |
12 |
AVP Padding Handling |
Add padding to AVP |
Padding ignored |
13 |
AVP with Tunnel ID |
Include Tunnel ID AVP |
Tunnel identified |
14 |
AVP with Session ID |
Include Session ID AVP |
Session identified |
15 |
AVP with Hostname |
Include Hostname AVP |
Hostname logged |
16 |
AVP with Assigned Tunnel ID |
Include Assigned Tunnel ID AVP |
Tunnel ID assigned |
17 |
AVP with Assigned Session ID |
Include Assigned Session ID AVP |
Session ID assigned |
18 |
AVP with Challenge |
Include Challenge AVP |
Challenge processed |
19 |
AVP with Response |
Include Response AVP |
Response validated |
20 |
AVP with Result Code |
Include Result Code AVP |
Result interpreted |
21 |
AVP with Error Code |
Include Error Code AVP |
Error logged |
22 |
AVP with Protocol Version |
Include Protocol Version AVP |
Version negotiated |
23 |
AVP with Framing Capabilities |
Include Framing Capabilities AVP |
Capabilities negotiated |
24 |
AVP with Bearer Capabilities |
Include Bearer Capabilities AVP |
Capabilities negotiated |
25 |
AVP with Firmware Revision |
Include Firmware Revision AVP |
Info logged |
26 |
AVP with Hostname Mismatch |
Use mismatched hostname |
Tunnel may be rejected |
27 |
AVP with Invalid Tunnel ID |
Use invalid Tunnel ID |
Message rejected |
28 |
AVP with Invalid Session ID |
Use invalid Session ID |
Message rejected |
29 |
AVP with Duplicate Attributes |
Send duplicate AVPs |
Last one may override or error raised |
30 |
AVP with Missing Mandatory Field |
Omit mandatory AVP |
Message rejected |
31 |
AVP with Optional Field Omitted |
Omit optional AVP |
Message accepted |
32 |
AVP with Zero-Length Value |
Use AVP with zero-length value |
May be accepted or rejected |
33 |
AVP with Max-Length Value |
Use AVP with maximum allowed length |
Message accepted |
34 |
AVP with Invalid Vendor ID |
Use invalid vendor ID |
AVP ignored |
35 |
AVP with Encrypted Hidden AVP |
Use hidden AVP with encryption |
Decrypted and processed |
36 |
AVP with Control Message Retry |
Retry control message with AVPs |
AVPs reprocessed |
37 |
AVP with Control Message Timeout |
Simulate timeout |
AVPs not processed |
38 |
AVP with Control Message Flood |
Flood with AVP messages |
Throttling or drop |
39 |
AVP with Logging Enabled |
Enable logging |
AVPs logged |
40 |
AVP with Debugging Enabled |
Enable debug mode |
AVP details visible |
41 |
AVP with Wireshark Analysis |
Capture AVP messages |
AVPs visible in packet capture |
42 |
AVP with Vendor Extension |
Use vendor-specific AVP |
Processed if supported |
43 |
AVP with Session Teardown |
Include AVP in session teardown |
Session closed |
44 |
AVP with Tunnel Teardown |
Include AVP in tunnel teardown |
Tunnel closed |
45 |
AVP with Session Establishment |
Include AVPs in session setup |
Session created |
46 |
AVP with Tunnel Establishment |
Include AVPs in tunnel setup |
Tunnel created |
47 |
AVP with Invalid AVP Flags |
Use invalid flag bits |
AVP rejected |
48 |
AVP with Mixed Mandatory/Optional |
Mix mandatory and optional AVPs |
Message processed accordingly |
49 |
AVP with Control/Data Separation |
Use AVPs only in control messages |
Data messages unaffected |
50 |
AVP with Protocol Negotiation |
Use AVPs to negotiate protocol features |
Features agreed upon |
Reliability for Control Messages - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Control Message Acknowledgment |
Send control message and wait for ACK |
ACK received |
2 |
Control Message Retransmission |
Drop ACK to trigger retransmission |
Message resent |
3 |
Control Message Timeout |
Simulate no response |
Retransmission or session timeout |
4 |
Control Message Sequence Numbering |
Check sequence number increment |
Numbers increase correctly |
5 |
Control Message Out-of-Order |
Send messages out of order |
Reordered or rejected |
6 |
Control Message Loss |
Drop control message |
Retransmission occurs |
7 |
Control Message Duplication |
Send duplicate control message |
Duplicate ignored |
8 |
Control Message Corruption |
Corrupt control message |
Message rejected |
9 |
Control Message with Invalid Length |
Send control message with wrong length |
Message rejected |
10 |
Control Message with Invalid Header |
Send malformed header |
Message rejected |
11 |
Control Message with Invalid AVP |
Include invalid AVP |
Message rejected or ignored |
12 |
Control Message with Missing AVP |
Omit mandatory AVP |
Message rejected |
13 |
Control Message with Optional AVP |
Omit optional AVP |
Message accepted |
14 |
Control Message Logging |
Enable logging |
Control messages logged |
15 |
Control Message Debugging |
Enable debug mode |
Detailed logs available |
16 |
Control Message Flooding |
Send rapid control messages |
Throttling or drop |
17 |
Control Message Replay |
Replay old control message |
Message rejected |
18 |
Control Message with NAT |
Send through NAT |
Message delivered and acknowledged |
19 |
Control Message with Firewall |
Send through firewall |
Message delivered if port open |
20 |
Control Message with IPv4 |
Use IPv4 transport |
Message delivered |
21 |
Control Message with IPv6 |
Use IPv6 transport |
Message delivered |
22 |
Control Message with UDP Loss |
Simulate UDP packet loss |
Retransmission occurs |
23 |
Control Message with High Latency |
Simulate high latency |
Message eventually acknowledged |
24 |
Control Message with Jitter |
Introduce jitter |
Message acknowledged |
25 |
Control Message with Low Bandwidth |
Simulate low bandwidth |
Message acknowledged |
26 |
Control Message with Fragmentation |
Send large control message |
Reassembled and acknowledged |
27 |
Control Message with Keepalive |
Send periodic control messages |
Tunnel maintained |
28 |
Control Message with Session Setup |
Use control messages to establish session |
Session created |
29 |
Control Message with Session Teardown |
Use control messages to close session |
Session closed |
30 |
Control Message with Tunnel Setup |
Use control messages to establish tunnel |
Tunnel created |
31 |
Control Message with Tunnel Teardown |
Use control messages to close tunnel |
Tunnel closed |
32 |
Control Message with Vendor AVPs |
Include vendor-specific AVPs |
Message accepted if supported |
33 |
Control Message with Invalid Tunnel ID |
Use invalid tunnel ID |
Message rejected |
34 |
Control Message with Invalid Session ID |
Use invalid session ID |
Message rejected |
35 |
Control Message with Zero Window |
Simulate zero receive window |
Message delayed |
36 |
Control Message with Window Scaling |
Use large receive window |
Multiple messages accepted |
37 |
Control Message with Retransmit Limit |
Exceed retransmission limit |
Session/tunnel closed |
38 |
Control Message with ACK Delay |
Delay ACK intentionally |
Retransmission triggered |
39 |
Control Message with ACK Loss |
Drop ACK packet |
Retransmission triggered |
40 |
Control Message with Sequence Wrap |
Force sequence number wraparound |
Sequence resets correctly |
41 |
Control Message with Mixed Order |
Mix correct and incorrect order |
Correct ones processed |
42 |
Control Message with Logging Disabled |
Disable logging |
No logs generated |
43 |
Control Message with Wireshark |
Capture control messages |
Messages visible on UDP port 1701 |
44 |
Control Message with Session Retry |
Retry session setup after failure |
Session established |
45 |
Control Message with Tunnel Retry |
Retry tunnel setup after failure |
Tunnel established |
46 |
Control Message with Invalid Flags |
Use invalid flag bits |
Message rejected |
47 |
Control Message with Mixed AVPs |
Use valid and invalid AVPs |
Valid processed, invalid ignored |
48 |
Control Message with Encryption |
Encrypt control message manually |
Message unreadable without key |
49 |
Control Message with Compression |
Compress control message |
Message decompressed and processed |
50 |
Control Message with Protocol Negotiation |
Use control messages to negotiate features |
Features agreed upon |
Tunnel and Session IDs - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Tunnel ID Assignment |
Assign Tunnel ID during tunnel setup |
Unique Tunnel ID assigned |
2 |
Session ID Assignment |
Assign Session ID during session setup |
Unique Session ID assigned |
3 |
Tunnel ID Uniqueness |
Ensure Tunnel ID is unique per peer |
No ID conflict |
4 |
Session ID Uniqueness |
Ensure Session ID is unique within a tunnel |
No ID conflict |
5 |
Tunnel ID Collision |
Use duplicate Tunnel ID |
Tunnel rejected |
6 |
Session ID Collision |
Use duplicate Session ID |
Session rejected |
7 |
Tunnel ID Reuse |
Reuse Tunnel ID after teardown |
New tunnel established |
8 |
Session ID Reuse |
Reuse Session ID after teardown |
New session established |
9 |
Invalid Tunnel ID |
Use non-existent Tunnel ID |
Message dropped |
10 |
Invalid Session ID |
Use non-existent Session ID |
Message dropped |
11 |
Tunnel ID Wraparound |
Force Tunnel ID to wrap around max value |
New ID assigned correctly |
12 |
Session ID Wraparound |
Force Session ID to wrap around max value |
New ID assigned correctly |
13 |
Tunnel ID in Control Message |
Include Tunnel ID in control message |
Message routed correctly |
14 |
Session ID in Control Message |
Include Session ID in control message |
Message routed correctly |
15 |
Tunnel ID in Data Message |
Include Tunnel ID in data message |
Message routed correctly |
16 |
Session ID in Data Message |
Include Session ID in data message |
Message routed correctly |
17 |
Tunnel ID Logging |
Log Tunnel ID during setup |
ID visible in logs |
18 |
Session ID Logging |
Log Session ID during setup |
ID visible in logs |
19 |
Tunnel ID Debugging |
Enable debug mode |
Tunnel ID traceable |
20 |
Session ID Debugging |
Enable debug mode |
Session ID traceable |
21 |
Tunnel ID with NAT |
Use Tunnel ID behind NAT |
Tunnel established |
22 |
Session ID with NAT |
Use Session ID behind NAT |
Session established |
23 |
Tunnel ID with IPv4 |
Use IPv4 transport |
Tunnel ID handled correctly |
24 |
Session ID with IPv6 |
Use IPv6 transport |
Session ID handled correctly |
25 |
Tunnel ID with Multiple Peers |
Assign Tunnel IDs to multiple peers |
All IDs unique |
26 |
Session ID with Multiple Sessions |
Assign Session IDs to multiple sessions |
All IDs unique |
27 |
Tunnel ID with Vendor Interop |
Use Tunnel ID with different vendor |
Tunnel established |
28 |
Session ID with Vendor Interop |
Use Session ID with different vendor |
Session established |
29 |
Tunnel ID with Replay Attack |
Replay message with old Tunnel ID |
Message dropped |
30 |
Session ID with Replay Attack |
Replay message with old Session ID |
Message dropped |
31 |
Tunnel ID with Invalid Format |
Use malformed Tunnel ID |
Message rejected |
32 |
Session ID with Invalid Format |
Use malformed Session ID |
Message rejected |
33 |
Tunnel ID with Zero Value |
Use Tunnel ID = 0 |
Message rejected |
34 |
Session ID with Zero Value |
Use Session ID = 0 |
Message rejected |
35 |
Tunnel ID with Max Value |
Use maximum allowed Tunnel ID |
Message accepted |
36 |
Session ID with Max Value |
Use maximum allowed Session ID |
Message accepted |
37 |
Tunnel ID with Control Flooding |
Flood control messages with same Tunnel ID |
Throttling or drop |
38 |
Session ID with Data Flooding |
Flood data messages with same Session ID |
Throttling or drop |
39 |
Tunnel ID with Session Teardown |
Use Tunnel ID to tear down session |
Session closed |
40 |
Session ID with Tunnel Teardown |
Use Session ID to tear down tunnel |
Tunnel closed |
41 |
Tunnel ID with Logging Disabled |
Disable logging |
Tunnel ID not logged |
42 |
Session ID with Logging Disabled |
Disable logging |
Session ID not logged |
43 |
Tunnel ID with Session Multiplexing |
Use one Tunnel ID for multiple sessions |
All sessions routed correctly |
44 |
Session ID with Tunnel Multiplexing |
Use one Session ID across tunnels |
Session rejected |
45 |
Tunnel ID with Control Message Loss |
Drop control message with Tunnel ID |
Retransmission triggered |
46 |
Session ID with Data Message Loss |
Drop data message with Session ID |
Retransmission triggered |
47 |
Tunnel ID with Invalid AVP |
Use invalid Tunnel ID in AVP |
Message rejected |
48 |
Session ID with Invalid AVP |
Use invalid Session ID in AVP |
Message rejected |
49 |
Tunnel ID with Session Migration |
Migrate session to new tunnel |
Session re-established |
50 |
Session ID with Tunnel Migration |
Migrate tunnel with active sessions |
Sessions re-established |
Extensibility (L2TPv3) - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
L2TPv3 Basic Tunnel Setup |
Establish a basic L2TPv3 tunnel |
Tunnel established |
2 |
L2TPv3 Session Setup |
Establish a session over L2TPv3 |
Session established |
3 |
AVP Extension Support |
Add custom AVP to control message |
AVP accepted if format valid |
4 |
Unknown AVP Handling |
Send unknown AVP |
Ignored if not mandatory |
5 |
Vendor-Specific AVP |
Use vendor-specific AVP |
Processed if supported |
6 |
AVP Length Extension |
Use extended-length AVP |
AVP parsed correctly |
7 |
AVP Hidden Bit Support |
Use hidden AVP |
Decrypted and processed |
8 |
New Control Message Type |
Define and send new control message type |
Ignored or processed if supported |
9 |
New Session Type Registration |
Register new session type |
Session type accepted |
10 |
Ethernet Pseudowire Support |
Use Ethernet pseudowire session type |
Frames transmitted |
11 |
VLAN Pseudowire Support |
Use VLAN pseudowire session type |
VLAN tags preserved |
12 |
HDLC Pseudowire Support |
Use HDLC pseudowire session type |
Frames transmitted |
13 |
Frame Relay Pseudowire Support |
Use Frame Relay pseudowire session type |
Frames transmitted |
14 |
ATM Pseudowire Support |
Use ATM pseudowire session type |
Cells transmitted |
15 |
PPP Pseudowire Support |
Use PPP pseudowire session type |
Frames transmitted |
16 |
IP Pseudowire Support |
Use IP pseudowire session type |
IP packets transmitted |
17 |
GRE Encapsulation Support |
Encapsulate L2TPv3 in GRE |
Tunnel established |
18 |
MPLS Encapsulation Support |
Encapsulate L2TPv3 in MPLS |
Tunnel established |
19 |
L2TPv3 over IPv6 |
Use IPv6 transport |
Tunnel established |
20 |
L2TPv3 over IPv4 |
Use IPv4 transport |
Tunnel established |
21 |
Control Message Extension |
Add new fields to control message |
Message parsed correctly |
22 |
Session Message Extension |
Add new fields to session message |
Message parsed correctly |
23 |
AVP Padding Extension |
Add padding to AVP |
Padding ignored |
24 |
AVP Order Flexibility |
Change AVP order |
Message accepted |
25 |
AVP with Optional Fields |
Add optional fields to AVP |
Message accepted |
26 |
AVP with Mandatory Fields |
Add mandatory fields to AVP |
Message rejected if missing |
27 |
AVP with Invalid Format |
Send malformed AVP |
Message rejected |
28 |
AVP with Max Length |
Use maximum allowed AVP length |
Message accepted |
29 |
AVP with Zero Length |
Use zero-length AVP |
Message accepted or rejected |
30 |
AVP with Invalid Vendor ID |
Use invalid vendor ID |
AVP ignored |
31 |
AVP with Reserved Bits |
Use reserved bits in AVP |
Message rejected |
32 |
AVP with Experimental Flags |
Use experimental flags |
Message accepted if supported |
33 |
AVP with Encryption Extension |
Add encryption-related AVP |
AVP parsed if supported |
34 |
AVP with Compression Extension |
Add compression-related AVP |
AVP parsed if supported |
35 |
AVP with QoS Extension |
Add QoS-related AVP |
AVP parsed if supported |
36 |
AVP with Traffic Engineering |
Add TE-related AVP |
AVP parsed if supported |
37 |
AVP with Multicast Extension |
Add multicast-related AVP |
AVP parsed if supported |
38 |
AVP with Security Extension |
Add security-related AVP |
AVP parsed if supported |
39 |
AVP with Mobility Extension |
Add mobility-related AVP |
AVP parsed if supported |
40 |
AVP with Time Synchronization |
Add time sync-related AVP |
AVP parsed if supported |
41 |
AVP with Monitoring Extension |
Add monitoring-related AVP |
AVP parsed if supported |
42 |
AVP with Logging Extension |
Add logging-related AVP |
AVP parsed if supported |
43 |
AVP with Debugging Extension |
Add debugging-related AVP |
AVP parsed if supported |
44 |
AVP with Tunnel Management |
Add tunnel management AVP |
Tunnel managed accordingly |
45 |
AVP with Session Management |
Add session management AVP |
Session managed accordingly |
46 |
AVP with Load Balancing |
Add load balancing AVP |
AVP parsed if supported |
47 |
AVP with Redundancy Extension |
Add redundancy-related AVP |
AVP parsed if supported |
48 |
AVP with Custom Extension |
Add custom-defined AVP |
AVP accepted if format valid |
49 |
AVP with Interoperability Test |
Test AVP with different vendor |
AVP accepted if compliant |
50 |
AVP with Backward Compatibility |
Use L2TPv3 AVP with L2TPv2 peer |
AVP ignored or rejected |
Reference links