L2TP - Layer 2 Tunneling Protocol
What is L2TP?
L2TP (Layer 2 Tunneling Protocol) is a tunneling protocol that encapsulates Layer 2 frames for transmission over IP networks. When used outside of VPN, L2TP provides tunneling functionality without encryption, often for transporting non-IP traffic or enabling ISP services. Think of it as a virtual tunnel that carries data link layer frames across IP networks.
Why is L2TP important outside VPN?
Protocol Flexibility: Can tunnel non-IP protocols like PPP.
Service Delivery: Used by ISPs to deliver broadband services.
Separation of Tunneling and Security: Allows modular design—encryption can be added separately (e.g., IPsec).
Lightweight: Minimal overhead when encryption is not required.
How L2TP works (in simple steps):
A tunnel is established between two L2TP endpoints (e.g., client and LNS).
Layer 2 frames (e.g., PPP) are encapsulated into L2TP packets.
These packets are transmitted over an IP network.
The receiving endpoint decapsulates the frames.
The original Layer 2 data is delivered to the destination.
Where is L2TP used (outside VPN)?
ISP Broadband Services: For DSL or fiber access aggregation.
PPP Tunneling: To carry PPP sessions over IP networks.
Remote Access Aggregation: Centralizing access from multiple dial-in servers.
Non-IP Traffic Transport: Useful in legacy systems or hybrid networks.
MPLS and Carrier Networks: As part of Layer 2 VPN services.
Which OSI Layer does this protocol belong to?
L2TP operates at Layer 2 of the OSI model.
It encapsulates data link layer frames, not just IP packets.
This allows it to tunnel non-IP protocols and maintain link-layer characteristics.
Topics in this section,
In this section, you are going to learn
Terminology
Version Info
L2TP Version |
RFC |
Year |
Core Idea / Contribution |
|---|---|---|---|
L2TP v1 (Initial Draft) |
|||
RFC 2341 |
1998 |
Framework for L2TP tunneling over IP networks |
|
(superseded by RFC 2661). |
|||
L2TP v2 (Standardized) |
|||
RFC 2661 |
1999 |
Official specification of L2TP; supports tunneling of PPP over IP networks. |
|
L2TPv3 (Layer 2 Transport) |
|||
RFC 3931 |
2005 |
Enhanced version supporting transport of Layer 2 frames |
|
|
|||
L2TP MIB (Management Info Base) |
|||
RFC 3371 |
2002 |
Defines SNMP MIB for managing L2TP tunnels and sessions. |
|
L2TPv3 over IP |
|||
RFC 4349 |
2006 |
Specifies how to encapsulate L2TPv3 directly over IP |
|
|
|||
L2TP Extensions for PPP LCP Negotiation |
|||
RFC 3308 |
2002 |
Adds support for LCP negotiation over L2TP tunnels. |
|
Updated L2TPv2 Specification |
|||
RFC 9601 |
2024 |
Updates and clarifies RFC 2661 with modern practices |
|
and corrections. |
Setup
Setup
L2TP Control Message
S.No |
Protocol Packets |
Description |
Size(Bytes) |
|---|---|---|---|
1 |
L2TP Control Message |
Used for session establishment, maintenance, and teardown between LAC (L2TP Access Concentrator) and LNS (L2TP Network Server). |
1240+ |
Header |
Contains flags, version, length, tunnel/session IDs, and control message type. |
612 |
|
Flags and Version |
Indicates message type (control/data), presence of length, sequence numbers, etc. |
2 |
|
Length (optional) |
Total length of the message (if L bit is set). |
2 |
|
Tunnel ID |
Identifies the control connection. |
2 |
|
Session ID |
Identifies the session within the tunnel. |
2 |
|
Ns (optional) |
Sequence number for reliable delivery. |
2 |
|
Nr (optional) |
Acknowledgment number. |
2 |
|
AVPs (Attribute-Value Pairs) |
Carries control information like hostname, framing type, etc. |
Variable |
L2TP Data Message
S.No |
Protocol Packets |
Description |
Size(Bytes) |
|---|---|---|---|
2 |
L2TP Data Message |
Used to carry encapsulated PPP frames between endpoints |
640+ |
Header |
Similar to control message but without AVPs |
612 |
|
PPP Payload |
Encapsulated PPP frame (e.g., IP packet) |
Variable |
|
Tunnel ID |
Identifies the tunnel |
2 |
|
Session ID |
Identifies the session |
2 |
|
Payload |
Actual user data (e.g., IP packet). |
Variable |
S.no |
Use Case |
Description |
|---|---|---|
1 |
ISP Tunneling Services |
Used by ISPs to tunnel customer traffic over shared infrastructure. |
2 |
PPP Encapsulation |
Transports PPP frames over IP networks, supporting authentication and compression. |
3 |
Remote Access Aggregation |
Centralizes access from multiple dial-in servers to a single network point. |
4 |
Legacy Protocol Support |
Tunnels non-IP protocols over IP networks, useful in legacy systems. |
5 |
Network Virtualization |
Separates and tunnels traffic between virtual networks in data centers. |
6 |
Lightweight Tunneling |
Provides tunneling without encryption, reducing overhead. |
7 |
MPLS and Carrier Networks |
Used in service provider networks for Layer 2 VPN services. |
8 |
Broadband Access Delivery |
Supports DSL and fiber access aggregation for customer traffic. |
S.no |
Feature |
Description |
|---|---|---|
1 |
Tunneling |
Encapsulates Layer 2 frames (like PPP) for transmission over IP networks. |
2 |
Session Multiplexing |
Supports multiple sessions within a single tunnel, allowing efficient use of resources. |
3 |
Control and Data Separation |
Uses separate messages for control (setup, teardown) and data (payload transmission). |
4 |
Protocol Independence |
Can tunnel various Layer 2 protocols, not just IP, making it versatile for legacy systems. |
5 |
UDP-Based Transport |
Operates over UDP (port 1701), enabling NAT traversal and easier firewall handling. |
6 |
No Native Encryption |
L2TP itself does not provide encryption; security must be added externally (e.g., IPsec). |
7 |
AVP-Based Control Messages |
Uses Attribute-Value Pairs (AVPs) for flexible and extensible control signaling. |
8 |
Reliability for Control Messages |
Supports sequencing and acknowledgment for reliable delivery of control messages. |
9 |
Tunnel and Session IDs |
Identifies and manages multiple logical connections within a single physical tunnel. |
10 |
Extensibility (L2TPv3) |
L2TPv3 extends support to transport Ethernet, Frame Relay, and ATM over IP networks. |
Tunneling - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
L2TP Tunnel Initiation |
Start L2TP tunnel between two endpoints |
Tunnel established |
2 |
L2TP Control Message Exchange |
Exchange control messages |
ACKs received |
3 |
L2TP Data Message Transmission |
Send data messages through tunnel |
Data received correctly |
4 |
L2TP Tunnel Teardown |
Terminate tunnel |
Tunnel closed |
5 |
L2TP Session Establishment |
Establish session within tunnel |
Session created |
6 |
L2TP Session Termination |
Terminate session |
Session closed |
7 |
L2TP with IPv4 |
Use IPv4 for tunnel transport |
Tunnel works over IPv4 |
8 |
L2TP with IPv6 |
Use IPv6 for tunnel transport |
Tunnel works over IPv6 |
9 |
L2TP with Ethernet Frames |
Encapsulate Ethernet frames |
Frames transmitted successfully |
10 |
L2TP with PPP Frames |
Encapsulate PPP frames |
Frames transmitted successfully |
11 |
L2TP with VLAN Tags |
Send VLAN-tagged frames |
Tags preserved |
12 |
L2TP with Fragmented Packets |
Send large packets |
Packets reassembled |
13 |
L2TP with MTU Constraints |
Use small MTU |
Tunnel handles fragmentation |
14 |
L2TP with NAT |
Tunnel through NAT |
Tunnel established |
15 |
L2TP with Firewall |
Tunnel through firewall |
Tunnel established if ports allowed |
16 |
L2TP Port Availability |
Check UDP port 1701 |
Port open and listening |
17 |
L2TP Control Message Validation |
Validate control message format |
Message accepted |
18 |
L2TP Data Message Validation |
Validate data message format |
Message accepted |
19 |
L2TP with Multiple Sessions |
Establish multiple sessions |
All sessions active |
20 |
L2TP with Multiple Tunnels |
Establish multiple tunnels |
All tunnels active |
21 |
L2TP with Session ID Collision |
Use duplicate session ID |
Session rejected |
22 |
L2TP with Tunnel ID Collision |
Use duplicate tunnel ID |
Tunnel rejected |
23 |
L2TP with Keepalive |
Send periodic keepalive |
Tunnel maintained |
24 |
L2TP with Timeout |
Simulate timeout |
Tunnel closed |
25 |
L2TP with Packet Loss |
Drop packets intentionally |
Tunnel recovers |
26 |
L2TP with Reordered Packets |
Send packets out of order |
Packets reassembled correctly |
27 |
L2TP with Duplicate Packets |
Send duplicate packets |
Duplicates ignored |
28 |
L2TP with Invalid Header |
Send malformed header |
Packet dropped |
29 |
L2TP with Invalid Length |
Send incorrect length field |
Packet dropped |
30 |
L2TP with Invalid Session ID |
Use non-existent session ID |
Packet dropped |
31 |
L2TP with Invalid Tunnel ID |
Use non-existent tunnel ID |
Packet dropped |
32 |
L2TP with Logging Enabled |
Enable logging |
Tunnel activity logged |
33 |
L2TP with Debugging Enabled |
Enable debug mode |
Detailed logs available |
34 |
L2TP with Wireshark |
Capture L2TP packets |
Packets visible on UDP 1701 |
35 |
L2TP with TCP Transport |
Attempt L2TP over TCP |
Fails (UDP only) |
36 |
L2TP with Encryption Disabled |
Use L2TP without encryption |
Tunnel established |
37 |
L2TP with Compression Enabled |
Enable compression |
Data compressed |
38 |
L2TP with Authentication Disabled |
No authentication |
Tunnel established |
39 |
L2TP with Authentication Enabled |
Use CHAP/PAP |
Authentication successful |
40 |
L2TP with Dynamic IP |
Use dynamic IP on client |
Tunnel established |
41 |
L2TP with Static IP |
Use static IP on client |
Tunnel established |
42 |
L2TP with Mobile Client |
Use mobile device |
Tunnel established |
43 |
L2TP with Embedded Device |
Use embedded system |
Tunnel established |
44 |
L2TP with Virtual Machine |
Use VM with bridged/NAT mode |
Bridged: works; NAT: may fail |
45 |
L2TP with Docker Container |
Run L2TP in container |
Depends on network mode |
46 |
L2TP with Vendor Interop |
Test with different vendor implementations |
Tunnel established if compliant |
47 |
L2TP with High Latency |
Simulate high latency |
Tunnel stable |
48 |
L2TP with Low Bandwidth |
Simulate low bandwidth |
Tunnel stable |
49 |
L2TP with DoS Simulation |
Flood with L2TP packets |
Tunnel may drop or throttle |
50 |
L2TP with Session Recovery |
Recover session after failure |
Session re-established |
Session Multiplexing - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Single Tunnel, Single Session |
Establish one session over one tunnel |
Session established successfully |
2 |
Single Tunnel, Multiple Sessions |
Establish multiple sessions over one tunnel |
All sessions active |
3 |
Session ID Uniqueness |
Use unique session IDs |
Sessions created without conflict |
4 |
Session ID Collision |
Use duplicate session IDs |
Session rejected |
5 |
Session Teardown |
Terminate one session |
Only that session is closed |
6 |
Tunnel Teardown |
Terminate tunnel with multiple sessions |
All sessions closed |
7 |
Session Isolation |
Send data to one session |
Other sessions unaffected |
8 |
Session Reuse |
Reuse session ID after teardown |
New session established |
9 |
Session Timeout |
Let session idle beyond timeout |
Session closed |
10 |
Session Keepalive |
Send keepalive for session |
Session maintained |
11 |
Session with Different Protocols |
Use different protocols per session (e.g., PPP, Ethernet) |
All sessions function correctly |
12 |
Session with Fragmented Packets |
Send large packets in one session |
Packets reassembled |
13 |
Session with Packet Loss |
Drop packets in one session |
Other sessions unaffected |
14 |
Session with Reordered Packets |
Reorder packets in one session |
Session handles reordering |
15 |
Session with Duplicate Packets |
Send duplicate packets |
Duplicates ignored |
16 |
Session with Invalid ID |
Use non-existent session ID |
Packet dropped |
17 |
Session with Invalid Length |
Send incorrect length field |
Packet dropped |
18 |
Session with Invalid Header |
Send malformed session header |
Packet dropped |
19 |
Session Logging |
Enable logging |
Session activity logged |
20 |
Session Debugging |
Enable debug mode |
Detailed logs available |
21 |
Session with NAT |
Use sessions behind NAT |
Sessions established |
22 |
Session with Firewall |
Sessions through firewall |
Sessions established if ports open |
23 |
Session with IPv4 |
Use IPv4 transport |
Sessions function correctly |
24 |
Session with IPv6 |
Use IPv6 transport |
Sessions function correctly |
25 |
Session with VLAN Tags |
Send VLAN-tagged frames |
Tags preserved |
26 |
Session with Compression |
Enable compression |
Data compressed |
27 |
Session with Encryption Disabled |
No encryption used |
Sessions established |
28 |
Session with Authentication |
Use CHAP/PAP per session |
Sessions authenticated |
29 |
Session with High Latency |
Simulate high latency |
Sessions remain stable |
30 |
Session with Low Bandwidth |
Simulate low bandwidth |
Sessions remain stable |
31 |
Session with DoS Simulation |
Flood one session |
Other sessions unaffected |
32 |
Session with Dynamic IP |
Change client IP mid-session |
Session may drop or recover |
33 |
Session with Static IP |
Use static IP |
Session stable |
34 |
Session with Mobile Client |
Use mobile device |
Session established |
35 |
Session with Embedded Device |
Use embedded system |
Session established |
36 |
Session with Virtual Machine |
Use VM with bridged/NAT mode |
Bridged: works; NAT: may fail |
37 |
Session with Docker Container |
Run session in container |
Depends on network mode |
38 |
Session with Vendor Interop |
Test with different vendor implementations |
Sessions established if compliant |
39 |
Session with Re-keying |
Re-key session encryption |
Session continues securely |
40 |
Session with MTU Constraints |
Use small MTU |
Session handles fragmentation |
41 |
Session with Replay Packets |
Replay session packets |
Packets dropped |
42 |
Session with Sequence Gaps |
Skip sequence numbers |
Session handles gaps |
43 |
Session with Sequence Wraparound |
Force sequence number wrap |
Session continues |
44 |
Session with Control Message Loss |
Drop control messages |
Session retries or fails |
45 |
Session with Control Message Delay |
Delay control messages |
Session established with delay |
46 |
Session with Mixed Traffic Types |
Send mixed traffic (ICMP, TCP, UDP) |
All traffic types handled |
47 |
Session with QoS Tags |
Apply QoS tags to sessions |
Tags preserved |
48 |
Session with Load Balancing |
Distribute sessions across tunnels |
Sessions balanced |
49 |
Session with Tunnel Migration |
Move sessions to new tunnel |
Sessions re-established |
50 |
Session with Resource Limits |
Exceed session limits |
New sessions rejected |
Control and Data Separation - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Control Channel Initialization |
Establish control channel |
Control channel established |
2 |
Data Channel Initialization |
Establish data channel after control |
Data channel established |
3 |
Control Message Exchange |
Exchange control messages |
ACKs received |
4 |
Data Message Transmission |
Send data through data channel |
Data received correctly |
5 |
Control Channel Teardown |
Close control channel |
Tunnel and sessions terminated |
6 |
Data Channel Teardown |
Close data channel only |
Data stops, control remains |
7 |
Control and Data Port Separation |
Use different ports for control and data |
Channels operate independently |
8 |
Control Channel Timeout |
Simulate control channel timeout |
Tunnel closed |
9 |
Data Channel Timeout |
Simulate data channel timeout |
Data flow stops |
10 |
Control Channel Keepalive |
Send keepalive on control channel |
Tunnel maintained |
11 |
Data Channel Keepalive |
Send keepalive on data channel |
Data session maintained |
12 |
Control Channel Packet Loss |
Drop control packets |
Retransmission occurs |
13 |
Data Channel Packet Loss |
Drop data packets |
Data retransmitted or lost |
14 |
Control Channel Reordering |
Reorder control packets |
Messages processed correctly |
15 |
Data Channel Reordering |
Reorder data packets |
Data reassembled correctly |
16 |
Control Channel Duplication |
Duplicate control packets |
Duplicates ignored |
17 |
Data Channel Duplication |
Duplicate data packets |
Duplicates ignored |
18 |
Control Channel Corruption |
Corrupt control message |
Message rejected |
19 |
Data Channel Corruption |
Corrupt data message |
Packet dropped |
20 |
Control Channel Logging |
Enable logging |
Control messages logged |
21 |
Data Channel Logging |
Enable logging |
Data flow logged |
22 |
Control Channel Debugging |
Enable debug mode |
Detailed control logs |
23 |
Data Channel Debugging |
Enable debug mode |
Detailed data logs |
24 |
Control Channel with NAT |
Use control channel behind NAT |
Channel established |
25 |
Data Channel with NAT |
Use data channel behind NAT |
Channel established |
26 |
Control Channel with Firewall |
Control through firewall |
Allowed if port open |
27 |
Data Channel with Firewall |
Data through firewall |
Allowed if port open |
28 |
Control Channel with IPv4 |
Use IPv4 for control |
Channel established |
29 |
Data Channel with IPv4 |
Use IPv4 for data |
Channel established |
30 |
Control Channel with IPv6 |
Use IPv6 for control |
Channel established |
31 |
Data Channel with IPv6 |
Use IPv6 for data |
Channel established |
32 |
Control Channel with Encryption |
Encrypt control messages |
Messages secured |
33 |
Data Channel with Encryption |
Encrypt data messages |
Data secured |
34 |
Control Channel with Compression |
Compress control messages |
Messages compressed |
35 |
Data Channel with Compression |
Compress data messages |
Data compressed |
36 |
Control Channel Flooding |
Flood control channel |
Throttling or drop |
37 |
Data Channel Flooding |
Flood data channel |
Throttling or drop |
38 |
Control Channel Authentication |
Authenticate control messages |
Authenticated successfully |
39 |
Data Channel Authentication |
Authenticate data messages |
Authenticated successfully |
40 |
Control Channel Replay Attack |
Replay control messages |
Messages rejected |
41 |
Data Channel Replay Attack |
Replay data messages |
Packets dropped |
42 |
Control Channel with Invalid ID |
Use invalid tunnel/session ID |
Message dropped |
43 |
Data Channel with Invalid ID |
Use invalid session ID |
Packet dropped |
44 |
Control Channel with Vendor Interop |
Test control with different vendor |
Channel established |
45 |
Data Channel with Vendor Interop |
Test data with different vendor |
Channel established |
46 |
Control Channel with High Latency |
Simulate high latency |
Channel stable |
47 |
Data Channel with High Latency |
Simulate high latency |
Channel stable |
48 |
Control Channel with Packet Sniffing |
Capture control packets |
Control messages visible |
49 |
Data Channel with Packet Sniffing |
Capture data packets |
Data visible |
50 |
Control/Data Channel Sync Test |
Monitor sync between control and data |
Channels remain in sync |
Protocol Independence - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
L2TP over IPv4 |
Use IPv4 as transport protocol |
Tunnel established |
2 |
L2TP over IPv6 |
Use IPv6 as transport protocol |
Tunnel established |
3 |
L2TP over UDP |
Use UDP as transport protocol |
Tunnel established |
4 |
L2TP over Ethernet |
Use Ethernet as transport |
Tunnel established |
5 |
L2TP over MPLS |
Use MPLS as transport |
Tunnel established |
6 |
L2TP over Frame Relay |
Use Frame Relay as transport |
Tunnel established |
7 |
L2TP over ATM |
Use ATM as transport |
Tunnel established |
8 |
L2TP over GRE |
Encapsulate L2TP in GRE |
Tunnel established |
9 |
L2TP over IPsec Transport Mode |
Use IPsec transport mode (without VPN) |
Tunnel established |
10 |
L2TP over Soft GRE Tunnel |
Use software-based GRE tunnel |
Tunnel established |
11 |
L2TP over VXLAN |
Encapsulate L2TP in VXLAN |
Tunnel established |
12 |
L2TP over GTP |
Use GTP as transport (e.g., mobile networks) |
Tunnel established |
13 |
L2TP over PPP |
Use PPP as transport |
Tunnel established |
14 |
L2TP over L2TP |
Nest L2TP inside another L2TP |
Inner tunnel established |
15 |
L2TP over SCTP |
Use SCTP as transport |
Tunnel established |
16 |
L2TP with PPP Payload |
Carry PPP frames |
Frames transmitted successfully |
17 |
L2TP with Ethernet Payload |
Carry Ethernet frames |
Frames transmitted successfully |
18 |
L2TP with IP Payload |
Carry IP packets |
Packets transmitted successfully |
19 |
L2TP with VLAN Payload |
Carry VLAN-tagged frames |
Tags preserved |
20 |
L2TP with MPLS Payload |
Carry MPLS frames |
Frames transmitted successfully |
21 |
L2TP with IPv6 Payload |
Carry IPv6 packets |
Packets transmitted successfully |
22 |
L2TP with IPv4 Payload |
Carry IPv4 packets |
Packets transmitted successfully |
23 |
L2TP with Mixed Payload Types |
Carry mixed payloads (PPP, Ethernet, IP) |
All payloads transmitted correctly |
24 |
L2TP with Fragmented Payload |
Send large payloads |
Reassembled correctly |
25 |
L2TP with Compressed Payload |
Compress payload before sending |
Decompressed correctly |
26 |
L2TP with Encrypted Payload |
Encrypt payload before sending |
Decrypted correctly |
27 |
L2TP with Tagged Payload |
Use tagged frames (e.g., VLAN) |
Tags preserved |
28 |
L2TP with Jumbo Frames |
Send jumbo Ethernet frames |
Frames transmitted successfully |
29 |
L2TP with Control/Data Separation |
Separate control and data over different protocols |
Channels operate independently |
30 |
L2TP with NAT Traversal |
Use NAT-T with protocol independence |
Tunnel established |
31 |
L2TP with Firewall Traversal |
Use protocol-independent transport through firewall |
Tunnel established |
32 |
L2TP with IPv4/IPv6 Dual Stack |
Use dual stack for transport |
Tunnel established on both |
33 |
L2TP with Protocol Negotiation |
Negotiate transport protocol dynamically |
Compatible protocol selected |
34 |
L2TP with Protocol Fallback |
Fallback to alternate protocol if primary fails |
Tunnel re-established |
35 |
L2TP with Protocol Mismatch |
Use mismatched protocols |
Tunnel fails |
36 |
L2TP with Protocol Logging |
Log transport and payload protocols |
Logs show correct protocols |
37 |
L2TP with Protocol Debugging |
Enable debug mode |
Protocol details visible |
38 |
L2TP with Vendor Interoperability |
Test with different vendor stacks |
Tunnel established if compliant |
39 |
L2TP with High Latency Protocol |
Use high-latency transport (e.g., satellite) |
Tunnel stable |
40 |
L2TP with Low Bandwidth Protocol |
Use low-bandwidth transport |
Tunnel stable |
41 |
L2TP with Packet Loss |
Simulate packet loss |
Tunnel recovers |
42 |
L2TP with Protocol Switching |
Switch transport protocol mid-session |
Tunnel re-established |
43 |
L2TP with Protocol Multiplexing |
Use multiple protocols simultaneously |
All tunnels operate |
44 |
L2TP with Protocol Encapsulation |
Encapsulate L2TP in another protocol |
Tunnel established |
45 |
L2TP with Protocol Filtering |
Filter specific protocols |
Tunnel fails if blocked |
46 |
L2TP with Protocol Prioritization |
Prioritize certain protocols |
Preferred protocol used |
47 |
L2TP with Protocol Monitoring |
Monitor protocol usage |
Protocol stats visible |
48 |
L2TP with Protocol Spoofing |
Spoof transport protocol headers |
Tunnel rejected |
49 |
L2TP with Protocol Replay |
Replay protocol-level packets |
Packets dropped |
50 |
L2TP with Protocol Negotiation Fail |
Force negotiation failure |
Tunnel not established |
UDP-Based Transport - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
UDP Port Availability |
Check if UDP port 1701 is open |
Port is listening |
2 |
Basic UDP Tunnel Establishment |
Establish L2TP tunnel over UDP |
Tunnel established |
3 |
UDP Packet Transmission |
Send L2TP packets over UDP |
Packets received correctly |
4 |
UDP Packet Loss |
Drop UDP packets intentionally |
Tunnel remains stable or recovers |
5 |
UDP Packet Reordering |
Reorder UDP packets |
Tunnel reassembles correctly |
6 |
UDP Packet Duplication |
Duplicate UDP packets |
Duplicates ignored |
7 |
UDP Packet Corruption |
Corrupt UDP packet payload |
Packet dropped |
8 |
UDP NAT Traversal |
Use L2TP over UDP behind NAT |
Tunnel established |
9 |
UDP Firewall Traversal |
Use L2TP over UDP through firewall |
Tunnel established if port allowed |
10 |
UDP with IPv4 |
Use IPv4 as transport for UDP |
Tunnel established |
11 |
UDP with IPv6 |
Use IPv6 as transport for UDP |
Tunnel established |
12 |
UDP with Fragmentation |
Send large UDP packets |
Packets reassembled |
13 |
UDP with MTU Constraints |
Use small MTU |
Tunnel handles fragmentation |
14 |
UDP with High Latency |
Simulate high latency |
Tunnel remains stable |
15 |
UDP with Low Bandwidth |
Simulate low bandwidth |
Tunnel remains stable |
16 |
UDP with Jitter |
Introduce jitter in packet timing |
Tunnel remains stable |
17 |
UDP with Keepalive |
Send keepalive packets |
Tunnel maintained |
18 |
UDP with Timeout |
Simulate timeout |
Tunnel closed or re-established |
19 |
UDP with Control/Data Separation |
Use separate UDP streams for control and data |
Channels operate independently |
20 |
UDP with Logging Enabled |
Enable logging |
UDP activity logged |
21 |
UDP with Debugging Enabled |
Enable debug mode |
Detailed logs available |
22 |
UDP with Packet Sniffing |
Capture UDP packets |
L2TP packets visible on port 1701 |
23 |
UDP with NAT Keepalive |
Send NAT keepalive packets |
NAT binding maintained |
24 |
UDP with Port Mapping |
NAT remaps UDP port |
Tunnel still established |
25 |
UDP with Port Blocking |
Block UDP port 1701 |
Tunnel fails |
26 |
UDP with Port Forwarding |
Forward UDP port to internal host |
Tunnel established |
27 |
UDP with Dynamic IP |
Change IP during session |
Tunnel may drop or recover |
28 |
UDP with Static IP |
Use static IP |
Tunnel stable |
29 |
UDP with Mobile Client |
Use mobile device |
Tunnel established |
30 |
UDP with Embedded Device |
Use embedded system |
Tunnel established |
31 |
UDP with Virtual Machine |
Use VM with bridged/NAT mode |
Bridged: works; NAT: may need NAT-T |
32 |
UDP with Docker Container |
Run L2TP over UDP in container |
Depends on network mode |
33 |
UDP with Vendor Interop |
Test with different vendor stacks |
Tunnel established if compliant |
34 |
UDP with Replay Attack |
Replay UDP packets |
Packets dropped |
35 |
UDP with DoS Simulation |
Flood UDP port |
Tunnel may throttle or drop |
36 |
UDP with Encryption |
Encrypt L2TP payload |
Data secured |
37 |
UDP with Compression |
Compress L2TP payload |
Data compressed |
38 |
UDP with Authentication |
Authenticate L2TP messages |
Authenticated successfully |
39 |
UDP with Invalid Header |
Send malformed UDP header |
Packet dropped |
40 |
UDP with Invalid Length |
Send incorrect length field |
Packet dropped |
41 |
UDP with Invalid Checksum |
Send packet with bad checksum |
Packet dropped |
42 |
UDP with VLAN Tags |
Send VLAN-tagged packets |
Tags preserved |
43 |
UDP with QoS Marking |
Apply QoS tags to UDP packets |
Tags preserved |
44 |
UDP with IPv4/IPv6 Dual Stack |
Use dual stack for transport |
Tunnel established on both |
45 |
UDP with Protocol Switching |
Switch from UDP to another protocol mid-session |
Tunnel re-established or fails |
46 |
UDP with Protocol Negotiation |
Negotiate UDP as transport |
UDP selected |
47 |
UDP with Protocol Fallback |
Fallback to UDP if primary fails |
Tunnel re-established |
48 |
UDP with Mixed Traffic |
Send mixed traffic types over UDP |
All traffic handled |
49 |
UDP with Session Multiplexing |
Use multiple sessions over single UDP tunnel |
All sessions active |
50 |
UDP with Control Message Loss |
Drop control messages over UDP |
Retransmission occurs |
No Native Encryption - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Basic Tunnel Without Encryption |
Establish L2TP tunnel without encryption |
Tunnel established |
2 |
Data Transmission in Plaintext |
Send data through unencrypted tunnel |
Data visible in transit |
3 |
Packet Sniffing |
Capture L2TP packets on network |
Payload readable |
4 |
Control Message Visibility |
Inspect control messages |
Headers and content visible |
5 |
Data Message Visibility |
Inspect data messages |
Payload visible |
6 |
No IPsec Layer |
Confirm absence of IPsec |
No encryption or authentication applied |
7 |
Compatibility with Legacy Devices |
Connect to legacy L2TP device |
Tunnel established |
8 |
Performance Benchmark |
Measure performance without encryption |
Higher throughput |
9 |
CPU Usage Comparison |
Compare CPU usage with/without encryption |
Lower CPU usage |
10 |
Latency Measurement |
Measure latency without encryption |
Lower latency |
11 |
MTU Overhead Check |
Check MTU without encryption overhead |
Larger payloads supported |
12 |
Fragmentation Behavior |
Send large packets |
Packets reassembled |
13 |
NAT Traversal Without Encryption |
Use L2TP behind NAT without IPsec |
Tunnel established |
14 |
Firewall Traversal Without IPsec |
Pass through firewall without IPsec |
Tunnel established if port open |
15 |
Replay Attack Simulation |
Replay captured packets |
Packets accepted |
16 |
Packet Tampering Test |
Modify packet in transit |
Packet accepted |
17 |
No Authentication Test |
Establish tunnel without auth |
Tunnel established |
18 |
Session Hijacking Attempt |
Attempt to hijack session |
Possible if not protected |
19 |
Man-in-the-Middle Simulation |
Intercept and modify traffic |
Traffic altered |
20 |
Logging Without Encryption |
Enable logging |
Full payload visible in logs |
21 |
Debugging Without Encryption |
Enable debug mode |
Full protocol details visible |
22 |
Wireshark Analysis |
Analyze traffic with Wireshark |
Full packet content visible |
23 |
Protocol Compliance Check |
Validate against L2TP RFC |
Compliant without encryption |
24 |
Vendor Interoperability |
Test with different vendor stacks |
Tunnel established |
25 |
IPv4 Transport Without Encryption |
Use IPv4 as transport |
Tunnel established |
26 |
IPv6 Transport Without Encryption |
Use IPv6 as transport |
Tunnel established |
27 |
VLAN Support Without Encryption |
Send VLAN-tagged frames |
Tags preserved |
28 |
Jumbo Frame Support |
Send large Ethernet frames |
Frames transmitted |
29 |
Compression Without Encryption |
Enable compression |
Data compressed |
30 |
Control/Data Separation |
Separate control and data channels |
Both operate without encryption |
31 |
Session Multiplexing |
Use multiple sessions |
All sessions unencrypted |
32 |
Protocol Independence |
Use various payload types |
All transmitted in clear |
33 |
UDP Transport Without Encryption |
Use UDP as transport |
Tunnel established |
34 |
Packet Loss Handling |
Drop packets |
Tunnel recovers |
35 |
Packet Reordering |
Reorder packets |
Tunnel reassembles |
36 |
Duplicate Packet Handling |
Send duplicate packets |
Duplicates ignored |
37 |
Invalid Packet Handling |
Send malformed packets |
Dropped or ignored |
38 |
Control Message Replay |
Replay control messages |
May be accepted |
39 |
Data Message Replay |
Replay data messages |
May be accepted |
40 |
No Encryption Policy Enforcement |
Enforce no-encryption policy |
Tunnel established only if policy matches |
41 |
Mixed Encryption Environment |
Connect to encrypted peer |
Tunnel fails |
42 |
Security Audit Logging |
Log all unencrypted traffic |
Full visibility |
43 |
Application Layer Encryption |
Use HTTPS or SSH over L2TP |
Data protected at higher layer |
44 |
DNS Leak Test |
Send DNS queries through tunnel |
Queries visible |
45 |
IP Leak Test |
Send IP packets through tunnel |
IP visible |
46 |
Authentication with PAP |
Use PAP without encryption |
Credentials visible |
47 |
Authentication with CHAP |
Use CHAP without encryption |
Challenge-response visible |
48 |
Session Timeout Without Encryption |
Let session idle |
Session closed |
49 |
Tunnel Teardown Without Encryption |
Terminate tunnel |
Tunnel closed |
50 |
Compliance with Security Policy |
Check against org security policy |
May fail due to lack of encryption |
AVP-Based Control Messages - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
AVP Message Format Validation |
Send control message with valid AVP format |
Message accepted |
2 |
AVP Mandatory Bit Set |
Send AVP with mandatory bit set |
Must be recognized or message rejected |
3 |
AVP Hidden Bit Set |
Send AVP with hidden bit set |
AVP encrypted or obfuscated |
4 |
AVP Vendor ID Check |
Use AVP with specific vendor ID |
Vendor-specific AVP processed |
5 |
AVP Attribute Type Validation |
Use known attribute type |
AVP processed correctly |
6 |
AVP Unknown Attribute Type |
Use unknown attribute type |
Ignored if not mandatory |
7 |
AVP Length Field Validation |
Send AVP with correct length field |
AVP accepted |
8 |
AVP Length Mismatch |
Send AVP with incorrect length |
Message rejected |
9 |
AVP Value Field Validation |
Use valid value for attribute |
AVP processed correctly |
10 |
AVP Value Field Corruption |
Corrupt value field |
AVP rejected or ignored |
11 |
AVP Order Flexibility |
Change AVP order in message |
Message still accepted |
12 |
AVP Padding Handling |
Add padding to AVP |
Padding ignored |
13 |
AVP with Tunnel ID |
Include Tunnel ID AVP |
Tunnel identified |
14 |
AVP with Session ID |
Include Session ID AVP |
Session identified |
15 |
AVP with Hostname |
Include Hostname AVP |
Hostname logged |
16 |
AVP with Assigned Tunnel ID |
Include Assigned Tunnel ID AVP |
Tunnel ID assigned |
17 |
AVP with Assigned Session ID |
Include Assigned Session ID AVP |
Session ID assigned |
18 |
AVP with Challenge |
Include Challenge AVP |
Challenge processed |
19 |
AVP with Response |
Include Response AVP |
Response validated |
20 |
AVP with Result Code |
Include Result Code AVP |
Result interpreted |
21 |
AVP with Error Code |
Include Error Code AVP |
Error logged |
22 |
AVP with Protocol Version |
Include Protocol Version AVP |
Version negotiated |
23 |
AVP with Framing Capabilities |
Include Framing Capabilities AVP |
Capabilities negotiated |
24 |
AVP with Bearer Capabilities |
Include Bearer Capabilities AVP |
Capabilities negotiated |
25 |
AVP with Firmware Revision |
Include Firmware Revision AVP |
Info logged |
26 |
AVP with Hostname Mismatch |
Use mismatched hostname |
Tunnel may be rejected |
27 |
AVP with Invalid Tunnel ID |
Use invalid Tunnel ID |
Message rejected |
28 |
AVP with Invalid Session ID |
Use invalid Session ID |
Message rejected |
29 |
AVP with Duplicate Attributes |
Send duplicate AVPs |
Last one may override or error raised |
30 |
AVP with Missing Mandatory Field |
Omit mandatory AVP |
Message rejected |
31 |
AVP with Optional Field Omitted |
Omit optional AVP |
Message accepted |
32 |
AVP with Zero-Length Value |
Use AVP with zero-length value |
May be accepted or rejected |
33 |
AVP with Max-Length Value |
Use AVP with maximum allowed length |
Message accepted |
34 |
AVP with Invalid Vendor ID |
Use invalid vendor ID |
AVP ignored |
35 |
AVP with Encrypted Hidden AVP |
Use hidden AVP with encryption |
Decrypted and processed |
36 |
AVP with Control Message Retry |
Retry control message with AVPs |
AVPs reprocessed |
37 |
AVP with Control Message Timeout |
Simulate timeout |
AVPs not processed |
38 |
AVP with Control Message Flood |
Flood with AVP messages |
Throttling or drop |
39 |
AVP with Logging Enabled |
Enable logging |
AVPs logged |
40 |
AVP with Debugging Enabled |
Enable debug mode |
AVP details visible |
41 |
AVP with Wireshark Analysis |
Capture AVP messages |
AVPs visible in packet capture |
42 |
AVP with Vendor Extension |
Use vendor-specific AVP |
Processed if supported |
43 |
AVP with Session Teardown |
Include AVP in session teardown |
Session closed |
44 |
AVP with Tunnel Teardown |
Include AVP in tunnel teardown |
Tunnel closed |
45 |
AVP with Session Establishment |
Include AVPs in session setup |
Session created |
46 |
AVP with Tunnel Establishment |
Include AVPs in tunnel setup |
Tunnel created |
47 |
AVP with Invalid AVP Flags |
Use invalid flag bits |
AVP rejected |
48 |
AVP with Mixed Mandatory/Optional |
Mix mandatory and optional AVPs |
Message processed accordingly |
49 |
AVP with Control/Data Separation |
Use AVPs only in control messages |
Data messages unaffected |
50 |
AVP with Protocol Negotiation |
Use AVPs to negotiate protocol features |
Features agreed upon |
Reliability for Control Messages - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Control Message Acknowledgment |
Send control message and wait for ACK |
ACK received |
2 |
Control Message Retransmission |
Drop ACK to trigger retransmission |
Message resent |
3 |
Control Message Timeout |
Simulate no response |
Retransmission or session timeout |
4 |
Control Message Sequence Numbering |
Check sequence number increment |
Numbers increase correctly |
5 |
Control Message Out-of-Order |
Send messages out of order |
Reordered or rejected |
6 |
Control Message Loss |
Drop control message |
Retransmission occurs |
7 |
Control Message Duplication |
Send duplicate control message |
Duplicate ignored |
8 |
Control Message Corruption |
Corrupt control message |
Message rejected |
9 |
Control Message with Invalid Length |
Send control message with wrong length |
Message rejected |
10 |
Control Message with Invalid Header |
Send malformed header |
Message rejected |
11 |
Control Message with Invalid AVP |
Include invalid AVP |
Message rejected or ignored |
12 |
Control Message with Missing AVP |
Omit mandatory AVP |
Message rejected |
13 |
Control Message with Optional AVP |
Omit optional AVP |
Message accepted |
14 |
Control Message Logging |
Enable logging |
Control messages logged |
15 |
Control Message Debugging |
Enable debug mode |
Detailed logs available |
16 |
Control Message Flooding |
Send rapid control messages |
Throttling or drop |
17 |
Control Message Replay |
Replay old control message |
Message rejected |
18 |
Control Message with NAT |
Send through NAT |
Message delivered and acknowledged |
19 |
Control Message with Firewall |
Send through firewall |
Message delivered if port open |
20 |
Control Message with IPv4 |
Use IPv4 transport |
Message delivered |
21 |
Control Message with IPv6 |
Use IPv6 transport |
Message delivered |
22 |
Control Message with UDP Loss |
Simulate UDP packet loss |
Retransmission occurs |
23 |
Control Message with High Latency |
Simulate high latency |
Message eventually acknowledged |
24 |
Control Message with Jitter |
Introduce jitter |
Message acknowledged |
25 |
Control Message with Low Bandwidth |
Simulate low bandwidth |
Message acknowledged |
26 |
Control Message with Fragmentation |
Send large control message |
Reassembled and acknowledged |
27 |
Control Message with Keepalive |
Send periodic control messages |
Tunnel maintained |
28 |
Control Message with Session Setup |
Use control messages to establish session |
Session created |
29 |
Control Message with Session Teardown |
Use control messages to close session |
Session closed |
30 |
Control Message with Tunnel Setup |
Use control messages to establish tunnel |
Tunnel created |
31 |
Control Message with Tunnel Teardown |
Use control messages to close tunnel |
Tunnel closed |
32 |
Control Message with Vendor AVPs |
Include vendor-specific AVPs |
Message accepted if supported |
33 |
Control Message with Invalid Tunnel ID |
Use invalid tunnel ID |
Message rejected |
34 |
Control Message with Invalid Session ID |
Use invalid session ID |
Message rejected |
35 |
Control Message with Zero Window |
Simulate zero receive window |
Message delayed |
36 |
Control Message with Window Scaling |
Use large receive window |
Multiple messages accepted |
37 |
Control Message with Retransmit Limit |
Exceed retransmission limit |
Session/tunnel closed |
38 |
Control Message with ACK Delay |
Delay ACK intentionally |
Retransmission triggered |
39 |
Control Message with ACK Loss |
Drop ACK packet |
Retransmission triggered |
40 |
Control Message with Sequence Wrap |
Force sequence number wraparound |
Sequence resets correctly |
41 |
Control Message with Mixed Order |
Mix correct and incorrect order |
Correct ones processed |
42 |
Control Message with Logging Disabled |
Disable logging |
No logs generated |
43 |
Control Message with Wireshark |
Capture control messages |
Messages visible on UDP port 1701 |
44 |
Control Message with Session Retry |
Retry session setup after failure |
Session established |
45 |
Control Message with Tunnel Retry |
Retry tunnel setup after failure |
Tunnel established |
46 |
Control Message with Invalid Flags |
Use invalid flag bits |
Message rejected |
47 |
Control Message with Mixed AVPs |
Use valid and invalid AVPs |
Valid processed, invalid ignored |
48 |
Control Message with Encryption |
Encrypt control message manually |
Message unreadable without key |
49 |
Control Message with Compression |
Compress control message |
Message decompressed and processed |
50 |
Control Message with Protocol Negotiation |
Use control messages to negotiate features |
Features agreed upon |
Tunnel and Session IDs - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Tunnel ID Assignment |
Assign Tunnel ID during tunnel setup |
Unique Tunnel ID assigned |
2 |
Session ID Assignment |
Assign Session ID during session setup |
Unique Session ID assigned |
3 |
Tunnel ID Uniqueness |
Ensure Tunnel ID is unique per peer |
No ID conflict |
4 |
Session ID Uniqueness |
Ensure Session ID is unique within a tunnel |
No ID conflict |
5 |
Tunnel ID Collision |
Use duplicate Tunnel ID |
Tunnel rejected |
6 |
Session ID Collision |
Use duplicate Session ID |
Session rejected |
7 |
Tunnel ID Reuse |
Reuse Tunnel ID after teardown |
New tunnel established |
8 |
Session ID Reuse |
Reuse Session ID after teardown |
New session established |
9 |
Invalid Tunnel ID |
Use non-existent Tunnel ID |
Message dropped |
10 |
Invalid Session ID |
Use non-existent Session ID |
Message dropped |
11 |
Tunnel ID Wraparound |
Force Tunnel ID to wrap around max value |
New ID assigned correctly |
12 |
Session ID Wraparound |
Force Session ID to wrap around max value |
New ID assigned correctly |
13 |
Tunnel ID in Control Message |
Include Tunnel ID in control message |
Message routed correctly |
14 |
Session ID in Control Message |
Include Session ID in control message |
Message routed correctly |
15 |
Tunnel ID in Data Message |
Include Tunnel ID in data message |
Message routed correctly |
16 |
Session ID in Data Message |
Include Session ID in data message |
Message routed correctly |
17 |
Tunnel ID Logging |
Log Tunnel ID during setup |
ID visible in logs |
18 |
Session ID Logging |
Log Session ID during setup |
ID visible in logs |
19 |
Tunnel ID Debugging |
Enable debug mode |
Tunnel ID traceable |
20 |
Session ID Debugging |
Enable debug mode |
Session ID traceable |
21 |
Tunnel ID with NAT |
Use Tunnel ID behind NAT |
Tunnel established |
22 |
Session ID with NAT |
Use Session ID behind NAT |
Session established |
23 |
Tunnel ID with IPv4 |
Use IPv4 transport |
Tunnel ID handled correctly |
24 |
Session ID with IPv6 |
Use IPv6 transport |
Session ID handled correctly |
25 |
Tunnel ID with Multiple Peers |
Assign Tunnel IDs to multiple peers |
All IDs unique |
26 |
Session ID with Multiple Sessions |
Assign Session IDs to multiple sessions |
All IDs unique |
27 |
Tunnel ID with Vendor Interop |
Use Tunnel ID with different vendor |
Tunnel established |
28 |
Session ID with Vendor Interop |
Use Session ID with different vendor |
Session established |
29 |
Tunnel ID with Replay Attack |
Replay message with old Tunnel ID |
Message dropped |
30 |
Session ID with Replay Attack |
Replay message with old Session ID |
Message dropped |
31 |
Tunnel ID with Invalid Format |
Use malformed Tunnel ID |
Message rejected |
32 |
Session ID with Invalid Format |
Use malformed Session ID |
Message rejected |
33 |
Tunnel ID with Zero Value |
Use Tunnel ID = 0 |
Message rejected |
34 |
Session ID with Zero Value |
Use Session ID = 0 |
Message rejected |
35 |
Tunnel ID with Max Value |
Use maximum allowed Tunnel ID |
Message accepted |
36 |
Session ID with Max Value |
Use maximum allowed Session ID |
Message accepted |
37 |
Tunnel ID with Control Flooding |
Flood control messages with same Tunnel ID |
Throttling or drop |
38 |
Session ID with Data Flooding |
Flood data messages with same Session ID |
Throttling or drop |
39 |
Tunnel ID with Session Teardown |
Use Tunnel ID to tear down session |
Session closed |
40 |
Session ID with Tunnel Teardown |
Use Session ID to tear down tunnel |
Tunnel closed |
41 |
Tunnel ID with Logging Disabled |
Disable logging |
Tunnel ID not logged |
42 |
Session ID with Logging Disabled |
Disable logging |
Session ID not logged |
43 |
Tunnel ID with Session Multiplexing |
Use one Tunnel ID for multiple sessions |
All sessions routed correctly |
44 |
Session ID with Tunnel Multiplexing |
Use one Session ID across tunnels |
Session rejected |
45 |
Tunnel ID with Control Message Loss |
Drop control message with Tunnel ID |
Retransmission triggered |
46 |
Session ID with Data Message Loss |
Drop data message with Session ID |
Retransmission triggered |
47 |
Tunnel ID with Invalid AVP |
Use invalid Tunnel ID in AVP |
Message rejected |
48 |
Session ID with Invalid AVP |
Use invalid Session ID in AVP |
Message rejected |
49 |
Tunnel ID with Session Migration |
Migrate session to new tunnel |
Session re-established |
50 |
Session ID with Tunnel Migration |
Migrate tunnel with active sessions |
Sessions re-established |
Extensibility (L2TPv3) - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
L2TPv3 Basic Tunnel Setup |
Establish a basic L2TPv3 tunnel |
Tunnel established |
2 |
L2TPv3 Session Setup |
Establish a session over L2TPv3 |
Session established |
3 |
AVP Extension Support |
Add custom AVP to control message |
AVP accepted if format valid |
4 |
Unknown AVP Handling |
Send unknown AVP |
Ignored if not mandatory |
5 |
Vendor-Specific AVP |
Use vendor-specific AVP |
Processed if supported |
6 |
AVP Length Extension |
Use extended-length AVP |
AVP parsed correctly |
7 |
AVP Hidden Bit Support |
Use hidden AVP |
Decrypted and processed |
8 |
New Control Message Type |
Define and send new control message type |
Ignored or processed if supported |
9 |
New Session Type Registration |
Register new session type |
Session type accepted |
10 |
Ethernet Pseudowire Support |
Use Ethernet pseudowire session type |
Frames transmitted |
11 |
VLAN Pseudowire Support |
Use VLAN pseudowire session type |
VLAN tags preserved |
12 |
HDLC Pseudowire Support |
Use HDLC pseudowire session type |
Frames transmitted |
13 |
Frame Relay Pseudowire Support |
Use Frame Relay pseudowire session type |
Frames transmitted |
14 |
ATM Pseudowire Support |
Use ATM pseudowire session type |
Cells transmitted |
15 |
PPP Pseudowire Support |
Use PPP pseudowire session type |
Frames transmitted |
16 |
IP Pseudowire Support |
Use IP pseudowire session type |
IP packets transmitted |
17 |
GRE Encapsulation Support |
Encapsulate L2TPv3 in GRE |
Tunnel established |
18 |
MPLS Encapsulation Support |
Encapsulate L2TPv3 in MPLS |
Tunnel established |
19 |
L2TPv3 over IPv6 |
Use IPv6 transport |
Tunnel established |
20 |
L2TPv3 over IPv4 |
Use IPv4 transport |
Tunnel established |
21 |
Control Message Extension |
Add new fields to control message |
Message parsed correctly |
22 |
Session Message Extension |
Add new fields to session message |
Message parsed correctly |
23 |
AVP Padding Extension |
Add padding to AVP |
Padding ignored |
24 |
AVP Order Flexibility |
Change AVP order |
Message accepted |
25 |
AVP with Optional Fields |
Add optional fields to AVP |
Message accepted |
26 |
AVP with Mandatory Fields |
Add mandatory fields to AVP |
Message rejected if missing |
27 |
AVP with Invalid Format |
Send malformed AVP |
Message rejected |
28 |
AVP with Max Length |
Use maximum allowed AVP length |
Message accepted |
29 |
AVP with Zero Length |
Use zero-length AVP |
Message accepted or rejected |
30 |
AVP with Invalid Vendor ID |
Use invalid vendor ID |
AVP ignored |
31 |
AVP with Reserved Bits |
Use reserved bits in AVP |
Message rejected |
32 |
AVP with Experimental Flags |
Use experimental flags |
Message accepted if supported |
33 |
AVP with Encryption Extension |
Add encryption-related AVP |
AVP parsed if supported |
34 |
AVP with Compression Extension |
Add compression-related AVP |
AVP parsed if supported |
35 |
AVP with QoS Extension |
Add QoS-related AVP |
AVP parsed if supported |
36 |
AVP with Traffic Engineering |
Add TE-related AVP |
AVP parsed if supported |
37 |
AVP with Multicast Extension |
Add multicast-related AVP |
AVP parsed if supported |
38 |
AVP with Security Extension |
Add security-related AVP |
AVP parsed if supported |
39 |
AVP with Mobility Extension |
Add mobility-related AVP |
AVP parsed if supported |
40 |
AVP with Time Synchronization |
Add time sync-related AVP |
AVP parsed if supported |
41 |
AVP with Monitoring Extension |
Add monitoring-related AVP |
AVP parsed if supported |
42 |
AVP with Logging Extension |
Add logging-related AVP |
AVP parsed if supported |
43 |
AVP with Debugging Extension |
Add debugging-related AVP |
AVP parsed if supported |
44 |
AVP with Tunnel Management |
Add tunnel management AVP |
Tunnel managed accordingly |
45 |
AVP with Session Management |
Add session management AVP |
Session managed accordingly |
46 |
AVP with Load Balancing |
Add load balancing AVP |
AVP parsed if supported |
47 |
AVP with Redundancy Extension |
Add redundancy-related AVP |
AVP parsed if supported |
48 |
AVP with Custom Extension |
Add custom-defined AVP |
AVP accepted if format valid |
49 |
AVP with Interoperability Test |
Test AVP with different vendor |
AVP accepted if compliant |
50 |
AVP with Backward Compatibility |
Use L2TPv3 AVP with L2TPv2 peer |
AVP ignored or rejected |
Reference links