Manual
Layer 2 Tunnel Protocol Version 3
digest
88
Cisco IOS Releases 12.0(29)S and 12.2(25)S
digest
To enable Layer 2 Tunneling Protocol Version 3 (L2TPv3) control channel authentication or integrity
checking, use the digest command in L2TP class configuration mode. To disable control channel
authentication or integrity checking, use the no form of this command.
digest [secret {0 | 7} password] [hash {md5 | sha}]
no digest
Syntax Description
Defaults L2TPv3 CC authentication and integrity checking are disabled by default.
The default input format of the shared secret is 0.
The default hash function is md5.
Command Modes L2TP class configuration
Command History
Usage Guidelines Two methods of control channel authentication are available in Cisco IOS Release 12.0(29)S. The
L2TPv3 Control Channel Hashing feature (enabled with the digest command) introduces a more robust
authentication method than the older Challenge Handshake Authentication Protocol (CHAP) style
method of authentication enabled with the authentication command. You may choose to enable both
methods of authentication to ensure interoperability with peers that support only one of these methods
secret (Optional) Enables L2TPv3 control channel authentication. If the digest
command is issued without the secret keyword option, L2TPv3 integrity
checking will be enabled.
{0 | 7} Specifies the input format of the shared secret.
• 0—Specifies that a plain-text secret will be entered.
• 7—Specifies that an encrypted secret will be entered.
The default value is 0.
password Defines the shared secret between peer provider edge (PE) routers. The value
entered for the password argument must be in the format that matches the
input format specified by the [0 | 7] keyword option.
hash {md5 | sha} (Optional) Specifies the hash function to be used in per-message digest
calculations.
• md5—Specifies HMAC-MD5 hashing.
• sha—Specifies HMAC-SHA-1 hashing.
The default hash function is md5.
Release Modification
12.0(29)S This command was introduced.