Lucent Technologies 6000 User Manual
11-34
MAX 6000/3000 Network Configuration Guide
Setting Up Virtual Private Networks
Configuring L2TP tunnels for dial-in clients
Configuring L2TP tunnels for dial-in clients
that matches a Client-Port-DNIS for any user profile. You can configure the LNS to perform
PAP or CHAP authentication after the LAC and LNS establish the tunnel.
If you use RADIUS to configure L2TP, but do not specify the Client-Port-DNIS attribute, the
LAC performs PAP or CHAP authentication before the tunnel is established. Once the tunnel is
up, the LNS can perform authentication again on the client. Each client sends the same
username and password during the authentication phase, so for each client, make sure you
configure the LAC and LNS to look for the same usernames and passwords.
You can also direct the MAX to create an L2TP tunnel, from the terminal server, by using the
L2TP command. You can configure authentication on the LNS, requiring users to authenticate
themselves when they manually initiate L2TP tunnels from the terminal server.
Flow control
The LAC and LNS automatically use a flow control mechanism that is designed to reduce
network congestion. You do not need to configure the mechanism.
You can, however, configure the maximum number of unacknowledged packets that the LAC
or LNS receives before it requests that the sending device stop sending data. You can configure
the LAC or LNS to receive up to 63 unacknowledged packets before refusing new data, or you
can disable flow control completely.
Using the Tunnel-Assignment-ID (82) RADIUS attribute for L2TP
Client sessions can be grouped into specific tunnels. For details, see
draft-ietf-radius-tunnel-auth-09.txt.
RADIUS supports this feature by
means of the Tunnel-Assignment-ID (82) attribute which informs the L2TP access
concentrator (LAC) whether to assign a client session to an existing tunnel or to create a new
one.
Example of configuring a tunnel assignment ID
In this example, the MAX unit is configured to perform tunnel authentication for L2TP
tunnels. The MAX unit that performs this function can be a MAX TNT or a MAX unit.
The two PPP clients shown in Figure 11-9 are configured to use different tunnels to the L2TP
network server (LNS) on the basis of their tunnel assignment IDs. The same clients could be
configured to use the same multiplexed tunnel by setting their tunnel assignment IDs to the
same string.
RADIUS attribute
Value
Tunnel-Assignment-ID
(82)
(82)
Identification (name) assigned to tunnels to allow grouping of
sessions. A text string of up to 31 characters. The value has local
significance only. It is not transmitted to the remote tunnel
end point.
sessions. A text string of up to 31 characters. The value has local
significance only. It is not transmitted to the remote tunnel
end point.