Nortel Networks manual L2TP Access Concentrator LAC, Remote Access Server RAS

Page 21

L2TP Overview

L2TP Access Concentrator (LAC)

The L2TP access concentrator (LAC) resides at the ISP network. The LAC establishes the L2TP tunnel between itself and the LNS.

Note: In this guide, the term LAC refers to a remote access server with L2TP capabilities. The term RAS refers to a remote access server without L2TP capabilities.

When the remote user places a call to the ISP network, this call goes to the LAC. The LAC then negotiates the activation of an L2TP tunnel with the LNS. This tunnel carries data from the remote user to the corporate network.

For more information about the Bay Networks implementation of the LAC in an L2TP network, see “ Bay Networks L2TP Implementation” on page 1-11.

Remote Access Server (RAS)

The remote access server (RAS) resides at the ISP network. If the remote host is an L2TP client, the tunnel is established from the remote client through a RAS to an LNS at the corporate network. In this situation, there is no need for a LAC.

The RAS does not establish the tunnel; it only forwards already tunneled data to the destination.

Tunnel Management Server (TMS)

At the ISP network, there needs to be a mechanism for identifying L2TP tunneled users so that the LAC can construct the L2TP tunnel. Bay Networks uses a mechanism called a tunnel management server (TMS); other vendors may use a different method.

303532-A Rev 00

1-5

Page 20 Page 22
Image 21
Page 20 Page 22
Contents Configuring L2TP Services Copyright 1998 Bay Networks, Inc Bay Networks, Inc. Software License Agreement Rev Contents Chapter Starting L2TP Appendix B Configuration Examples Page Figures Page Tables Page Before You Begin PrefaceItalic text Text ConventionsAcronyms Bay Networks Technical Publications How to Get HelpTopic Chapter L2TP OverviewL2TP Benefits What Is Tunneling?L2TP Sessions Remote Host Components of an L2TP NetworkL2TP Access Concentrator LAC Remote Access Server RASTunnel Management Server TMS Radius Server L2TP Network Server LNSExamples of L2TP Networks L2TP Network Using a LACPacket Encapsulation Process L2TP Packet EncapsulationMaking a Connection Across an L2TP Network Security in an L2TP Network Bay Networks L2TP Implementation Tunnel Management Tunnel AuthenticationShows tunnel authentication Radius User Authentication L2TP IP Interface Addresses Radius AccountingRemote Router Dialing the LNS Remote Router ConfigurationIf you want to Go to Where to Go NextPage Chapter Starting L2TP Tunnel Authentication Passwords Planning Considerations for an L2TP NetworkRadius Server Information Site Manager Procedure You do this System responds Preparing a Configuration FileTools Choose Configuration Manager Choose Local File , Remote File , orSubnet Mask Enabling L2TP on an Unconfigured WAN InterfaceEnabling L2TP on an Existing PPP Interface Choose Edit CircuitChoose Add/Delete Configuring L2TP Services Enabling L2TP on an Existing Frame Relay Interface Configuration is completed Enabling L2TP on an Existing ATM Interface Site Manager ProcedureYou do this System responds Choose Group ProtocolsChoose Protocols Choose Service AttributesChapter Customizing L2TP Services Choose L2TP Configuration Modifying the L2TP Protocol ConfigurationRadius Server on Modifying Radius Server InformationChanging the LNS System Name Modifying the Number of L2TP Sessions Permitted Set the Remove Domain Name Keeping the Remote User’s Domain NameSet the Domain Name Delimiter Changing the Domain Name DelimiterChoose Tunnel Authentication Enabling Tunnel AuthenticationChoose L2TP IP Interface Modifying L2TP IP Interface AddressesDisabling L2TP Disabling RIPDeleting L2TP from a PPP Interface Customizing L2TP ServicesDeleting L2TP from a Frame Relay Interface Deleting L2TP from an ATM Interface Site Manager Procedure Topic Appendix a L2TP ParametersFigure A-1. L2TP Configuration List Window L2TP Configuration ParametersParameter Enable L2TP Parameter Max L2TP SessionsParameter Receive Window Size Parameter Retransmit Timer seconds Parameter Hello Timer secondsParameter Maximum Retransmit Parameter Ack Timeout milliseconds Parameter LNS System NameParameter Radius Primary Server IP Address Parameter Radius Primary Server Password Parameter Radius Client IP AddressParameter Tunnel Flow Control Parameter Domain Name Delimiter Parameter Remove Domain NameFigure A-2. L2TP Tunnel Security List Window L2TP Tunnel Security ParametersParameter Tunnel Authentication Password Parameter Enable Tunnel AuthenticationFigure A-3. L2TP IP Interface List Window L2TP IP Interface ParametersParameter Subnet Mask Parameter L2TP IP Interface AddressParameter RIP Enable Example 1 Remote PC Calling the Corporate Network Appendix B Configuration ExamplesFigure B-1. L2TP Network with PCs at the Remote Site Configuring the Remote HostsConfiguring the LNS Configuring the LACs and the TMSDomain name baynetworks.com Parameter Name Value IP Address 192.32.16.55L2TP IP Interface window, enter the L2TP IP address Data Path Through the NetworkFigure B-2. L2TP Network with Routers at the Remote Site Example 2 Remote Router Calling the Corporate NetworkConfiguring the Dial-on-Demand Circuit Configuring the PPP InterfaceParameter Name Value RFC1661 Compliance Enable Problem What to Do Appendix C TroubleshootingTable C-1 Common L2TP Network Problems and Solutions L2TP IndexIndex-2

L2TP specifications

Nortel Networks L2TP, or Layer 2 Tunneling Protocol, is a widely recognized networking protocol that enables the tunneling of data over various networks. Initially developed as an extension of the Point-to-Point Tunneling Protocol (PPTP), L2TP integrates components from both PPTP and Layer 2 Forwarding (L2F). Nortel Networks played a significant role in the development and implementation of L2TP, making it a prominent choice for service providers and enterprise networks seeking secure and efficient connectivity.

One of the primary features of L2TP is its ability to encapsulate data packets, allowing the transport of PPP (Point-to-Point Protocol) frames without necessitating the traditional point-to-point connections. This means L2TP can operate across different networks, facilitating remote access connections and VPNs (Virtual Private Networks). As a result, organizations can achieve greater flexibility in managing their communications infrastructure.

Another key characteristic of L2TP is its support for both IPv4 and IPv6, ensuring compatibility with current and future networking environments. L2TP operates at the link layer of the OSI model, which means it functions between the data link and network layers, making it versatile for various applications. By using UDP (User Datagram Protocol) as a transport protocol, L2TP ensures efficient data transmission while maintaining lower latencies.

Security is a critical aspect of L2TP. While L2TP itself does not provide encryption, it is often paired with IPSec (Internet Protocol Security) for enhanced security protocols. This combination offers both tunneling and encryption, creating a secure framework for transmitting sensitive information across potentially insecure networks, such as the Internet.

L2TP also features various authentication methods, allowing for robust access control. It supports various schemes like PAP (Password Authentication Protocol) and CHAP (Challenge Handshake Authentication Protocol), giving network administrators a range of options to ensure the legitimacy of users accessing the network.

In summary, Nortel Networks L2TP is a powerful tunneling protocol known for its flexibility, compatibility, and security features. Its ability to encapsulate data for efficient transport makes it ideal for remote access and VPN applications. As organizations continue to demand secure, seamless connectivity, L2TP remains a resilient choice within the shifting landscape of networking technologies.
Top Page Image Contents