Nortel Networks manual Making a Connection Across an L2TP Network

Page 25

L2TP Overview

Making a Connection Across an L2TP Network

The following steps explain how a remote user connects across an L2TP network that includes a Bay Networks LAC, TMS, and LNS (see Figure 1-1 on page 1-7):

1.The remote user dials a LAC at the local ISP network to establish a PPP connection to the corporate network.

In the call, the user includes any required information, for example, a user name, including a domain name, and a password. When the user dials in, he enters a name, for example, jdoe@baynetworks.com; jdoe is the user name and baynetworks.com is the domain name.

2.The LAC receives the call and passes the domain name to the TMS.

If the TMS finds a match for the domain name, a tunnel can be created. The TMS also checks the number of current connections so that they will not exceed the maximum number allowed.

If the user is not a tunnel candidate, as determined by the domain name, the LAC assumes that the remote host is making a regular dial-in request and authenticates the user accordingly.

3.The LAC tries to establish an L2TP tunnel with the LNS.

For the LAC to send a tunnel request to the LNS, it needs the address of the LNS. The LAC requests the address from the TMS. It then checks for this address in its own routing table. After obtaining the address, the LAC sends a tunnel request to the LNS. The LNS may perform tunnel authentication, if configured to do so. If the LAC and LNS complete tunnel authentication successfully, the LAC establishes the tunnel.

4.After the tunnel is established, the LAC forwards the remote user’s name to the LNS, which verifies the user’s identity with the corporate RADIUS server.

If the RADIUS server recognizes the user name, it replies with an acknowledgment and an IP address that it assigns to the remote user for the duration of the call. This IP address identifies the remote user who may not have an address of his own.

5.After the remote user is successfully authenticated, the user has an end-to-end PPP connection to the corporate network over the Internet.

The tunnel can now carry a user session during which the LAC and the LNS exchange PPP packets.

303532-A Rev 00

1-9

Page 24 Page 26
Image 25
Page 24 Page 26
Contents Configuring L2TP Services Copyright 1998 Bay Networks, Inc Bay Networks, Inc. Software License Agreement Rev Contents Chapter Starting L2TP Appendix B Configuration Examples Page Figures Page Tables Page Before You Begin PrefaceItalic text Text ConventionsAcronyms Bay Networks Technical Publications How to Get HelpTopic Chapter L2TP OverviewL2TP Benefits What Is Tunneling?L2TP Sessions Remote Host Components of an L2TP NetworkRemote Access Server RAS L2TP Access Concentrator LACTunnel Management Server TMS Radius Server L2TP Network Server LNSExamples of L2TP Networks L2TP Network Using a LACPacket Encapsulation Process L2TP Packet EncapsulationMaking a Connection Across an L2TP Network Security in an L2TP Network Bay Networks L2TP Implementation Tunnel Management Tunnel AuthenticationShows tunnel authentication Radius User Authentication L2TP IP Interface Addresses Radius AccountingRemote Router Dialing the LNS Remote Router ConfigurationIf you want to Go to Where to Go NextPage Chapter Starting L2TP Planning Considerations for an L2TP Network Tunnel Authentication PasswordsRadius Server Information Site Manager Procedure You do this System responds Preparing a Configuration FileTools Choose Configuration Manager Choose Local File , Remote File , orSubnet Mask Enabling L2TP on an Unconfigured WAN InterfaceChoose Edit Circuit Enabling L2TP on an Existing PPP InterfaceChoose Add/Delete Configuring L2TP Services Enabling L2TP on an Existing Frame Relay Interface Configuration is completed Enabling L2TP on an Existing ATM Interface Site Manager ProcedureYou do this System responds Choose Group ProtocolsChoose Protocols Choose Service AttributesChapter Customizing L2TP Services Choose L2TP Configuration Modifying the L2TP Protocol ConfigurationRadius Server on Modifying Radius Server InformationChanging the LNS System Name Modifying the Number of L2TP Sessions Permitted Set the Remove Domain Name Keeping the Remote User’s Domain NameSet the Domain Name Delimiter Changing the Domain Name DelimiterChoose Tunnel Authentication Enabling Tunnel AuthenticationChoose L2TP IP Interface Modifying L2TP IP Interface AddressesDisabling L2TP Disabling RIPDeleting L2TP from a PPP Interface Customizing L2TP ServicesDeleting L2TP from a Frame Relay Interface Deleting L2TP from an ATM Interface Site Manager Procedure Topic Appendix a L2TP ParametersFigure A-1. L2TP Configuration List Window L2TP Configuration ParametersParameter Max L2TP Sessions Parameter Enable L2TPParameter Receive Window Size Parameter Hello Timer seconds Parameter Retransmit Timer secondsParameter Maximum Retransmit Parameter LNS System Name Parameter Ack Timeout millisecondsParameter Radius Primary Server IP Address Parameter Radius Client IP Address Parameter Radius Primary Server PasswordParameter Tunnel Flow Control Parameter Domain Name Delimiter Parameter Remove Domain NameFigure A-2. L2TP Tunnel Security List Window L2TP Tunnel Security ParametersParameter Tunnel Authentication Password Parameter Enable Tunnel AuthenticationFigure A-3. L2TP IP Interface List Window L2TP IP Interface ParametersParameter Subnet Mask Parameter L2TP IP Interface AddressParameter RIP Enable Example 1 Remote PC Calling the Corporate Network Appendix B Configuration ExamplesFigure B-1. L2TP Network with PCs at the Remote Site Configuring the Remote HostsConfiguring the LNS Configuring the LACs and the TMSDomain name baynetworks.com Parameter Name Value IP Address 192.32.16.55L2TP IP Interface window, enter the L2TP IP address Data Path Through the NetworkFigure B-2. L2TP Network with Routers at the Remote Site Example 2 Remote Router Calling the Corporate NetworkConfiguring the PPP Interface Configuring the Dial-on-Demand CircuitParameter Name Value RFC1661 Compliance Enable Problem What to Do Appendix C TroubleshootingTable C-1 Common L2TP Network Problems and Solutions L2TP IndexIndex-2

L2TP specifications

Nortel Networks L2TP, or Layer 2 Tunneling Protocol, is a widely recognized networking protocol that enables the tunneling of data over various networks. Initially developed as an extension of the Point-to-Point Tunneling Protocol (PPTP), L2TP integrates components from both PPTP and Layer 2 Forwarding (L2F). Nortel Networks played a significant role in the development and implementation of L2TP, making it a prominent choice for service providers and enterprise networks seeking secure and efficient connectivity.

One of the primary features of L2TP is its ability to encapsulate data packets, allowing the transport of PPP (Point-to-Point Protocol) frames without necessitating the traditional point-to-point connections. This means L2TP can operate across different networks, facilitating remote access connections and VPNs (Virtual Private Networks). As a result, organizations can achieve greater flexibility in managing their communications infrastructure.

Another key characteristic of L2TP is its support for both IPv4 and IPv6, ensuring compatibility with current and future networking environments. L2TP operates at the link layer of the OSI model, which means it functions between the data link and network layers, making it versatile for various applications. By using UDP (User Datagram Protocol) as a transport protocol, L2TP ensures efficient data transmission while maintaining lower latencies.

Security is a critical aspect of L2TP. While L2TP itself does not provide encryption, it is often paired with IPSec (Internet Protocol Security) for enhanced security protocols. This combination offers both tunneling and encryption, creating a secure framework for transmitting sensitive information across potentially insecure networks, such as the Internet.

L2TP also features various authentication methods, allowing for robust access control. It supports various schemes like PAP (Password Authentication Protocol) and CHAP (Challenge Handshake Authentication Protocol), giving network administrators a range of options to ensure the legitimacy of users accessing the network.

In summary, Nortel Networks L2TP is a powerful tunneling protocol known for its flexibility, compatibility, and security features. Its ability to encapsulate data for efficient transport makes it ideal for remote access and VPN applications. As organizations continue to demand secure, seamless connectivity, L2TP remains a resilient choice within the shifting landscape of networking technologies.
Top Page Image Contents