Nortel Networks L2TP manual Radius User Authentication

Page 30

Configuring L2TP Services

After tunnel authentication is complete, it does not need to be repeated for other calls to the same LAC.

RADIUS User Authentication

RADIUS user authentication is enabled by default on the Bay Networks LNS; you must configure this feature so that the LNS can validate the remote user’s identity before allowing access to the network.

The network administrator at the corporate site must configure a RADIUS server with the names and passwords of authorized users. When the LNS receives a call, it forwards an authentication request with the user information to the RADIUS server, which verifies whether the user is authorized. If the user is permitted access to the network, the RADIUS server replies with an acknowledgment message and the appropriate IP address for that user to make a connection.

The IP address that the RADIUS server assigns is essential because many remote hosts may not have their own addresses. The LNS uses the address to identify the remote host and send data to the remote user. After the session ends, the IP address becomes available for another user.

If the corporate network uses an existing RADIUS database for L2TP connections, you do not have to reconfigure the names in the database. The LNS automatically removes the domain portion of the user name that is included as part of the call from the LAC to the LNS. If you want to keep the domain name, you can disable this feature. For instructions, see Chapter 3, “ Customizing L2TP Services.”

For more information about configuring Bay Networks routers as RADIUS servers, see Configuring RADIUS.

1-14

303532-A Rev 00

Page 29 Page 31
Image 30
Page 29 Page 31
Contents Configuring L2TP Services Copyright 1998 Bay Networks, Inc Bay Networks, Inc. Software License Agreement Rev Contents Chapter Starting L2TP Appendix B Configuration Examples Page Figures Page Tables Page Preface Before You BeginText Conventions Italic textAcronyms How to Get Help Bay Networks Technical PublicationsChapter L2TP Overview TopicWhat Is Tunneling? L2TP BenefitsL2TP Sessions Components of an L2TP Network Remote HostL2TP Access Concentrator LAC Remote Access Server RASTunnel Management Server TMS L2TP Network Server LNS Radius ServerL2TP Network Using a LAC Examples of L2TP NetworksL2TP Packet Encapsulation Packet Encapsulation ProcessMaking a Connection Across an L2TP Network Security in an L2TP Network Bay Networks L2TP Implementation Tunnel Authentication Tunnel ManagementShows tunnel authentication Radius User Authentication Radius Accounting L2TP IP Interface AddressesRemote Router Configuration Remote Router Dialing the LNSWhere to Go Next If you want to Go toPage Chapter Starting L2TP Tunnel Authentication Passwords Planning Considerations for an L2TP NetworkRadius Server Information Tools Choose Configuration Manager Preparing a Configuration FileSite Manager Procedure You do this System responds Choose Local File , Remote File , orEnabling L2TP on an Unconfigured WAN Interface Subnet MaskEnabling L2TP on an Existing PPP Interface Choose Edit CircuitChoose Add/Delete Configuring L2TP Services Enabling L2TP on an Existing Frame Relay Interface Configuration is completed You do this System responds Site Manager ProcedureEnabling L2TP on an Existing ATM Interface Choose Group ProtocolsChoose Service Attributes Choose ProtocolsChapter Customizing L2TP Services Modifying the L2TP Protocol Configuration Choose L2TP ConfigurationModifying Radius Server Information Radius Server onChanging the LNS System Name Modifying the Number of L2TP Sessions Permitted Keeping the Remote User’s Domain Name Set the Remove Domain NameChanging the Domain Name Delimiter Set the Domain Name DelimiterEnabling Tunnel Authentication Choose Tunnel AuthenticationModifying L2TP IP Interface Addresses Choose L2TP IP InterfaceDisabling RIP Disabling L2TPCustomizing L2TP Services Deleting L2TP from a PPP InterfaceDeleting L2TP from a Frame Relay Interface Deleting L2TP from an ATM Interface Site Manager Procedure Appendix a L2TP Parameters TopicL2TP Configuration Parameters Figure A-1. L2TP Configuration List WindowParameter Enable L2TP Parameter Max L2TP SessionsParameter Receive Window Size Parameter Retransmit Timer seconds Parameter Hello Timer secondsParameter Maximum Retransmit Parameter Ack Timeout milliseconds Parameter LNS System NameParameter Radius Primary Server IP Address Parameter Radius Primary Server Password Parameter Radius Client IP AddressParameter Tunnel Flow Control Parameter Remove Domain Name Parameter Domain Name DelimiterL2TP Tunnel Security Parameters Figure A-2. L2TP Tunnel Security List WindowParameter Enable Tunnel Authentication Parameter Tunnel Authentication PasswordL2TP IP Interface Parameters Figure A-3. L2TP IP Interface List WindowParameter L2TP IP Interface Address Parameter Subnet MaskParameter RIP Enable Appendix B Configuration Examples Example 1 Remote PC Calling the Corporate NetworkConfiguring the Remote Hosts Figure B-1. L2TP Network with PCs at the Remote SiteDomain name baynetworks.com Configuring the LACs and the TMSConfiguring the LNS Parameter Name Value IP Address 192.32.16.55Data Path Through the Network L2TP IP Interface window, enter the L2TP IP addressExample 2 Remote Router Calling the Corporate Network Figure B-2. L2TP Network with Routers at the Remote SiteConfiguring the Dial-on-Demand Circuit Configuring the PPP InterfaceParameter Name Value RFC1661 Compliance Enable Appendix C Troubleshooting Problem What to DoTable C-1 Common L2TP Network Problems and Solutions Index L2TPIndex-2

L2TP specifications

Nortel Networks L2TP, or Layer 2 Tunneling Protocol, is a widely recognized networking protocol that enables the tunneling of data over various networks. Initially developed as an extension of the Point-to-Point Tunneling Protocol (PPTP), L2TP integrates components from both PPTP and Layer 2 Forwarding (L2F). Nortel Networks played a significant role in the development and implementation of L2TP, making it a prominent choice for service providers and enterprise networks seeking secure and efficient connectivity.

One of the primary features of L2TP is its ability to encapsulate data packets, allowing the transport of PPP (Point-to-Point Protocol) frames without necessitating the traditional point-to-point connections. This means L2TP can operate across different networks, facilitating remote access connections and VPNs (Virtual Private Networks). As a result, organizations can achieve greater flexibility in managing their communications infrastructure.

Another key characteristic of L2TP is its support for both IPv4 and IPv6, ensuring compatibility with current and future networking environments. L2TP operates at the link layer of the OSI model, which means it functions between the data link and network layers, making it versatile for various applications. By using UDP (User Datagram Protocol) as a transport protocol, L2TP ensures efficient data transmission while maintaining lower latencies.

Security is a critical aspect of L2TP. While L2TP itself does not provide encryption, it is often paired with IPSec (Internet Protocol Security) for enhanced security protocols. This combination offers both tunneling and encryption, creating a secure framework for transmitting sensitive information across potentially insecure networks, such as the Internet.

L2TP also features various authentication methods, allowing for robust access control. It supports various schemes like PAP (Password Authentication Protocol) and CHAP (Challenge Handshake Authentication Protocol), giving network administrators a range of options to ensure the legitimacy of users accessing the network.

In summary, Nortel Networks L2TP is a powerful tunneling protocol known for its flexibility, compatibility, and security features. Its ability to encapsulate data for efficient transport makes it ideal for remote access and VPN applications. As organizations continue to demand secure, seamless connectivity, L2TP remains a resilient choice within the shifting landscape of networking technologies.
Top Page Image Contents