Huawei v200r001 2.1.2 L2TP Protocol

User Manual - Configuration Guide (Volume 3)

Versatile Routing Platform Chapter 2

Configuration of L2TP

2-2

1) NAS is provided by telecom departments or large ISPs. As the access ser ver of

VPDN, NAS provides WAN interfaces, is in charge of connecting PSTN or ISDN,

and supports various LAN protocols, security management and authenticat ion,

and supports tunnels and relative techniques.

2) The user-side equipment is located in the headquarters of the user. Acc ording to

different network functions, it may be the equipment, which provide such f unctions

as NAS, router or firewall. LNS in the figure stands for L2TP Network Server .

3) The management tool manages VPDN equipment and users, including NMS,

authentication, authorization and accounting (AAA).

Remote dial-up users dial up and access local ISP NAS via local PSTN or ISDN. With

local ISP connection and proper tunneling protocol encapsulat ing higher-level protocol,

a VPN is established between NAS and the gateway of opposite end.

III. Method to realize VPDN

There are two modes to realize VPDN:

1) One mode is that NAS and VDPN gateway establish the channel with tunneling

protocol. Directly connect PPP of clients to the gateways of enterprises. The

current available protocols are L2F and L2TP.The advantage of the mode is its

transparency to users. With one login, the users can access Intranet, which

authenticates the users and distributes the addresses without occupying public

addresses. The platform to access such network is not limited. In the mode, NAS

should support VPDN protocol and the authentication system should support

VPDN attributes. The gateway is usually router or VPN private gatewa y.

2) The other m ode is that the client and VPDN gat eway establish the tunnel. The

client first connects Internet, then establishes channel connecti on with the

gateway through private client software (such as L2TP supported by Win2000).

The advantage of the mode is that there is no mode and geographical limits for

Internet access of users, depending on no ISP. The setback is that the users need

to install special software (usually Windows2000 platform), instead of other

platforms familiar with the users.

VPDN tunneling protocol includes PPTP, L2F and L2TP. The most popular one is L2TP

at present.

2.1.2 L2TP Protocol

L2TP (Layer 2 Tunneling Protocol) supports the tunneling transm ission of the packets

on PPP link layer. Integrating the respective advantages of L2F protocol of Cisco and

PPTP protocol of Microsoft, it becomes the industrial standard of layer 2 tunneling

protocol of IETF.

I. Tunnel and session

L2TP is a connection-based protocol.L2TP tunnel is established between LAC ( L2TP

Access Concentrator) and LNS (L2TP Network Server), which is composed of one

control connection and n (n≧0) sessions. Only one L2TP tunnel can be establ ished

between a pair of LAC and LNS. Both control message and PPP data mes sage are

transmitted in the tunnel. The session is also established between LAC and LNS. But

its establishment must follow the successful establishment of tunnel (including the

exchange of such information as identity protection, L2TP v ersion, frame type and

hardware transmission type). One session connection corresponds to one PP P data

stream between LAC and LNS.