L2TP Overview

Making a Connection Across an L2TP Network

The following steps explain how a remote user connects across an L2TP network that includes a Bay Networks LAC, TMS, and LNS (see Figure 1-1 on page 1-7):

1.The remote user dials a LAC at the local ISP network to establish a PPP connection to the corporate network.

In the call, the user includes any required information, for example, a user name, including a domain name, and a password. When the user dials in, he enters a name, for example, jdoe@baynetworks.com; jdoe is the user name and baynetworks.com is the domain name.

2.The LAC receives the call and passes the domain name to the TMS.

If the TMS finds a match for the domain name, a tunnel can be created. The TMS also checks the number of current connections so that they will not exceed the maximum number allowed.

If the user is not a tunnel candidate, as determined by the domain name, the LAC assumes that the remote host is making a regular dial-in request and authenticates the user accordingly.

3.The LAC tries to establish an L2TP tunnel with the LNS.

For the LAC to send a tunnel request to the LNS, it needs the address of the LNS. The LAC requests the address from the TMS. It then checks for this address in its own routing table. After obtaining the address, the LAC sends a tunnel request to the LNS. The LNS may perform tunnel authentication, if configured to do so. If the LAC and LNS complete tunnel authentication successfully, the LAC establishes the tunnel.

4.After the tunnel is established, the LAC forwards the remote user’s name to the LNS, which verifies the user’s identity with the corporate RADIUS server.

If the RADIUS server recognizes the user name, it replies with an acknowledgment and an IP address that it assigns to the remote user for the duration of the call. This IP address identifies the remote user who may not have an address of his own.

5.After the remote user is successfully authenticated, the user has an end-to-end PPP connection to the corporate network over the Internet.

The tunnel can now carry a user session during which the LAC and the LNS exchange PPP packets.

303532-A Rev 00

1-9

Page 25
Image 25
Nortel Networks manual Making a Connection Across an L2TP Network

L2TP specifications

Nortel Networks L2TP, or Layer 2 Tunneling Protocol, is a widely recognized networking protocol that enables the tunneling of data over various networks. Initially developed as an extension of the Point-to-Point Tunneling Protocol (PPTP), L2TP integrates components from both PPTP and Layer 2 Forwarding (L2F). Nortel Networks played a significant role in the development and implementation of L2TP, making it a prominent choice for service providers and enterprise networks seeking secure and efficient connectivity.

One of the primary features of L2TP is its ability to encapsulate data packets, allowing the transport of PPP (Point-to-Point Protocol) frames without necessitating the traditional point-to-point connections. This means L2TP can operate across different networks, facilitating remote access connections and VPNs (Virtual Private Networks). As a result, organizations can achieve greater flexibility in managing their communications infrastructure.

Another key characteristic of L2TP is its support for both IPv4 and IPv6, ensuring compatibility with current and future networking environments. L2TP operates at the link layer of the OSI model, which means it functions between the data link and network layers, making it versatile for various applications. By using UDP (User Datagram Protocol) as a transport protocol, L2TP ensures efficient data transmission while maintaining lower latencies.

Security is a critical aspect of L2TP. While L2TP itself does not provide encryption, it is often paired with IPSec (Internet Protocol Security) for enhanced security protocols. This combination offers both tunneling and encryption, creating a secure framework for transmitting sensitive information across potentially insecure networks, such as the Internet.

L2TP also features various authentication methods, allowing for robust access control. It supports various schemes like PAP (Password Authentication Protocol) and CHAP (Challenge Handshake Authentication Protocol), giving network administrators a range of options to ensure the legitimacy of users accessing the network.

In summary, Nortel Networks L2TP is a powerful tunneling protocol known for its flexibility, compatibility, and security features. Its ability to encapsulate data for efficient transport makes it ideal for remote access and VPN applications. As organizations continue to demand secure, seamless connectivity, L2TP remains a resilient choice within the shifting landscape of networking technologies.