Access Server Administrators’ Reference Guide

24 • Layer 2 Tunneling Protocol (L2TP)

 

 

RADIUS Authentication

Figure 121. L2TP RADIUS Authentication

When RADIUS Authentication is used, the following RADIUS attributes are used to configure the L2TP Tunnel. The following information defines the RADIUS attributes which are supported, and example usage from a RADIUS file, as well as a description of their operation:

--RadTunnelType, RADIUS Attribute: 64

example>> Tunnel-Type = 3,

The Tunnel-Type defines the type of tunnel used for this call. A value of "3" indicates L2TP as defined in RFC 28668

--RadTunnelPassword, RADIUS Attribute: 69

example>> Tunnel-Password = "tunnel_pass",

This parameter defines the password which will be used to authenticate the tunnel. If no password is sup- plied by the RADIUS server the tunnel will not use authentication on the tunnel link. Note that this is not the password for the dialin user, or the PPP link, this will only be used to authenticate the tunnel.

RadServerEndpoint, RADIUS Attribute: 67

example>> Tunnel-Server-Endpoint = "192.168.200.15",

This is the IP address of the LNS. To define a different LNS server for a specific dialin user simply use a new IP address. Multiple calls which will be sent through the same tunnel (same IP address) will always go through the currently established tunnel (i.e. we do not create a new tunnel per call). we will establish a new tunnel if a new remote LNS is defined by this parameter

RadTunnelClientID, RADIUS Attribute: 90

example>> Tunnel-Client-Auth-ID = "patton_lac",

If defined, this will be used as the "hostname" parameter supplied from the LAC to the LNS when the tun- nel is being established. The cisco devices provide a command "terminate from" under L2TP. If this cisco

L2TP Configuration

292

Page 292
Image 292
Patton electronic 29XX manual L2TP Radius Authentication