Table of Contents
Advertisement
Setting Up Virtual Private Networks
Configuring L2TP tunnels for dial-in clients
Configuration of the MAX as an LNS
When the MAX acts as a LNS, it responds to requests by LAC units to establish tunnels. The
LNS does not initiate outgoing requests for tunnels, so configuration of the MAX is simple.
Proceed as follows:
1
2
3
4
Support for DNS list attempts introduced for L2F and L2TP
A MAX unit functioning as an L2F Network Access Server (NAS) or an L2TP Access
Concentrator (LAC) can execute a series of connection attempts based on a list of IP addresses.
In a configuration requiring the Layer 2 Forwarding (L2F), the MAX unit functions as an L2F
Network Access Server (NAS) and, in a configuration requiring the Layer 2 Tunneling
Protocol (L2TP), the unit functions as an L2TP Access Concentrator (LAC). On the network
side of the L2F tunnel, the MAX unit can serve as the L2F Endpoint and, on the network side
of the L2TP tunnel, the unit can serve as the L2TP Network Server (LNS).
If your DNS server is capable of returning a list of IP addresses for a specified hostname, you
can configure the MAX unit to attempt to establish a tunnel to each one of the IP addresses in
sequence. If the unit cannot establish a tunnel to the first IP address in the list, it attempts to
connect to the next address in the list, and so on, until a tunnel is successfully established, the
DNS list has no more IP addresses, or the connection times out.
Specifying a tunnel server
To enable the DNS list attempts feature in the RADIUS profile, you must use the
Tunnel-Server-Endpoint (67) attribute to specify the name of a DNS-resolvable server. For
example:
Tunnel-Server-Endpoint = tunnel-server.company.com
Or you can dedicate a WAN line to a given L2TP or L2F server through the L2 Tunneling
Options. For example:
L2 Tunneling Options...
In the previous example, the WAN line is dedicated to an L2TP tunnel routed to the
lns.example.com server.
10-36
Open the Ethernet > Mod Config > L2 Tunneling Options menu.
Set L2TP Mode to either LNS or Both.
If you require tunnel authentication, set L2TP Auth Enabled to Yes.
You must configure both the LAC and LNS identically, to either require or not require
authentication.
Set L2TP RX Window to the number of packets that the MAX should receive before it
requests that the sending device stop transmitting packets.
The default is 7. Set the parameter to 0 (zero) to disable flow control in the receiving
direction. The MAX continues to perform flow control for the sending direction regardless
of the value of L2TP RX Window.
Line 1 tunnel = L2TP
Route Line 1 = lns.example.com
MAX 6000/3000 Network Configuration Guide
Advertisement
Chapters
Table of Contents
