3Com MSR 50 Series Configuration Manual page 1606

1606 C 82: L2TP C
HAPTER ONFIGURATION
7 If authentication of the tunnel is required, the LAC sends a CHAP challenge to the
LNS. The LNS returns a CHAP response and sends its CHAP challenge to the LAC.
Accordingly, the LAC returns a CHAP response to the LNS.
8 The tunnel passes authentication.
9 The LAC sends the CHAP response, response identifier, and PPP negotiation
parameters of the user to the LNS.
10 The LNS sends an access request to its RADIUS server for authentication.
11 The RADIUS server authenticates the access request, and returns a response if the
user passes authentication.
12 If the LNS is configured to perform a mandatory CHAP of the user, the LNS sends a
CHAP challenge to the user and the user returns a CHAP response.
13 The LNS resends the access request to its RADIUS server for authentication.
14 The RADIUS server authenticates the access request and returns a response if the
user passes authentication.
15 The LNS assigns an internal IP address to the remote user. Now, the user can
access the internal resources of the enterprise network.
L2TP features
1 Flexible identity authentication mechanism and high security
L2TP itself does not provide security for connections. However, it has all the
security features of PPP for it allows for PPP authentication (CHAP or PAP). L2TP
can also cooperate with IPSec to guarantee data security, making tunneled data
more difficult to be attacked. In addition, tunnel encryption, end-to-end data
encryption, and end-to-end application-layer data encryption technologies can be
used together with L2TP for higher data security as required.
2 Multi-protocol transmission
L2TP tunnels PPP frames which can be used to encapsulate packets of multiple
network layer protocols.
3 RADIUS authentication
An LAC can send the username and password of a remote user to a RADIUS server
for authentication.
4 Private address allocation
An LNS can reside behind the firewall of a corporate network, dynamically
allocating private addresses to remote users and managing the corporate private
addresses (RFC 1918). This facilitates address management and improves security.
5 Accounting flexibility
Accounting can be carried out on the LAC and LNS simultaneously, allowing bills
to be generated on the ISP side and charging and auditing to take place on the
enterprise gateway side. L2TP can provide such accounting data as statistics on
inbound and outbound traffic (in packets and bytes) and connection start time
and end time. All these enable flexible accounting.