HPE FlexNetwork MSR series Configuration Manual page 79

In steps 12 and 13, the LAC forwards packets for the remote system and LNS. Host A and LAC
exchange PPP frames, and the LAC and LNS exchange L2TP packets.
Client-initiated tunneling mode
As shown in
communicate with the LNS through the Internet. The LAC client can directly initiate a tunneling
request to the LNS without any dedicated LAC devices.
Figure 25 Client-initiated tunneling mode
LAC client
Host A
A client-initiated tunnel has the following characteristics:
•
A client-initiated tunnel has higher security because it is established between a remote system
and the LNS.
•
The remote system must support L2TP and be able to communicate with the LNS. This causes
poor expandability.
As shown in
establishing a NAS-initiated tunnel. (Details not shown.)
Figure 26 Client-initiated tunnel establishment process
LAC client
Host A
LAC-auto-initiated tunneling mode
In NAS-initiated mode, a remote system must successfully dial in to the LAC through PPPoE or
ISDN.
In LAC-auto-initiated mode, you can use the l2tp-auto-client command on the LAC to trigger the
LAC to initiate a tunneling request to the LNS. When a remote system accesses the private network,
the LAC forwards data through the L2TP tunnel.
Figure 25, a remote system running L2TP (LAC client) has a public IP address to
Client initiated
L2TP tunnel
LAN
Figure 26, the workflow for establishing a client-initiated tunnel is similar to that for
(1) Tunnel setup request
(2) CHAP authentication (challenge/response)
(3) Setup a session
(4) LCP negotiation and user authentication
(7) Assign an IP address
(8) Access the private network
Internet
LNS
Device A
RADIUS server
LNS
Device A
(5) Access request
(6) Acesss accept
70
Private
network
RADIUS server