L2Tp Features - HPE FlexNetwork MSR series Configuration Manual

Figure 27 LAC-auto-initiated tunneling mode
Remote system
Host A
An LAC-auto-initiated tunnel has the following characteristics:
•
The connection between a remote system and the LAC is not confined to a dial-up connection
and can be any IP-based connection.
•
An L2TP session is established immediately after an L2TP tunnel is established. Then, the LAC
and LNS, acting as the PPPoE client and PPPoE server, respectively, perform PPP negotiation.
•
An L2TP tunnel can carry only one L2TP session.
•
The LNS assigns a private IP address to the LAC instead of to the remote system.
As shown in
establishing a NAS-initiated tunnel. (Details not shown.)
Figure 28 Establishment process for LAC-auto-initiated tunnels
Remote system
Host A

L2TP features

•
Flexible identity authentication mechanism and high security—L2TP by itself does not
provide security for connections. However, it has all the security features of PPP and allows for
PPP authentication (CHAP or PAP). L2TP can also cooperate with IPsec to improve security for
tunneled data.
•
Multiprotocol transmission—L2TP tunnels PPP frames, which can be used to encapsulate
packets of multiple network layer protocols.
•
RADIUS authentication—An LAC or LNS can send the username and password of a remote
user to a RADIUS server for authentication.
LAN
Figure 28, the workflow for establishing an LAC-auto-initiated tunnel is similar to that for
LAC
Device A
(1) Tunnel setup request
(2) CHAP authentication (challenge/response)
(4) LCP negotiation and user authentication
(7) Assign an IP address
(8) Access the enterprise network
LAC auto initiated
L2TP tunnel
Internet
LAC
Device A
Device B
(3) Setup a session
71
Private
network
LNS
Device B
RADIUS server
LNS
RADIUS server
(5) Access request
(6) Acesss accept