Table of Contents
Advertisement
RADIUS attribute
Tunnel-Type (64)
Tunnel-Server-Endpoint
(67)
Tunnel-Password (69)
Tunnel-Client-Auth-ID
(90)
Tunnel-Server-Auth-ID
(91)
Example of tunnel authentication
For the purposes of this example, a MAX authenticates the initial PPP dial-in by its dialed
number. (DNIS authentication is not required for tunnel authentication.) Another MAX
operates as an L2TP Network Server (LNS).
Figure 11-10. Example of L2TP tunnel authentication
PPP client
1.1.1.2
Example of connection-based tunnel authentication
The following settings configure a Connection profile for the PPP client and specify a Client
ID name:
Ethernet
Connections
MAX 6000/3000 Network Configuration Guide
Value
Tunneling protocol(s) to be used. Must be set to L2TP (3) or L2F
(2) to use this feature.
IP address or hostname of the tunnel end point. If a DNS lookup
returns several IP addresses, the system attempts to establish a
tunnel to each address in turn.
Shared secret for authenticating the tunnel.
Name sent to the tunnel end point by the system requesting the
tunnel (the NAS or LAC) during the tunnel authentication phase.
The name can contain up to 31 characters. See "How the system
name is selected" on page 11-42.
Name sent from the tunnel end point (the gateway or LNS) to the
system initiating the tunnel during the tunnel authentication phase.
The name can contain up to 31 characters.
Tunnel-Server-Auth-ID (91) does not apply unless the protocol
used to establish the tunnel is L2TP or L2F. The attribute can be
specified in access-response packets and is generated in
accounting-request packets.
LAC
WAN
2.2.2.3
maxprofile
Tunnel options...
Profile type=Mobile-client
Tunnel protocol=L2TP
Setting Up Virtual Private Networks
Configuring L2TP tunnels for dial-in clients
L2TP tunnel
IP
2.2.2.2
LNS
1.1.1.1
11-39
Advertisement
Table of Contents
