Table of Contents
Advertisement
•
Private address allocation—An LNS can dynamically allocate private addresses to remote
users. This facilitates address allocation for private internets (RFC 1918) and improves security.
•
Flexible accounting—Accounting can be simultaneously performed on the LAC and LNS.
This allows bills to be generated on the ISP side and charging and auditing to be processed on
the enterprise gateway. L2TP can provide accounting data, including inbound and outbound
traffic statistics (in packets and bytes) and the connection's start time and end time. The AAA
server uses these data for flexible accounting.
•
Reliability—L2TP supports LNS backup. When the connection to the primary LNS is torn down,
an LAC can establish a new connection to a secondary LNS. This redundancy enhances the
reliability of L2TP services.
•
Issuing tunnel attributes by RADIUS server to LAC—In NAS-initiated mode, the tunnel
attributes can be issued by the RADIUS server to the LAC. For the LAC to receive these
attributes, enable L2TP and configure remote AAA authentication for PPP users on the LAC.
When an L2TP user dials in to the LAC, the LAC as the RADIUS client sends the user
information to the RADIUS server. The RADIUS server authenticates the PPP user, returns the
result to the LAC, and issues L2TP tunnel attributes for the PPP user to the LAC. The LAC then
sets up an L2TP tunnel and sessions based on the issued L2TP tunnel attributes.
Table 15 Tunnel attributes that can be issued by the RADIUS server
Attribute number
64
65
67
69
81
82
90
The RADIUS server can issue only one set of the L2TP tunnel attributes in a RADIUS packet.
The RADIUS-issued tunnel attributes override the tunnel attributes manually configured on the
LAC, but not vice versa.
•
L2TP tunnel switching—Also called multihop L2TP tunneling. As shown in
Layer 2 tunnel switch (LTS) terminates L2TP packets from each LAC as an LNS. It then sends
these packets to a destination LNS as an LAC.
L2TP tunnel switching has the following features:
Simplified configuration and deployment—When LACs and LNSs are in different
management domains:
− All LACs consider the LTS as an LNS and do not need to differentiate LNSs on the
network.
− All LNSs consider the LTS as an LAC and are not affected by the addition or deletion of
LACs.
Attribute name
Tunnel-Type
Tunnel-Medium-Type
Tunnel-Server-Endpoint
Tunnel-Password
Tunnel-Private-Group-I
D
Tunnel-Assignment-ID
Tunnel-Client-Auth-ID
255
Description
Tunnel type, which can only be L2TP.
Transmission medium type for the tunnel, which
can only be IPv4.
IP address of the LNS.
Key used to authenticate a peer of the tunnel.
Group ID for the tunnel.
The LAC sends this value to the LNS for the LNS to
perform an operation accordingly.
Assignment ID for the tunnel.
It is used to indicate the tunnel to which a session is
assigned. L2TP users with the same
Tunnel-Assignment-ID, Tunnel-Server-Endpoint,
and Tunnel-Password attributes share an L2TP
tunnel.
Tunnel name.
It is used to indicate the local tunnel.
Figure
82, the
Advertisement
Table of Contents
Troubleshooting
