Table of Contents
Advertisement
L2TP tunnel sharing—Different users can share the same L2TP tunnel between the LAC
and the LTS. The LTS distributes data of different users to different LNSs.
Figure 82 L2TP tunnel switching network diagram
L2TP-based EAD
EAD authenticates PPP users that pass the access authentication. PPP users that pass EAD
authentication can access network resources. PPP users that fail EAD authentication can only
access the resources in the quarantine areas.
EAD uses the following procedure:
1.
The iNode client uses L2TP to access the LNS. After the client passes the PPP authentication,
the CAMS/IMC server assigns isolation ACLs to the LNS. The LNS uses the isolation ACLs to
filter incoming packets.
2.
After the IPCP negotiation, the LNS sends the IP address of the CAMS/IMC server to the iNode
client. The server IP address is permitted by the isolation ACLs.
3.
The CAMS/IMC server authenticates the iNode client and performs security check for the iNode
client. If the iNode client passes security check, the CAMS/IMC server assigns security ACLs
for the iNode client to the LNS. The iNode client can access network resources.
Protocols and standards
•
RFC 1661, The Point-to-Point Protocol (PPP)
•
RFC 1918, Address Allocation for Private Internets
•
RFC 2661, Layer Two Tunneling Protocol "L2TP"
•
RFC 2868, RADIUS Attributes for Tunnel Protocol Support
Restrictions: Hardware compatibility with L2TP
Only CSPEX cards support L2TP.
Restrictions and guidelines: L2TP configuration
Make sure the statistics polling interval is 300 seconds when you configure L2TP. For more
information about the statistics polling interval, see Ethernet interface configuration in Interface
Configuration Guide.
256
Advertisement
Table of Contents
Troubleshooting
