Starting An Immediate Lockout Test; Managing Address Changes Received From Remote Endpoints - Juniper JUNOSE 11.1.X - BROADBAND ACCESS CONFIGURATION GUIDE 6-4-2010 Configuration Manual

Starting an Immediate Lockout Test

You use the l2tp unlock-test destination command to force L2TP to immediately
start the lockout test for the specified destination any remaining lockout time for
the destination is ignored.
You must be at privilege level 10 or higher to use this command.
NOTE: If lockout testing is not configured, this command immediately unlocks the
destination and L2TP then considers the destination to be available

Managing Address Changes Received from Remote Endpoints

A remote endpoint can use the Start-Control-Connection-Reply (SCCRP) packets that
it sends to the E Series LAC to change the address that the LAC uses to communicate
with the endpoint. By default, the LAC accepts the change and uses the new address
to communicate with the endpoint. However, you can configure the LAC to ignore
or reject the requested change. Setting up the LAC to ignore address changes in
SCCRP packets enables the router to construct tunnels with separate receive and
transmit addresses and to avoid problems due to a misconfiguration. Three possible
configurations are available:
The reject specification takes precedence over the ignore specification.
To force an immediate lockout test for a specific destination:
host1(config)#l2tp unlock-test destination ip 192.169.110.8
Default configuration The E Series LAC accepts the change from the endpoint.
The LAC then sends all subsequent packets to, and accepts packets from, the
new address.
Ignore configuration (specified by the l2tp ignore-transmit-address-change
command) The LAC continues to send packets to the original address but
accepts packets from the new address.
host1(config)#l2tp ignore-transmit-address-change
Use the ip-address or udp-port keyword to ignore the specific address component.
Omit the keywords to ignore the entire address change in the SCCRP packet.
Reject configuration (specified by the l2tp reject-transmit-address-change
command) The LAC sends a Stop-Control-Connection-Notification (StopCCN)
to the original address, then terminates the connection to the endpoint.
host1(config)#l2tp reject-transmit-address-change ip-address
Use the ip-address or udp-port keyword to reject the specific address component.
Omit the keywords to reject the entire address change in the SCCRP packet.
Chapter 12: Configuring an L2TP LAC
Starting an Immediate Lockout Test
369