Cisco L2TP Manual Download | Manualshive

Page: 10 / 14

background image

5.

Upon successful authentication, the LNS service terminates the subscriber's PPP datagrams from the L2TP
session and the system determines which egress context to use for the subscriber session. For more
information on egress context selection process, refer How the System Selects Contexts in System
Administration Guide.

The system determines that the egress context is the destination context based on the configuration of
either the Default subscriber's ip-context name or from the SN-VPN-NAME or SN1-VPN-NAME attributes
that is configured in the subscriber's RADIUS profile.

6.

Data traffic for the subscriber session is routed through the PDN interface in the Destination context.

7.

Accounting information for the session is sent to the AAA server over the AAA interface.

Configuring the System to Support LNS Functionality

Many of the procedures required to configure the system to support LNS functionality are provided in the
System Administration Guide. The System Administration Guide provides information and procedures for
configuring contexts, interfaces and ports, AAA functionality, and IP address pools on the system.

This section provides information and instructions for configuring LNS services on the system allowing it to
communicate with peer LAC nodes.

This section provides the minimum instruction set for configuring an LNS service allowing the system to
terminate L2TP tunnels and process data sessions. For more information on commands that configure additional
LNS service properties, refer LNS Configuration Mode Commands chapter in

Command Line Interface

Reference

.

Important

To configure the system to provide access control list facility to subscribers:

Step 1

Create the LNS service and bind it to an interface IP address by applying the example configuration in the

Creating and

Binding LNS Service

section.

Step 2

Specify the authentication parameters for LNS service by applying the example configuration in the

Configuring

Authentication Parameters for LNS Service

section.

Step 3

Configure the maximum number of tunnels supported by the LNS service and maximum number of sessions supported
per tunnel by applying the example configuration in the

Configuring Tunnel and Session Parameters for LNS Service

section.

Step 4

Configure peer LACs for the LNS service by applying the example configuration in the

Configuring Tunnel and Session

Parameters for LNS Service

section.

Step 5

Optional

. Specify the domain alias designated for the context which the LNS service uses for AAA functionality by

applying the example configuration in the

Configuring Domain Alias for AAA Subscribers

section.

Step 6

Verify your LNS service configuration by following the steps in the

Verifying the LNS Service Configuration

section.

Step 7

Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode
command

save configuration

. For additional information on how to verify and save configuration files, refer to the

System Administration Guide

and the

Command Line Interface Reference

.

L2TP Network Server

10

L2TP Network Server

Configuring the System to Support LNS Functionality

«
...
8
9
10
11
12
...
»

Summary of Contents for L2TP

Page 1: ...ement Operations chapter in the System Administration Guide Important When enabled though the session license and feature use key LNS functionality is configured as context level services on the system LNS services support the termination of L2TP encapsulated tunnels from L2TP Access Concentrators LACs in accordance with RFC 2661 While establishing the L2TP session from LAC to LNS the PPP connecti...

Page 2: ...e peer LACs The source context is also be configured to provide AAA functionality for subscriber sessions The destination context facilitates the packet data network interface s and can optionally be configured with pools of IP addresses for assignment to subscriber sessions In this configuration the LNS service in the source context terminates L2TP tunnels from peer LACs and routes the subscriber...

Page 3: ...ill be configured IP address and subnet This specifies the physical port to which the interface will be bound Ports are identified by the chassis slot number where the line card resides in followed by the number of the physical connector on the line card For example port 17 1 identifies connector number 1 on the card in slot 17 A single physical port can facilitate multiple interfaces Physical por...

Page 4: ...h tunnel facilitated by the LNS service The number can be configured to any integer value from 1 to 65535 The default is 65535 Maximum number of sessions per tunnel This defines the maximum number of tunnels supported by the LNS service The number can be configured to any integer value from 1 to 32000 The default is 32000 Maximum number of tunnels IP address or network prefix and mask The IP addre...

Page 5: ...igured IP address and subnet A single physical port can facilitate multiple interfaces Physical port number This is an identification string between 1 and 79 characters alpha and or numeric by which the physical port will be recognized by the system Multiple descriptions are needed if multiple ports will be used Physical ports are configured within the source context and are used to bind logical A...

Page 6: ...assigned a priority RADIUS Authentication server Shared Secret The shared secret is a string between 1 and 15 characters alpha and or numeric that specifies the key that is exchanged between the RADIUS authentication server and the source context A shared secret is needed for each configured RADIUS server UDP Port Number Specifies the port used by the source context and the RADIUS authentication s...

Page 7: ... communications The UDP port number can be any integer value between 1 and 65535 The default value is 1813 Specifies the name by which the source context will be identified in the Access Request message s it sends to the RADIUS server The name must be between 1 and 32 alpha and or numeric characters and is case sensitive RADIUS attribute NAS Identifier Specifies the IP address of the source contex...

Page 8: ...face Multiple addresses and or subnets are needed if multiple interfaces will be configured IP address and subnet A single physical port can facilitate multiple interfaces Physical port number This is an identification string between 1 and 79 characters alpha and or numeric by which the physical port will be recognized by the system Multiple descriptions will be needed if multiple ports will be us...

Page 9: ...st from a peer LAC is received by the LNS service The tunnel is to facilitate a subscriber session 2 The LAC and LNS establish the L2TP tunnel according to the procedures defined in RFC 2661 Once the L2TP tunnel is established subscriber L2TP sessions can be established 3 The LNS service determines which context to use in providing AAA functionality for the subscriber session if authentication is ...

Page 10: ...ure additional LNS service properties refer LNS Configuration Mode Commands chapter in Command Line Interface Reference Important To configure the system to provide access control list facility to subscribers Step 1 Create the LNS service and bind it to an interface IP address by applying the example configuration in the Creating and Binding LNS Service section Step 2 Specify the authentication pa...

Page 11: ...vice Use the following example to authentication parameters for LNS service configure context dest_ctxt_name lns service lns_svc_name authentication allow noauth chap pref mschap pref pap pref msid auth end Note For more information on authentication procedure and priorities refer authentication command section in LNS Configuration Mode Commands chapter of the Command Line Interface Reference Conf...

Page 12: ...ed for the subscriber in the event that their mobile node does not negotiate CHAP PAP or MSCHAP If this option is selected no further attempts are made to authenticate the user Instead the constructed NAI is used for accounting purposes This command should only be used if the LNS service is configured to allow no authentication using the authentication allow noauth command Important Verifying the ...

Page 13: ...on Enabled Tunnel Switching Enabled Max Tunnel Challenge Length 16 PPP Authentication CHAP 1 PAP 2 Allow Noauthentication Disabled MSID Authentication Disabled No NAI Construct Domain defined No Default Subscriber defined IP Src Violation Reneg Limit 5 IP Src Violation Drop Limit 10 IP Src Violation Period 120 secs Service Status Not started Newcall Policy None L2TP Network Server 13 L2TP Network ...

Page 14: ...L2TP Network Server 14 L2TP Network Server Verifying the LNS Service Configuration ...

Reviews:

No comments

Related manuals for L2TP

Express5800/T110g-S

Brand: NEC Pages: 34

Brand: Gateway Pages: 138

Brand: Omega Pages: 16

ApplianceStor 15MT

Brand: Rasilient Pages: 30

UniServer R2900 G3

Brand: H3C Pages: 15

SSG-2029P-ACR24H

Brand: Supermicro Pages: 136

Brand: AXIOMTEK Pages: 55

NPort W2150Plus Series

Brand: Moxa Technologies Pages: 167

Brand: ANTAIRA Pages: 2

Brand: EXAGATE Pages: 8

Brand: QNAP Pages: 58

Brand: Sony Pages: 8

BSV-M1 - StorStation NAS Server

Brand: Sony Pages: 58

HES-V1000 - Home Entertainment Server

Brand: Sony Pages: 155

TalkAnytime TA2410

Brand: Multitech Pages: 235

Brand: Eelectron Pages: 42

Brand: Eelectron Pages: 113

Brand: Rittal Pages: 64

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands