R3303-HP HSR6800 Routers Layer 2 - WAN Configuration Guide
77
Figure 27 L2TP call setup procedure
An L2TP call is set up by using the following procedure:
1. A remote user on Host A places a PPP call.
2. Host A and the LAC (Router A) perform PPP LCP negotiation.
3. The LAC authenticates the remote user by using the PAP, CHAP, or MS-CHAP.
4. The LAC sends the authentication information (the username and password) to its RADIUS server
for authentication.
5. The LAC RADIUS server authenticates the user.
6. If the user passes authentication, the LAC initiates a tunneling request to the LNS.
7. If tunnel authentication is required, the LAC sends a CHAP challenge to the LNS. The LNS returns
a CHAP response and sends its CHAP challenge to the LAC. Accordingly, the LAC returns a CHAP
response to the LNS.
8. The tunnel passes authentication.
9. The LAC sends the CHAP response, response identifier, and PPP negotiation parameters of the user
to the LNS.
10. The LNS sends an access request to its RADIUS server for authentication.
11. The RADIUS server authenticates the access request and returns a response if the user passes
authentication.
12. If the LNS is configured to perform a mandatory CHAP authentication for the user, the LNS sends
a CHAP challenge to the user and the user returns a CHAP response.
13. The LNS resends the access request to its RADIUS server for authentication.
14. The RADIUS server authenticates the access request and returns a response if the user passes
authentication.
(1) Call setup
(2) PPP LCP setup
(3) PAP or CHAP
authenticaion
(4) Access request
(5) Access accept
(6) Tunnel setup
(7) CHAP authentication
(challenge/response)
(9) User CHAP response,
PPP negotiation parameter
(12) CHAP authentication twice (challenge/response)
(10) Access request
(11) Acesss accept
(13) Access request
(14) Acesss accept
(8) Authentication passes
(15) Authentication passes
LAC
Router A
LNS
Router B
LAC
RADIUS server
LNS
RADIUS server
Remote system
Host A