Configuring L2TP Services BayRS Version 13.00 Site Manager Software Version 7.00 Part No.
4401 Great America Parkway Santa Clara, CA 95054 8 Federal Street Billerica, MA 01821 Copyright © 1998 Bay Networks, Inc. All rights reserved. Printed in the USA. October 1998. The information in this document is subject to change without notice. The statements, configurations, technical data, and recommendations in this document are believed to be accurate and reliable, but are presented without express or implied warranty.
Bay Networks, Inc. Software License Agreement NOTICE: Please carefully read this license agreement before copying or using the accompanying software or installing the hardware unit with pre-enabled software (each of which is referred to as “Software” in this Agreement). BY COPYING OR USING THE SOFTWARE, YOU ACCEPT ALL OF THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT. THE TERMS EXPRESSED IN THIS AGREEMENT ARE THE ONLY TERMS UNDER WHICH BAY NETWORKS WILL PERMIT YOU TO USE THE SOFTWARE.
its own data and information and for maintaining adequate procedures apart from the Software to reconstruct lost or altered files, data, or programs. 4. Limitation of liability.
Contents Preface Before You Begin .............................................................................................................xiii Text Conventions .............................................................................................................xiv Acronyms ......................................................................................................................... xv Bay Networks Technical Publications ...............................................................
L2TP IP Interface Addresses .................................................................................1-15 Remote Router Configuration ................................................................................1-16 Where to Go Next .........................................................................................................1-17 Chapter 2 Starting L2TP Planning Considerations for an L2TP Network ...............................................................
Appendix B Configuration Examples Example 1: Remote PC Calling the Corporate Network ................................................ B-1 Configuring the Remote Hosts ................................................................................ B-2 Configuring the LACs and the TMS ........................................................................ B-3 Configuring the LNS ................................................................................................
Figures Figure 1-1. L2TP Network Using a LAC .....................................................................1-7 Figure 1-2. L2TP Network Using a RAS .....................................................................1-7 Figure 1-3. Packet Encapsulation Process .................................................................1-8 Figure 1-4. Tunnel Authentication Control Messages ...............................................1-13 Figure 1-5. Remote Router Dialing the LNS ...................
Tables Table C-1. 303532-A Rev 00 Common L2TP Network Problems and Solutions ..................................
Preface This guide describes Layer 2 Tunneling Protocol (L2TP) and what you do to start and customize L2TP services on a Bay Networks® router. Before You Begin Before using this guide, you must complete the following procedures. For a new router: • Install the router (refer to the installation guide that came with your router).
Configuring L2TP Services Text Conventions This guide uses the following text conventions: bold text Indicates text that you need to enter and command names and options. Example: Enter show ip {alerts | routes} Example: Use the dinfo command. italic text Indicates file and directory names, new terms, book titles, and variables in command syntax descriptions. Where a variable is two or more words, the words are connected by an underscore.
Preface Acronyms 303532-A Rev 00 CHAP Challenge Handshake Authentication Protocol IP Internet Protocol ISDN Integrated Services Digital Network ISP Internet Service Provider L2TP Layer 2 Tunneling Protocol LAC L2TP access concentrator LAN local area network LCP Link Control Protocol LNS L2TP network server MPPP Multilink Point-to-Point Protocol PAP Password Authentication Protocol PPP Point-to-Point Protocol RADIUS Remote Authentication Dial-In User Service RAS remote access se
Configuring L2TP Services Bay Networks Technical Publications You can now print Bay Networks technical manuals and release notes free, directly from the Internet. Go to support.baynetworks.com/library/tpubs/. Find the Bay Networks product for which you need documentation. Then locate the specific category and model or version for your hardware or software product.
Chapter 1 L2TP Overview The Layer 2 Tunneling Protocol (L2TP) provides remote users, such as telecommuters, mobile professionals, and personnel in remote branch offices, with dial-in access to a corporate network. L2TP enables users to create a virtual private network (VPN), which uses the existing physical infrastructure of a public network, such as the Internet, but offers the security and exclusivity of a private network.
Configuring L2TP Services L2TP Benefits L2TP has several advantages: • Users and businesses can take advantage of existing network equipment and resources. Corporations do not need to maintain and manage remote access servers and other special networking equipment for remote users. Instead, they can use their existing Internet leased connections and resources at the Internet Service Provider (ISP) network, thereby significantly reducing corporate networking and maintenance costs.
L2TP Overview Multiple users can communicate through a single tunnel between the same LAC and LNS pair. Each user transmits and receives data in an individual L2TP session. The LAC brings down the tunnel for any one of the following reasons: • A network failure occurs. • The LAC or other equipment at the ISP is not operating properly. If the LAC fails, all tunnel users are disconnected. • There are no active sessions inside the tunnel.
Configuring L2TP Services Components of an L2TP Network The following sections describe the components of an L2TP network. For illustrations of L2TP networks, see Figures 1-1 and 1-2 on page 1-7. Remote Host At the remote site is the user who wants to dial in to the corporate network. The remote user can be located anywhere, provided that the user can dial into an ISP network using a PC or a router. The ISP provides the connection to the Internet.
L2TP Overview L2TP Access Concentrator (LAC) The L2TP access concentrator (LAC) resides at the ISP network. The LAC establishes the L2TP tunnel between itself and the LNS. Note: In this guide, the term LAC refers to a remote access server with L2TP capabilities. The term RAS refers to a remote access server without L2TP capabilities. When the remote user places a call to the ISP network, this call goes to the LAC. The LAC then negotiates the activation of an L2TP tunnel with the LNS.
Configuring L2TP Services L2TP Network Server (LNS) The L2TP network server (LNS) is a router that resides at the corporate network and serves as the termination point for L2TP tunnels and sessions. The LNS authenticates the PPP connection request and allows the end-to-end PPP tunneled connection. The LNS may also perform user authentication with a RADIUS server to prevent unauthorized users from accessing the network; however, user authentication may also be done by the LNS itself.
L2TP Overview Examples of L2TP Networks Figure 1-1 shows an L2TP network that uses a LAC to connect to the LNS. The tunnel is between the LAC and the LNS. ISP network PC Frame relay connection LAC Remote host LNS Tunnel PPP connection Corporate network Data RADIUS server No L2TP functionality TMS L2T0003A Figure 1-1. L2TP Network Using a LAC Figure 1-2 shows an L2TP network that uses a RAS to connect to the LNS. The tunnel is between the PC (the L2TP client) and the LNS.
Configuring L2TP Services L2TP Packet Encapsulation The PC or router at the remote site sends PPP packets to the LAC. The LAC encapsulates these incoming packets in an L2TP packet and sends it across an IP network through a bidirectional tunnel. After the LNS receives the packets, it decapsulates them and terminates the PPP connection. Figure 1-3 shows how data is encapsulated for transmission over an L2TP network.
L2TP Overview Making a Connection Across an L2TP Network The following steps explain how a remote user connects across an L2TP network that includes a Bay Networks LAC, TMS, and LNS (see Figure 1-1 on page 1-7): 1. The remote user dials a LAC at the local ISP network to establish a PPP connection to the corporate network. In the call, the user includes any required information, for example, a user name, including a domain name, and a password.
Configuring L2TP Services Security in an L2TP Network You can configure two layers of security in an L2TP network: • Tunnel authentication Tunnel authentication is the process of negotiating the establishment of a tunnel between the LAC and the LNS. • User authentication The network administrator at the corporate site can configure a RADIUS server with the names and passwords of authorized users.
L2TP Overview Bay Networks L2TP Implementation In an L2TP network, the Bay Networks router is the LNS. LNS software operates on the BLN®, BCN®, and ASN™ platforms. The Bay Networks LNS has the following characteristics: • Each slot can act as an LNS, which means that one router can have many LNS interfaces, each with its own address. You can have as many LNS interfaces as there are available slots on the router.
Configuring L2TP Services Tunnel Management The Bay Networks tunnel management server (TMS), which resides at the ISP network, stores the TMS database. This database contains the remote users’ domain name, the IP address information of each LNS, and other tunnel addressing information that the network administrator configures. The LAC requests this information from the TMS to construct the L2TP tunnel. When the LAC receives a call, it forwards the domain name to the TMS.
L2TP Overview You can enable tunnel authentication on the Bay Networks LNS. If tunnel authentication is disabled, which is the default, the LNS sends a default challenge response to the LAC during the authentication process so that the tunnel can be established. The LNS cannot send outgoing calls, so it cannot initiate tunnel authentication. During tunnel authentication, the following exchange of messages takes place: 1.
Configuring L2TP Services After tunnel authentication is complete, it does not need to be repeated for other calls to the same LAC. RADIUS User Authentication RADIUS user authentication is enabled by default on the Bay Networks LNS; you must configure this feature so that the LNS can validate the remote user’s identity before allowing access to the network. The network administrator at the corporate site must configure a RADIUS server with the names and passwords of authorized users.
L2TP Overview RADIUS Accounting The RADIUS server can provide accounting services in addition to its authentication services. RADIUS accounting is enabled by default on the Bay Networks LNS. The RADIUS accounting server calculates billing charges for an L2TP session between the remote user and the LNS. To determine these charges, the server uses information that it receives from the LNS, such as the status of each call and the number of packets sent during the session.
Configuring L2TP Services Remote Router Configuration If the host at the remote site is a Bay Networks router, you may need to configure a dial-on-demand circuit for the remote router’s dial-up interface to the LAC at the ISP network. Enable RIP on both the dial-on-demand circuit and the attached LAN interface of the remote router, so that the LNS can learn routing information from the remote router.
L2TP Overview Where to Go Next Go to one of the following chapters for more information: 303532-A Rev 00 If you want to Go to Start L2TP on a router using default parameter settings. Chapter 2 Change default settings for L2TP parameters. Chapter 3 Obtain information about Site Manager parameters (this is the same information you obtain using Site Manager online Help). Appendix A Review configuration examples. Appendix B Troubleshoot L2TP configuration problems.
Chapter 2 Starting L2TP The quickest way to start L2TP is to enable it with the default configuration that Bay Networks software supplies. This configuration uses all available parameter defaults. You need to supply values for several parameters that do not have default values.
Configuring L2TP Services Planning Considerations for an L2TP Network This guide primarily explains how to configure a Bay Networks BLN, BCN, or ASN router as an LNS in an L2TP network. To successfully operate in an L2TP network, obtain the following information to configure the LNS. Tunnel Authentication Passwords If you plan to enable tunnel authentication, which is optional for the Bay Networks LNS, you must obtain the LAC password from your ISP.
Starting L2TP Preparing a Configuration File Before starting L2TP, you must create and save a configuration file with at least one WAN interface, for example, a synchronous or MCT1 port. Note: L2TP is not compatible with dial services. Do not enable L2TP on the same slot that you enable for a dial service, such as dial-on-demand, dial backup, or bandwidth-on-demand.
Configuring L2TP Services Enabling L2TP on an Unconfigured WAN Interface To enable L2TP on an unconfigured WAN interface, complete the following tasks: Site Manager Procedure You do this System responds 1. In the Configuration Manager window, choose a WAN connector. The Add Circuit window opens. 2. Accept the default circuit name or change it, then click on OK. The WAN Protocols window opens. 3. Choose PPP, Frame Relay, or ATM then click on OK. The Select Protocols window opens. 4.
Starting L2TP Site Manager Procedure (continued) You do this System responds 11. Click on OK. 12. Click on Done. You return to the Configuration Manager window. Enabling L2TP on an Existing PPP Interface To enable L2TP on an interface with PPP and IP already enabled, complete the following tasks: Site Manager Procedure You do this System responds 1. In the Configuration Manager window, choose a WAN connector. The Edit Connector window opens. 2. Choose Edit Circuit.
Configuring L2TP Services Site Manager Procedure (continued) You do this System responds 9. Set the following parameters: • L2TP IP Interface Address • Subnet Mask Site Manager displays a message alerting you of the time delay to create the L2TP tunnel circuits. Click on Help or see the parameter descriptions beginning on page A-11. 10. Click on OK. You return to the L2TP IP Interface List window, which displays the IP interface address and the subnet mask.
Starting L2TP Enabling L2TP on an Existing Frame Relay Interface To enable L2TP on an interface with frame relay and IP already enabled, complete the following tasks: Site Manager Procedure You do this System responds 1. In the Configuration Manager window, choose a WAN connector. The Edit Connector window opens. 2. Choose Edit Circuit. The Frame Relay Circuit Definition window opens. 3. Choose Services. The Frame Relay Service List window opens. 4.
Configuring L2TP Services Site Manager Procedure (continued) You do this System responds 11. Click on OK. You return to the L2TP IP Interface List window, which displays the IP interface address and the subnet mask. A message window opens that reads, L2TP Configuration is completed. 12. Click on OK. 2-8 13. Click on Done. You return to the Frame Relay Service List window. 14. Click on Done. You return to the Frame Relay Circuit Definition window. 15. Click on Done.
Starting L2TP Enabling L2TP on an Existing ATM Interface To enable L2TP on an interface with ATM and IP already enabled, you can enable L2TP in two ways. If your interface uses a COM connector, complete the tasks in the following table. If your interface uses an ATM connector, go to page 2-10. Site Manager Procedure You do this System responds 1. In the Configuration Manager window, choose a WAN connector. The Edit Connector window opens. 2. Choose Edit Circuit. The Circuit Definition window opens.
Configuring L2TP Services Site Manager Procedure (continued) You do this System responds 12. Click on Done. You return to the Circuit Definition window. 13. Choose File. The File menu opens. 14. Choose Exit. You return to the Configuration Manager window. If your ATM interface uses an ATM connector, complete the following tasks: Site Manager Procedure 2-10 You do this System responds 1. In the Configuration Manager window, choose an ATM connector. The Edit ATM Connector window opens. 2.
Chapter 3 Customizing L2TP Services When you enable L2TP, default values are in effect for most parameters (see parameter descriptions in Appendix A, “L2TP Parameters”). You may want to change some of these values, depending on the requirements of your network.
Configuring L2TP Services Modifying the L2TP Protocol Configuration To modify how data is transmitted across an L2TP network, such as the number, frequency, and timing of data and acknowledgment packets exchanged between the LNS and LAC, you can modify the L2TP protocol parameters. To modify the L2TP protocol configuration, complete the following tasks: Site Manager Procedure You do this System responds 1. In the Configuration Manager window, choose Protocols. The Protocols menu opens. 2. Choose IP.
Customizing L2TP Services Modifying RADIUS Server Information If you change the address of the RADIUS server that you are using to authenticate remote users and manage accounting functions, you must update the server address information on the LNS. For more information about using a RADIUS server in an L2TP network, see “RADIUS Server” on page 1-6. To modify the address of the RADIUS server, complete the following tasks: Site Manager Procedure You do this System responds 1.
Configuring L2TP Services Changing the LNS System Name The LNS system name is the name of the router. This name is used during tunnel setup to identify the LNS uniquely. By default, Site Manager enters the system name that you initially configured when first accessing the router. See Configuring and Managing Routers with Site Manager for more details about system information. To change the LNS system name, complete the following tasks: Site Manager Procedure You do this System responds 1.
Customizing L2TP Services Modifying the Number of L2TP Sessions Permitted You can modify the maximum number of active L2TP sessions that the LNS can manage. The default is 100 sessions. For more information about L2TP sessions, see “L2TP Sessions” on page 1-3. To change the maximum number of L2TP sessions supported by the LNS, complete the following tasks: Site Manager Procedure You do this System responds 1. In the Configuration Manager window, choose Protocols. The Protocols menu opens. 2. Choose IP.
Configuring L2TP Services Keeping the Remote User’s Domain Name The LNS removes the domain name from the complete user name by default, before passing it on to the RADIUS server for user authentication. To keep the domain name with the user name, complete the following tasks: Site Manager Procedure You do this System responds 1. In the Configuration Manager window, choose Protocols. The Protocols menu opens. 2. Choose IP. The IP menu opens. 3. Choose L2TP. The L2TP menu opens. 4.
Customizing L2TP Services Changing the Domain Name Delimiter In the complete user name there is a single-character delimiter that separates the user name from the domain name. By default, the LNS removes the domain name when it receives a call. The delimiter tells the LNS which characters to remove. The default delimiter is an at sign (@). To change the delimiter, complete the following tasks: Site Manager Procedure You do this System responds 1. In the Configuration Manager window, choose Protocols.
Configuring L2TP Services Enabling Tunnel Authentication To prevent unauthorized users from accessing the corporate network, you can enable tunnel authentication. During tunnel negotiation, the LAC sends its tunnel authentication password to the LNS. If the password is not recognized by the LNS, authentication is unsuccessful and the LAC cannot create the tunnel. Note: If you are using the Password Authentication Protocol (PAP) for PPP authentication, do not enable tunnel authentication.
Customizing L2TP Services Modifying L2TP IP Interface Addresses The L2TP IP Interface List window lists the L2TP IP interface addresses for each slot that has L2TP configured. The LNS uses the addresses internally to identify the remote sites. For more information about the L2TP IP interface, see “L2TP IP Interface Addresses” on page 1-16. To change an address on the list, complete the following tasks: Site Manager Procedure You do this System responds 1.
Configuring L2TP Services Disabling RIP RIP is enabled on the LNS by default so that the LNS can learn routes from the remote dial-in router. If the LNS does not require RIP support, you can disable it. To disable RIP, complete the following tasks: Site Manager Procedure You do this System responds 1. In the Configuration Manager window, choose Protocols. The Protocols menu opens. 2. Choose IP. The IP menu opens. 3. Choose L2TP. The L2TP menu opens. 4. Choose L2TP IP Interface.
Customizing L2TP Services Site Manager Procedure (continued) You do this System responds 6. Set the Enable L2TP parameter to Disable. Click on Help or see the parameter description on page A-3. Site Manager disables L2TP for the slot. 7. Click on Done. You return to the Configuration Manager window. Deleting L2TP from a PPP Interface To delete L2TP from a PPP interface, complete the following tasks: Site Manager Procedure 303532-A Rev 00 You do this System responds 1.
Configuring L2TP Services Deleting L2TP from a Frame Relay Interface To delete L2TP from a frame relay interface, complete the following tasks: Site Manager Procedure You do this System responds 1. In the Configuration Manager window, click on a WAN connector configured with L2TP. The Edit Connector window opens. 2. Choose Edit Circuit. The Frame Relay Circuit Definition window opens. 3. Choose Services. The Frame Relay Service List window opens. 4.
Customizing L2TP Services Deleting L2TP from an ATM Interface To delete L2TP from an ATM interface on a COM connector, complete the following tasks: Site Manager Procedure You do this System responds 1. In the Configuration Manager window, click on a COM connector configured with L2TP. The Edit Connector window opens. 2. Choose Edit Circuit. The Circuit Definition window opens. 3. Choose Group Protocols. The Group Protocols menu opens. 4. Choose Add/Delete. The Select Protocols window opens. 5.
Configuring L2TP Services Site Manager Procedure (continued) 3-14 You do this System responds 6. Click on OK. You return to the ATM Service Records List window. 7. Click on Done. You return to the Edit ATM Connector window. 8. Click on Done. You return to the Configuration Manager window.
Appendix A L2TP Parameters This appendix contains the Site Manager parameter descriptions for L2TP services. You can display the same information using Site Manager online Help. For information about the IP parameters that you set when enabling L2TP, see Configuring IP Services.
Configuring L2TP Services The Technician Interface allows you to modify parameters by issuing set and commit commands with the MIB object ID. This process is equivalent to modifying parameters using Site Manager. For more information about using the Technician Interface to access the MIB, see Using Technician Interface Software. Caution: The Technician Interface does not verify parameter values you enter. Entering an invalid value can corrupt your configuration.
L2TP Parameters Parameter: Enable L2TP Path: Default: Options: Function: Instructions: Configuration Manager > Protocols > IP > L2TP > L2TP Configuration Enable Enable | Disable Enables or disables L2TP on this interface. Site Manager automatically sets this parameter to Enable when you select L2TP as a protocol. Accept the default, Enable, to use L2TP. To temporarily disable L2TP, set this parameter to Disable. MIB Object ID: 1.3.6.1.4.1.18.3.5.23.2.1.
Configuring L2TP Services Parameter: Retransmit Timer (seconds) Path: Default: Options: Function: Configuration Manager > Protocols > IP > L2TP > L2TP Configuration 1 1 to 60 seconds Indicates the number of seconds that the LNS waits for an acknowledgment from the LAC before resending packets. Instructions: If you are experiencing many timeouts during L2TP tunnel negotiation or during a session, set this value to a number greater than the default. Otherwise, accept the default. MIB Object ID: 1.3.6.1.4.1.
L2TP Parameters Parameter: Ack Timeout (milliseconds) Path: Default: Options: Function: Configuration Manager > Protocols > IP > L2TP > L2TP Configuration 250 1 to 350 milliseconds Specifies the maximum number of milliseconds that can elapse before the LNS sends an acknowledgment to the LAC that it received an L2TP control message, such as a tunnel authentication or session control message.
Configuring L2TP Services Parameter: RADIUS Primary Server Password Path: Default: Options: Function: Instructions: Configuration Manager > Protocols > IP > L2TP > L2TP Configuration None Any alphanumeric string, up to a maximum of 64 characters Specifies the primary RADIUS server’s password. Enter the password for the RADIUS server. If the RADIUS server is already configured, Site Manager automatically supplies the password. MIB Object ID: 1.3.6.1.4.1.18.3.5.22.2.1.
L2TP Parameters Parameter: Remove Domain Name Path: Default: Options: Function: Configuration Manager > Protocols > IP > L2TP > L2TP Configuration Enable Enable | Disable Instructs the router whether to remove the domain name from the complete user name before RADIUS authentication takes place. If enabled, the LNS removes the delimiter separating the user name and the domain name and all characters to the right of the delimiter.
Configuring L2TP Services L2TP Tunnel Security Parameters The L2TP Tunnel Security List window (Figure A-2) contains the tunnel authentication parameters. Figure A-2. L2TP Tunnel Security List Window The parameter descriptions follow.
L2TP Parameters Parameter: Enable Tunnel Authentication Path: Default: Options: Function: Configuration Manager > Protocols > IP > L2TP > Tunnel Authentication Disable Enable | Disable Enables or disables the use of tunnel authentication for a slot on the LNS. Tunnel authentication provides a level of network security to protect the corporate network from unauthorized users. Instructions: Set this parameter to Enable for the LNS to perform tunnel authentication. Otherwise, accept the default, Disable.
Configuring L2TP Services L2TP IP Interface Parameters The L2TP IP Interface List window (Figure A-3) contains the list of IP interfaces for each slot on the router configured with L2TP. Figure A-3. L2TP IP Interface List Window When you click on Change, Site Manager displays the L2TP IP Interface window (Figure A-4). Figure A-4.
L2TP Parameters The parameter descriptions follow. Parameter: L2TP IP Interface Address Path: Default: Options: Function: Configuration Manager > Protocols > IP > L2TP > L2TP IP Interface None Any unique IP address Specifies the IP address that identifies the L2TP IP interface for the LNS. You must provide an address for each slot configured as an LNS. Instructions: Enter a unique IP address. This address applies for the entire router slot.
Configuring L2TP Services Parameter: RIP Enable Path: Default: Options: Function: Configuration Manager > Protocols > IP > L2TP > L2TP IP Interface Enable Enable | Disable Specifies whether RIP Listen is enabled on this interface. See Configuring IP Services for more information about RIP. Instructions: Accept the default, Enable, so that the LNS can learn routes from a remote dial-in router. Select Disable to disable RIP. MIB Object ID: 1.3.6.1.4.1.18.3.5.3.2.2.2.1.
Appendix B Configuration Examples This appendix provides two examples of L2TP network configurations. It includes only those parameters that require changes from their default settings for proper configuration. For instructions on modifying parameters, see Chapter 3, “Customizing L2TP Services.” This appendix assumes that you are familiar with L2TP configuration procedures.
Configuring L2TP Services No active call from mmark; no tunnel needed ISP network mmark@baynetworks.com LAC 2 PC TMS No L2TP Modem functionality Corporate network Router jsmart@baynetworks.com LAC 1 Frame relay LNS 192.32.16.55 .26.0 .17 PC Tunnel TA No L2TP functionality ISDN Multilink PPP 192.32.68.2 L2TP IP interface RADIUS server 192.32.26.6 bay_private Domain name in TMS database baynetworks.com = 192.32.16.55 IP addresses in the RADIUS server database 192.32.40.1 jsmart@baynetworks.
Configuration Examples Configuring the LACs and the TMS The LACs in this network are Model 5399 Remote Access Concentrators. Both devices have L2TP modules installed. See Model 5399 Remote Access Concentrator documentation for information about configuring L2TP. The LACs use the same TMS, which you configure with the following information: Domain name: baynetworks.com Tunnel end point address (LNS address): 192.32.16.
Configuring L2TP Services 6. 7. In the L2TP Tunneling Security window, enable tunnel authentication. Parameter Name Value Enable Tunnel Authentication Enable Tunnel Authentication Password LAC1 In the L2TP IP Interface window, enter the L2TP IP address. Parameter Name Value L2TP IP Interface Address 192.32.68.2 Subnet Mask 255.255.255.0 During the L2TP session, the RADIUS server assigns the following IP addresses: jsmart@baynetworks.com: 192.32.40.1 mmark@baynetworks.com: 192.32.40.
Configuration Examples Example 2: Remote Router Calling the Corporate Network Figure B-2 shows a network with two BayStack™ AN® routers at the remote site. The AN routers are using dial-on-demand service for dial-up connections. In this network, note the following: • PPP is the WAN protocol for the connection between the ISP network and the corporate network.
Configuring L2TP Services Configuring the Dial-on-Demand Circuit Modify the dial-on-demand circuit configuration for the AN routers as follows: 1. In the Configuration Manager window, choose Dialup > Demand Circuits > Demand Pools > PPP Circuits > PPP Demand Circuits to display the PPP Demand Circuits window. 2. Disable outbound authentication. Parameter Name Value Outbound Authentication Disable CHAP Local Name jsmart@bay.com Dial Optimized Routing Enabled 3.
Appendix C Troubleshooting To monitor your L2TP network and solve problems that may occur, first check the event log file for any messages recorded by the LNS. For information about viewing and reading event messages, see Event Messages for Routers and Configuring and Managing Routers with Site Manager. Table C-1 provides troubleshooting solutions for common problems with your L2TP network. Table C-1. Common L2TP Network Problems and Solutions Problem What to Do L2TP tunnel did not initiate.
Configuring L2TP Services Table C-1. Common L2TP Network Problems and Solutions (continued) Problem What to Do L2TP session is not active. The LNS failed to negotiate the PPP LCP options. Reconfigure the host at the remote site dialing in to the ISP. For a Bay Networks router at the remote site, check the PPP MRU/MRRU size. The LNS supports an MRU/MRUU size of 1500 only.
Index A accounting, RADIUS, 1-15 Ack Timeout (milliseconds) parameter, A-5 acronyms, xv B Bay Networks LNS.
LNS (continued) L2TP security, 1-10 modifying protocol configuration, 3-2 operating with LACs, 1-11 S LNS System Name parameter, A-5 sessions, L2TP description, 1-3 modifying number permitted, 3-5 LNS system name, changing, 3-4 Subnet Mask parameter, A-11 support, Bay Networks, xvi M T Max L2TP Sessions parameter, A-3 Maximum Retransmit parameter, A-4 technical publications, xvi technical support, xvi P packet encapsulation, L2TP, 1-8 parameters customizing, 3-1 descriptions, A-1 See also parameter