Network Router User Manual
L2TP Overview
303532-A Rev 00
1-13
You can enable tunnel authentication on the Bay Networks LNS. If tunnel
authentication is disabled, which is the default, the LNS sends a default challenge
response to the LAC during the authentication process so that the tunnel can be
established. The LNS cannot send outgoing calls, so it cannot initiate tunnel
authentication.
During tunnel authentication, the following exchange of messages takes place:
1.
The LAC sends a tunnel setup message, called the start control connection
request (SCCRQ) message to the LNS. This message includes a challenge to
the LNS.
2.
The LNS replies with a tunnel response, a challenge response, and its own
challenge message. This is called the start control connection reply (SCCRP)
message.
3.
The LAC replies with a challenge response that includes its tunnel
authentication password. This is the start control connection connected
(SCCCN) message.
4.
If this same password is configured for the LNS, the LNS grants approval to
the LAC to establish a tunnel.
Figure 1-4
shows tunnel authentication.
Figure 1-4. Tunnel Authentication Control Messages
L2T0006
A
LAC
ISP network
LNS
Corporate network
PPP connection
SCCRQ
SCCCN
SCCRP
tunnel request and challenge
tunnel response, challenge response,
and LNS challenge
challenge response