3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide
Introduction to L2TP Protocol 107
Figure 26 Call setup flow of L2TP channel
The following is the call setup process using L2TP Tunnel:
1 The PC at user side initiates setup request;
2 The PC and LAC equipment negotiate PPP LCP parameters;
3 LAC performs PAP or CHAP authentication based on the information provided by
the PC, where a VPN user resides;
4 LAC sends access request including VPN user’s name and password to RADIUS
server for authentication;
5 RADIUS server authenticates this user and sends back access accept, such as LNS
address, after authentication is passed successfully; LAC is ready for initiating a
new Tunnel request;
6 LAC initiates a Tunnel request to the LNS specified by RADIUS server;
7 LAC informs LNS of "CHAP challenge" information, LNS sends back CHAP
response and its own CHAP challenge, and LAC sends back CHAP response;
8 Authentication passes successfully;
9 LAC transmits the information of CHAP response, response identifier and PPP
negotiation parameters to LNS;
10 LNS sends the access request to RADIUS server for authentication;
11 RADIUS server authenticates this access request and sends back a response if
authentication is successful;
LAC
RADIUS Server
LNS
RADIUS Server
LAC
LNS
(5) access accept
(4) access request
PC
(1) Call Setup
(2) PPP LCP Setup
(3) PAP or CHAP authentication
(6) Tunnel establishment
(7) PAP or CHAP authentication
(challenge/response)
(8) authentication passes
(9) user CHAP response, ppp
negotiation parameter
(10) access request
(11) access accept
(12) CHAP authentication twice(challenge/response)
(15) authentication passes
(13) access request
(14) access accept