TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

691

692

693

694

695

696

697

698

699

700

7-174

Virtual Private Networks

Configure an L2TP over IPsec VPN

Set Up a RADIUS Server to Work with the TMS zl Module. This sec-

tion provides guidelines for setting up a RADIUS server so that it can provide

L2TP authentication for the TMS zl Module. You should refer to your server’s

documentation for precise instructions.

You must complete the following on your RADIUS server:

■ Add the TMS zl Module as a client. Set the shared secret to the same string

that you configured on the module when you specified this RADIUS

server.

■ Create one or more policies on the RADIUS server to authenticate L2TP

clients. Each policy must meet these criteria:

• The policy selects requests sent from the TMS zl Module.

Table 7-18 shows the attributes that the module includes for L2TP-

related requests. You can use these attributes to ensure that the

request is matched to the proper policy. For example, you could create

policies that select requests from the L2TP users’ actual IP addresses.

Or a policy could select requests from users in a specific group.

Table 7-18. RADIUS Attributes Sent in L2TP RADIUS Request

Note The RADIUS policy used to authenticate L2TP users must not use

other attributes as conditions, or the authentication requests will not

be selected. (Note that you can specify a user group as a condition as

this corresponds to username attribute).

For example, if you are using the Microsoft IAS wizard to create your

policy, the wizard will automatically add condition attributes that the

TMS zl Module does not send (such as the connection type [NAS-Port-

Type]). After you create the policy, edit it, deleting any attributes that

the TMS zl Module does not use from the conditions.

• The policy grants authenticated users access.

• The policy defines the RADIUS attributes shown in Table 7-19 for the

connection.

Attribute Value

Username L2TP user’s username

Password L2TP user’s password

Calling-Station-ID L2TP user’s actual IP address

NAS-Identifier NAS Identifier configured for the module when you

specified the RADIUS server

NAS-IP-Address Module IP address on the TMS VLAN that connects

to the RADIUS server