[Top] [Table Of Contents] [Prev] [Next] [Index]
20 out of 25 total pages
L2TP 17
- This chapter describes the commands you use to configure the Layer 2 Tunneling Protocol (L2TP) on the PortMaster 4. L2TP allows the PortMaster to tunnel PPP frames from an incoming call across an IP network from one PortMaster that answers the call--an L2TP access concentrator (LAC)--to another PortMaster that processes the PPP frames--an L2TP network server (LNS).
- ComOS releases 4.1 and later support LAC and LNS features on the PortMaster 4. ComOS 4.0 and ComOS 4.0.3 support only LAC on the PortMaster 4.
- L2TP can be implemented on the PortMaster 4 with or without the call-check feature. If call-check is not enabled, the LAC uses the username and password to retrieve information from the RADIUS server, such as L2TP tunnel information. The LNS uses the username and password to retrieve the user profile. The LAC and the LNS can use the same RADIUS server. If call-check is enabled, the LAC uses the called station ID and/or the calling-station ID to determine if it should accept the call. If the LAC accepts the call, it replies with the tunnel information.
- To use L2TP, you must add the corresponding L2TP and call-check attributes to the RADIUS dictionary.
- The PortMaster 4 supports the LNS board on ComOS 4.1 and later releases. The LNS board terminates up to 500 concurrent L2TP sessions over multiple L2TP tunnels. Up to nine LNS boards can be installed in a PortMaster 4. For information about installing the LNS board, see the PortMaster 4 Installation Guide .
- For additional information about configuring L2TP on the PortMaster 4, see the PortMaster 4 Configuration Guide.
Displaying L2TP Diagnostic Information
- To display L2TP debug information on the console, use the following commands:
- When finished, use the following commands:
- To display L2TP session information or line status, use the following commands:
Summary of L2TP Commands
-
Table 17-1 L2TP Commands
|
Command Syntax
|
|
|---|
| create l2tp tunnel udp Ipaddress [Password |none ]
| - see page 17-2
|
| reset l2tp [stats|tunnel Number]
| - see page 17-3
|
| set call-check on|off
| - see page 3-6
|
| set debug l2tp max|packets [Bytes]|rpc|setup|stats on|off
| - see page 14-9
|
| set l2tp authenticate-remote on|off
| - see page 17-5
|
| set l2tp choose-random-tunnel-endpoint on|off
| - see page 17-6
|
| set l2tp-lac enable|disable
| - see page 17-7
|
| set l2tp noconfig|disable|enable {lac|lns}
| - see page 17-4
|
| set l2tp secret [Password|none]
| - see page 17-8
|
| show l2tp global|sessions|stats|tunnels
| - see page 17-8
|
Table 17-1 shows the L2TP configuration commands.
L2TP Commands
create l2tp tunnel
- This command manually establishes an L2TP tunnel for the entire PortMaster 4 for testing and troubleshooting.
create l2tp tunnel udp Ipaddress [Password |none]
| Ipaddress
| IP address of the L2TP tunnel endpoint expressed in dotted decimal notation.
|
| Password
| Optional password that the PortMaster 4 uses to authenticate itself when responding to a tunnel request from the L2TP endpoint.
|
| none
| Sets the PortMaster 4 to use the L2TP secret configured for it with the set l2tp secret command. This is the default.
|
- Use this command for testing and troubleshooting L2TP. It is global for the entire PortMaster 4.
- Command> create l2tp tunnel udp 149.198.110.19
OK
- set l2tp - page 17-4
set l2tp secret - page 17-8
reset l2tp
- This command resets active L2TP tunnels and sessions or resets the L2TP statistics counter for the entire PortMaster 4.
reset l2tp [stats|tunnel Number ]
| stats
| Resets L2TP counters displayed by the show l2tp stats command to zero. Using this command does not reset active L2TP sessions.
|
| tunnel Number
| Resets the specified tunnel. To view L2TP tunnel numbers, use the show l2tp tunnels command.
Number is an integer between 1 and 100. If no tunnel number is specified, all L2TP tunnels are reset.
|
- To reset all L2TP tunnels and terminate all PPP sessions, enter reset l2tp with no arguments.
- Command> reset l2tp stats
Command>
- show l2tp - page 17-8
set l2tp
- This command enables and disables L2TP features on the entire PortMaster 4 or on a particular line board.
set l2tp noconfig|disable|enable {lac|lns}
noconfig
| Sets the entire PortMaster 4 to have no L2TP configuration if set globally on the manager module. A line board set with noconfig has no L2TP configuration of its own, but inherits from the system manager module if the manager is configured for L2TP.
However, if the manager module is set with noconfig or is not configured for L2TP, the line board cannot inherit its configuration.
|
disable
| Disables L2TP on the entire PortMaster 4 if set globally on the manager module. If set on a line board, disable turns off L2TP on that board and prevents the board from inheriting the L2TP configuration of the manager module.
|
enable lac
| Enables the entire PortMaster 4 as a LAC if set globally on the manager module. If set on a Quad T1 or Tri E1 board, this option enables the board as a LAC. A LAC can answer calls and process them using L2TP.
|
enable lns
| Enables the entire PortMaster 4 as an LNS if set globally on the manager module. If set on a Quad T1, Tri E1, or LNS board, this option enables the board as an LNS. On an LNS, any line ports are automatically set as T1 or E1 ports and can no longer be used for dial-in. The virtual S0 ports become W1 ports.
|
- You must first select a slot for configuration using the set view command. Setting the view to the manager module sets the L2TP configuration globally for the entire PortMaster 4. If you do not configure a Quad T1, Tri E1, or LNS board for L2TP, the board inherits the L2TP configuration of the manager module.
- Using this command on a Quad T1, Tri E1, or LNS board overrides the global setting.
- To activate the new configuration, you must use the save all command and reboot the manager module or reset the slot if configuring a Quad T1, Tri E1, or LNS board.
- A board on the PortMaster 4 can be enabled as either a LAC or LNS, but not as both.
- L2TP and RADIUS Accounting. Both the LAC and LNS log any user sessions to RADIUS accounting. If you are using the RADIUS call-check feature to establish the L2TP tunnel, the LAC's accounting data contains only the calling line ID (CLID) information, not the username, because that information has not yet been passed on the link. The LNS accounting data shows both the CLID and username in its accounting data along with the assigned IP address.
- If partial authentication instead of call-check is taking place on the LAC, then the username might be available to it. In that case, the username appears in the RADIUS accounting logs for both the LNS and the LAC.
- In both cases, the LNS displays NAS-Port-Type as virtual , while the LAC displays the NAS-Port-Type set to the actual physical interfaces connection type--the normal behavior of the network access server.
Examples
Command> set view 0
View changed from 4 to 0
Command 0> set l2tp disable
Command> save all
Command> reset slot
Command> set view 0
View changed from 4 to 0
Command 0> set l2tp enable lac
L2TP lac will be enabled after next reboot
Command> save all
Command> reset slot
See Also
- set call-check - page 3-6
set l2tp-authenticate remote - page 17-5
show l2tp - page 17-8
set l2tp authenticate-remote
- This command sets the PortMaster 4 to initiate L2TP tunnel authentication.
set l2tp authenticate-remote on|off
| on
| Sets the PortMaster 4 to initiate authentication with the other side of the L2TP connection before it creates the tunnel.
|
| off
| Disables the PortMaster 4 from initiating authentication.
|
- This command configures the PortMaster 4 to initiate authentication before establishing a tunnel, but does not determine how the PortMaster responds to an authentication request.
- set l2tp - see page 17-4
set l2tp choose-random-tunnel-endpoint
- This command determines the order in which the PortMaster 4 chooses a tunnel end point when multiple tunnel end points are set for a user.
set l2tp choose-random-tunnel-endpoint on|off
| on
| Sets the PortMaster 4 to choose the tunnel end point randomly from the list of tunnel end points returned by RADIUS.
|
| off
| Sets the PortMaster 4 to select a tunnel end point serially.
|
- This command changes the way the PortMaster 4 selects a tunnel end point when multiple end points are set for a user. By default, the PortMaster 4 selects the tunnel end point serially.
- You can configure a RADIUS user profile to support up to three L2TP redundant end points--the LAC discards any additional end points. See the PortMaster 4 Configuration Guide for additional information.
Note ¯ 
The PortMaster 4 supports up to three L2TP end points.
set l2tp-lac
- This command enables and disables L2TP access concentrator (LAC) features on a PortMaster 4.
set l2tp-lac enable|disable
enable
| Enables LAC on a line board of the PortMaster 4 running ComOS 4.0.
|
disable
| Disables LAC on a line board of the PortMaster 4. This is the default.
|
Usage
Note ¯ 
The PortMaster 4 supports this command only on ComOS release 4.0. To enable LAC features on a PortMaster 4 running ComOS 4.1, use the set l2tp enable lac command.
- L2TP can be implemented on the PortMaster 4 with or without the RADIUS call-check feature enabled. If call-check is disabled, the LAC uses the username and password to retrieve information from the RADIUS server, such as L2TP tunnel information. The LAC and the LNS can use the same RADIUS server.
- You must enable the corresponding L2TP and RADIUS call-check attributes on the RADIUS server to activate L2TP. For more information about configuring L2TP, refer to the PortMaster 4 Configuration Guide .
- To establish an L2TP session on a PortMaster 4, you must first use the save all and reset slot commands after enabling the LAC feature.
set l2tp secret
- This command sets the password used by the PortMaster 4 to respond to L2TP tunnel authentication requests.
set l2tp secret [Password|none]
| Password
| Sets the global password that the PortMaster 4 uses to respond to L2TP tunnel authentication requests. Password is a string of up to 15 ASCII characters.
|
| none
| Disables the global L2TP password on the PortMaster 4. This is the default.
|
- This command sets a global L2TP password for the entire PortMaster 4.
Note ¯ 
You cannot override this global command by configuring a secret on a Quad T1 or Tri E1 board.
- However, if a PortMaster 4 configured as a LAC receives a tunnel authentication request, it uses the Tunnel-Password value from the RADIUS access-accept, if present, instead of the global L2TP secret. See the PortMaster 4 Configuration Guide for additional information.
show l2tp
- This command displays information about active L2TP sessions for the entire PortMaster 4.
show l2tp global|sessions|stats|tunnels
| global
| Displays global L2TP settings.
|
| sessions
| Displays information about active L2TP sessions.
|
| stats
| Displays L2TP statistics.
|
| tunnels
| Displays information about L2TP tunnels such as the tunnel identification number, assigned ID, tunnel ID, and port name.
|
Examples
Command> show l2tp global
debug packets debug stats debug setup Tunnel Authentication Enabled
Initiation of Authentication Remote Tunnel Disabled
Default Board configuration
Command> show l2tp sessions
Id
|
Assign-Id
|
Tunnel-Id
|
Portname
|
2305
|
1
|
1
|
S0
|
Command> show l2tp stats
NEW_SESSION
|
1
|
NEW_TUNNEL
|
4
|
TUNNEL_CLOSED
|
3
|
HANDLE_CLOSED
|
3
|
L2TP_STATS_MEDIUM_HANDLE
|
3
|
INTERNAL_ERROR
|
14
|
CTL_SEND
|
9
|
CTL_REXMIT
|
1
|
CTL_RCV
|
10
|
MSG_CHANGE_STATE
|
4
|
WRONG_AVP_VALUE
|
3
|
EVENT_CHANGE_STATE
|
3
|
Command> show l2tp tunnels
Id
|
Assign-Id
|
Hnd State
|
Server-Endpoint
|
Client-Endpoint
|
1
|
1
|
24
|
L2T_ESTABLISHED
|
192.168.6.13
|
192.168.10.28
|
[Top] [Table Of Contents] [Prev] [Next] [Index]
20 out of 25 total pages
spider@livingston.com
Copyright © 1999, Lucent Technologies. All rights
reserved.