Note ¯ You must be running RADIUS 2.1 or later to configure L2TP. Earlier versions of RADIUS do not support call-checking.
1. The dial-up user places a call.
2. The LAC detects the incoming call.
3. Using call-check, the LAC sends an authentication request to a RADIUS server containing the Called-Station-Id and Calling-Station-Id before answering the call. (See "Overview of Call-Check" on page 9-8.)
4. RADIUS accepts the user (if authentic) and sends an accept message to the LAC containing information about how to create the L2TP tunnel for this session.
5. The LAC creates a tunnel to the LNS by encapsulating the PPP frames into IP packets and forwarding those packets to the LNS.
6. The LNS negotiates PPP with the end user.
Command> set l2tp noconfig|disable|enable lac|enable lns
Note ¯ Line ports on a Quad T1 or Tri E1 line board configured as an LNS are automatically set as T1 or E1 and can no longer be used for dial-in. The virtual S0 ports become W1 ports.
Command> set view 0
Command 0> set l2tp lac enable
Command 0> save all
Command 0> reset slot0
Command 0> set l2tp lac disable
1. Set the view to the first slot with an installed line board.
2. Configure the line board to inherit its LAC configuration from the manager module.
Command Slotnumber> set l2tp noconfig lac
3. Save the configuration and reset the slot.
Command Slotnumber> save all
Command Slotnumber> reset slotSlotnumber
4. Repeat Steps 1 through 3 for all remaining line boards.
5. Set the view to the manager module and globally enable the LAC functionality.
Command Slotnumber> set view 4
Command> set l2tp lac enable
6. Save the changes and reboot the PortMaster for the changes to take effect.
Command> save all
Command> reboot
Command> set l2tp disable lac
Command> save all
Command> reboot
Command> set l2tp noconfig
Command> save all
Command> reboot
Note ¯ An entire PortMaster 4 cannot operate as both an LNS and a LAC at the same time. You can configure one board as a LAC and another board as an LNS on the same PortMaster 4, but these two boards must function as end points for independent tunnels.
Command> set view 0
Command Slotnumber> set l2tp lns enable
Command Slotnumber> save all
Command Slotnumber> reset slot0
Command Slotnumber> set l2tp disable
1. Set the view to the first slot with an installed line board.
2. Configure the line board to inherit its LNS configuration from the manager module.
Command Slotnumber> set l2tp noconfig lns
3. Save the configuration and reset the slot.
Command Slotnumber> save all
Command Slotnumber> reset Slotnumber
4. Repeat Steps 1 through 3 for all remaining line boards.
5. Set the view to the manager module and globally enable the LNS functionality.
Command Slotnumber> set view 4
Command> set l2tp lns enable
6. Save the changes and reboot the PortMaster for the changes to take effect.
Command> save all
Command> reboot
Command> set l2tp disable
Command> save all
Command> reboot
Command> set l2tp noconfig
Command> save all
Command> reboot
Note ¯ An entire PortMaster 4 cannot operate as an LNS and a LAC at the same time. You can configure one board as a LAC and another board as an LNS on the same PortMaster 4, but these two boards must function as end points for independent tunnels.
Command> set l2tp secret Password|none
Command> set l2tp authenticate-remote on |off
Note ¯ Because tunnels remain established until the PortMaster is rebooted, empty tunnels can exist.
Note ¯ If the call-check feature is enabled but no RADIUS support is configured, all dial-in users receive either a busy signal or dead air.
Note ¯ You must be running RADIUS 2.1 or later to configure L2TP. Earlier versions of RADIUS do not support the call-check feature.
Caution ¯ The Service-Type value has changed from ComOS version 3.8b15, which called it Call-Check-User with the value 129. This value is no longer valid. Make sure to remove any old entries in your dictionary and users file.
DEFAULT Called-Station-Id = "5551313", Service-Type = Call-Check
DEFAULT Called-Station-Id = "5551313", Service-Type = Call-Check
Tunnel-Server-Endpoint = "192.168.1.221"
DEFAULT Service-Type = Call-Check, Called-Station-Id = "5551234"
Tunnel-Server-Endpoint = "192.168.11.2",
Tunnel-Server-Endpoint = "192.168.11.17",
Tunnel-Server-Endpoint = "192.168.230.97"
Note ¯ Acceptance of a tunnel server end point is based on whether the host is running L2TP. However, if the machine designated as the tunnel server end point is configured as a LAC instead of an LNS, the session fails.
Note ¯ This feature provides redundant backup, not load balancing. See "Load Balancing Among Tunnel Server End Points (Optional)" on page 9-7.
Command> create l2tp tunnel udp Ipaddress [Password|none]
Command> show l2tp global|sessions|stats|tunnels
Command> reset l2tp [stats|tunnel Number]