Advertisement
Quick Links
L2TP Network Server
This chapter describes the support for Layer 2 Tunneling Protocol (L2TP) Network Server (LNS) functionality
®
on Cisco
ASR 5500 chassis and explains how it is configured. The product Administration Guides provide
examples and procedures for configuration of basic services on the system. It is recommended that you select
the configuration example that best meets your service model, and configure the required elements for that
model, as described in the respective product Administration Guide, before using the procedures in this chapter.
Important
The Layer 2 Tunneling Protocol (L2TP) Network Server (LNS) is a licensed Cisco feature. A separate feature
license may be required. Contact your Cisco account representative for detailed information on specific
licensing requirements. For information on installing and verifying licenses, refer to the Managing License
Keys section of the Software Management Operations chapter in the System Administration Guide.
When enabled though the session license and feature use key, LNS functionality is configured as context-level
services on the system. LNS services support the termination of L2TP encapsulated tunnels from L2TP Access
Concentrators (LACs) in accordance with RFC 2661.
Important
While establishing the L2TP session from LAC to LNS, the PPP connection for the user is established. The
server uses CHAP authentication protocol to authenticate the connection. While calculating the CHAP response
for the CHAP challenge received by the server, the server does not consider the CHAP password.
Important
The LNS service uses UDP ports 13660 through 13668 as the source port for receiving packets from the LAC.
You can force the LNS to only use the standard L2TP port (UDP Port 1701) with the single-port-mode LNS
service configuration mode command. Refer to the Command Line Interface Reference for more information
on this command.
•
LNS Service Operation, on page 2
•
Configuring the System to Support LNS Functionality, on page 10
L2TP Network Server
1
Advertisement
Related Manuals for Cisco L2TP
Summary of Contents for Cisco L2TP
- Page 1 The LNS service uses UDP ports 13660 through 13668 as the source port for receiving packets from the LAC. You can force the LNS to only use the standard L2TP port (UDP Port 1701) with the single-port-mode LNS service configuration mode command. Refer to the Command Line Interface Reference for more information on this command.
-
Page 2: Information Required
The source context facilitates the LNS service(s) and the PDN and AAA interfaces. The PDN interface is bound to the LNS service and connects L2TP tunnels and sessions from one or more peer LACs. The source context is also be configured to provide AAA functionality for subscriber sessions. The destination context facilitates the packet data network interface(s) and can optionally be configured with pools of IP addresses for assignment to subscriber sessions. - Page 3 (alpha and/or numeric) by which the interface will be recognized by the system. Multiple names are needed if multiple interfaces will be configured. These PDN interfaces facilitates the L2TP tunnels/sessions from the LAC and are configured in the source context. IP address and subnet These will be assigned to the PDN interface.
- Page 4 Peer LAC IP address or network prefix and mask: The IP address of a specific peer LAC for which the LNS service terminates L2TP tunnels. The IP address must be expressed in dotted decimal notation. Multiple peer LACs can be configured.
- Page 5 L2TP Network Server Source Context Configuration Required Information Description AAA interface name This is an identification string between 1 and 79 characters (alpha and/or numeric) by which the interface will be recognized by the system. Multiple names are needed if multiple interfaces will be configured.
- Page 6 L2TP Network Server Source Context Configuration Required Information Description RADIUS Authentication server IP Address: Specifies the IP address of the RADIUS authentication server the source context will communicate with to provide subscriber authentication functions. Multiple addresses are needed if multiple RADIUS servers will be configured.
- Page 7 L2TP Network Server Destination Context Configuration Required Information Description RADIUS Accounting server IP Address: Specifies the IP address of the RADIUS accounting server that the source context will communicate with to provide subscriber accounting functions. Multiple addresses are needed if multiple RADIUS servers will be configured.
- Page 8 L2TP Network Server Destination Context Configuration Table 2: Required Information for Destination Context Configuration Required Information Description Destination context name This is an identification string between 1 and 79 characters (alpha and/or numeric) by which the destination context will be recognized by the system.
- Page 9 L2TP tunnel. Figure 2: Call Processing Using a Single Source and Destination Context 1. An L2TP tunnel request from a peer LAC is received by the LNS service. The tunnel is to facilitate a subscriber session.
- Page 10 L2TP Network Server Configuring the System to Support LNS Functionality 5. Upon successful authentication, the LNS service terminates the subscriber's PPP datagrams from the L2TP session and the system determines which egress context to use for the subscriber session. For more information on egress context selection process, refer How the System Selects Contexts in System Administration Guide.
- Page 11 • LNS service has to be configured in destination context. • Bind address is the interface address that is to serve as an L2TP PDN interface. • Multiple addresses on the same IP interface can be bound to different LNS services. However, each address can be bound to only one LNS service.
- Page 12 L2TP Network Server Configuring Peer LAC servers for LNS Service Configuring Peer LAC servers for LNS Service Use the following example to configure the peer LAC servers for LNS service: configure context <dest_ctxt_name> lns-service <lns_svc_name> peer-lac secret { <lac_ip_address> | <ip_address>/<mask> } [ encrypted ] [ description <secret_string>...
- Page 13 L2TP Network Server Verifying the LNS Service Configuration Max Retransmission Timeout: 8 (secs) Max Retransmissions: Setup Timeout: 60 (secs) Max Sessions: 500000 Max Tunnels: 32000 Max Sessions Per Tunnel: 65535 Keep-alive Interval: Control Receive Window: 16 Data Sequence Numbers: Enabled...
- Page 14 L2TP Network Server Verifying the LNS Service Configuration L2TP Network Server...