Example of tunnel authentication, Example of connection-based tunnel authentication – Lucent Technologies 6000 User Manual

Setting Up Virtual Private Networks

Configuring L2TP tunnels for dial-in clients

MAX 6000/3000 Network Configuration Guide

11-39

Example of tunnel authentication

For the purposes of this example, a MAX authenticates the initial PPP dial-in by its dialed
number. (DNIS authentication is not required for tunnel authentication.) Another MAX
operates as an L2TP Network Server (LNS).

Figure 11-10. Example of L2TP tunnel authentication

Example of connection-based tunnel authentication

The following settings configure a Connection profile for the PPP client and specify a Client
ID name:

Ethernet

Connections

maxprofile

Tunnel options...

Profile type=Mobile-client

Tunnel protocol=L2TP

RADIUS attribute

Value

Tunnel-Type (64)

Tunneling protocol(s) to be used. Must be set to L2TP (3) or L2F
(2) to use this feature.

Tunnel-Server-Endpoint
(67)

IP address or hostname of the tunnel end point. If a DNS lookup
returns several IP addresses, the system attempts to establish a
tunnel to each address in turn.

Tunnel-Password (69)

Shared secret for authenticating the tunnel.

Tunnel-Client-Auth-ID
(90)

Name sent to the tunnel end point by the system requesting the
tunnel (the NAS or LAC) during the tunnel authentication phase.
The name can contain up to 31 characters. See “How the system
name is selected” on page 11-42.

Tunnel-Server-Auth-ID
(91)

Name sent from the tunnel end point (the gateway or LNS) to the
system initiating the tunnel during the tunnel authentication phase.
The name can contain up to 31 characters.

Tunnel-Server-Auth-ID (91) does not apply unless the protocol
used to establish the tunnel is L2TP or L2F. The attribute can be
specified in access-response packets and is generated in
accounting-request packets.

WAN

IP

PPP client

LAC

LNS

1.1.1.2

2.2.2.2

1.1.1.1

L2TP tunnel

2.2.2.3