Lucent Technologies 6000 User Manual

11-40

MAX 6000/3000 Network Configuration Guide

Setting Up Virtual Private Networks
Configuring L2TP tunnels for dial-in clients

Max tunnels=N/A

ATMP HA RIP=N/A

UDP Port=N/A

Home Network Name=N/A

Pri. Tunnel Server=1.1.1.1

Sec. Tunnel Server=

Password=conn-pass

Client ID=conn-LAC

Tunnel VRouter=

There is no need to assign an IP address, because the IP address is assigned by the LNS.
Following is a comparable RADIUS profile:

001

Password="Ascend-DNIS", Service-Type=Call-Check

Tunnel-Type=L2TP,

Tunnel-Password=conn-pass

Tunnel-Client-Auth-ID=conn-LAC

The LAC uses DNIS to authenticate the PPP client’s dial-in call. It then initiates a tunnel to the
LNS if a tunnel to that end-point address does not already exist. When the MAX unit requests
the tunnel, it passes the LNS the string conn-LAC as its local system name, and uses
conn-pass

as the password to authenticate the tunnel. The LNS uses the same strings to

authenticate the LAC before establishing the tunnel.

Example of server-based tunnel authentication

The following settings configure a Connection profile for the PPP client and do not specify a
password or a Client ID:

Ethernet

Connections

maxprofile

Tunnel options...

Profile type=Mobile-client

Tunnel protocol=L2TP

Max tunnels=N/A

ATMP HA RIP=N/A

UDP Port=N/A

Home Network Name=N/A

Pri. Tunnel Server=lns.example.com

Sec. Tunnel Server=

Password=

Client ID=

Tunnel VRouter=

Following is a comparable RADIUS profile:

001

Password="Ascend-DNIS", Service-Type=Call-Check

Tunnel-Type=L2TP,

Tunnel-Server-Endpoint=lns.example.com

The LAC uses DNIS to authenticate the PPP client’s dial-in call. It then initiates a tunnel to the
LNS if a tunnel does not already exists to that end-point address. If tunnel authentication is
enabled and no tunnel password is specified in the Connection profile, the unit looks for a
Tunnel Options profile before requesting the tunnel. If it finds a Tunnel Options profile for the