Bay Networks BayRS Wartungshandbuch

Part No. 303532-A Rev 00October 1998BayRS Version 13.00Site Manager Software Version 7.00 ConfiguringL2TP Services

303532-A Rev 00xiTablesTable C-1. Common L2TP Network Problems and Solutions ... C-1

303532-A Rev 00xiii PrefaceThis guide describes Layer 2 Tunneling Protocol (L2TP) and what you do to start and customize L2TP services on a Bay Networ

Configuring L2TP Servicesxiv303532-A Rev 00Text ConventionsThis guide uses the following text conventions:bold textIndicates text that you need to ent

Preface303532-A Rev 00xv AcronymsCHAP Challenge Handshake Authentication ProtocolIP Internet ProtocolISDN Integrated Services Digital NetworkISP Inter

Configuring L2TP Servicesxvi303532-A Rev 00Bay Networks Technical PublicationsYou can now print Bay Networks technical manuals and release notes free,

303532-A Rev 001-1 Chapter 1L2TP OverviewThe Layer 2 Tunneling Protocol (L2TP) provides remote users, such as telecommuters, mobile professionals, and

Configuring L2TP Services1-2303532-A Rev 00L2TP BenefitsL2TP has several advantages:• Users and businesses can take advantage of existing network equi

L2TP Overview303532-A Rev 001-3 Multiple users can communicate through a single tunnel between the same LAC and LNS pair. Each user transmits and rece

ii303532-A Rev 004401 Great America Parkway 8 Federal StreetSanta Clara, CA 95054 Billerica, MA 01821Copyright © 1998 Bay Networks, Inc.All rights res

Configuring L2TP Services1-4303532-A Rev 00Components of an L2TP NetworkThe following sections describe the components of an L2TP network. For illustr

L2TP Overview303532-A Rev 001-5 L2TP Access Concentrator (LAC)The L2TP access concentrator (LAC) resides at the ISP network. The LAC establishes the L

Configuring L2TP Services1-6303532-A Rev 00L2TP Network Server (LNS)The L2TP network server (LNS) is a router that resides at the corporate network an

L2TP Overview303532-A Rev 001-7 Examples of L2TP NetworksFigure 1-1 shows an L2TP network that uses a LAC to connect to the LNS. The tunnel is between

Configuring L2TP Services1-8303532-A Rev 00L2TP Packet EncapsulationThe PC or router at the remote site sends PPP packets to the LAC. The LAC encapsul

L2TP Overview303532-A Rev 001-9 Making a Connection Across an L2TP NetworkThe following steps explain how a remote user connects across an L2TP networ

Configuring L2TP Services1-10303532-A Rev 00Security in an L2TP NetworkYou can configure two layers of security in an L2TP network:• Tunnel authentica

L2TP Overview303532-A Rev 001-11 Bay Networks L2TP ImplementationIn an L2TP network, the Bay Networks router is the LNS. LNS software operates on the

Configuring L2TP Services1-12303532-A Rev 00Tunnel ManagementThe Bay Networks tunnel management server (TMS), which resides at the ISP network, stores

L2TP Overview303532-A Rev 001-13 You can enable tunnel authentication on the Bay Networks LNS. If tunnel authentication is disabled, which is the defa

303532-A Rev 00iiiBay Networks, Inc. Software License AgreementNOTICE: Please carefully read this license agreement before copying or using the accom

Configuring L2TP Services1-14303532-A Rev 00After tunnel authentication is complete, it does not need to be repeated for other calls to the same LAC.R

L2TP Overview303532-A Rev 001-15 RADIUS AccountingThe RADIUS server can provide accounting services in addition to its authentication services. RADIUS

Configuring L2TP Services1-16303532-A Rev 00Remote Router ConfigurationIf the host at the remote site is a Bay Networks router, you may need to config

L2TP Overview303532-A Rev 001-17 Where to Go NextGo to one of the following chapters for more information:If you want to Go toStart L2TP on a router u

303532-A Rev 002-1 Chapter 2Starting L2TPThe quickest way to start L2TP is to enable it with the default configuration that Bay Networks software supp

Configuring L2TP Services2-2303532-A Rev 00Planning Considerations for an L2TP NetworkThis guide primarily explains how to configure a Bay Networks BL

Starting L2TP303532-A Rev 002-3 Preparing a Configuration FileBefore starting L2TP, you must create and save a configuration file with at least one WA

Configuring L2TP Services2-4303532-A Rev 00Enabling L2TP on an Unconfigured WAN InterfaceTo enable L2TP on an unconfigured WAN interface, complete the

Starting L2TP303532-A Rev 002-5 Enabling L2TP on an Existing PPP InterfaceTo enable L2TP on an interface with PPP and IP already enabled, complete the

iv303532-A Rev 00its own data and information and for maintaining adequate procedures apart from the Software to reconstruct lost or altered files, d

Configuring L2TP Services2-6303532-A Rev 009. Set the following parameters:• L2TP IP Interface Address• Subnet MaskClick on Help or see the parameter

Starting L2TP303532-A Rev 002-7 Enabling L2TP on an Existing Frame Relay InterfaceTo enable L2TP on an interface with frame relay and IP already enabl

Configuring L2TP Services2-8303532-A Rev 0011. Click on OK. You return to the L2TP IP Interface List window, which displays the IP interface address a

Starting L2TP303532-A Rev 002-9 Enabling L2TP on an Existing ATM InterfaceTo enable L2TP on an interface with ATM and IP already enabled, you can enab

Configuring L2TP Services2-10303532-A Rev 00If your ATM interface uses an ATM connector, complete the following tasks:12. Click on Done. You return to

303532-A Rev 003-1 Chapter 3Customizing L2TP ServicesWhen you enable L2TP, default values are in effect for most parameters (see parameter description

Configuring L2TP Services3-2303532-A Rev 00Modifying the L2TP Protocol ConfigurationTo modify how data is transmitted across an L2TP network, such as

Customizing L2TP Services303532-A Rev 003-3 Modifying RADIUS Server InformationIf you change the address of the RADIUS server that you are using to au

Configuring L2TP Services3-4303532-A Rev 00Changing the LNS System NameThe LNS system name is the name of the router. This name is used during tunnel

Customizing L2TP Services303532-A Rev 003-5 Modifying the Number of L2TP Sessions PermittedYou can modify the maximum number of active L2TP sessions t

303532-A Rev 00vContentsPrefaceBefore You Begin ...

Configuring L2TP Services3-6303532-A Rev 00Keeping the Remote User’s Domain NameThe LNS removes the domain name from the complete user name by default

Customizing L2TP Services303532-A Rev 003-7 Changing the Domain Name DelimiterIn the complete user name there is a single-character delimiter that sep

Configuring L2TP Services3-8303532-A Rev 00Enabling Tunnel AuthenticationTo prevent unauthorized users from accessing the corporate network, you can e

Customizing L2TP Services303532-A Rev 003-9 Modifying L2TP IP Interface AddressesThe L2TP IP Interface List window lists the L2TP IP interface address

Configuring L2TP Services3-10303532-A Rev 00Disabling RIPRIP is enabled on the LNS by default so that the LNS can learn routes from the remote dial-in

Customizing L2TP Services303532-A Rev 003-11 Deleting L2TP from a PPP InterfaceTo delete L2TP from a PPP interface, complete the following tasks:6. Se

Configuring L2TP Services3-12303532-A Rev 00Deleting L2TP from a Frame Relay InterfaceTo delete L2TP from a frame relay interface, complete the follow

Customizing L2TP Services303532-A Rev 003-13 Deleting L2TP from an ATM InterfaceTo delete L2TP from an ATM interface on a COM connector, complete the

Configuring L2TP Services3-14303532-A Rev 006. Click on OK. You return to the ATM Service Records List window.7. Click on Done. You return to the Edit

303532-A Rev 00A-1 Appendix AL2TP ParametersThis appendix contains the Site Manager parameter descriptions for L2TP services. You can display the same

vi303532-A Rev 00L2TP IP Interface Addresses ...1-15Remote Router Conf

Configuring L2TP ServicesA-2303532-A Rev 00The Technician Interface allows you to modify parameters by issuing set and commit commands with the MIB ob

L2TP Parameters303532-A Rev 00A-3 Parameter: Enable L2TPPath: Configuration Manager > Protocols > IP > L2TP > L2TP ConfigurationDefault: E

Configuring L2TP ServicesA-4303532-A Rev 00Parameter: Retransmit Timer (seconds)Path: Configuration Manager > Protocols > IP > L2TP > L2TP

L2TP Parameters303532-A Rev 00A-5 Parameter: Ack Timeout (milliseconds)Path: Configuration Manager > Protocols > IP > L2TP > L2TP Configur

Configuring L2TP ServicesA-6303532-A Rev 00Parameter: RADIUS Primary Server PasswordPath: Configuration Manager > Protocols > IP > L2TP >

L2TP Parameters303532-A Rev 00A-7 Parameter: Remove Domain NamePath: Configuration Manager > Protocols > IP > L2TP > L2TP ConfigurationDef

Configuring L2TP ServicesA-8303532-A Rev 00L2TP Tunnel Security ParametersThe L2TP Tunnel Security List window (Figure A-2) contains the tunnel authen

L2TP Parameters303532-A Rev 00A-9 Parameter: Enable Tunnel AuthenticationPath: Configuration Manager > Protocols > IP > L2TP > Tunnel Auth

Configuring L2TP ServicesA-10303532-A Rev 00L2TP IP Interface ParametersThe L2TP IP Interface List window (Figure A-3) contains the list of IP interfa

L2TP Parameters303532-A Rev 00A-11 The parameter descriptions follow.Parameter: L2TP IP Interface AddressPath: Configuration Manager > Protocols &g

303532-A Rev 00viiAppendix B Configuration ExamplesExample 1: Remote PC Calling the Corporate Network ...

Configuring L2TP ServicesA-12303532-A Rev 00Parameter: RIP EnablePath: Configuration Manager > Protocols > IP > L2TP > L2TP IP InterfaceDe

303532-A Rev 00B-1 Appendix BConfiguration ExamplesThis appendix provides two examples of L2TP network configurations. It includes only those paramete

Configuring L2TP ServicesB-2303532-A Rev 00Figure B-1. L2TP Network with PCs at the Remote SiteConfiguring the Remote HostsThe remote hosts in this ne

Configuration Examples303532-A Rev 00B-3 Configuring the LACs and the TMSThe LACs in this network are Model 5399 Remote Access Concentrators. Both dev

Configuring L2TP ServicesB-4303532-A Rev 006.In the L2TP Tunneling Security window, enable tunnel authentication.7.In the L2TP IP Interface window, en

Configuration Examples303532-A Rev 00B-5 Example 2: Remote Router Calling the Corporate NetworkFigure B-2 shows a network with two BayStack™ AN® route

Configuring L2TP ServicesB-6303532-A Rev 00Configuring the Dial-on-Demand CircuitModify the dial-on-demand circuit configuration for the AN routers as

303532-A Rev 00C-1 Appendix CTroubleshootingTo monitor your L2TP network and solve problems that may occur, first check the event log file for any mes

Configuring L2TP ServicesC-2303532-A Rev 00L2TP session is not active. The LNS failed to negotiate the PPP LCP options. Reconfigure the host at the re

303532-A Rev 00Index-1Aaccounting, RADIUS, 1-15Ack Timeout (milliseconds) parameter, A-5acronyms, xvBBay Networks LNS. See LNSCconfiguration examples,

Index-2303532-A Rev 00LNS (continued)L2TP security, 1-10modifying protocol configuration, 3-2operating with LACs, 1-11LNS System Name parameter, A-5LN

303532-A Rev 00ixFiguresFigure 1-1. L2TP Network Using a LAC ..................1-7Figure 1-2. L2TP