With L2TP, an L2TP access concentrator (LAC) tunnels the PPP request from a client via a public connection (e.g. Internet, ATM, frame relay) to an L2TP network server (LNS). The LNS serves as a gateway to the remote network. There, a connected RADIUS server initially authenticates the client, if necessary. The LNS then sends the IP address to the LAC and starts the L2TP tunnel. The LAC communicates the IP address to the client. As of this moment, the client has joined the remote network via an L2TP connection.
Within the firmware, the LAC and the PPP client are collected in a role. Thus a device operating as a LAC starts the control channel and the PPP session. For network virtualization, multiple PPP sessions are supported in an L2TP tunnel. An L2TP-enabled device is able to operate as an LAC and also as an LNS.
Data types
L2TP uses two types of data:
- Control data
- The control data are used to establish, maintain and tear down the tunnel connections. The control data includes a data-flow control to ensure that the sender and receiver correctly exchange the control data.
- Payload data
- The payload data are encapsulated in PPP frames, which are exchanged between the LAC and the LNS via the tunnel. In contrast to the control data, payload data contains no data flow control. Thus there is no guarantee that the sender and receiver are exchanging data correctly.
Unlike PPTP, which transfers control and payload data via different protocols (TCP and GRE), L2TP only uses UDP for both data types. You also have the option to operate multiple logical payload-data channels on each control-data channel.