RAS templates

There are basically two ways to manage the configuration of RAS remote stations:

The user data or the configurations are locally stored on the device.
The advantage of this alternative is that a RADIUS server is not necessary, which reduces the management and cost of the network infrastructure.
The user data or the configurations are stored on an external RADIUS server.
The advantage of this alternative is the centralized user management for extensive distributed network scenarios.

For RAS access via IPv6, you must also set up the corresponding RAS templates.





Entries in the RAS templates table have the following meaning:

Entry active
Enable or disable this RAS template here.
Template name
Here you define the name of the RAS interface that the IPv6 remote sites use for access.
Interface tag
The interface tag that you enter here is a value that uniquely identifies the network. All packets received by this device on this network will be internally marked with this tag. The interface tag enables the routes which are valid for this network to be separated even without explicit firewall rules.
Forwarding
Enables or disables the forwarding of data packets to other interfaces.
Firewall active for this interface
If the global firewall is enabled for IPv6 interfaces, you can disable the firewall for each interface individually here. To globally enable the firewall for all interfaces, navigate to Firewall/QoS > General and check the option IPv6 firewall/QoS enabled.
DANGER
If you disable the global firewall, the firewall of an individual interface is also disabled. This applies even if you have enabled this option.
Remote site
Specify the remote site or a list of remote sites for RAS dial-in users. The following values are possible:
  • A single remote station from the tables under Setup > WAN > PPTP-Peers, Setup > WAN > L2TP-Peers or Setup > PPPoE-Server > Name-list.
  • The wildcard "*" makes the interface valid for all PPTP, PPPoE and L2TP peers.
  • The "*" wildcard as a suffix or prefix of the peer, such as "COMPANY*" or "*TUNNEL" .
Using the wildcards you can create several peers for IPv6 RAS services based on so-called template interfaces These template interfaces can be used as normal interfaces for IPv6 services such as DHCPv6 server or router advertisements. For example, using these, a group of RAS interfaces can be provided from an IPv6 prefix pool.
Comment
Enter a descriptive comment for this entry.

Information on RADIUS attributes for IPv6 RAS services can be found under RADIUS attribute extensions for IPv6 RAS services.

Note: If RAS clients are to be delegated to an IPv6 DNS server or are to receive their prefixes by prefix delegation, you must create a corresponding entry in the table DHCPv6 networks under IPv6 > DHCPv6.
Note: If you wish to authenticate a user by PPP list, you navigate to Communication > Protocols > PPP list and enable the option Activate IPv6 routing for that user.

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo