Operation as an L2TP network server (LNS) with authentication via RADIUS

In the following example, the device functions as an L2TP network server (LNS). RADIUS is used to authenticate the incoming L2TP tunnel and the PPP sessions.

Proceed as follows to configure the device as an LNS:

  1. Under Communication > Remote sites > L2TP in the table L2TP endpoints, create an entry "DEFAULT".




  2. Then, under Communication > Remote sites > L2TP in the table L2TP list, configure a "DEFAULT" entry.




    Note: If the L2TP tunnel is to be connected permanently, set the short hold time to "9999".
  3. Configure the RADIUS server under Communication > RADIUS.




    Note: You only configure the lower section Tunnel authentication via RADIUS for L2TP if L2TP tunnel authentication should be done via the RADIUS server.
  4. Configure the RADIUS server in order for it to be able to authenticate the L2TP tunnel and the PPP sessions.
    If a LAC needs to authenticate itself at the L2TP tunnel with the station name "router1" and the password "abcde", you configure the appropriate entry in the RADIUS server (e.g. FreeRADIUS) as follows:
    router1 Cleartext-Password := "password"
            Service-Type = Outbound-User,
            Tunnel-Type  = L2TP,
            Tunnel-Password = "abcde",
            Tunnel-Client-Auth-ID = "router1"
    For the authentication of the PPP session of a user with the username "test" and the password "1234", you configure the appropriate entry in the RADIUS server as follows:
    test Cleartext-Password := "1234"
         Service-Type = Framed-User,
         Framed-Protocol = PPP

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo