[c-nsp] L2TP tunnel authentication
David Freedman
david.freedman at uk.clara.net
Tue Mar 22 12:14:02 EDT 2011
On 22/03/11 14:07, Vladimir Litovka wrote:
> Colleagues hi
>
> I'm running LNS (Cisco-based) in my network. At the moment, there is
> only class of home subscribers - those ones, who use L2TP tunnel
> immeidately between their CPE and my LNS (avoiding LAC). Configuration
> on LNS is the following:
>
> vpdn enable
> !
> vpdn-group L2TP
> accept-dialin
> protocol l2tp
> virtual-template 1
> *no l2tp tunnel authentication*
> !
>
> Now I need to setup classic L2TP scheme: client--LAC--LNS, where client
> will be running PPP to LAC and LAC will create tunnel to LNS. The
> problem is that owner of LAC requires L2TP tunnel authentication. At the
> moment, authentication is switched off (no l2tp tunnel authentication)
> and if I will just turn it on, I will break current subscribers. So,
> questions are:
>
> 1) how to configure LNS to authenticate L2TP tunnels only with
> particular endpoints? In my case - with just one LAC.
Different vpdn group with its own match criteria
See
http://www.cisco.com/en/US/docs/ios/vpdn/configuration/guide/12_4/vpd_12_4t_book.html
> 2) how to configure L2TP authentication locally?
vpdn-group 2
description Second group for auth
request-dialin
protocol l2tp
domain my.bypass.realm.1
domain my.bypass.realm.2
source-ip my.tunnel.source.ip
local name mylns
l2tp tunnel authentication
l2tp tunnel password 0 mypassword
!
> 3) how to configure L2TP authentication using Radius?
>
http://www.cisco.com/en/US/docs/ios/12_2sb/feature/guide/sbtunaut.html
> Many thanks.
>
--
David Freedman
Group Network Engineering
Claranet Group
More information about the cisco-nsp
mailing list