Filter
Top Products
L2TP Overview
303532-A Rev 00
1-9
Making a Connection Across an L2TP Network
The following steps explain how a remote user connects across an L2TP network
that includes a Bay Networks LAC, TMS, and LNS (see Figure 1-1 on page 1-7):
1.
The remote user dials a LAC at the local ISP network to establish a PPP
connection to the corporate network.
In the call, the user includes any required information, for example, a user
name, including a domain name, and a password. When the user dials in, he
enters a name, for example, jdoe@baynetworks.com; jdoe is the user name
and baynetworks.com is the domain name.
2.
The LAC receives the call and passes the domain name to the TMS.
If the TMS finds a match for the domain name, a tunnel can be created. The
TMS also checks the number of current connections so that they will not
exceed the maximum number allowed.
If the user is not a tunnel candidate, as determined by the domain name, the
LAC assumes that the remote host is making a regular dial-in request and
authenticates the user accordingly.
3.
The LAC tries to establish an L2TP tunnel with the LNS.
For the LAC to send a tunnel request to the LNS, it needs the address of the
LNS. The LAC requests the address from the TMS. It then checks for this
address in its own routing table. After obtaining the address, the LAC sends a
tunnel request to the LNS. The LNS may perform tunnel authentication, if
configured to do so. If the LAC and LNS complete tunnel authentication
successfully, the LAC establishes the tunnel.
4.
After the tunnel is established, the LAC forwards the remote user’s name to
the LNS, which verifies the user’s identity with the corporate RADIUS server.
If the RADIUS server recognizes the user name, it replies with an
acknowledgment and an IP address that it assigns to the remote user for the
duration of the call. This IP address identifies the remote user who may not
have an address of his own.
5.
After the remote user is successfully authenticated, the user has an end-to-end
PPP connection to the corporate network over the Internet.
The tunnel can now carry a user session during which the LAC and the LNS
exchange PPP packets.