Filter
Top Products
Configuring L2TP Services
1-14
303532-A Rev 00
After tunnel authentication is complete, it does not need to be repeated for other
calls to the same LAC.
RADIUS User Authentication
RADIUS user authentication is enabled by default on the Bay Networks LNS; you
must configure this feature so that the LNS can validate the remote user’s identity
before allowing access to the network.
The network administrator at the corporate site must configure a RADIUS server
with the names and passwords of authorized users. When the LNS receives a call,
it forwards an authentication request with the user information to the RADIUS
server, which verifies whether the user is authorized. If the user is permitted
access to the network, the RADIUS server replies with an acknowledgment
message and the appropriate IP address for that user to make a connection.
The IP address that the RADIUS server assigns is essential because many remote
hosts may not have their own addresses. The LNS uses the address to identify the
remote host and send data to the remote user. After the session ends, the IP
address becomes available for another user.
If the corporate network uses an existing RADIUS database for L2TP
connections, you do not have to reconfigure the names in the database. The LNS
automatically removes the domain portion of the user name that is included as part
of the call from the LAC to the LNS. If you want to keep the domain name, you
can disable this feature. For instructions, see Chapter 3
, “Customizing L2TP
Services.”
For more information about configuring Bay Networks routers as RADIUS
servers, see Configuring RADIUS.