L2TP
Overview
L2TP is a session-layer protocol that extends the PPP model by allowing L2 and PPP endpoints to reside on different devices that are interconnected by a PSN. L2TP extends the PPP sessions between the CPE and PPP/L2TP termination point on the L2TP network server (LNS), via an intermediate L2TP access concentrator (LAC). The LAC is the initiator of session-generated L2TP tunnels; the LNS is the server that waits for new tunnels. Manually configured and initiated L2TP tunnels can be initiated and stopped from either the LNS or LAC.
After an L2TP tunnel is established, the network traffic between the peers is bidirectional. If a tunnel carrying a session fails, another tunnel from the same tunnel group re-establishes the session. Within each L2TP tunnel, one or more L2TP sessions can exist. Each L2TP session transports PPP packets.
The NFM-P supports the configuration and management of the following:
ISA-LNS groups
The NFM-P supports the creation and configuration of ISA-LNS groups on the 7750 SR. ISA-LNS groups provide LNS PPP session termination. An ISA-LNS group is associated with specific L2TP inbound peers and groups. Session traffic is automatically balanced across the available active ISA broadband application MDAs in the group.
The following operations can be performed on an ISA-LNS group member:
See To configure an ISA-LNS group for information about creating and configuring an ISA-LNS group.
L2TP sites
By default, L2TP is enabled on a base routing instance, and an L2TP site is created. An L2TP icon appears in the Routing view of the navigation tree. An L2TP site does not exist by default on the base routing instance of a 7450 ESS in non-mixed mode.
Certain LAC parameter values can be configured on an L2TP site which can, in turn, be inherited by any child L2TP tunnel group profiles of the site. The Tunnel Session Limit parameter value can only be inherited by an L2TP tunnel group profile.
A tunnel selection blacklist function provides a means to temporarily suspend (or blacklist) tunnels that return one or more specified return codes, indicating that the tunnel is inoperative. The user can specify the manner in which blacklisted tunnels are handled:
See To configure L2TP on a routing instance for information about managing L2TP sites.
L2TP is not enabled by default on a VPRN site. To enable L2TP on a VPRN site, see To configure a VPRN site .
L2TP tunnel group profiles
An L2TP tunnel group profile represents the configuration for a group of L2TP tunnels. L2TP tunnel group profiles must be configured on the LNS NE. If a local user database is used on the LAC for session authentication, an L2TP tunnel group profile must be configured on the LAC. When you create an L2TP tunnel group profile, you can configure certain LAC parameter values to be inherited from the parent L2TP site. In turn, the profile can be used by its child L2TP tunnel profile to inherit certain parameter values. The inherited parameter values are used as the default values during L2TP tunnel profile configuration.
The following operations can be performed on an L2TP tunnel group profile that has a configured L2TP tunnel profile:
See To configure L2TP on a routing instance for information about managing L2TP tunnel group profiles.
L2TP tunnel profiles
You can create and manage L2TP tunnel profiles from the Tunnel Group Profile properties form. When you create an L2TP tunnel profile, you can configure certain LAC parameter values to be inherited from the parent L2TP tunnel group profile and L2TP site.
The following operations can be performed on an L2TP tunnel profile:
See To configure L2TP on a routing instance for information about managing L2TP tunnel profiles.
L2TP tunnel instance endpoints
The endpoints of an operational L2TP tunnel are represented by tunnel instance endpoints. You can view tunnel instance endpoints from the Tunnel Instance Endpoints tab on the L2TP Site (Edit) form, and from the Tunnel Group Profile or Tunnel Profile properties form if the endpoint is created using the profile configuration.
An L2TP tunnel instance endpoint is automatically created when:
-
an incoming L2TP session is established using group and tunnel profiles
-
RADIUS authentication returns a configuration for the tunnel when an incoming L2TP session is authenticated and PPP session authentication determines that L2TP is used, at which point an L2TP session is established.
The following operations can be performed on an L2TP tunnel instance endpoint:
-
stop—closes the tunnel instances and terminates the active sessions
-
resync tunnel instance endpoints—updates all L2TP tunnel status objects on a routing instance to the current state
See To view L2TP tunnel instance endpoints on a subscriber instance for information about viewing L2TP tunnel instance endpoints.
L2TP peers
An L2TP site can have none or multiple L2TP peers. L2TP peer information is available on the Peers tab of the L2TP Site form. Information about L2TP tunnels for a specific L2TP peer is available on the Tunnels tab of the L2TP Peer properties form.
The following operations can be performed on an L2TP peer:
L2TP tunnels and tunnel endpoints
You can view information about L2TP tunnels and tunnel endpoints from the L2TP Tunnel - Endpoint A - Endpoint B form.
L2TP sessions
You can view information about L2TP sessions from the L2TP Session (View) form. You can access the form from the following places in the GUI:
See To view L2TP sessions for information about viewing L2TP sessions from the Manage Residential Subscribers form.
PPP sessions
You can view information about PPP sessions from the PPP Session, PPPoE Session, and PPPoA Session forms. You can access the forms from the following places in the GUI:
See To view PPP sessions for information about viewing PPP sessions.