Avaya LT2P User's Manual
Contents
1. 1 2 2 rr rne rm nm eee rre ra reden B 6 PPP Interface Configuration t bed arai PP bend B 6 Adiacent Host CONNQUIANON uui sip sao benc n iir eibi dad iR recep Pte qd B 6 Appendix C Troubleshooting Index 300016 A Rev 00 vii Figures Figure i l FTP Network Using a LAG ouod iore Redde pic p 1 7 Figure 1 2 L2TP Network Using a RAS sse 1 7 Figure 1 3 Packet Encapsulation PEODBSS auccm ian ree rasa teal pa eaa 1 8 Figure 1 4 Tunnel Authentication Control Messages ssesseeeee 1 13 Figure A 1 L2TP Configuration List Window eeeeeess Silence A 2 Figure A 2 L2TP Tunnel Security List WIDODW eiiis tee tenenti ened bnt ribns A 7 Figure A 3 Assigned User Network List Window seeee A 9 Figure A 4 Assigned User Network Window n rm AQ Figure B 1 L2TP Network with PCs at the Remote Site sseessess B 2 Figure B 2 L2TP Network with Routers at the Remote Site ussuuss B 5 300016 A Rev 00 ix Tables Table B 1 IF Address Parametar sitive eon Ht E das vn B 3 Table B 2 RADIUS Server Parameters cccccccccccsessssscceeesseceeceesaececessseeeeeneesaes B 3 Table B 3 Tunnel Authentication Parameters ccccccscccccececcececseesesssaseeeeeeeeeeess B 4 Table B 4 Assigned User Network Parameters rnnrnrnnrrnannnvnnnnrrnnnnnvnnnnrrnnnnnvnnnennne B 4 Tabl2. Configuring L2TP Services BayRS Version 12 10 Site Manager Software Version 6 10 Part No 300016 A Rev 00 February 1998 JR Bay Networks ES Bay Networks 4401 Great America Parkway 8 Federal Street Santa Clara CA 95054 Billerica MA 01821 Copyright O 1998 Bay Networks Inc All rights reserved Printed in the USA February 1998 The information in this document is subject to change without notice The statements configurations technical data and recommendations in this document are believed to be accurate and reliable but are presented without express or implied warranty Users must take full responsibility for their applications of any products specified in this document The information in this document is proprietary to Bay Networks Inc The software described in this document is furnished under a license agreement and may only be used in accordance with the terms of that license A summary of the Software License is included in this document Trademarks AN BCN BLN BN and Bay Networks are registered trademarks and ASN BayRS BayStack System 5000 and the Bay Networks logo are trademarks of Bay Networks Inc Microsoft MS MS DOS Win32 Windows and Windows NT are registered trademarks of Microsoft Corporation All other trademarks and registered trademarks are the property of their respective owners Restricted Rights Legend Use duplication or disclosure by the United States Government is subject to rest
3. 00 2 3 Configuring L2TP Services Enabling L2TP on an Unconfigured WAN Interface To enable L2TP on an unconfigured WAN interface complete the following tasks Site Manager Procedure You do this System responds 1 Inthe Configuration Manager window The Add Circuit window opens choose a WAN connector 2 Accept the default circuit name or change The WAN Protocols window opens it then click on OK 3 Choose PPP Frame Relay or ATM then The Select Protocols window opens click on OK 4 Choose L2TP then click on OK The IP Configuration window opens Enter the IP address of the LNS router The L2TP Configuration window opens then click on OK 6 Setthe following parameters e RADIUS Primary Server IP Address RADIUS Primary Server Password Click on Help or refer to the parameter descriptions on page A 5 7 Click on OK The L2TP Tunneling Security window opens 8 Click on OK to accept the default values The Assigned User Network List window opens followed by the Assigned User Network window 9 Setthe following parameters Site Manager displays a message Assigned User Network alerting you of the time delay to create Subnet Mask the L2TP tunnel circuits Click on Help or refer to the parameter descriptions on page A 10 10 Click on OK You return to the Assigned User Network List window which displays the assigned network address and the subnet mask F
4. 300016 A Rev 00 L2TP Parameters Assigned User Network Parameters The Assigned User Network List window Figure A 3 contains the list of IP network addresses assigned to remote users These addresses create the unique virtual subnet 192 68 125 254 Done Add Delete Apply Values Help ri Subnet Mask Figure A 3 Assigned User Network List Window When you add a new entry to the assigned user network list Site Manager displays the Assigned User Network Window Fig Cancel OK Values Help Assigned User Network Subnet Mask Figure A 4 Assigned User Network Window 300016 A Rev 00 A 9 Configuring L2TP Services Parameter Path Default Options Function Instructions MIB Object ID Parameter Path Default Options Function Instructions MIB Object ID The parameter descriptions follow Assigned User Network Configuration Manager gt Protocols gt IP gt L2TP gt Assigned User Network None Any unique IP network address that is valid for the user network Identifies the IP address that defines the network to which the remote user belongs Enter a unique IP network address that belongs to a unique subnet within the corporate network This address must be the same addresses as entered in the RADIUS server database Not Applicable Subnet Mask Configuration Manager Protocols IP L2TP Assigned User Network None A 32 bit IP
5. Choose L2TP Configuration The L2TP Configuration List window opens 5 Setthe following parameters RADIUS Primary Server IP Address RADIUS Primary Server Password RADIUS Client IP Address Click on Help or refer to the parameter descriptions beginning on page A 5 6 Click on Done You return to the Configuration Manager window 300016 A Rev 00 3 3 Configuring L2TP Services Changing the LNS System Name The LNS system name is the name of the router This name is used during tunnel setup to identify the LNS uniquely By default Site Manager enters the system name that you initially configured when first accessing the router Refer to Configuring and Managing Routers with Site Manager for more details about system information To change the LNS system name complete the following tasks Site Manager Procedure You do this System responds 1 Inthe Configuration Manager window The Protocols menu opens choose Protocols 2 Choose IP The IP menu opens 3 Choose L2TP The L2TP menu opens 4 Choose L2TP Configuration The L2TP Configuration List window opens 5 Setthe LNS System Name parameter Click on Help or refer to the parameter description on page A 5 6 Click on Done You return to the Configuration Manager window 3 4 300016 A Rev 00 Modifying Customizing L2TP Services the Number of L2TP Sessions Permitted You can modify the maximum nu
6. Choose L2TP then click on OK The L2TP Configuration window opens Set the following parameters RADIUS Primary Server IP Address RADIUS Primary Server Password Click on Help or refer to the parameter descriptions on page A 5 8 Click on OK The L2TP Tunneling Security window opens 9 Click on OK The Assigned User Network List window opens followed by the Assigned User Network window 10 Set the following parameters Assigned User Network Subnet Mask Click on Help or refer to the parameter descriptions on page A 10 Site Manager displays a message alerting you of the time delay to create the L2TP tunnel circuits continued 300016 A Rev 00 2 7 Configuring L2TP Services Site Manager Procedure continued You do this System responds 11 Click on OK You return to the Assigned User Network List window which displays the assigned network address and the subnet mask for a remote user Following a message window opens that reads L2TP Configuration is completed 12 Click on OK The message window closes You return to the Assigned User Network List window 13 Click on Done You return to the Frame Relay Service List window 14 Click on Done You return to the Frame Relay Circuit Definition window 15 Click on Done You return to the Configuration Manager window 2 8 300016 A Rev 00 Starting L2TP
7. Enabling L2TP on an Existing ATM Interface To enable L2TP on an interface with ATM and IP already enabled you can enable L2TP in two ways If your interface uses a COM connector complete the tasks in the following table If your interface uses an ATM connector go to page 2 10 Site Manager Procedure You do this System responds 1 In the Configuration Manager window choose a WAN connector The Edit Connector window opens 2 Choose Edit Circuit The Circuit Definition window opens 3 Choose Group Protocols The Group Protocols menu opens 4 Choose Add Delete The Select Protocols window opens 5 Choose L2TP then click on OK The L2TP Configuration window opens 6 Set the following parameters RADIUS Primary Server IP Address RADIUS Primary Server Password Click on Help or refer to the parameter descriptions on page A 5 7 Click on OK The L2TP Tunneling Security window opens 8 Click on OK The Assigned User Network List window opens followed by the Assigned User IP Network window 9 Setthe following parameters Site Manager displays a message Assigned User Network alerting you of the time delay to create Subnet Mask the L2TP tunnel circuits Click on Help or refer to the parameter descriptions on page A 10 10 Click on OK You return to the Assigned User Network List window which displays the assigned network address and the subnet mask Following a message windo
8. For information about or to purchase a Bay Networks service contract either call your local Bay Networks field sales office or one of the following numbers Region Telephone number Fax number United States and 800 2LANWAN then enter Express 978 916 3514 Canada Routing Code ERC 290 when prompted to purchase or renew a service contract 978 916 8880 direct Europe 33 4 92 96 69 66 33 4 92 96 69 96 Asia Pacific 61 2 9927 8888 61 2 9927 8899 Latin America 561 988 7661 561 988 7550 Information about customer service 1s also available on the World Wide Web at support baynetworks com xvi 300016 A Rev 00 How to Get Help About This Guide If you purchased a service contract for your Bay Networks product from a distributor or authorized reseller contact the technical support staff for that distributor or reseller for assistance If you purchased a Bay Networks service program call one of the following Bay Networks Technical Solutions Centers Technical Solutions Center Telephone number Fax number Billerica MA 800 2LANWAN 978 916 3514 Santa Clara CA 800 2LANWAN 408 495 1188 Valbonne France 33 4 92 96 69 68 33 4 92 96 69 98 Sydney Australia 61 2 9927 8800 61 2 9927 8811 Tokyo Japan 81 3 5402 0180 81 3 5402 0173 Bay Networks Educational Services Through Bay Networks Educational Services you can attend classe
9. confidential and proprietary intellectual property Licensee shall not sublicense assign or otherwise disclose to any third party the Software or any information about the operation design performance or implementation of the Software and user manuals that is confidential to Bay Networks and its licensors however Licensee may grant permission to its consultants subcontractors and agents to use the Software at Licensee s facility provided they have agreed to use the Software only in accordance with the terms of this license 3 Limited warranty Bay Networks warrants each item of Software as delivered by Bay Networks and properly installed and operated on Bay Networks hardware or other equipment it is originally licensed for to function substantially as described in its accompanying user manual during its warranty period which begins on the date Software is first shipped to Licensee If any item of Software fails to so function during its warranty period as the sole remedy Bay Networks will at its discretion provide a suitable fix patch or workaround for the problem that may be included in a future Software release Bay Networks further warrants to Licensee that the media on which the Software is provided will be free from defects in materials and workmanship under normal use for a period of 90 days from the date Software is first shipped to Licensee Bay Networks will replace defective media at no charge if it is returned to Bay Networks duri
10. 2 Tunneling Protocol L2TP access concentrator local area network Link Control Protocol L2TP network server Multilink Point to Point Protocol Password Authentication Protocol Point to Point Protocol Remote Authentication Dial In User Service remote access server Routing Information Protocol start control connection connected start control connection reply start control connection request terminal adapter Transmission Control Protocol Internet Protocol tunnel management server User Datagram Protocol virtual private network wide area network 300016 A Rev 00 XV Configuring L2TP Services Bay Networks Technical Publications You can now print technical manuals and release notes free directly from the Internet Go to support baynetworks com library tpubs Find the Bay Networks products for which you need documentation Then locate the specific category and model or version for your hardware or software product Using Adobe Acrobat Reader you can open the manuals and release notes search for the sections you need and print them on most standard printers You can download Acrobat Reader free from the Adobe Systems Web site www adobe com Documentation sets and CDs are available through your local Bay Networks sales office or account representative Bay Networks Customer Service You can purchase a support contract from your Bay Networks distributor or authorized reseller or directly from Bay Networks Services
11. The Frame Relay Service List window opens Choose Protocols in the top left corner of the window The Protocols menu opens Choose Add Delete The Select Protocols window opens continued 300016 A Rev 00 3 9 Configuring L2TP Services Site Manager Procedure continued You do this System responds 6 Click on L2TP Site Manager deselects L2TP 7 Click on OK You return to the Frame Relay Service List window 8 Click on Done You return to the Frame Relay Circuit Definition window Click on Done You return to the Configuration Manager window Deleting L2TP from an ATM Interface To delete L2TP from an ATM interface on a COM connector complete the following tasks Site Manager Procedure You do this System responds 1 In the Configuration Manager window click on a COM connector configured with L2TP The Edit Connector window opens 2 Choose Edit Circuit The Circuit Definition window opens 3 Choose Group Protocols The Group Protocols menu opens 4 Choose Add Delete The Select Protocols window opens 5 Click on L2TP Site Manager deselects L2TP 6 Click on OK You return to the Circuit Definition window 7 Choose File The File menu opens 8 Choose Exit You return to the Configuration Manager window 3 10 300016 A Rev 00 Customizing L2TP Services To delete L2TP from an
12. agencies of the Department of Defense or their successors whichever is applicable 6 Use of Software in the European Community This provision applies to all Software acquired for use within the European Community If Licensee uses the Software within a country in the European Community the Software Directive enacted by the Council of European Communities Directive dated 14 May 1991 will apply to the examination of the Software to facilitate interoperability Licensee agrees to notify Bay Networks of any such intended examination of the Software and may procure support and assistance from Bay Networks 7 Term and termination This license is effective until terminated however all of the restrictions with respect to Bay Networks copyright in the Software and user manuals will cease being effective at the date of expiration of the Bay Networks copyright those restrictions relating to use and disclosure of Bay Networks confidential information shall continue in effect Licensee may terminate this license at any time The license will automatically terminate if Licensee fails to comply with any of the terms and conditions of the license Upon termination for any reason Licensee will immediately destroy or return to Bay Networks the Software user manuals and all copies Bay Networks is not liable to Licensee for damages in any form solely by reason of the termination of this license 8 Export and Re export Licensee agrees not to export directly
13. between the LNS and LAC you can modify the L2TP protocol parameters To modify the L2TP protocol configuration complete the following tasks Site Manager Procedure You do this System responds 1 Inthe Configuration Manager window The Protocols menu opens choose Protocols 2 Choose IP The IP menu opens 3 Choose L2TP The L2TP menu opens 4 Choose L2TP Configuration The L2TP Configuration List window opens 5 Edit any of the following parameters Receive Window Size Retransmit Timer seconds Maximum Retransmit Hello Timer seconds Ack Timeout milliseconds Click on Help or refer to the parameter descriptions beginning on page A 3 6 Click on Done You return to the Configuration Manager window 300016 A Rev 00 Customizing L2TP Services Modifying RADIUS Server Information If you change the address of the RADIUS server that you are using to authenticate remote users and manage accounting functions you must update the server address information on the LNS For more information about using a RADIUS server in an L2TP network refer to RADIUS Server on page 1 6 To modify the address of the RADIUS server complete the following tasks Site Manager Procedure You do this System responds 1 Inthe Configuration Manager window The Protocols menu opens choose Protocols 2 Choose IP The IP menu opens 3 Choose L2TP The L2TP menu opens 4
14. or indirectly the Software or related technical data or information without first obtaining any required export licenses or other governmental approvals Without limiting the foregoing Licensee on behalf of itself and its subsidiaries and affiliates agrees that it will not without first obtaining all export licenses and approvals required by the U S Government 1 export re export transfer or divert any such Software or technical data or any direct product thereof to any country to which such exports or re exports are restricted or embargoed under United States export control laws and regulations or to any national or resident of such restricted or embargoed countries or ii provide the Software or related technical data or information to any military end user or for any military end use including the design development or production of any chemical nuclear or biological weapons 9 General If any provision of this Agreement is held to be invalid or unenforceable by a court of competent jurisdiction the remainder of the provisions of this Agreement shall remain in full force and effect This Agreement will be governed by the laws of the state of California Should you have any questions concerning this Agreement contact Bay Networks Inc 4401 Great America Parkway P O Box 58185 Santa Clara California 95054 8185 LICENSEE ACKNOWLEDGES THAT LICENSEE HAS READ THIS AGREEMENT UNDERSTANDS IT AND AGREES TO BE BOUND BY ITS TERMS AN
15. remote host that does not have built in L2TP capabilities and uses a LAC rather than a RAS 14 300016 A Rev 00 L2TP Overview L2TP Access Concentrator LAC The L2TP access concentrator LAC resides at the ISP network The LAC establishes the L2TP tunnel between itself and the LNS Note In this guide the term LAC refers to a remote access server with L2TP capabilities The term RAS refers to a remote access server without L2TP capabilities When the remote user places a call to the ISP network this call goes to the LAC The LAC then negotiates the activation of an L2TP tunnel with the LNS This tunnel carries data from the remote user to the corporate network For more information about the Bay Networks implementation of the LAC in an L2TP network refer to Bay Networks L2TP Implementation on page 1 11 Remote Access Server RAS The remote access server RAS resides at the ISP network If the remote host is an L2TP client the tunnel is established from the remote client through a RAS to an LNS at the corporate network In this situation there is no need for a LAC The RAS does not establish the tunnel it only forwards already tunneled data to the destination Tunnel Management Server TMS At the ISP network there needs to be a mechanism for identifying L2TP tunneled users so that the LAC can construct the L2TP tunnel Bay Networks uses a mechanism called a tunnel management server TMS other v
16. written permission SUCH PORTIONS OF THE SOFTWARE ARE PROVIDED AS IS AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE In addition the program and information contained herein are licensed only pursuant to a license agreement that contains restrictions on use and disclosure that may incorporate by reference certain limitations and notices imposed by third parties 300016 A Rev 00 Bay Networks Inc Software License Agreement NOTICE Please carefully read this license agreement before copying or using the accompanying software or installing the hardware unit with pre enabled software each of which is referred to as Software in this Agreement BY COPYING OR USING THE SOFTWARE YOU ACCEPT ALL OF THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT THE TERMS EXPRESSED IN THIS AGREEMENT ARE THE ONLY TERMS UNDER WHICH BAY NETWORKS WILL PERMIT YOU TO USE THE SOFTWARE If you do not accept these terms and conditions return the product unused and in the original shipping container within 30 days of purchase to obtain a credit for the full purchase price 1 License Grant Bay Networks Inc Bay Networks grants the end user of the Software Licensee a personal nonexclusive nontransferable license a to use the Software either on a single computer or if applicable on a single authorized device identified by host ID
17. 2TP Tunnel Security Parameters The L2TP Tunnel Security List window Figure A 2 contains the tunnel authentication parameters Done Apply Values Help p TE 958793 4 Enable Tunnel Authentication DISABLE Tunnel Authentication Password Figure A 2 L2TP Tunnel Security List Window The parameter descriptions follow 300016 A Rev 00 A 7 Configuring L2TP Services Parameter Path Default Options Function Instructions MIB Object ID Parameter Path Default Options Function Instructions MIB Object ID Enable Tunnel Authentication Configuration Manager gt Protocols gt IP gt L2TP gt Tunnel Authentication Disable Enable I Disable Enables or disables the use of tunnel authentication for a slot on the LNS Set this parameter to Enable for the LNS to perform tunnel authentication Otherwise accept the default Disable Tunnel authentication provides a level of network security to protect the corporate network from unauthorized users 1 3 6 1 4 1 18 3 5 23 1 1 2 Tunnel Authentication Password Configuration Manager gt Protocols gt IP gt L2TP gt Tunnel Authentication None An alphanumeric string up to a maximum of 40 characters Identifies the LNS to the LAC if the devices are using tunnel authentication The LAC and the LNS must share the same password to successfully complete tunnel authentication Enter a password 1 3 6 1 4 1 18 3 5 23 1 1 5 A 8
18. 4 300016 A Rev 00 Index L L2TP customizing configuration 3 1 data transmission across network 1 9 deleting ATM interface 3 10 3 11 deleting frame relay interface 3 9 deleting PPP interface 3 9 description 1 1 disabling 3 8 network components 1 4 packet encapsulation 1 8 parameter descriptions A 1 parameters modifying 3 2 purpose 1 2 starting 2 3 troubleshooting C 1 L2TP access concentrator See LAC L2TP network server See LNS LAC configuration example B 3 description 1 5 tunnel authentication security 1 10 1 12 Layer 2 Tunneling Protocol See L2TP LNS Bay Networks implementation 1 11 changing RADIUS server address 3 3 changing system name 3 4 configuration example B 3 configuring router as 2 3 customizing parameters 3 1 description 1 6 enabling tunnel authentication 3 6 L2TP security 1 10 modifying protocol configuration 3 2 operating with LACs 1 11 Index 1 LNS System Name parameter A 5 LNS system name changing 3 4 Max L2TP Sessions parameter A 3 Maximum Retransmit parameter A 4 P packet encapsulation L2TP 1 8 parameters customizing 3 1 descriptions A 1 See also parameter names password RADIUS server description 1 14 setting 3 3 password tunnel authentication description 1 12 setting 3 6 R RADIUS Client IP Address parameter A 6 RADIUS Primary Server IP Address parameter A 5 RADIUS Primary Server Password parameter A 6 RADI
19. ATM interface on an ATM connector complete the following tasks Site Manager Procedure You do this System responds 1 In the Configuration Manager window click on an ATM connector configured with L2TP The Edit ATM Connector window opens the window 2 Choose Service Attributes The ATM Service Records List window opens 3 Choose Protocols in the top left corner of The Protocols menu opens 4 Choose Add Delete The Select Protocols window opens 5 Click on L2TP Site Manager deselects L2TP 6 Click on OK You return to the ATM Service Records List window 7 Click on Done You return to the Edit ATM Connector window 8 Click on Done You return to the Configuration Manager window 300016 A Rev 00 Appendix A L2TP Parameters This appendix contains the parameter descriptions for L2TP services For information about the IP parameters that you set when enabling L2TP refer to Configuring IP Services This appendix contains the following information Topic Page L2TP Configuration Parameters A 2 L2TP Tunnel Security Parameters A 7 Assigned User Network Parameters A 9 300016 A Rev 00 A 1 Configuring L2TP Services L2TP Configuration Parameters The L2TP Configuration List window Figure A 1 contains parameters that define how L2TP sends and receives data Slot 5 192 68 125 23 Done Apply Values
20. D CONDITIONS LICENSEE FURTHER AGREES THAT THIS AGREEMENT IS THE ENTIRE AND EXCLUSIVE AGREEMENT BETWEEN BAY NETWORKS AND LICENSEE WHICH SUPERSEDES ALL PRIOR ORAL AND WRITTEN AGREEMENTS AND COMMUNICATIONS BETWEEN THE PARTIES PERTAINING TO THE SUBJECT MATTER OF THIS AGREEMENT NO DIFFERENT OR ADDITIONAL TERMS WILL BE ENFORCEABLE AGAINST BAY NETWORKS UNLESS BAY NETWORKS GIVES ITS EXPRESS WRITTEN CONSENT INCLUDING AN EXPRESS WAIVER OF THE TERMS OF THIS AGREEMENT iv 300016 A Rev 00 Contents About This Guide FAEN nese xiii Conventions RE RO EE EE ee xiv DW e C XV Bay Nebworke Technical PUDIGSIOF S 1221 oss eda macer eda pain bus dicitar meme kae xvi Bay Nebworks Customer DSOIgB useiecacpuriueecbssccue EET Paca uei Ucet b Era e ENS Faser id ur ean xvi FoW 13 GE RE eoa a au E ard ai ated ERE ird Erat xvii Bay Networks Educational Services cc csicccsessectscsetnessedsnttcetaccereancinanetemessacssdunevsddentannaesree xvii Chapter 1 L2TP Overview LEIP EEN EEE EEE ra des Arc IRE saper ga a b da d DS 1 2 Ponta DI cde m 1 2 EN RE RE ET ERE 1 3 KOU IPOROMtS dr am L2 TE NEIWOK erinesid ie A 1 4 uui Mg rH 1 4 ETP Access Concepto LAC cassis idein do dances Fez eir e bonu Ede bg dt OE 1 5 Remote Access Server RAS Gast ere INS juae 1 5 Tunnel Management Server TMS uice Dr ete ek n b ace a xe ads 1 5 EZI P MODE Ser mer CLS vae
21. Help Enable L2TP ENABLE Max L2TP Sessions Receive Window Size Retransmit Timer seconds Maximum Retransmit Hello Timer seconds Figure A 1 L2TP Configuration List Window The parameter descriptions follow A 2 300016 A Rev 00 Parameter Path Default Options Function Instructions MIB Object ID Parameter Path Default Options Function Instructions MIB Object ID Parameter Path Default Options Function Instructions MIB Object ID L2TP Parameters Enable L2TP Configuration Manager gt Protocols gt IP gt L2TP gt L2TP Configuration Enable Enable Disable Enables or disables L2TP on this interface Site Manager automatically enables this parameter when you select L2TP as a protocol Accept the default Enable to use L2TP To temporarily disable L2TP set this parameter to Disable 1 3 6 1 4 1 18 3 5 23 2 1 2 Max L2TP Sessions Configuration Manager Protocols IP L2TP L2TP Configuration 100 1 to 100 sessions Specifies the maximum number of L2TP sessions that the LNS allows Enter the maximum number of L2TP session that you want the LNS to support 1 3 6 1 4 1 18 3 5 23 2 1 16 Receive Window Size Configuration Manager Protocols IP L2TP L2TP Configuration 4 to 7 packets Specifies the number of control packets that the LNS can receive from the LAC without the LNS sending an acknowledgment packet to the LAC Enter the num
22. IUS server database 192 32 40 1 jsmart bay com 192 32 40 2 mmark bay com L2TO008A Figure B 2 L2TP Network with Routers at the Remote Site 300016 A Rev 00 B 5 Configuring L2TP Services Dial on Demand Circuit Configuration Modify the dial on demand circuit configuration as follows 1 Inthe Configuration Manager window choose Dialup gt Demand Circuits Demand Pools PPP Circuits PPP Demand Circuits to access the PPP Demand Circuits window 2 Disable outbound authentication Table B 5 PPP Demand Circuit Parameters Parameter Name Value Outbound Authentication Disable CHAP Local Name jsmart bay com PPP Interface Configuration Adjacent Host Configuration Modify the PPP interface configuration as follows 1 In the Configuration Manager window choose Protocols gt PPP gt Interfaces to access the PPP Interface List window 2 Click on Lines to access the PPP Line List window 3 Enable RFC 1661 compliance as follows Table B 6 PPP Line List Parameter Parameter Name Value RFC1661 Compliance Enable After you set up the router s dial on demand configuration you are prompted for an adjacent host address Enter the assigned user network address from the LNS as the adjacent host address The adjacent host address is the user network address assigned by the LNS In this example it would be 192 32 40 254 B 6 300016 A Rev 00 Appendix C Troub
23. In addition to the fields in the header the L2TP packet contains a call serial number which is a unique number for each L2TP call This number matches the call to the L2TP session 300016 A Rev 00 1 3 Configuring L2TP Services Components of an L2TP Network The following sections describe the components of an L2TP network For illustrations of L2TP networks refer to Figures 1 1 and 1 2 on page 1 7 Remote Host At the remote site is the user who wants to dial in to the corporate network The remote user can be located anywhere provided that the user can dial into an ISP network using a PC or a router The ISP provides the connection to the Internet The host at the remote site can be a PC or router that uses PPP for dial up connections e Ifthe PC or router does not have built in L2TP software capabilities it dials into a LAC which provides a tunnel across the Internet to the corporate LNS e Ifthe PC or router is an L2TP client that is it has built in L2TP functionality the L2TP client software provides a tunnel through a RAS across the Internet to the corporate LNS A LAC is unnecessary with an L2TP client The main difference between connecting an L2TP client and a nonclient is the starting point of the tunnel For an L2TP client the tunnel begins at the PC or router for a non L2TP client the tunnel begins at the LAC AII tunnels end at the LNS Note This guide s primary focus is on an L2TP network between a
24. NS supports an MRU MRUU size of 1500 only Use the following guidelines to configure a Bay Networks router at the remote site For router software versions up to and including 11 02 rel use an MTU size of 1510 which is the default For router software versions 11 02 rev 12 00 and 12 10 set the PPP parameter RFC 1661 Compliance Mode to Enable You can also check the session statistics which are automatically enabled on the LNS A router at the remote site cannot tunnel into the corporate network Check the IP address assigned by the RADIUS server There may be a mismatch between the address of the remote router dialing in to the LAC and the address that the RADIUS server assigns For example router A dials in with its IP address of 1 1 1 3 and the RADIUS server assigns an incorrect IP address of 1 1 1 5 300016 A Rev 00 A Ack Timeout seconds parameter A 5 addresses assigning IP network 3 7 assigned user network list modifying 3 7 Assigned User Network parameter A 10 Bay Networks LNS See LNS C configuration examples B 1 configuration file requirements 2 3 customer support programs xvi Technical Solutions Centers xvii D deleting L2TP from ATM 3 10 3 11 from frame relay 3 9 from PPP 3 9 disabling L2TP 3 8 domain name description 1 12 E Enable L2TP parameter A 3 Enable Tunnel Authentication parameter A 8 H Hello Timer seconds parameter A
25. P access concentrator LAC or remote access server RAS to an L2TP network server LNS Multiple users can communicate through a single tunnel between the same LAC and LNS pair Each user transmits and receives data in an individual L2TP session 1 2 300016 A Rev 00 L2TP Overview The LAC brings down the tunnel for any one of the following reasons e A network failure occurs The LAC or other equipment at the ISP is not operating properly If the LAC fails all tunnel users are disconnected e There are no active sessions inside the tunnel An individual session ends when a remote user disconnects the call but multiple sessions can run inside a single tunnel e The system administrator at the ISP terminates the user connection e The LAC is not responding to a Hello packet from the LNS For the LAC to reestablish a tunnel the remote user has to place a new call L2TP Sessions Packets are exchanged across an L2TP tunnel during an L2TP session An L2TP session is created when an end to end WAN connection is established between the remote host and the LNS The L2TP portion of the packets sent through the tunnel contains a header with a call ID field also called a session ID and a tunnel ID field The call ID field which indicates the session that the WAN packet belongs to is negotiated between the LAC and the LNS when the L2TP call is set up The tunnel ID specifies the tunnel that the L2TP session is using
26. S server can provide accounting services for the corporate network calculating billing charges for an L2TP session For information about the Bay Networks implementation of RADIUS user authentication and accounting refer to RADIUS User Authentication and RADIUS Accounting on page 1 14 1 6 300016 A Rev 00 L2TP Overview Examples of L2TP Networks Figure 1 1 shows an L2TP network that uses a LAC to connect to the LNS The tunnel is between the LAC and the LNS ISP network Frame relay connection Remote Corporate network host LNS PPP E connection ALI No L2TP functionality L2T0003A Figure 1 1 L2TP Network Using a LAC Figure 1 2 shows an L2TP network that uses a RAS to connect to the LNS The tunnel is between the PC the L2TP client and the LNS ISP network Frame relay ju RAS connection Corporate network host r Tunnel i LNS Ee ar se EJ KOF R A RADIUS client pe L2T0004A Figure 1 2 L2TP Network Using a RAS 300016 A Rev 00 1 7 Configuring L2TP Services L2TP Packet Encapsulation The PC or rou
27. US server changing address and password 3 3 description 1 6 for user authentication 1 14 Receive Window Size parameter A 3 remote access server RAS 1 5 Retransmit Timer seconds parameter A 4 router platforms for L2TP 1 11 S sessions L2TP 1 3 Subnet Mask parameter A 10 T Technical Solutions Centers xvii Index 2 TMS description 1 5 1 11 troubleshooting network problems C 1 Tunnel Authentication Password parameter A 8 tunnel authentication enabling 3 6 tunnel management server See TMS tunnel description 1 8 U user authentication RADIUS 1 14 V virtual private network See VPN VPN assigning addresses 1 15 description 1 2 modifying addresses 3 7 300016 A Rev 00
28. WAN protocol for the connection between the ISP network and the corporate network 300016 A Rev 00 B 1 Configuring L2TP Services No active call from mmark no tunnel needed mmark baynetworks com ISP network bee EX ge ee EE TT ER i rs NoL2TP Modem i E Corporate functionality network R TEITI outer jsmart baynetworks com LAC 1 mu LNS TERT Frame rela m YZ 192321655 ir m EN er AER EN ae Tunnel l C CS LT Mutin N mom VE No L2TP PPP functionality BEN Assigned user oS 0 bay private Domain name in TMS database baynetworks com 192 32 16 55 Assigned user network in the RADIUS server database 192 3240 1 jsmart baynetworks com 192 32 40 2 mmark 2baynetworks com L2T0007A Figure B 1 L2TP Network with PCs at the Remote Site Configuring the Remote Hosts The remote hosts in this network are two PCs running Windows 95 Neither PC has internal L2TP capabilities In this network one PC has a synchronous dial connection to the ISP via a modem The other PC has a 128 Kb s dial ISDN connection through an ISDN terminal adapter TA The user names at the PCs are jsmart baynetworks c
29. authentication is successful Tunnel authentication can occur in one direction referred to as one way authentication or both directions referred to as two way authentication If authentication is occurring in one direction then only one side of the LAC LNS connection tries to verify the other s identity If authentication is occurring in both directions the LAC and LNS both try to verify the other s identity You can enable one way or two way tunnel authentication on the Bay Networks LNS If tunnel authentication is disabled which is the default the LNS sends a default challenge response to the LAC during the authentication process so that the tunnel can be established The LNS cannot send outgoing calls so it cannot initiate tunnel authentication 300016 A Rev 00 L2TP Overview During two way tunnel authentication the following exchange of messages takes place 1 The LAC sends a tunnel setup message called the start control connection request SCCRQ message to the LNS This message includes a challenge to the LNS 2 The LNS replies with a tunnel response a challenge response and its own challenge message This is called the start control connection reply SCCRP message 3 The LAC replies with a challenge response that includes its tunnel authentication password This is the start control connection connected SCCCN message 4 Ifthis same password is configured for the LNS the LNS grants approval to the LAC
30. ber of packets that determine the window size or accept the default value 1 3 6 1 4 1 18 3 5 23 2 1 6 300016 A Rev 00 A 3 Configuring L2TP Services Parameter Path Default Options Function Instructions MIB Object ID Parameter Path Default Options Function Instructions MIB Object ID Parameter Path Default Options Function Instructions MIB Object ID Retransmit Timer seconds Configuration Manager gt Protocols gt IP gt L2TP gt L2TP Configuration 1 1 to 60 seconds Indicates the number of seconds that the LNS waits for an acknowledgment from the LAC before resending packets If you are experiencing many timeouts during L2TP tunnel negotiation or during a session set this value to a number greater than the default Otherwise accept the default 1 3 6 1 4 1 18 3 5 23 2 1 7 Maximum Retransmit Configuration Manager Protocols IP L2TP L2TP Configuration 1 1 to 60 Specifies the maximum number of times the LNS retransmits packets to the LAC If you are experiencing many timeouts during L2TP tunnel negotiation or during a session set this value to a number greater than the default Otherwise accept the default 1 3 6 1 4 1 18 3 5 23 2 1 8 Hello Timer seconds Configuration Manager Protocols IP L2TP L2TP Configuration 60 1 to 60 seconds Indicates the maximum number of seconds that can elapse without data activity befor
31. can have many LNS interfaces each with its own address You can have as many LNS interfaces as there are available slots on the router The LNS performs user authentication with a RADIUS server to prevent unauthorized users from accessing the network The LNS accepts only incoming calls it does not place calls to the LAC The Bay Networks L2TP implementation supports only IP traffic through the L2TP tunnel The LNS supports only numbered IP addresses The router interface between the ISP and the corporate network refer to Figure 1 1 is a leased line operating with frame relay PPP including PPP multilink or ATM Bay Networks recommends that you use a high speed link such as T1 for the leased connection The LNS terminates multilink PPP and PPP encapsulated data within an L2TP packet The LNS operates with the LAC implementation configured on the Bay Networks Model 5399 Remote Access Concentrator Refer to Chapter 3 Customizing L2TP Services for instructions on how to configure a Bay Networks router as an LNS Tunnel Management The Bay Networks tunnel management server TMS which resides at the ISP network stores the TMS database This database contains the remote users domain name the IP address information of each LNS and other tunnel addressing information that the network administrator configures The LAC requests this information from the TMS to construct the L2TP tunnel 300016 A Rev 00 Configuri
32. cedure continued You do this System responds 9 Set the following parameters Assigned User Network Subnet Mask Click on Help or refer to the parameter descriptions on page A 10 Site Manager displays a message alerting you of the time delay to create the L2TP tunnel circuits 10 Click on OK You return to the Assigned User Network List window which displays the assigned network address and the subnet mask Following a message window opens that reads L2TP Configuration is completed 11 Click on OK The message window closes You return to the Assigned User Network List window 12 Click on Done You return to the Circuit Definition window 13 Click on Done You return to the Configuration Manager window 2 6 300016 A Rev 00 Starting L2TP Enabling L2TP on an Existing Frame Relay Interface To enable L2TP on an interface with frame relay and IP already enabled complete the following tasks Site Manager Procedure You do this System responds 1 In the Configuration Manager window choose a WAN connector The Edit Connector window opens Choose Edit Circuit The Frame Relay Circuit Definition window opens Choose Services The Frame Relay Service List window opens Choose Protocols in the top left corner of the window The Protocols menu opens Choose Add Delete The Select Protocols window opens 6
33. ceuiedesncieamaicteatnneddeccontede 3 3 Ghanding the LNG System M NE irisscan niaaa adaa anaa aada 3 4 Modifying the Number of L2TP Sessions Permitted E ENA PE 3 5 Enable Tunnel Me sees bra dar bo vrbe Se rt bo ERE UT RR d 3 6 Modifying the Assigned User Network List merrnrnnnannvnnrnrrrnnnnvnnnnrrrnnnnrnnnnnnrnnnnrnnnnnnrenenn 3 7 Ke il LATE Meer c 3 8 Deleting LZ TP irom a PPF MERE iusiaptcepiadit Lopebr t i cur hri a beca rma 3 9 Deleting L2TP from a Frame Relay Interface Sie TT TOU E 3 9 Deleting L2 TP from sn ATM Intelfaeb ocior eec tert b edi rr eed danene ben 3 10 Appendix A L2TP Parameters E2TP Gonficuba don FORNES casa sstccce sessed eism R etc eee En PEC AE c OMM HM Uri DRE E CLE EIE A 2 EZ TP tune Security POSITIS uu cerei apod peto Ett oap Eo abt Rer cd A 7 Assigned User Network Parameters eis Sickie TT TON TREE A 9 vi 300016 A Rev 00 Appendix B Configuration Examples Example 1 Remote PC Calling the Corporate Network rarrvnnrnrrnannvnnnnnnrnnnnrnnnnnnvenrn B 1 COMMING die Remote HOSTE uiii tnnc inis emnes Remi xa cs incu be bacav xvid Kd zt ein B 2 Configuring the LACs and the TMS FEE Sees REE TE Tm B 3 FM me CN re B 3 Bala Path Through The NetWork Lassen sonene amide bee B 4 Example 2 Remote Router Calling the Corporate Network ssssssessss B 5 Dial on Demand Circuit Configuration
34. e B 5 PPP Demand Circuit Parameters essere B 6 Table B 6 PPP Line List Parameter Hasse baciodie iater aer oue kabet sse asit B 6 Table C 1 Common L2TP Network Problems and Solutions 300016 A Rev 00 xi About This Guide If you are responsible for configuring L2TP you need to read this guide If you want to Go to Learn about L2TP and the Bay Networks implementation of L2TP Chapter 1 Start L2TP on a router using default parameter settings Chapter 2 Change default settings for L2TP parameters Chapter 3 Obtain information about Site Manager parameters this is the same Appendix A information you obtain using Site Manager online Help Review configuration examples Appendix B Troubleshoot L2TP configuration problems Appendix C Before You Begin Before using this guide you must complete the following procedures For a new router e Install the router refer to the installation guide that came with your router e Connect the router to the network and create a configuration file refer to Quick Starting Routers Configuring BayStack Remote Access or Connecting ASN Routers to a Network Make sure that you are running the latest version of Bay Networks Site Manager and router software For instructions refer to the BayRS Version 12 10 Document Change Notice 300016 A Rev 00 xiii Configuring L2TP Services Conventions bold text italic text
35. e the LNS sends a packet through the tunnel to the LAC to check the connection Set this parameter to a smaller number only if the connection is not stable Otherwise accept the default 1 3 6 1 4 1 18 3 5 23 2 1 9 A 4 300016 A Rev 00 Parameter Path Default Options Function Instructions MIB Object ID Parameter Path Default Options Function Instructions MIB Object ID Parameter Path Default Options Function Instructions MIB Object ID L2TP Parameters Ack Timeout milliseconds Configuration Manager gt Protocols gt IP gt L2TP gt L2TP Configuration 250 1 to 350 milliseconds Specifies the maximum number of milliseconds that can elapse before the LNS sends an acknowledgment to the LAC that it received an L2TP control message such as a tunnel authentication or session control message If you are unsure of the stability of the connection or the L2TP session set this parameter to a number smaller than the default Otherwise accept the default 1 3 6 1 4 1 18 3 5 23 2 1 10 LNS System Name Configuration Manager Protocols IP L2TP L2TP Configuration BayRS The router s system name or any name you specify Specifies the name of the LNS This name applies to the router not just the slot with the LNS interface Site Manager automatically enters the name from the router s system information You can modify it if you choose If no system name is provided
36. endors may use a different method 300016 A Rev 00 1 5 Configuring L2TP Services L2TP Network Server LNS The L2TP network server LNS is a router that resides at the corporate network and serves as the termination point for L2TP tunnels and sessions The LNS authenticates the PPP connection request and allows the end to end PPP tunneled connection The LNS may also perform user authentication with a RADIUS server to prevent unauthorized users from accessing the network however user authentication may also be done by the LNS itself AnLNS can support multiple remote users each communicating within their own L2TP session The L2TP session is the virtual end to end connection over which the LAC sends data to the LNS The Bay Networks router is an LNS For information about the Bay Networks LNS refer to Bay Networks L2TP Implementation on page 1 11 RADIUS Server An L2TP network may include a Remote Authentication Dial in User Service RADIUS server The RADIUS server has three main functions in an L2TP network e Authenticating the remote users e Assigning IP addresses to the remote users e Providing accounting services for corporate billing The RADIUS server database centralizes the authentication function eliminating the need to configure each LNS with user names and passwords It also assigns an IP address to the remote host to identify the host and ensure that it is part of its own subnet Finally the RADIU
37. erface 2r Enabling L2TP on an Existing ATM Interface 29 300016 A Rev 00 2 1 Configuring L2TP Services Planning Considerations for an L2TP Network This guide primarily explains how to configure a Bay Networks BLN BCN or ASN router as an LNS in an L2TP network To successfully operate in an L2TP network obtain the following information to configure the LNS Tunnel Authentication Passwords If you plan to enable tunnel authentication which is optional for the Bay Networks LNS you must obtain the LAC passwords from your ISP For more information about the authentication process refer to Tunnel Authentication on page 1 12 RADIUS Server Information The Bay Networks implementation of L2TP requires that you configure a RADIUS server to perform user authentication and to assign IP addresses to remote users For the RADIUS server do the following Configure the RADIUS server with user names and domain names Obtain the address and password of the RADIUS server to enter in the LNS configuration Configure the RADIUS server to assign IP addresses to remote users This address identifies the remote user to the LNS during an L2TP session If the remote user does not have a preconfigured address the only way to assign addresses is by the RADIUS server This address is also used for network communication across the subscriber network Obtain the IP network addresses configured in the RADIUS server database so yo
38. es must belong to a unique subnet within the corporate network on which the LNS and the RADIUS server reside Be aware that 1f a router at the remote site dials into an ISP network the LNS does not provide Routing Information Protocol RIP support Consequently you must configure static routes for the router for network addressing to work Where to Go Next Go to one of the following chapters for more information e To enable L2TP on an interface refer to Chapter 2 Starting L2TP e To customize L2TP using nondefault parameter values refer to Chapter 3 Customizing L2TP Services e To read parameter descriptions refer to Appendix A L2TP Parameters e For configuration examples refer to Appendix B Configuration Examples e For basic troubleshooting refer to Appendix C Troubleshooting 300016 A Rev 00 1 15 Chapter 2 Starting L2TP The quickest way to start L2TP is to enable it with the default configuration that Bay Networks software supplies This configuration uses all available parameter defaults You need to supply values for several parameters that do not have default values This chapter includes the following information Topic Page Planning Considerations for an L2TP Network 2 2 Preparing a Configuration File 2 3 Enabling L2TP on an Unconfigured WAN Interface 2 4 Enabling L2TP on an Existing PPP Interface 25 Enabling L2TP on an Existing Frame Relay Int
39. for which it was originally acquired b to copy the Software solely for backup purposes in support of authorized use of the Software and c to use and copy the associated user manual solely in support of authorized use of the Software by Licensee This license applies to the Software only and does not extend to Bay Networks Agent software or other Bay Networks software products Bay Networks Agent software or other Bay Networks software products are licensed for use under the terms of the applicable Bay Networks Inc Software License Agreement that accompanies such software and upon payment by the end user of the applicable license fees for such software 2 Restrictions on use reservation of rights The Software and user manuals are protected under copyright laws Bay Networks and or its licensors retain all title and ownership in both the Software and user manuals including any revisions made by Bay Networks or its licensors The copyright notice must be reproduced and included with any copy of any portion of the Software or user manuals Licensee may not modify translate decompile disassemble use for any competitive analysis reverse engineer distribute or create derivative works from the Software or user manuals or any copy in whole or in part Except as expressly provided in this Agreement Licensee may not copy or transfer the Software or user manuals in whole or in part The Software and user manuals embody Bay Networks and its licensors
40. ick on Add The Assigned User Network window opens 6 Set the following parameters Assigned User Network Subnet Mask Click on Help or refer to the parameter descriptions beginning on page A 10 7 Click on OK You return to the Assigned User Network List window The new address appears in the list 8 Click on Done You return to the Configuration Manager window 300016 A Rev 00 3 7 Configuring L2TP Services To delete an address from the list complete the following tasks Site Manager Procedure You do this System responds 1 In the Configuration Manager window choose Protocols The Protocols menu opens 2 Choose IP The IP menu opens 3 Choose L2TP The L2TP menu opens 4 Choose Assigned User Network The Assigned User Network List window opens 5 Select an address in the list and click on Site Manager removes the address from Delete the list 6 Click on Done You return to the Configuration Manager window Disabling L2TP To disable L2TP on a slot complete the following tasks Site Manager Procedure You do this System responds 1 In the Configuration Manager window choose Protocols The Protocols menu opens Choose IP The IP menu opens 3 Choose L2TP The L2TP menu opens 4 Choose L2TP Configuration The L2TP Configuration List window opens 5 Choose the slot with the L2TP inte
41. leshooting To monitor your L2TP network and solve problems that may occur first check the event log file for any messages recorded by the LNS For information about viewing and reading event messages refer to Event Messages for Routers and Configuring and Managing Routers with Site Manager Table C 1 provides troubleshooting solutions for common problems with your L2TP network Table C 1 Common L2TP Network Problems and Solutions Problem What to Do L2TP tunnel did not initiate Check whether you enabled tunnel authentication for the LNS on that slot If authentication is enabled make sure that the authentication password is the same for the LAC and the LNS You can also check the tunnel statistics which are automatically enabled on the LNS L2TP client PC or router cannot reach the corporate network through the established connection Check the address configured in the RADIUS server database and make sure that the address is part of the virtual private subnet as configured in the Assigned User Network List continued 300016 A Rev 00 C 1 Configuring L2TP Services Table C 1 Common L2TP Network Problems and Solutions continued Problem What to Do L2TP session is not active The LNS failed to negotiate the PPP LCP options Reconfigure the host at the remote site dialing in to the ISP For a Bay Networks router at the remote site check the PPP MRU MRRU size The L
42. lue Enable Tunnel Authentication Enable Tunnel Authentication Password LAC1 7 Inthe Assigned User Network window create the necessary entries Table B 4 Assigned User Network Parameters Parameter Name Value Assigned User Network 192 32 40 0 Subnet Mask 255 255 255 0 During the L2TP session the IP network addresses are assigned as follows jsmart baynetworks com 192 32 40 1 mmark O baynetworks com 192 32 40 2 These addresses are stored in the RADIUS server database Data Path Through the Network After all components of the network are set up jsmart can place a call to the local ISP The LAC that receives this call sends the user name to the TMS which verifies the domain name and address and sends this information back to the LAC so that it can forward the data The LAC then negotiates the initiation of the tunnel with the LNS and the tunnel is brought up The LNS then authenticates jsmart O baynetworks com with the RADIUS server After the RADIUS server grants access it assigns the address 192 32 40 1 to jsmart to include the remote host jsmart s PC in the virtual private network Data now passes through the tunnel from jsmart s PC to the LNS for the duration of the L2TP session When jsmart disconnects the call the session is terminated If no other active sessions are using the tunnel the tunnel is brought down B 4 300016 A Rev 00 Configuration Examples Example 2 Remote Rou
43. mber of active L2TP sessions that the LNS can manage The default is 100 sessions For more information about L2TP sessions refer to L2TP Sessions on page 1 3 To change the maximum number of L2TP sessions supported by the LNS complete the following tasks Site Manager Procedure You do this System responds 1 In the Configuration Manager window The Protocols menu opens choose Protocols 2 Choose IP The IP menu opens 3 Choose L2TP The L2TP menu opens 4 Choose L2TP Configuration The L2TP Configuration List window opens 5 Setthe Max L2TP Sessions parameter Click on Help or refer to the parameter description on page A 3 6 Click on Done You return to the Configuration Manager window 300016 A Rev 00 3 5 Configuring L2TP Services Enabling Tunnel Authentication To prevent unauthorized users from accessing the corporate network you can enable tunnel authentication During tunnel negotiation the LAC sends its tunnel authentication password to the LNS If the password is not recognized by the LNS authentication 1s unsuccessful and the LAC cannot create the tunnel Note If you are using the Password Authentication Protocol PAP for PPP authentication do not enable tunnel authentication For more information about tunnel authentication refer to Tunnel Authentication on page 1 12 To enable tunnel authentication complete the following tasks Site Ma
44. n provide accounting services in addition to its authentication services RADIUS accounting is enabled by default on the Bay Networks LNS The RADIUS accounting server calculates billing charges for an L2TP session between the remote user and the LNS To determine these charges the server uses information that it receives from the LNS such as the status of each call and the number of packets sent during the session Using this data the RADIUS server determines billing charges which the network administrator can use to manage network costs For more information about RADIUS accounting refer to Configuring RADIUS 1 14 300016 A Rev 00 L2TP Overview Assigned User Network Addresses When configuring the Bay Networks LNS you must configure IP addresses that represent the user network for the remote hosts These network addresses create the internal software addressing scheme for a virtual private network across the Internet The RADIUS server assigns the IP addresses to the remote hosts An IP address is essential because many remote hosts may not have their own addresses The LNS uses the address to identify the remote host and ensure that it is part of its own virtual private network Using this address the LNS can send data to the remote user After the session ends the IP address becomes available for another user In Site Manager configuration windows this IP address is referred to as the assigned user network These address
45. nager Procedure You do this System responds 1 In the Configuration Manager window The Protocols menu opens choose Protocols 2 Choose IP The IP menu opens 3 Choose L2TP The L2TP menu opens 4 Choose Tunnel Authentication The L2TP Tunneling Security window opens 5 Setthe following parameters Enable Tunnel Authentication Tunnel Authentication Password Click on Help or refer to the parameter descriptions beginning on page A 8 6 Click on Done You return to the Configuration Manager window 3 6 300016 A Rev 00 Customizing L2TP Services Modifying the Assigned User Network List The Assigned User Network List window lists the valid user network addresses These IP addresses complete the virtual private network addressing scheme between the corporate and remote sites The addresses in this list must be part of a unique subnet that the RADIUS server uses to assign IP addresses to the remote USET For more information about assigned user networks refer to Assigned User Network Addresses on page 1 15 To add an address to the list complete the following tasks Site Manager Procedure You do this System responds 1 Inthe Configuration Manager window The Protocols menu opens choose Protocols 2 Choose IP The IP menu opens 3 Choose L2TP The L2TP menu opens 4 Choose Assigned User Network The Assigned User Network List window opens 5 Cl
46. ng L2TP Services When the LAC receives a call it forwards the domain name to the TMS The domain name is the portion of the user s address that specifies a particular location in the network For example if the user name is jdoe 9 baynetworks com baynetworks com is the domain name The TMS looks up the domain name and verifies that the remote user is an L2TP user The TMS also provides the LAC with the addressing information required to establish a tunnel to the correct LNS Note The domain name referred to in this guide is a domain identifier that does not follow a specific format It is not related to any Domain Name System DNS protocol requirements Tunnel Authentication For security purposes you can enable the LNS to perform tunnel authentication Tunnel authentication is the process of negotiating the establishment of a tunnel During tunnel authentication the LNS identifies the L2TP client or LAC by comparing the LAC s tunnel authentication password with its own password If the passwords match the LNS permits the LAC to establish a tunnel The LAC does not send the tunnel authentication password as a plain text message The exchange of passwords works much like the PPP Challenge Handshake Authentication Protocol CHAP When one side receives a challenge it responds with a value that is calculated based on the authentication password The receiving side matches the value against its own calculation If the values match
47. ng the warranty period along with proof of the date of shipment This warranty does not apply if the media has been damaged as a result of accident misuse or abuse The Licensee assumes all responsibility for selection of the Software to achieve Licensee s intended results and for the installation use and results obtained from the Software Bay Networks does not warrant a that the functions contained in the software will meet the Licensee s requirements b that the Software will operate in the hardware or software combinations that the Licensee may select c that the operation of the Software will be uninterrupted or error free or d that all defects in the operation of the Software will be corrected Bay Networks is not obligated to remedy any Software defect that cannot be reproduced with the latest Software release These warranties do not apply to the Software if it has been 1 altered except by Bay Networks or in accordance with its instructions ii used in conjunction with another vendor s product resulting in the defect or iii damaged by improper environment abuse misuse accident or negligence THE FOREGOING WARRANTIES AND LIMITATIONS ARE EXCLUSIVE REMEDIES AND ARE IN LIEU OF ALL OTHER WARRANTIES EXPRESS OR IMPLIED INCLUDING WITHOUT LIMITATION ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE Licensee is responsible for the security of 300016 A Rev 00 iii its own data and information and for maintaining adeq
48. ollowing a message window opens that reads L2TP Configuration is completed continued 300016 A Rev 00 Starting L2TP Site Manager Procedure continued You do this System responds 11 Click on OK The message window closes You return to the Assigned User Network List window 12 Click on Done You return to the Configuration Manager window Enabling L2TP on an Existing PPP Interface To enable L2TP on an interface with PPP and IP already enabled complete the following tasks Site Manager Procedure You do this System responds 1 In the Configuration Manager window choose a WAN connector The Edit Connector window opens Choose Edit Circuit The Circuit Definition window opens Choose Protocols in the top left corner of the window The Protocols menu opens 4 Choose Add Delete The Select Protocols window opens 5 Choose L2TP then click on OK The L2TP Configuration window opens 6 Set the following parameters e RADIUS Primary Server IP Address e RADIUS Primary Server Password Click on Help or refer to the parameter descriptions on page A 5 7 Click on OK The L2TP Tunneling Security window opens 8 Click on OK The Assigned User Network List window opens followed by the Assigned User Network window continued 300016 A Rev 00 2 5 Configuring L2TP Services Site Manager Pro
49. om and mmark O baynetworks com B 2 300016 A Rev 00 Configuration Examples Configuring the LACs and the TMS The LAG s in this network are Model 5399 Remote Access Concentrators Both devices have L2TP modules installed Refer to Model 5399 Remote Access Concentrator documentation for information about configuring L2TP The LACS use the same TMS which you configure with the following information Domain name baynetworks com Tunnel end point address LNS address 192 32 16 55 Tunnel authentication password LAC1 Configuring the LNS The LNS in this network is a BN router with at least two synchronous interfaces To configure the router as an LNS 1 Choose one of the WAN ports for the slot you want as the LNS 2 From the WAN Protocols menu choose Frame Relay 3 From the Select Protocols menu choose IP and L2TP 4 Inthe IP Configuration window enter the IP address of the LNS Table B 1 IP Address Parameter Parameter Name Value IP Address 192 32 16 55 5 Inthe L2TP Configuration List window enter the RADIUS server information Table B 2 RADIUS Server Parameters Parameter Name Value RADIUS Primary Server IP Address 192 32 26 6 RADIUS Primary Server Password bay private 300016 A Rev 00 B 3 Configuring L2TP Services 6 In the L2TP Tunneling Security window enable tunnel authentication Table B 3 Tunnel Authentication Parameters Parameter Name Va
50. quotation marks screen text separator gt vertical line I Indicates text that you need to enter command names and buttons in menu paths Example Enter wfsm amp Example Use the dinfo command Example ATM DXI gt Interfaces gt PVCs identifies the PVCs button in the window that appears when you select the Interfaces option from the ATM DXI menu Indicates variable values in command syntax descriptions new terms file and directory names and book titles Indicate the title of a chapter or section within a book Indicates data that appears on the screen Example Set Bay Networks Trap Monitor Filters Separates menu and option names in instructions and internal pin to pin wire connections Example Protocols gt AppleTalk identifies the AppleTalk option in the Protocols menu Example Pin 7 19 20 Indicates that you enter only one of the parts of the command The vertical line separates choices Do not type the vertical line when entering the command Example If the command syntax is show at routes nets you enter either show at routes or show at nets but not both Xiv 300016 A Rev 00 Acronyms CHAP IP ISDN ISP L2TP LAC LAN LCP LNS MPPP PAP PPP RADIUS RAS RIP SCCCN SCCRP SCCRQ TA TCP IP TMS UDP VPN WAN About This Guide Challenge Handshake Authentication Protocol Internet Protocol Integrated Services Digital Network Internet Service Provider Layer
51. r the Internet The tunnel can now carry a user session during which the LAC and the LNS exchange PPP packets 300016 A Rev 00 Configuring L2TP Services Security in an L2TP Network You can configure two layers of security in an L2TP network Tunnel authentication Tunnel authentication is the process of negotiating the establishment of a tunnel between the LAC and the LNS User authentication The network administrator at the corporate site can configure a RADIUS server with the names and passwords of authorized users The server s database centralizes the authentication function eliminating the need to configure each LNS with user names and passwords When the LNS receives a call it forwards the user information to the RADIUS server which verifies whether the user 1s authorized to access the network You can also configure the LNS to perform user authentication if a RADIUS server is not part of the network configuration For more information about the Bay Networks implementation of tunnel and user authentication refer to Tunnel Authentication on page 1 12 and RADIUS User Authentication on page 1 14 300016 A Rev 00 L2TP Overview Bay Networks L2TP Implementation In an L2TP network the Bay Networks router is the LNS LNS software operates on the BLN BCN and ASN platforms The Bay Networks LNS has the following characteristics Each slot can act as an LNS which means that one router
52. re 1 6 pfo dx M 1 6 FrP of LATP NOE Veme epo c a d enar Hob E aeta a enc a bacs 1 7 LZTP Packet Encapsulation 22 nero ioi hinein E FE UM E 1 8 Making Connection Across an L2TP MetwWOork iacere earn rna en teri put 1 9 Secun nan ESTIS NGWO naida a maser iet 1 10 Bay Networks LETE Iniplermeti e BO sorcrsorcers irnir 1 11 Tre H STEN Luse bebe ca eige 1 11 psu bere eg ERR m T T 1 12 RADIUS User AUI DEL verserte eroe dei E i ecd ba Petri pde 1 14 300016 A Rev 00 V RADIUS Ares UWS EE 1 14 Assigned User Network Addresses sss 1 15 Whore G OD N T ss 1 15 Chapter 2 Starting L2TP Planning Considerations for an L2TP Network te EEA 2 2 Tre Authentication PRSSSWORTS Lsstcespid Dopeca a Cavan Ew p at ona tt cda cad 2 2 RADIUS Server 1 gg 2 2 mii scmneE mE ri ile UR 2 3 Enabling L2TP on an Unconfigured WAN Interface eeeeeeeeeee 2 4 Enabling LeTP on an Existing PPP Interface iscritte trennen T 2 5 Enabling L2TP on an Existing Frame Relay Interface mmrnrrnnonnvnnnnvrnnnnnvnnnnrrnnnnnvnnnnnr 2 7 Enabling LATP on an Existing ATM Inferfaece 2i csi m iaces cata eiae 2 9 Chapter 3 Customizing L2TP Services VE TE MIB SE BEN ue te eo pn d qe eb Pre ED o Hen eno Edad d 3 2 Modifying the L2TP Protocol Configuration eeeseseeees idiot E ETA 3 2 Modilymg RADIUS Server M MSN 2 ccrsiacccsssecdiccccanceiesecasteasie
53. rface Site Manager selects the slot entry in the you want to disable scroll box 6 Set the Enable L2TP parameter to Site Manager disables L2TP for the slot Disable Click on Help or refer to the parameter description on page A 3 7 Click on Done You return to the Configuration Manager window 3 8 300016 A Rev 00 Deleting L2TP from a PPP Interface Customizing L2TP Services To delete L2TP from a PPP interface complete the following tasks Site Manager Procedure You do this System responds 1 In the Configuration Manager window click on a WAN connector configured with L2TP The Edit Connector window opens 2 Choose Edit Circuit The Circuit Definition window opens 3 Choose Protocols The Protocols menu opens 4 Choose Add Delete The Select Protocols window opens 5 Click on L2TP Site Manager deselects L2TP 6 Click on OK You return to the Circuit Definition window 7 Click on Done You return to the Configuration Manager window Deleting L2TP from a Frame Relay Interface To delete L2TP from a frame relay interface complete the following tasks Site Manager Procedure You do this System responds 1 In the Configuration Manager window click on a WAN connector configured with L2TP The Edit Connector window opens Choose Edit Circuit The Frame Relay Circuit Definition window opens Choose Services
54. rictions as set forth in subparagraph c 1 ii of the Rights in Technical Data and Computer Software clause at DFARS 252 227 7013 Notwithstanding any other license agreement that may pertain to or accompany the delivery of this computer software the rights of the United States Government regarding its use reproduction and disclosure are as set forth in the Commercial Computer Software Restricted Rights clause at FAR 52 227 19 Statement of Conditions In the interest of improving internal design operational function and or reliability Bay Networks Inc reserves the right to make changes to the products described in this document without notice Bay Networks Inc does not assume any liability that may occur due to the use or application of the product s or circuit layout s described herein Portions of the code in this software product may be Copyright O 1988 Regents of the University of California All rights reserved Redistribution and use in source and binary forms of such portions are permitted provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation advertising materials and other materials related to such distribution and use acknowledge that such portions of the software were developed by the University of California Berkeley The name of the University may not be used to endorse or promote products derived from such portions of the software without specific prior
55. s and purchase CDs videos and computer based training programs about Bay Networks products Training programs can take place at your site or at a Bay Networks location For more information about training programs call one of the following numbers Region Telephone number United States and Canada 800 2LANWAN then enter Express Routing Code ERC 282 when prompted 978 916 3460 direct Europe Middle East and Africa 33 4 92 96 15 83 Asia Pacific 61 2 9927 8822 Tokyo and Japan 81 3 5402 7041 300016 A Rev 00 xvii Chapter 1 L2TP Overview The Layer 2 Tunneling Protocol L2TP provides remote users such as telecommuters mobile professionals and personnel in remote branch offices with dial in access to a corporate network L2TP enables users to create a virtual private network VPN which uses the existing physical infrastructure of a public network such as the Internet but offers the security and exclusivity of a private network This chapter contains the following information Topic Page L2TP Benefits 1 2 What Is Tunneling 1 2 Components of an L2TP Network 1 4 L2TP Packet Encapsulation 1 8 Making a Connection Across an L2TP Network 19 Security in an L2TP Network 1 10 Bay Networks L2TP Implementation Tii Where to Go Next 3515 300016 A Rev 00 14 Configuring L2TP Services L2TP Benefits L2TP has
56. s com is the domain name The LAC receives the call and passes the domain name to the TMS If the TMS finds a match for the domain name a tunnel can be created The TMS also checks the number of current connections so that they will not exceed the maximum number allowed If the user is not a tunnel candidate as determined by the domain name the LAC assumes that the remote host is making a regular dial in request and authenticates the user accordingly The LAC tries to establish an L2TP tunnel with the LNS For the LAC to send a tunnel request to the LNS it needs the address of the LNS The LAC requests the address from the TMS It then checks for this address in its own routing table After obtaining the address the LAC sends a tunnel request to the LNS The LNS may perform tunnel authentication if configured to do so If the LAC and LNS complete tunnel authentication successfully the LAC establishes the tunnel After the tunnel is established the LAC forwards the remote user s name to the LNS which verifies the user s identity with the corporate RADIUS server If the RADIUS server recognizes the user name it replies with an acknowledgement and an IP address that it assigns to the remote user for the duration of the call This IP address identifies the remote user who may not have an address of his own After the remote user is successfully authenticated the user has an end to end PPP connection to the corporate network ove
57. several advantages Users and businesses can take advantage of existing network equipment and resources Corporations do not need to maintain and manage remote access servers and other special networking equipment for remote users Instead they can use their existing Internet leased connections and resources at the Internet Service Provider ISP network thereby significantly reducing corporate networking and maintenance costs In addition corporations do not need to provide technical support to the remote users Because the remote user is making a local call to the ISP the ISP provides technical assistance if the user has trouble making connections Remote users can place a free local call to their ISP for access to the Internet This may not be true if they have to dial the corporate network directly ISPs earn more business from corporate customers using the equipment thereby increasing the ISP s revenues L2TP is a standards based protocol so it provides greater interoperability with networking equipment from other vendors What Is Tunneling Tunneling is a way of forwarding traffic from remote users to a corporate network through an IP network Tunneling across an existing public network such as the Internet creates a virtual private network that offers corporate network access to a wider range of remote users L2TP is a tunneling mechanism that extends the end point of the Point to Point Protocol PPP connection from an L2T
58. st parameters see parameter descriptions in Appendix A L2TP Parameters You may want to change some of these values depending on the requirements of your network This chapter includes the following information Topic Page Using the MIB Object ID 3 2 Modifying the L2TP Protocol Configuration 3 2 Modifying RADIUS Server Information 3 3 Changing the LNS System Name 3 4 Modifying the Number of L2TP Sessions Permitted 25 Enabling Tunnel Authentication 3 6 Modifying the Assigned User Network List 3 7 Disabling L2TP 3 8 Deleting L2TP from a PPP Interface 39 Deleting L2TP from a Frame Relay Interface 3 9 Deleting L2TP from an ATM Interface 3 10 300016 A Rev 00 3 1 Configuring L2TP Services Using the MIB Object ID The Technician Interface allows you to modify parameters by issuing set and commit commands with the MIB object ID This process is equivalent to modifying parameters using Site Manager For more information about using the Technician Interface to access the MIB refer to Using Technician Interface Software Caution The Technician Interface does not verify parameter values you enter Entering an invalid value can corrupt you configuration Modifying the L2TP Protocol Configuration To modify how data is transmitted across an L2TP network such as the number frequency and timing of data and acknowledgment packets exchanged
59. subnet mask Specifies the network and subnet portion of the assigned user network Site Manager automatically calculates a natural subnet mask based on the class of the network address For example if you enter a Class C address the subnet mask will be 255 255 255 0 To configure more subnets for your network you can change this natural mask Accept the assigned natural subnet mask or enter a new one You are not restricted to entering a natural mask If the assigned user network is 192 32 16 0 you can have a subnet mask of 255 255 255 192 1 3 6 1 4 1 18 3 5 3 2 1 24 1 6 A 10 300016 A Rev 00 Appendix B Configuration Examples This appendix provides two examples of L2TP network configurations It includes only those parameters that require changes from their default settings for proper configuration For instructions on modifying parameters refer to Chapter 3 Customizing L2TP Services This appendix assumes that you are familiar with L2TP configuration procedures For information about setting up an interface on the router refer to Quick Starting Routers and Configuring and Managing Routers with Site Manager Example 1 Remote PC Calling the Corporate Network Figure B 1 shows a sample L2TP network In this network note the following Domain names are in the TMS database User names and domain names are in the RADIUS server database Assigned user network is the unique virtual private subnet Frame relay is the
60. ter Calling the Corporate Network Figure B 2 shows a network with two AN routers at the remote site The routers are using dial on demand service for dial up connections In this network note the following e PPP is the WAN protocol for the connection between the ISP network and the corporate network e The IP network addresses are assigned as follows jsmart bay com 192 32 40 1 mmark O bay com 192 32 40 2 The configuration for the LNS in this network is the same as in Example 1 however you need to modify the configuration of the AN remote routers as described in the following sections For information about dial on demand refer to Configuring Dial Services For information about PPP refer to Configuring PPP Services No active call from mmark no tunnel needed ISP network mmark bay com LAC 2 gg ZL i 2 f so Se i h No L2TP ii functionality Modem jsmart bay com Not2TP LAT Mutin VARE Jie 183 nt functionality ISDN PPP T Domain name in TMS database bay com 192 32 16 55 perenne RADIUS server network 192 32 26 6 bay privatg Assigned user network in the RAD
61. ter at the remote site sends PPP packets to the LAC which encapsulates these incoming packets in an L2TP packet and sends it across an IP network through a bidirectional tunnel A tunnel is a virtual connection between two sites for example an access concentrator at the ISP network and a router at the corporate network After the LNS receives the packets it decapsulates them and terminates the PPP connection Figure 1 3 shows how data is encapsulated for transmission over an L2TP network Remote user places a call PPP IP DATA Layer2 ipupp L2TP PPP IP DATA protocol LNS IP DATA Data packet moves to the corporate network L2T0005A Figure 1 3 Packet Encapsulation Process 1 8 300016 A Rev 00 L2TP Overview Making a Connection Across an L2TP Network The following steps explain how a remote user connects across an L2TP network that includes a Bay Networks LAC TMS and LNS refer to Figure 1 1 1 The remote user dials a LAC at the local ISP network to establish a PPP connection to the corporate network In the call the user includes any required information for example a user name including a domain name and a password When the user dials in he enters a name for example jdoe baynetworks com jdoe is the user name and baynetwork
62. the router uses BayRS 1 3 6 1 4 1 18 3 5 23 2 1 12 RADIUS Primary Server IP Address Configuration Manager gt Protocols gt IP gt L2TP gt L2TP Configuration None Any 32 bit IP address Specifies the primary RADIUS server for user authentication Enter the IP address of the RADIUS server If the RADIUS server is already configured Site Manager automatically supplies the address 1 3 6 1 4 1 18 3 5 22 2 1 3 300016 A Rev 00 A 5 Configuring L2TP Services Parameter Path Default Options Function Instructions MIB Object ID Parameter Path Default Options Function Instructions MIB Object ID RADIUS Primary Server Password Configuration Manager gt Protocols gt IP gt L2TP gt L2TP Configuration None Any alphanumeric string up to a maximum of 64 characters Specifies the primary RADIUS server s password Enter the password for the RADIUS server If the RADIUS server is already configured Site Manager automatically supplies the password 1 3 6 1 4 1 18 3 5 22 2 1 11 RADIUS Client IP Address Configuration Manager Protocols IP L2TP L2TP Configuration None Any IP address Identifies the router acting as the LNS This address applies for the entire router Enter the IP address of the router If the RADIUS server is already configured Site Manager automatically supplies the address 1 3 6 1 4 1 18 3 5 22 1 1 5 A 6 300016 A Rev 00 L2TP Parameters L
63. to establish a tunnel Figure 1 4 shows two way tunnel authentication ISP network Corporate network PPP connection SJ e SCCRQ tunnel request and challenge pcs 3 SCCRP lt tunnel response challenge response and LNS challenge SCCCN gt challenge response L2T0006A Figure 1 4 Tunnel Authentication Control Messages After tunnel authentication is complete it does not need to be repeated for other calls to the same LAC 300016 A Rev 00 1 13 Configuring L2TP Services RADIUS User Authentication RADIUS user authentication is enabled by default on the Bay Networks LNS you must configure this feature so that the LNS can validate the remote user s identity before allowing access to the network The network administrator at the corporate site must configure a RADIUS server with the names and passwords of authorized users When the LNS receives a call it forwards an authentication request with the user information to the RADIUS server which verifies whether the user is authorized If the user is permitted access to the network the RADIUS server replies with an acknowledgement message and the appropriate address information for that user to make a connection For more information about configuring Bay Networks routers as RADIUS servers refer to Configuring RADIUS RADIUS Accounting The RADIUS server ca
64. u can configure them as part of the LNS assigned user network For more information about the assigned user network refer to Assigned User Network Addresses on page 1 15 2 2 300016 A Rev 00 Starting L2TP Preparing a Configuration File Before starting L2TP you must create and save a configuration file with at least one WAN interface for example a synchronous or MCT port For information about the Site Manager configuration tool and how to work with configuration files refer to Configuring and Managing Routers with Site Manager To open the configuration file complete the following tasks Site Manager Procedure You do this System responds 1 In the main Site Manager window choose The Tools menu opens Tools 2 Choose Configuration Manager The Configuration Manager window opens 3 Choose Local File Remote File or Site Manager prompts you for the Dynamic configuration file you want to open 4 Select the file and click on OK The Configuration Manager window opens displaying the router modules From the Configuration Manager window go to one of the following sections to enable L2TP e Enabling L2TP on an Unconfigured WAN Interface on page 2 4 e Enabling L2TP on an Existing PPP Interface on page 2 5 e Enabling L2TP on an Existing Frame Relay Interface on page 2 7 Enabling L2TP on an Existing ATM Interface on page 2 9 300016 A Rev
65. uate procedures apart from the Software to reconstruct lost or altered files data or programs 4 Limitation of liability IN NO EVENT WILL BAY NETWORKS OR ITS LICENSORS BE LIABLE FOR ANY COST OF SUBSTITUTE PROCUREMENT SPECIAL INDIRECT INCIDENTAL OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES RESULTING FROM INACCURATE OR LOST DATA OR LOSS OF USE OR PROFITS ARISING OUT OF OR IN CONNECTION WITH THE PERFORMANCE OF THE SOFTWARE EVEN IF BAY NETWORKS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES IN NO EVENT SHALL THE LIABILITY OF BAY NETWORKS RELATING TO THE SOFTWARE OR THIS AGREEMENT EXCEED THE PRICE PAID TO BAY NETWORKS FOR THE SOFTWARE LICENSE 5 Government Licensees This provision applies to all Software and documentation acquired directly or indirectly by or on behalf of the United States Government The Software and documentation are commercial products licensed on the open market at market prices and were developed entirely at private expense and without the use of any U S Government funds The license to the U S Government is granted only with restricted rights and use duplication or disclosure by the U S Government is subject to the restrictions set forth in subparagraph c 1 of the Commercial Computer Software Restricted Rights clause of FAR 52 227 19 and the limitations set out in this license for civilian agencies and subparagraph c 1 ii of the Rights in Technical Data and Computer Software clause of DFARS 252 227 7013 for
66. w opens that reads L2TP Configuration is completed continued 300016 A Rev 00 2 9 Configuring L2TP Services Site Manager Procedure continued You do this System responds 11 Click on OK The message window closes You return to the Assigned User Network List window 12 Click on Done You return to the Circuit Definition window 13 Choose File The File menu opens 14 Choose Exit You return to the Configuration Manager window If your ATM interface uses an ATM connector complete the following tasks Site Manager Procedure You do this System responds 1 In the Configuration Manager window choose an ATM connector The Edit ATM Connector window opens 2 Choose Service Attributes The ATM Service Records List window opens 3 Choose Protocols The Protocols menu opens 4 Choose Add Delete The Select Protocols window opens 5 Choose L2TP then click on OK The L2TP Configuration window opens 6 Complete steps 6 through 11 in the Site Manager enables L2TP previous table 7 Click on Done You return to the ATM Service Records List window 8 Click on Done You return to the Edit ATM Connector window 9 Click on Done You return to the Configuration Manager window 2 10 300016 A Rev 00 Chapter 3 Customizing L2TP Services When you enable L2TP default values are in effect for mo
Download Pdf Manuals
Related Search