Thursday, September 29, 2011

L2TP


Layer 2 Tunnel Protocol


Overview


L2TP is one of the key building blocks for virtual private networks in the dial access space and is endorsed by Cisco and other internetworking industry leaders. It combines the best of Cisco's Layer 2 Forwarding (L2F) protocol and Microsoft's Point-to-Point Tunneling Protocol (PPTP).

Purpose


The purpose of this document is to give an overview of what L2TP IOS® configuration commands are used in the L2TP tunneling process and what communication processes go on between network access devices.

Key L2TP Terms


CHAP: Challenge Handshake Authentication Protocol. A PPP authenication protocol.

L2TP Access Concentrator (LAC): An LAC can be a Cisco network access server connected to the public switched telephone network (PSTN). The LAC need only implement media for operation over L2TP. An LAC can connect to the LNS using a local-area network or wide-area network such as public or private Frame Relay. The LAC is the initiator of incoming calls and the receiver of outgoing calls.

L2TP Network Server (LNS): Most any Cisco router connected to a local-area network or wide-area network, such as public or private Frame Relay, can act as an LNS. It is the server side of the L2TP protocol and must operate on any platform that terminates PPP sessions. The LNS is the initiator of outgoing calls and the receiver of incoming calls. Figure 1 depicts the call routine between the LAC and LNS.

Virtual Private Dial Network (VPDN): A type of access VPN that uses PPP to deliver the service.

VPDN L2TP Model


Many different scenarios apply to the L2TP model. The most basic model is one in which a client initiates a call using a PC configured for PPP to his or her Internet service provider (ISP). With a wholesale dial model, an ISP outsources dial access to a service provider (SP). This paper examines L2TP behavior in the context of the wholesale dial model using VPDN, AAA, RADIUS, and L2TP. Figure 1 depicts a typical wholesale dial model. Dial access using an asynchronous or synchronous connection is assumed from the client to the SP.

Figure 1

L2TP LAC and LNS call routine. The physical call is terminated on the LAC while the PPP session is forwarded to the LNS.

Ref:
http://www.cisco.com/warp/public/cc/pd/iosw/tech/l2pro_tc.htm#wp1002209
http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/l2tun_ds.htm#wp17522
http://www.cisco.com/en/US/tech/tk801/tk70/technologies_tech_note09186a0080094586.shtml
http://www.cisco.com/en/US/docs/ios/12_0t/12_0t1/feature/guide/l2tpT.html#wp19656
http://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol
http://www.cisco.com/en/US/docs/ios/11_3/security/configuration/guide/secur_c.html
http://www.cisco.com/en/US/docs/ios/11_3/security/configuration/guide/scradius.html
http://www.cisco.com/en/US/docs/ios/12_1/12_1dc/feature/guide/l2switch.html
http://www.cisco.com/en/US/docs/ios/vpdn/command/reference/vpd_m1.html
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)