Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

L2TP LAC Subscriber Configuration

 

Configuring an L2TP LAC

To configure an L2TP LAC:

  1. Configure a tunnel profile to apply to subscribers.

    See Configuring a Tunnel Profile for Subscriber Access.

  2. (Optional) Configure the method used for selecting among multiple tunnels.
  3. (Optional) Configure the LAC to not send Calling Number AVP 22 to the LNS.

    See Preventing the LAC from Sending Calling Number AVP 22 to the LNS.

  4. (Optional) Specify the method for setting the transmit and receive connect speeds.

    See Configuring the Method to Derive the LAC Connection Speeds Sent to the LNS.

  5. (Optional) Configure whether the L2TP failover protocol is negotiated or the silent failover method is used for resynchronization.

    See Configuring the L2TP Peer Resynchronization Method.

  6. (Optional) Specify the format for the tunnel name.

    See Setting the Format for the Tunnel Name.

  7. (Optional) Specify when and how many times L2TP retransmits unacknowledged control messages.

    See Configuring Retransmission Attributes for L2TP Control Messages.

  8. (Optional) Specify how long a tunnel can remain idle before being torn down.

    See Setting the L2TP Tunnel Idle Timeout.

  9. (Optional) Specify the L2TP receive window size for the L2TP tunnel. The receive window size specifies the number of packets a peer can send before waiting for an acknowledgment from the router.

    See Setting the L2TP Receive Window Size.

  10. (Optional) Specify how long the router retains information about terminated dynamic tunnels, sessions, and destinations.

    See Setting the L2TP Destruct Timeout.

  11. (Optional) Specify how the LAC handles IP address or UDP port change requests.

    See Configuring How the LAC Responds to Address and Port Changes Requested by the LNS.

  12. (Optional) Configure all tunnels on the LAC for interoperation with Cisco LNS devices.

    See Globally Configuring the LAC to Interoperate with Cisco LNS Devices.

  13. (Optional) Specify that the LAC sends information to the LNS about subscriber access lines.

    See Configuring the Reporting and Processing of Subscriber Access Line Information.

  14. (Optional) Configure the LAC to create the IPv6 address family (inet6) when establishing a tunnel for subscribers, enabling the application of IPv6 firewall filters.

    See Enabling the LAC for IPv6 Services.

  15. (Optional) Prevent the creation of new sessions, destinations, or tunnels for L2TP.

    See Configuring L2TP Drain.

  16. (Optional) Enable SNMP statistics counters.

    See Enabling Tunnel and Global Counters for SNMP Statistics Collection.

  17. (Optional) Configure trace options for troubleshooting the configuration.

    See Tracing L2TP Events for Troubleshooting.

Configuring How the LAC Responds to Address and Port Changes Requested by the LNS

An LNS can use the SCCRP message that it sends the LAC when a tunnel is being established to request a change in the destination IP address or UDP port that the LAC uses to communicate with the LNS. By default, the LAC accepts the request and makes the change. You can use the tx-address-change statement to configure one of the following methods for the LAC to handle these change requests for all tunnels:

  • accept—The LAC accepts the change from the LNS. It sends all subsequent packets to and receives packets from the new IP address or UDP port.

  • ignore—The LAC continues to send packets to the original address or port, but accepts packets from the new address or port.

  • reject—The LAC sends a StopCCN message to the original address or port and then terminates the connection to that LNS.

The LAC accepts a change in address or port only once, when the tunnel is being established. Tunnels that are already established are not affected. The LAC drops any L2TP control packets containing change requests received at any other time, or in any packet other than an SCCRP message.

Note

This statement does not support IPv6 addresses.

To configure how the LAC handles change requests for the IP address, the UDP port, or both:

  • (Optional) Configure the LAC to accept all change requests. This is the default behavior.

  • (Optional) Configure the LAC to ignore all change requests.

  • (Optional) Configure the LAC to ignore change requests only for the IP address.

  • (Optional) Configure the LAC to ignore change requests only for the UDP port.

  • (Optional) Configure the LAC to reject all change requests.

  • (Optional) Configure the LAC to reject change requests only for the IP address.

  • (Optional) Configure the LAC to reject change requests only for the UDP port.

For example, the following configuration causes the LAC to ignore requests to change the UDP port, but to reject requests to change the IP address:

Note

Conflicting configurations are not allowed and fail the configuration commit check. You cannot For example, the following configuration fails, because it specifies that UDP port changes are ignored, but that all changes are rejected:

Use the show services l2tp summary command to display the current behavior of the LAC:

show services l2tp summary

Depending on the configuration, this command displays one of the following outputs:

LAC Interoperation with Third-Party LNS Devices

In some network environments, the LAC may need to interoperate with an LNS configured on a device from another vendor that does not run Junos OS. Interoperation with Cisco Systems devices requires the LAC to communicate a NAS port type, but the LAC does not provide this information by default.

You can enable interoperation with Cisco Systems devices by configuring the NAS port method as cisco-avp, which causes the LAC to include the Cisco Systems NAS Port Info AVP (100) when it sends an incoming call request (ICRQ) to the LNS. The AVP includes information that identifies the NAS port and indicates whether the port type is ATM or Ethernet.

You can configure the NAS port method globally for all tunnels on the LAC or in a tunnel profile for only the tunnels instantiated by the profile.

You can also include the Tunnel-Nas-Port-Method VSA [26–30] in your RADIUS server configuration with the value set to 1 to indicate Cisco Systems CLID. In this case, RADIUS can override the global value by modifying or creating a tunnel profile. The RADIUS configuration has precedence over the tunnel profile configuration, which in turn has precedence over the global LAC configuration.

If the LNS receiving the AVP is an MX Series router instead of a Cisco Systems device, the LNS simply ignores the AVP, unless the LNS is configured for L2TP tunnel switching. In that case, the LNS preserves the value of the AVP and passes it along when it switches tunnels for the LAC.

Globally Configuring the LAC to Interoperate with Cisco LNS Devices

Cisco LNS devices require from the LAC both the physical NAS port number identifier and the type of the physical port, such as Ethernet or ATM. By default, the LAC does not include this information. You can globally configure the LAC to provide this information by including the NAS Port Info AVP (100) in the ICRQ that it sends to the LNS. This configuration enables the LAC to interoperate with a Cisco LNS.

To globally configure the LAC to include the NAS Port Info AVP:

  • Specify the NAS port method.

Note

This global configuration for the LAC can be overridden by the configuration in a tunnel profile or RADIUS.

Use the show services l2tp tunnel extensive command to display the current behavior of the LAC:

show services l2tp tunnel extensive