Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


L2TP Minimum Configuration


To configure L2TP services, you must perform at least the following tasks:

  • Define a tunnel group at the [edit services l2tp] hierarchy level with the following attributes:

    • l2tp-access-profile—Profile name for the L2TP tunnel.

    • ppp-access-profile—Profile name for the L2TP user.

    • local-gateway—Address for the L2TP tunnel.

    • service-interface—AS PIC interface for the L2TP service.

    • Optionally, you can configure traceoptions for debugging purposes.

    The following example shows a minimum configuration for a tunnel group with trace options:

  • At the [edit interfaces] hierarchy level:

    • Identify the physical interface at which L2TP tunnel packets enter the router, for example ge-0/3/0.

    • Configure the AS PIC interface with unit 0 family inet defined for IP service, and configure another logical interface with family inet and the dial-options statement.

    The following example shows a minimum interfaces configuration for L2TP:

  • At the [edit access] hierarchy level:

    • Configure a tunnel profile. Each client specifies a unique L2TP Access Concentrator (LAC) name with an interface-id value that matches the one configured on the AS PIC interface unit; shared-secret is authentication between the LAC and the L2TP Network Server (LNS).

    • Configure a user profile. If RADIUS is used as the authentication method, it needs to be defined.

    • Define the RADIUS server with an IP address, port, and authentication data shared between the router and the RADIUS server.


      When the L2TP Network Server (LNS) is configured with RADIUS authentication, the default behavior is to accept the preferred RADIUS-assigned IP address. Previously, the default behavior was to accept and install the nonzero peer IP address that came into the IP-Address option of the IPCP Configuration Request packet.

    • Optionally, you can define a group profile for common attributes, for example keepalive 0 to turn off keepalive messages.

    The following example shows a minimum profiles configuration for L2TP: