Configuring a Tunnel Profile for Subscriber Access

The tunnel profile specifies a set of attributes to characterize the tunnel. The profile can be applied by a domain map or automatically when the tunnel is created.

Note: RADIUS attributes and VSAs can override the values you configured by a tunnel profile in a domain map. In the absence of a domain map, RADIUS can supply all the characteristics of a tunnel. The steps in the following procedure list the corresponding standard RADIUS attribute or VSA that you can configure on your RADIUS server to modify or configure the tunnel profile. RADIUS-supplied attributes are associated with a tunnel by a tag carried in the attribute, which matches the tunnel identifier. A tag of 0 indicates the tag is not used. If L2TP receives a RADIUS attribute with a tag of 0, the attribute cannot be merged with the tunnel profile configuration corresponding to the subscriber domain because a tunnel profile cannot provide a tunnel tag (tunnel identifier) of 0. Only tags in the range of 1 through 31 are supported.

1. Specify the tunnel profile for which you are defining a tunnel. (Tunnel-Group [26-64])
   [edit access]user@host# set tunnel-profile profile-name
2. Specify an identifier (name) for the L2TP control connection for the tunnel.
   [edit access tunnel-profile profile-name]user@host# set tunnel tunnel-id
3. Configure the IP address of the local L2TP tunnel endpoint, the LAC. (Tunnel-Client-Endpoint [66])
   [edit access tunnel-profile profile-name tunnel tunnel-id]user@host# set source-gateway address client-ip-address
4. Configure the IP address of the remote L2TP tunnel endpoint, the LNS. (Tunnel-Server-Endpoint [67])
   [edit access tunnel-profile profile-name tunnel tunnel-id]user@host# set remote-gateway address server-ip-address
5. (Optional) Configure the preference level for the tunnel. (Tunnel-Preference [83])
   [edit access tunnel-profile profile-name tunnel tunnel-id]user@host# set preference number
6. (Optional) Configure the hostname of the local client (LAC). (Tunnel-Client-Auth-Id [90])
   [edit access tunnel-profile profile-name tunnel tunnel-id]user@host# set source-gateway gateway-name client-name
7. (Optional) Configure the hostname of the remote server (LNS). (Tunnel-Server-Auth-Id [91])
   [edit access tunnel-profile profile-name tunnel tunnel-id]user@host# set remote-gateway gateway-name server-name
8. (Optional) Specify the medium (network) type for the tunnel. (Tunnel-Medium-Type [65])
   [edit access tunnel-profile profile-name tunnel tunnel-id]user@host# set medium type
9. (Optional) Specify the protocol type for the tunnel. (Tunnel-Type [64])
   [edit access tunnel-profile profile-name tunnel tunnel-id]user@host# set type tunnel-type
10. (Optional) Configure the assignment ID for the tunnel. (Tunnel-Assignment-Id [82])
    [edit access tunnel-profile profile-name tunnel tunnel-id]user@host# set identification name
11. (Optional) Configure the maximum number of sessions allowed in the tunnel. (Tunnel-Max-Sessions [26-33])
    [edit access tunnel-profile profile-name tunnel tunnel-id]user@host# set max-sessions number
12. (Optional) Configure the password for remote server authentication. (Standard RADIUS attribute Tunnel-Password [69] or VSA Tunnel-Password [26-9])
    [edit access tunnel-profile profile-name tunnel tunnel-id]user@host# set secret password
13. (Optional) Configure the logical system to use for the tunnel.

    If you configure a logical system, you must also configure a routing instance.

    [edit access tunnel-profile profile-name tunnel tunnel-id]user@host# set logical-system logical-system-name
14. (Optional) Configure the routing instance to use for the tunnel. (Tunnel-Virtual-Router [26-8])

    If you configure a routing instance, configuring a logical system is optional.

    [edit access tunnel-profile profile-name tunnel tunnel-id]user@host# set routing-instance routing-instance-name