Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Mapping User Domain Names to L2TP Tunnels from Tunnel Group Tunnel Mode

    To map a domain to an L2TP tunnel locally on the router from Tunnel Group Tunnel Configuration mode, perform the following steps:

    1. Specify an AAA tunnel group and change the mode to Tunnel Group Tunnel Configuration mode. From Tunnel Group Tunnel Configuration mode, you can add up to 31 tunnel definitions.
      host1(config)#aaa tunnel-group westford host1(config-tunnel-group)#
    2. Specify a tunnel to configure and enter Tunnel Group Tunnel Configuration mode:
      host1(config-tunnel-group)#tunnel 3 host1(config-tunnel-group-tunnel)#
    3. Specify a virtual router; in this case, the default router is specified.
      host1(config-tunnel-group-tunnel)#router-name default
    4. Specify the LNS endpoint address of a tunnel.
      host1(config-tunnel-group-tunnel)#address 192.0.2.13
    5. Specify a preference for the tunnel.

      You can specify up to eight levels of preference, and you can assign the same preference to a maximum of 31 tunnels. When you define multiple preferences for a destination, you increase the probability of a successful connection.

      host1(config-tunnel-group-tunnel)#preference 5
    6. (Optional) Specify an authentication password for the tunnel.
      host1(config-tunnel-group-tunnel)#password temporary

      Note: If you specify a password for the LAC, the router requires that the peer (the LNS) authenticate itself to the router. In this case, if the peer fails to authenticate itself, the tunnel terminates.

    7. (Optional) Specify a hostname for the LAC end of the tunnel.

      The LAC sends the hostname to the LNS when communicating to the LNS about the tunnel. The hostname can be up to 64 characters (no spaces).

      host1(config-tunnel-group-tunnel)#client-name host4.

      Note: If the LNS does not accept tunnels from unknown hosts, and if no hostname is specified, the LAC uses the router name as the hostname.

    8. (Optional) Specify a server name for the LNS.

      This name specifies the hostname expected from the peer (the LNS) when you set up a tunnel. When this name is specified, the peer must identify itself with this name during tunnel startup. Otherwise, the tunnel is terminated. The server name can be up to 64 characters (no spaces).

      host1(config-tunnel-group-tunnel)#server-name boston
    9. (Optional) Specify a source IP address for the LAC tunnel endpoint. All L2TP packets sent to the peer use this source address.

      By default, the router uses the virtual router’s router ID as the source address. You can override this behavior for an L2TP tunnel by specifying a source address. If you do specify a source address, use the address of a stable IP interface (for example, a loopback interface). Make sure that the address is configured in the virtual router for this domain map, and that the address is reachable by the peer.

      host1(config-tunnel-group-tunnel)#source-address 192.0.3.3
    10. Specify a tunnel identification.
      host1(config-tunnel-group-tunnel)#identification acton

      The router groups L2TP sessions with the same tunnel identification into the same tunnel. This occurs only when both the destination (virtual router, IP address) and the ID are the same.

    11. Specify a medium type for the tunnel. (L2TP supports only IP version 4 [IPv4].)
      host1(config-tunnel-group-tunnel)#medium ipv4
    12. Specify the L2TP tunnel type (RADIUS attribute 64, Tunnel-Type). Currently, the only supported value is L2TP.
      host1(config-tunnel-group-tunnel)#type l2tp
    13. Verify the L2TP tunnel configuration.
      host1(config)# show aaa domain-map
      Domain: westford.com; router-name: default; ipv6-router-name: default
                                                                                  Tunnel
      Tunnel   Tunnel         Tunnel        Tunnel   Tunnel    Tunnel    Tunnel   Client
       Tag      Peer          Source         Type    Medium   Password     Id      Name
      ------   ------------   -----------   ------   ------   ---------  ------   ------
      3        192.168.2.13   192.168.3.3   l2tp     ipv4     temporary  acton    host4
       
               Tunnel                 Tunnel                     Tunnel
      Tunnel   Server     Tunnel       Max                       Virtual
       Tag      Name    Preference   Sessions     Tunnel RWS     Router
      ------   ------   ----------   --------   --------------   -------
      3        boston   5            0          system chooses   vr2
      
      host1#show aaa tunnel-parameters
      Tunnel password is 3&92k%b#q4
      Tunnel client-name is <NULL>
      Tunnel nas-port-method is none
      Tunnel nas-port ignore disabled
      Tunnel nas-port-type ignore disabled
      tunnel assignmentId format is assignmentId
      aaa tunnel calling number format is descriptive 

    Published: 2014-08-20