Mapping a User Domain Name to an L2TP Tunnel Overview

The router uses either the local database related to the domain name or a RADIUS server to determine whether to terminate or tunnel PPP connections.

For information about setting up RADIUS to provide this mapping, see Configuring Remote Access.

For a given domain map, you can choose one of two methods to map the domain to an L2TP tunnel locally on the router:

• Configure tunnels for a domain map and then define tunnel attributes from Domain Map Tunnel configuration mode.
• Configure a tunnel group and then define the attributes for its tunnels from Tunnel Group Tunnel Configuration mode. Use this method only when no tunnels are currently defined for the domain map from Domain Map Tunnel configuration mode. By default, tunnel groups are not assigned to the domain map.

  After configuring a tunnel group and the attributes for its tunnels, you can assign the tunnel group to the domain map from Domain Map mode. The tunnel group reference in the domain map is used instead of tunnel definitions configured from Domain Map Tunnel configuration mode.

  The RADIUS server can reference tunnel groups through the RADIUS Tunnel Group [26-64] attribute. The advantages of RADIUS support for tunnel groups are:

  • The RADIUS server can maintain a single tunnel group attribute associated with each user instead of sets of tunnel attributes for each user.
  • The RADIUS server can authenticate users before attempting to establish tunnels.

Related Topics

•  Mapping User Domain Names to L2TP Tunnels from Domain Map Tunnel Mode
•  Mapping User Domain Names to L2TP Tunnels from Tunnel Group Tunnel Mode

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.