[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring RADIUS Authentication for an L2TP Profile

On an M10i or M7i routing platform, L2TP supports RADIUS authentication and accounting for users with one set of RADIUS servers under the [edit access] hierarchy. You can also configure RADIUS authentication for each tunnel client or user profile.

To configure the RADIUS authentication for L2TP tunnel clients on an M10i or M7i routing platform, include the ppp-profile statement with the l2tp attributes for tunnel clients:



[edit access profile profile-name client client-name l2tp]

ppp-profile profile-name;

ppp-profile profile-name specifies the profile used to validate PPP session requests through L2TP tunnels. Clients of the referenced profile must have only PPP attributes. The referenced group profile must be defined.

To configure the RADIUS authentication for a profile, include following statements at the [edit access profile profile-name] hierarchy level:



[edit access profile profile-name]

radius-server server-address {

accounting-port port-number;

port port-number;

retry attempts; 

routing-instance routing-instance-name;

secret password;

source-address source-address;

timeout seconds; 
}

When a PPP user initiates a session and RADIUS authentication is configured for the user profile on the tunnel group, the following priority sequence is used to determine which RADIUS server is used for authentication and accounting:

If the ppp-profile statement is configured under the tunnel client (LAC), the RADIUS servers configured under the specified ppp-profile are used.
If RADIUS servers are configured under the user profile for the tunnel group, those servers will be used.
If no RADIUS server is configured for the tunnel client (LAC) or user profile, then the RADIUS servers configured at the [edit access] hierarchy level are used.

[Contents] [Prev] [Next] [Index] [Report an Error]