Configuring an LNS

When you configure an LNS, you can configure it to accept calls from any LAC.

Note: If there is no explicit LNS configuration on the router, the UDP port used for L2TP traffic is closed, and no tunnels or sessions can be established.

To enable an LAC to connect to the LNS, you must create the following profiles:

• An L2TP destination profile—Defines the location of each LAC
• An L2TP host profile—Defines the attributes used when communicating with an LAC

  Note: If you remove a destination profile or modify attributes of a host profile, all tunnels and sessions using the profile will be dropped.

  Note: If you are using shared tunnel-server ports, you must configure the shared tunnel-server ports before you configure Layer 2 Tunneling Protocol (L2TP) network server (LNS) support. You use the tunnel-server command in Global Configuration mode to specify the physical location of the shared tunnel-server port that you want to configure. See virtual-router for additional information about the tunnel-server command and shared tunnel-server ports.

To configure an LNS, perform the following steps:

1. Create a destination profile that defines the location of the LAC, and access L2TP Destination Profile Configuration mode. See Creating an L2TP Destination Profile .
   host1:boston(config)#l2tp destination profile boston4 ip address 192.168.76.20host1:boston(config-l2tp-dest-profile)#
2. Define the L2TP host profile and enter L2TP Destination Profile Host Configuration mode. See Creating an L2TP Host Profile .
   host1:boston(config-l2tp-dest-profile)#remote host default host1:boston(config-l2tp-dest-profile-host)#
3. (Optional) Assign a profile name for a remote host.
   host1:boston(config-l2tp-dest-profile-host)#profile georgeProfile1
4. (Optional) Disable the use of proxy LCP when connecting to the selected host.
   host1(config-l2tp-dest-profile-host)#disable proxy lcp
5. (Optional) Enable the use of proxy authentication when connecting to the selected host.
   host1(config-l2tp-dest-profile-host)#enable proxy authenticate
6. (Optional) Specify the local hostname to be used in any hostname AVP sends to the LAC. By default, the router name is used as the local hostname.
   host1(config-l2tp-dest-profile-host)#local host andy
7. (Optional) Specify the local IP address to be used in any packets sent to the LAC. By default, the router ID is used.
   host1(config-l2tp-dest-profile-host)#local ip address 192.168.23.1
8. (Optional) Specify the shared secret used to authenticate the tunnel. By default, there is no tunnel authentication.
   host1:boston(config-l2tp-dest-profile-host)#tunnel password saco
9. (Optional) Specify that the LNS override out-of-resource result codes 4 and 5 with code 2 for interoperation with third-party implementations that do not support codes 4 and 5.
   host1:boston(config-l2tp-dest-profile-host)#session-out-of-resource-result-code-override
10. (Optional) Specify that L2TP create an MLPPP interface when LCP proxy data is not forwarded from the LAC.

    For example, the MLPPP interface is created if the LAC does not send the initial received or last received LCP configuration request. If full LCP proxy data is available, this command is ignored.

    host1:boston(config-l2tp-dest-profile-host)#default-upper-type mlppp

    Note: When acting as the LNS, the E Series router supports dialed number identification service (DNIS). With DNIS, if users have a called number associated with them, the router searches the domain map for the called number. If it finds a match, the router uses the matching domain map entry information to authenticate the user. If the router does not find a match, it searches the domain map using normal processing. See Unresolved xref in Unresolved xref.