No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Overview of L2TP

Overview of L2TP

This section describes the definition and functions of L2TP.


The Layer 2 Tunneling Protocol (L2TP) is a Virtual Private Dial-up Network (VPDN) tunneling protocol and expands applications of the Point-to-Point Protocol (PPP) to allow remote dial-up users to access the network of an enterprise headquarters.

Based on PPP negotiation, L2TP sets up tunnels between branch users and enterprise headquarters over the dial-up network, so that remote users can access the headquarters network. The PPP over Ethernet (PPPoE) technology further expands the application scale of L2TP and can establish L2TP tunnels between remote users and the headquarters over the Ethernet and Internet.

Figure 1-1 shows a typical networking for constructing a VPDN network using L2TP.

Figure 1-1  Typical networking of L2TP


As enterprises develop and services increase, many branches are set up in different locations, and some staff often go on business trips. They require fast, secure, and reliable network connections with the headquarters. On traditional dial-up networks, they use phone lines leased by the Internet Service Provider (ISP) and apply for a dial string or IP addresses from the ISP. This results in high costs. Besides, leased lines cannot provide services for remote users especially the staff on business trips. VPDN, a dial-up network based VPN, is introduced to make a better use of dial-up networks to ease access of remote users. VPDN establishes a point-to-point virtual link between remote users and the headquarters gateway.

VPDN provides the following tunneling technologies:
  • Point-to-point tunneling protocol (PPTP)
  • Layer 2 forwarding (L2F)
  • Layer 2 Tunneling Protocol (L2TP)

L2TP combines advantages of PPTP and L2F and is widely accepted. L2TP enables an individual or a small number of remote users to access the internal network of an enterprise over the public network.


L2TP encapsulates PPP packets to transmit private data of an enterprise through virtual links established over the public network. This releases the enterprise from renting expensive physical lines. The enterprise only needs to manage remote access users and users on the private network, reducing maintenance cost due to simplified network architecture.

L2TP provides convenient, secure, and reliable access services for remote users, and brings the following benefits:

  • Flexible identity authentication and high security

    • L2TP uses PPP security features such as PAP and CHAP to authenticate user identity.

    • L2TP allows control messages to be transmitted in cipher text and supports tunnel authentication.

    • L2TP works with Internet Protocol Security (IPSec) to ensure high security data transmission, although it does not encrypt data to be transmitted.

  • Multi-protocol transmission

    L2TP transmits PPP frames, which can be used to encapsulate packets of multiple network layer protocols. Therefore, L2TP can be used on IP networks, Frame Relay (FR) permanent virtual circuit (PVCs), X.25 virtual circuits (VCs), or ATM VCs.

  • Remote Authentication Dial-in User Service (RADIUS) authentication

    L2TP provides two authentication methods to manage access users: local authentication and RADIUS authentication using the user name and password sent by a dial-up user.

  • Internal address allocation

    The enterprise headquarters gateway enabled with L2TP dynamically allocates private addresses to remote users.

  • Reliability

    L2TP supports LNS backup. When the primary LNS is unreachable, an LAC can establish a new connection with a secondary LNS. This enhances reliability of VPN services.

Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 142856

Downloads: 359

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next