No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - User Access 01

This is NE40E V800R010C10SPC500 Configuration Guide - User Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Overview of L2TP Access

Overview of L2TP Access

Layer 2 Tunneling Protocol (L2TP) combines the advantages of Layer 2 Forwarding (L2F) and Point-to-Point Tunneling Protocol (PPTP), and is an IETF industry standard for Layer 2 tunneling protocols.

L2TP establishes point-to-point tunnels on public networks (such as the Internet) to encapsulate and transmit Point-to-Point Protocol (PPP) data frames. In this way, remote users (such as enterprise branches and traveling staff) can communicate with the intranet through L2TP tunnels and access intranet resources. This provides a secure, economical, and effective way for remote users to access private enterprise networks. L2TP provides tunneling transmission for PPP packets, allows Layer 2 link endpoints and PPP session endpoints to reside on different devices, and adopts the packet switching technology for information exchange. In this manner, L2TP extends the PPP model. L2TP combines the advantages of the L2F and PPTP protocols and is an IETF industry standard for Layer 2 tunneling protocols.

Figure 10-1 L2TP networking

On the network shown in Figure 10-1, the typical L2TP networking consists of the following parts:

  • Remote system: A remote system is a remote user or a remote branch that connects to the intranet of an enterprise. It is usually a host of a dial-up user or a device on a private network.
  • L2TP Access Concentrator (LAC): An LAC is the endpoint of an L2TP tunnel and is located between the LNS and the remote system to transmit packets between the LNS and the remote system. It encapsulates the packets received from the remote system into L2TP packets, sends the packets to the LNS, decapsulates the packets received from the LNS, and sends the packets to the remote system.
  • L2TP Network Server (LNS): An LNS is a device that provides PPP and L2TP processing capabilities and is usually located at the edge of an enterprise intranet. As the other end of an L2TP tunnel, the LNS is the logical end point of the PPP sessions transmitted by the LAC through the tunnel. L2TP establishes an L2TP tunnel on the public network to extend PPP connections of the remote system from the original NAS to the LNS on the enterprise intranet.

A device that functions as both an LNS and LAC is called an L2TP Tunnel Switch (LTS).

Common L2TP Tunnel Modes

  • NAS-initiated mode

    In NAS-initiated mode, the LAC (NAS) initiates L2TP tunnel establishment requests. After a dial-up user of the remote system accesses the LAC through PPPoE or ISDN, the LAC initiates an L2TP tunnel establishment request to the LNS. L2TP tunnels in NAS-initiated mode have the following features:

    • The remote system supports only the PPP protocol and does not need to support L2TP.
    • The authentication and accounting for remote dial-in users can be performed by the LAC or LNS.
  • Client-initiated mode

    In client-initiated mode, a LAC client (a remote system that supports L2TP) directly initiates L2TP tunnel establishment requests. The LAC client has a public IP address and can communicate with the LNS through the Internet. If L2TP dial-up is triggered on the LAC client, the LAC client directly initiates an L2TP tunnel establishment request to the LNS instead of establishing a tunnel through the LAC. L2TP tunnels in client-initiated mode have the following features:

    • L2TP tunnels are established between the remote system and the LNS to ensure high security.
    • L2TP tunnels in client-initiated mode have high requirements on the remote system. The remote system must be a LAC client that supports L2TP and can communicate with the LNS. Therefore, this mode has poor scalability.
Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055031

Views: 19228

Downloads: 79

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next