Important: This product requires the purchase of a separate session licence and feature key in order to function as described.
Important: The LAC service uses UDP ports 13660 through 13668 as the source port for sending packets to the LNS.
Important: The capacities stated in this section are the maximum supported by the components. Actual capacities are dependent upon hardware and software configurations.
• Attribute-based tunneling: This method is used to encapsulate PPP packets for only specific users, identified during authentication. In this method, the LAC service parameters and allowed LNS nodes that may be communicated with are controlled by the user profile for the particular subscriber. The user profile can be configured locally on the system or remotely on a RADIUS server.
• PDSN Service-based compulsory tunneling: This method of tunneling is used to encapsulate all incoming PPP traffic from the R-P interface coming into a PDSN service, and tunnel it to an LNS peer for authentication. It should be noted that this method does not consider subscriber configurations, since all authentication is performed by the peer LNS.Important: These instructions assume that the system was previously configured to support subscriber data sessions as a PDSN.
Step 1 Configure the subscriber profiles according to the information and instructions located in the Configuring Subscriber Profiles for L2TP Support section of this chapter.
Step 2 Configure one or more LAC services according to the information and instructions located in the Configuring LAC Services section of this chapter.
Step 3 Configure the PDSN service(s) with the tunnel context location according to the instructions located in the Modifying PDSN Services for L2TP Support section of this chapter.
Step 4 Save your configuration as described in Verifying and Saving Your Configuration.
2. The PDSN service detects its tunnel-type parameter is configured to L2TP and its tunnel-context parameter is configured to the Destination context.Important: These instructions assume that the system was previously configured to support subscriber data sessions as a PDSN.
Step 1 Configure one or more LAC services according to the information and instructions located in the Configuring LAC Services section of this chapter.
Step 2 Configure the PDSN service(s) according to the instructions located in the Modifying PDSN Services for L2TP Support section of this chapter.
Step 3 Save your configuration as described in Verifying and Saving Your Configuration.
• Transparent IP: The APN template’s L2TP parameter settings will be applied to the session.
• Non-transparent IP: Since authentication is required, L2TP parameter attributes in the subscriber profile (if configured) will take precedence over the settings in the APN template.
• PPP: The APN template’s L2TP parameter settings will be applied and all of the subscriber’s PPP packets will be forwarded to the specified LNS.Important: These instructions assume that the system was previously configured to support subscriber data sessions as a GGSN.
Step 1 Configure the APN template to support L2TP tunneling according to the information and instructions located in the Modifying APN Templates to Support L2TP section of this chapter.Important: L2TP tunneling can be configured within individual subscriber profiles as opposed/or in addition to configuring support with an APN template. Subscriber profile configuration is described in the Configuring Subscriber Profiles for L2TP Support section of this chapter.
Step 2 Configure one or more LAC services according to the information and instructions located in the Configuring LAC Services section of this chapter.
Step 3 Save your configuration as described in Verifying and Saving Your Configuration chapter.Important: These instructions assume that the system was previously configured to support subscriber data sessions as an HA.
Step 1 Configure the subscriber profiles according to the information and instructions located in the Configuring Subscriber Profiles for L2TP Support section of this chapter.
Step 2 Configure one or more LAC services according to the information and instructions located in the Configuring LAC Services section of this chapter.
Step 3 Save your configuration as described in Verifying and Saving Your Configuration chapter.Important: Since the instructions for configuring subscribers differ between RADIUS server applications, this section only provides the individual attributes that can be added to the subscriber profile. Refer to the documentation that shipped with your RADIUS server for instructions on configuring subscribers.
• Random - Random LNS selection order, the Tunnel-Preference attribute is not used in determining which LNS to select.
• Balanced - LNS selection is sequential balancing the load across all configured LNS nodes, the Tunnel-Preference attribute is not used in determining which LNS to select.
• Prioritized - LNS selection is made based on the priority assigned in the Tunnel-Preference attribute.Important: The configuration of RADIUS-based subscriber profiles is not discussed in this document. Please refer to the documentation supplied with your RADIUS server for further information.
Important: This section provides the minimum instruction set for configuring local subscriber profile for L2TP support on the system. For more information on commands that configure additional parameters and options, refer LAC Service Configuration Mode Commands chapter in Command Line Interface Reference.
Step 1 Configure the “Local” subscriber with L2TP tunnel parameters and the load balancing parameters with action by applying the example configuration in the Configuring Local Subscriber section.
Step 2 Verify your L2TP configuration by following the steps in the Verifying the L2TP Configuration section.
Step 3 Save your configuration as described in Verifying and Saving Your Configuration chapter.context <ctxt_name> [-noconfirm]subscriber name <subs_name>tunnel l2tp peer-address <lns_ip_address> [ preference <integer> | [ encrypted ] secret <secret_string> | tunnel-context <context_name> | local-address <local_ip_address> }
• <ctxt_name> is the system context in which you wish to configure the subscriber profile.
• <lns_ip_address> is the IP address of LNS server node and <local_ip_address> is the IP address of system which is bound to LAC service.show subscriber configuration username user_nameImportant: Not all commands, keywords and functions may be available. Functionality is dependent on platform and license(s).
Important: This section provides the minimum instruction set for configuring LAC service support on the system. For more information on commands that configure additional parameters and options, refer LAC Service Configuration Mode Commands chapter in Command Line Interface Reference.
Step 1 Configure the LAC service on system and bind it to an IP address by applying the example configuration in the Configuring LAC Service section.
Step 2 Optional. Configure LNS peer information if the Tunnel-Service-Endpoint attribute is not configured in the subscriber profile or PDSN compulsory tunneling is supported by applying the example configuration in the Configuring LNS Peer section.
Step 4 Save your configuration as described in the Verifying and Saving Your Configuration chapter.context <dst_ctxt_name> [-noconfirm]lac-service <service_name>bind address <ip_address>
• <dst_ctxt_name> is the destination context where you want to configure the LAC service.context <dst_ctxt_name> [ -noconfirm ]lac-service <service_name>peer-lns <ip_address> [encrypted] secret <secret> [crypto-map <map_name> {[encrypted] isakmp-secret <secret> }] [description <text>] [ preference <integer>]
• <dst_ctxt_name> is the destination context where the LAC service is configured.show lac-service name service_nameImportant: This section provides the minimum instruction set for modifying PDSN service for L2TP support on the system. For more information on commands that configure additional parameters and options, refer LAC Service Configuration Mode Commands chapter in Command Line Interface Reference.
Step 1
Step 2 Verify your configuration to modify PDSN service by following the steps in the Verifying the PDSN Service for L2TP Support section.
Step 3 Save your configuration as described in the Verifying and Saving Your Configuration chapter.context <source_ctxt_name> [ -noconfirm ]pdsn-service <pdsn_service_name>ppp tunnel-context <lac_context_name>
• <source_ctxt_name> is the name of the source context containing the PDSN service, which you want to modify for L2TP support.
• <pdsn_service_name> is the name of the pre-configured PDSN service, which you want to modify for L2TP support.
• <lac_context_name> is typically the destination context where the LAC service is configured.show pdsn-service name pdsn_service_nameImportant: This section provides the minimum instruction set for configuring LAC service support on the system. For more information on commands that configure additional parameters and options, refer LAC Service Configuration Mode Commands chapter in Command Line Interface Reference.
Step 1 Modify the APN template to support L2TP with LNS server address and other parameters by applying the example configuration in the Assigning LNS Peer Address in APN Template section.
Step 2 Optional. If L2TP will be used to tunnel transparent IP PDP contexts, configure the APN’s outbound username and password by applying the example configuration in the Configuring Outbound Authentication section.
Step 3 Verify your APN configuration by following the steps in the Verifying the APN Configuration section.
Step 4 Save your configuration as described in the Verifying and Saving Your Configuration chapter.context <dst_ctxt_name> [-noconfirm]apn <apn_name>tunnel l2tp [ peer-address <lns_address> [ [ encrypted ] secret <l2tp_secret> ] [ preference <integer> ] [ tunnel-context <l2tp_context_name> ] [ local-address <local_ip_address> ] [ crypto-map <map_name> { [ encrypted ] isakmp-secret <crypto_secret> } ]
• <dst_ctxt_name> is the name of system destination context in which the APN is configured.
• <apn_name> is the name of the pre-configured APN template which you want to modify for the L2TP support.
• <lns_address> is the IP address of LNS server node and <local_ip_address> is the IP address of system which is bound to LAC service.context <dst_ctxt_name> [ -noconfirm ]apn <apn_name>
• <dst_ctxt_name> is the destination context where APN template is is configured.
• <apn_name> is the name of the pre-configured APN template which you want to modify for the L2TP support.show apn name apn_name
![]() |
Cisco Systems Inc. |
Tel: 408-526-4000 |
Fax: 408-527-0883 |