H3C Technologies H3C SecPath F1000-E User Manual

239

Figure 153 L2TP call setup procedure

An L2TP call is set up in the following procedure:

1.

The remote user (Host) makes a PPP call.

2.

The remote user and the LAC (Device A) perform PPP LCP negotiation.

3.

The LAC authenticates the remote user using the Password Authentication Protocol (PAP) or
Challenge Handshake Authentication Protocol (CHAP).

4.

The LAC sends the authentication information (the username and password) to its RADIUS server
for authentication.

5.

The LAC RADIUS server authenticates the user.

6.

If the user passes authentication, the LAC initiates a tunneling request to the LNS.

7.

If authentication of the tunnel is required, the LAC sends a CHAP challenge to the LNS. The LNS
returns a CHAP response and sends its CHAP challenge to the LAC. Accordingly, the LAC returns

a CHAP response to the LNS.

8.

The tunnel passes authentication.

9.

The LAC sends the CHAP response, response identifier, and PPP negotiation parameters of the user
to the LNS.

10.

The LNS sends an access request to its RADIUS server for authentication.

11.

The RADIUS server authenticates the access request and returns a response if the user passes
authentication.

12.

If the LNS is configured to perform a mandatory CHAP authentication of the user, the LNS sends a
CHAP challenge to the user and the user returns a CHAP response.

13.

The LNS resends the access request to its RADIUS server for authentication.