L2tp features – H3C Technologies H3C SecPath F1000-E User Manual

6

4.

The LAC sends the authentication information (the username and password) to its RADIUS server

for authentication.

5.

The LAC RADIUS server authenticates the user.

6.

If the user passes authentication, the LAC initiates a tunneling request to the LNS.

7.

If authentication of the tunnel is required, the LAC sends a CHAP challenge to the LNS. The LNS
returns a CHAP response and sends its CHAP challenge to the LAC. Accordingly, the LAC returns

a CHAP response to the LNS.

8.

The tunnel passes authentication.

9.

The LAC sends the CHAP response, response identifier, and PPP negotiation parameters of the user
to the LNS.

10.

The LNS sends an access request to its RADIUS server for authentication.

11.

The RADIUS server authenticates the access request and returns a response if the user passes
authentication.

12.

If the LNS is configured to perform a mandatory CHAP authentication of the user, the LNS sends a
CHAP challenge to the user and the user returns a CHAP response.

13.

The LNS resends the access request to its RADIUS server for authentication.

14.

The RADIUS server authenticates the access request and returns a response if the user passes
authentication.

15.

The LNS assigns an internal IP address to the remote user. Now, the user can access the internal
resources of the enterprise network.

L2TP Features

1.

Flexible identity authentication mechanism and high security

L2TP itself does not provide security for connections. However, it has all the security features of PPP for it

allows for PPP authentication (CHAP or PAP). L2TP can also cooperate with IPsec to guarantee data

security, making tunneled data more resistant to attacks. In addition, tunnel encryption, end-to-end data
encryption, and end-to-end application-layer data encryption technologies can be used together with

L2TP for higher data security as required.

2.

Multi-protocol transmission

L2TP tunnels PPP frames, which can be used to encapsulate packets of multiple network layer protocols.

3.

8RADIUS authentication

An LAC and LNS can send the username and password of a remote user to a RADIUS server for

authentication.

4.

Private address allocation

An LNS can reside behind the firewall of a corporate network, dynamically allocating private addresses

to remote users and managing the corporate private addresses (RFC 1918). This facilitates address

management and improves security.

5.

Accounting flexibility

Accounting can be carried out on the LAC and LNS simultaneously, allowing bills to be generated on the

ISP side and charging and auditing to take place on the enterprise gateway. L2TP can provide such
accounting data as statistics on inbound and outbound traffic (in packets and bytes) and connection start

time and end time. All these enable flexible accounting.

6.

Reliability