Rate and give feedback:  Feedback Received. Thank You!

Rate and give feedback: 

X

This document helped resolve my issue

Yes No

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:  

E-mail: 

Enter a valid Email ID

Need product assistance? Contact Juniper Support

Submit

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.

Configuring an L2TP Access Profile on the LNS

Access profiles define how to validate Layer 2 Tunneling Protocol (L2TP) connections and session requests. Within each L2TP access profile, you configure one or more clients (LACs). The client characteristics are used to authenticate LACs with matching passwords, and to establish attributes of the client tunnel and session. You can configure multiple access profiles and multiple clients within each profile.

1. Create the access profile.
   [edit access]user@host# edit profile access-profile-name
2. Configure characteristics for one or more clients (LACs).
   [edit access profile access-profile-name]user@host# client client-name

   Note: Except for the special case of the default client, the LAC client name that you configure in the access profile must match the hostname of the LAC. In the case of a Juniper Networks router acting as the LAC, the hostname is configured in the LAC tunnel profile with the gateway gateway-name statement at the [edit access tunnel-profile profile-name tunnel tunnel-id source-gateway] hierarchy level. Alternatively, the client name can be returned from RADIUS in the attribute, Tunnel-Client-Auth-Id [90].

   Note: Use default as the client name when you want to define a default tunnel client. The default client enables the authentication of multiple LACs with the same secret and L2TP attributes. This behavior is useful when, for example, many new LACs are added to the network, because it enables the LACs to be used without additional LNS profile configuration. Use default only on MX Series routers. The equivalent client name on M Series routers is *.

3. (Optional) Specify a local access profile that overrides the global access profile and the tunnel group AAA access profile to configure RADIUS server settings for the client.
   [edit access profile access-profile-name client client-name]user@host# set l2tp aaa-access-profile
4. Configure the LNS to renegotiate the link control protocol (LCP) with the PPP client. tunneled from the client.
   [edit access profile access-profile-name client client-name]user@host# set l2tp lcp-renegotiation
5. Configure the maximum number of sessions allowed in a tunnel from the client (LAC).
   [edit access profile access-profile-name client client-name]user@host# set l2tp maximum-sessions-per-tunnel number
6. Configure the tunnel password used to authenticate the client (LAC).
   [edit access profile access-profile-name client client-name]user@host# set l2tp shared-secret shared-secret
7. (Optional) Associate a group profile containing PPP attributes to apply for the PPP sessions being tunneled from this LAC client.
   [edit access profile access-profile-name client client-name]user@host# set user-group-profile group-profile-name