Rate and give feedback:  Feedback Received. Thank You!

Rate and give feedback: 

X

This document helped resolve my issue

Yes No

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:  

E-mail: 

Enter a valid Email ID

Need product assistance? Contact Juniper Support

Submit

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.

Configuring an L2TP Tunnel Group for LNS Sessions with Inline Services Interfaces

The L2TP tunnel group specifies attributes that apply to L2TP tunnels and sessions from a group of LAC clients. These attributes include the access profile used to validate L2TP connection requests made to the LNS on the local gateway address, a local access profile that overrides the global access profile, the keepalive timer, and whether the IP ToS value is reflected.

Note: If you delete a tunnel group, all L2TP sessions in that tunnel group are terminated. If you change the value of the local-gateway-address, service-device-pool, or service-interface statements, all L2TP sessions using those settings are terminated. If you change or delete other statements at the [edit services l2tp tunnel-group name] hierarchy level, new tunnels you establish use the updated values but existing tunnels and sessions are not affected.

1. Create the tunnel group.
   [edit services l2tp]user@host# edit tunnel-group name
2. Specify the service anchor interface responsible for L2TP processing on the LNS.
   [edit services l2tp tunnel-group name]user@host# set service-interface interface-name

   This service anchor interface is required for static LNS sessions, and for dynamic LNS sessions that do not balance traffic across a pool of anchor interfaces. The interface is configured at the [edit interfaces] hierarchy level.

3. (Optional; for load-balancing dynamic LNS sessions only) Specify a pool of inline service anchor interfaces to enable load-balancing of L2TP traffic across the interfaces.
   [edit services l2tp tunnel-group name]user@host# set service-device-pool pool-name

   The pool is defined at the [edit services service-device-pools] hierarchy level.

4. (For dynamic LNS sessions only) Specify the name of the dynamic profile that defines and instantiates inline service interfaces for L2TP tunnels
   [edit services l2tp tunnel-group name]user@host# set dynamic-profile profile-name

   The profile is defined at the [edit dynamic-profiles] hierarchy level.

5. Specify the access profile that validates all L2TP connection requests to the local gateway address.
   [edit services l2tp tunnel-group name]user@host# set l2tp-access-profile profile-name
6. Configure the local gateway address on the LNS; corresponds to the IP address that is used by LACs to identify the LNS.
   [edit services l2tp tunnel-group name]user@host# set local-gateway address address
7. (Optional) Configure the interval at which the LNS sends hello messages if it has received no messages from the LAC.
   [edit services l2tp tunnel-group name]user@host# set hello-interval seconds
8. (Optional) Specify a local access profile that overrides the global access profile to configure RADIUS server settings for the tunnel group.
   [edit services l2tp tunnel-group name]user@host# set aaa-access-profile profile-name

   This local profile is configured at the [edit access profile] hierarchy level.

9. (Optional) Configure the LNS to reflect the IP ToS value from the inner IP header to the outer IP header (applies to CoS configurations).
   [edit services l2tp tunnel-group name]user@host# set tos-reflect