Configuring a Tunnel Profile for Subscriber Access
The tunnel profile specifies a set of attributes to characterize the tunnel. The profile can be applied by a domain map or automatically when the tunnel is created.
 | Note: RADIUS attributes and VSAs can override the values you configured by a tunnel profile in a domain map. In the absence of a domain map, RADIUS can supply all the characteristics of a tunnel. The steps in the following procedure list the corresponding standard RADIUS attribute or VSA that you can configure on your RADIUS server to modify or configure the tunnel profile. RADIUS-supplied attributes are associated with a tunnel by a tag carried in the attribute, which matches the tunnel identifier. A tag of 0 indicates the tag is not used. If L2TP receives a RADIUS attribute with a tag of 0, the attribute cannot be merged with the tunnel profile configuration corresponding to the subscriber domain because a tunnel profile cannot provide a tunnel tag (tunnel identifier) of 0. Only tags in the range of 1 through 31 are supported. |
To configure a tunnel definition for a tunnel profile:
- Specify the tunnel profile for which you are defining
a tunnel. (Tunnel-Group [26-64])[edit access]user@host# set tunnel-profile profile-name
- Specify an identifier (name) for the L2TP control connection
for the tunnel.[edit access tunnel-profile profile-name]user@host# set tunnel tunnel-id
- Configure the IP address of the local L2TP tunnel endpoint,
the LAC. (Tunnel-Client-Endpoint [66])[edit access tunnel-profile profile-name tunnel tunnel-id]user@host# set source-gateway address client-ip-address
- Configure the IP address of the remote L2TP tunnel endpoint,
the LNS. (Tunnel-Server-Endpoint [67])[edit access tunnel-profile profile-name tunnel tunnel-id]user@host# set remote-gateway address server-ip-address
- (Optional) Configure the preference level for the tunnel.
(Tunnel-Preference [83])[edit access tunnel-profile profile-name tunnel tunnel-id]user@host# set preference number
- (Optional) Configure the hostname of the local client
(LAC). (Tunnel-Client-Auth-Id [90])[edit access tunnel-profile profile-name tunnel tunnel-id]user@host# set source-gateway gateway-name client-name
- (Optional) Configure the hostname of the remote server
(LNS). (Tunnel-Server-Auth-Id [91])[edit access tunnel-profile profile-name tunnel tunnel-id]user@host# set remote-gateway gateway-name server-name
- (Optional) Specify the medium (network) type for the tunnel.
(Tunnel-Medium-Type [65])[edit access tunnel-profile profile-name tunnel tunnel-id]user@host# set medium type
- (Optional) Specify the protocol type for the tunnel. (Tunnel-Type
[64])[edit access tunnel-profile profile-name tunnel tunnel-id]user@host# set type tunnel-type
- (Optional) Configure the assignment ID for the tunnel.
(Tunnel-Assignment-Id [82])[edit access tunnel-profile profile-name tunnel tunnel-id]user@host# set identification name
- (Optional) Configure the maximum number of sessions allowed
in the tunnel. (Tunnel-Max-Sessions [26-33])[edit access tunnel-profile profile-name tunnel tunnel-id]user@host# set max-sessions number
- (Optional) Configure the password for remote server authentication.
(Standard RADIUS attribute Tunnel-Password [69] or VSA Tunnel-Password
[26-9])[edit access tunnel-profile profile-name tunnel tunnel-id]user@host# set secret password
- (Optional) Configure the logical system to use for the
tunnel.
If you configure a logical system, you must also configure a routing instance.
[edit access tunnel-profile profile-name tunnel tunnel-id]user@host# set logical-system logical-system-name - (Optional) Configure the routing instance to use for the
tunnel. (Tunnel-Virtual-Router [26-8])
If you configure a routing instance, configuring a logical system is optional.
[edit access tunnel-profile profile-name tunnel tunnel-id]user@host# set routing-instance routing-instance-name
The following example shows a complete configuration for a tunnel profile:
