Configuring RADIUS Authentication for an L2TP Client and Profile
On an M10i or M7i router, L2TP supports RADIUS authentication and accounting for users with one set of RADIUS servers under the [edit access] hierarchy. You can also configure RADIUS authentication for each tunnel client or user profile.
To configure the RADIUS authentication for L2TP tunnel clients on an M10i or M7i router, include the ppp-profile statement with the l2tp attributes for tunnel clients:
ppp-profile profile-name specifies the profile used to validate PPP session requests through L2TP tunnels. Clients of the referenced profile must have only PPP attributes. The referenced group profile must be defined.
To configure the RADIUS authentication for a profile, include following statements at the [edit access profile profile-name] hierarchy level:
When a PPP user initiates a session and RADIUS authentication is configured for the user profile on the tunnel group, the following priority sequence is used to determine which RADIUS server is used for authentication and accounting:
- If the ppp-profile statement is configured under the tunnel client (LAC), the RADIUS servers configured under the specified ppp-profile are used.
- If RADIUS servers are configured under the user profile for the tunnel group, those servers will be used.
- If no RADIUS server is configured for the tunnel client (LAC) or user profile, then the RADIUS servers configured at the [edit access] hierarchy level are used.
