Configuring the Group Profile for Defining L2TP Attributes
Optionally, you can configure the group profile to define the Point-to-Point Protocol (PPP) or Layer 2 Tunneling Protocol (L2TP) attributes. Any client referencing the configured group profile inherits all the group profile attributes.
 | Note: The group-profile statement overrides the user-group-profile statement, which is configured at the [edit access profile profile-name] hierarchy level. The profile statement overrides the attributes configured at the [edit access group-profile profile-name] hierarchy level. For information about the user-group-profile statement, see Applying a Configured PPP Group Profile to a Tunnel. |
Tasks for configuring the group profile are:
Configuring L2TP for a Group Profile
To configure the Layer 2 Tunneling Protocol (L2TP) for the group profile, include the following statements at the [edit access group-profile profile-name l2tp] hierarchy level:
interface-id is the identifier for the interface representing an L2TP session configured at the [edit interfaces interface-name unit local-unit-number dial-options] hierarchy level.
You can configure the LNS so that it renegotiates the link control protocol (LCP) with the PPP client (in the renegotiation statement). By default, the PPP client negotiates the LCP with the L2TP access concentrator (LAC). When you do this, the LNS discards the last sent and the last received LCP configuration request attribute value pairs (AVPs) from the LAC; for example, the LCP negotiated between the PPP client and the LAC.
You can configure the Junos OS so that the LNS ignores proxy authentication AVPs from the LAC and reauthenticates the PPP client using a CHAP challenge (in the local-chap statement). When you do this, the LNS directly authenticates the PPP client. By default, the PPP client is not reauthenticated by the LNS.
number is the maximum number of sessions per L2TP tunnel.
Configuring the PPP Attributes for a Group Profile
To configure the Point-to-Point Protocol (PPP) attributes for a group profile, include the following statements at the [edit access group-profile profile-name ppp] hierarchy level:
The cell-overhead statement configures the session to use Asynchronous Transfer Mode (ATM)-aware egress shaping on the IQ2 PIC.
bytes (in the encapsulation-overhead statement) configures the number of bytes used as overhead for class-of-service calculations.
pool-id (in the framed-pool statement) is the name assigned to the address pool.
seconds (in the idle-timeout statement) is the number of seconds a user can remain idle before the session is terminated. By default, idle timeout is set to 0. You can configure this to be a value in the range from 0 through 4,294,967,295.
interface-id (in the interface-id statement) is the identifier for the interface representing an L2TP session configured at the [edit interfaces interface-name unit local-unit-number dial-options] hierarchy level.
seconds (in the keepalive statement) is the time period that must elapse before the Junos OS checks the status of the PPP session by sending an echo request to the peer. For each session, Junos OS sends out three keepalives at 10-second intervals and the session is close if there is no response. By default, the time to send a keepalive message is set to 10 seconds. You configure this to be a value in the range from 0 through 32,767.
primary-dns (in the primary-dns statement) is an IP version 4 (IPv4) address.
secondary-dns (in the secondary-dns statement) is an IPv4 address.
primary-wins (in the primary-wins statement) is an IPv4 address.
secondary-wins (in the secondary-wins statement) is an IPv4 address.
