Related Documentation
Configuring L2TP Tunnel Switching
L2TP tunnel switching enables a router configured as an LTS to forward PPP packets carried on one L2TP session to a second L2TP session terminated on a different LNS. To configure L2TP tunnel switching, you must define a tunnel switch profile and then assign that profile.
To define an L2TP tunnel switch profile:
- Create the profile.[edit access]user@host# edit tunnel-switch-profile profile-name
- (Optional) Override the default actions taken for certain
L2TP AVPs at the switching boundary.[edit access tunnel-switch-profile profile-name]user@host# set avp bearer-type actionuser@host# set avp calling-number actionuser@host# set avp cisco-nas-port-info action
- Specify the tunnel profile that defines the tunnel to
which the subscriber traffic is switched.[edit access tunnel-switch-profile profile-name]user@host# set tunnel-profile profile-name
- (Optional) Apply the profile as a global default profile
to switch packets from all incoming sessions from the LAC.[edit services l2tp]user@host1# set tunnel-switch-profile profile-name
- (Optional) Apply the profile as part of a tunnel group
to switch packets from all sessions in the tunnel group.[edit services l2tp tunnel-group name]user@host1# set tunnel-switch-profile profile-name
Note: The tunnel group is part of the LTS configuration that enables it to act as the LNS for the original sessions from the LAC.
A tunnel group with a tunnel switch profile must also contain a dynamic profile, because tunnel switching supports only dynamic subscribers.
- (Optional) Apply the profile as part of a domain map to
switch packets from all sessions that are associated with the domain.[edit access domain map domain-map-name]user@host1# set tunnel-switch-profile profile-name
Note: A domain map cannot have both a tunnel switch profile and a tunnel profile. You must remove one if you add the other.
- (Optional) Apply the profile by means of the Tunnel-Switch-Profile VSA [26–91] in the RADIUS Access-Accept message returned when the session from the LAC is authenticated. Refer to the documentation for your RADIUS server to determine how to configure this method.
For example, consider the following configuration:
[edit access tunnel-switch-profile lts-profile-groupA]user@host# set tunnel-profile l2tp-tunnel-profile2[edit access tunnel-switch-profile lts-profile-example.com]user@host# set tunnel-profile l2tp-tunnel-profile3
[edit services l2tp]user@host1# set tunnel-switch-profile l2tp-tunnel-switch-profileuser@host1# set tunnel-group groupA tunnel-switch-profile lts-profile-groupA
[edit access domain]user@host1# set map example.com tunnel-switch-profile lts-profile-example.com
This configuration creates three tunnel switch profiles, l2tp-tunnel-switch-profile, lts-profile-groupA, and lts-profile-example-com.
The profile l2tp-tunnel-switch-profile is applied as the global default. When packets are switched according to this profile, the values for the Bearer Type AVP (18) and Calling Number AVP (22) in the L2TP packets are regenerated based on local policy at the L2TP tunnel switch and then sent with the packets. The Cisco NAS Port Info AVP (100) is simply dropped. Finally, l2tp-tunnel-profile1 provides the configuration characteristics of the tunnel to which the traffic is switched.
Tunnel switch profile lts-profile-groupA is applied by means of a tunnel group, groupA; it specifies a different tunnel profile, l2tp-tunnel-profile2 and it does not override any AVP actions. Tunnel switch profile lts-profile-example.com is applied by means of a domain map for the example.com domain; it specifies a different tunnel profile, l2tp-tunnel-profile3 and it does not override any AVP actions.
