Browse Prior Art Database

Implementation of L2TP Compulsory Tunneling via RADIUS (RFC2809)

IP.com Disclosure Number: IPCOM000003407D
Original Publication Date: 2000-Apr-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 17 page(s) / 44K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

B. Aboba: AUTHOR [+2]

Abstract

This document discusses implementation issues arising in the provisioning of compulsory tunneling in dial-up networks using the L2TP protocol. This provisioning can be accomplished via the integration of RADIUS and tunneling protocols. Implementation issues encountered with other tunneling protocols are left to separate documents.

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 7% of the total text.

Network Working Group B. Aboba

Request for Comments: 2809 Microsoft

Category: Informational G. Zorn

Cisco

April 2000

Implementation of L2TP Compulsory Tunneling via RADIUS

Status of this Memo

This memo provides information for the Internet community. It does

not specify an Internet standard of any kind. Distribution of this

memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2000). All Rights Reserved.

Abstract

This document discusses implementation issues arising in the

provisioning of compulsory tunneling in dial-up networks using the

L2TP protocol. This provisioning can be accomplished via the

integration of RADIUS and tunneling protocols. Implementation issues

encountered with other tunneling protocols are left to separate

documents.

1. Terminology

Voluntary Tunneling

In voluntary tunneling, a tunnel is created by the user,

typically via use of a tunneling client.

Compulsory Tunneling

In compulsory tunneling, a tunnel is created without any

action from the user and without allowing the user any

choice.

Tunnel Network Server

This is a server which terminates a tunnel. In L2TP

terminology, this is known as the L2TP Network Server

(LNS).

Network Access Server

The Network Access Server (NAS) is the device that clients

contact in order to get access to the network. In L2TP

terminology, a NAS performing compulsory tunneling is

referred to as the L2TP Access Concentrator (LAC).

RADIUS authentication server

This is a server which provides for

authentication/authorization via the protocol described in

[1].

RADIUS proxy

In order to provide for the routing of RADIUS

authentication requests, a RADIUS proxy can be employed.

To the NAS, the RADIUS proxy appears to act as a RADIUS

server, and to the RADIUS server, the proxy appears to act

as a RADIUS client. Can be used to locate the tunnel

endpoint when realm-based tunneling is used.

2. Requirements language

In this document, the key words "MAY", "MUST, "MUST NOT", "optional",

"recommended", "SHOULD", and "SHOULD NOT", are to be interpreted as

described in [4].

3. Introduction

Many applications of tunneling protocols involve dial-up network

access. Some, such as the provisioning of secure access to corporate

intranets via the Internet, are characterized by voluntary tunneling:

the tunnel is created at the request of the user for a specific

purpose. Other applications involve compulsory tunneling: the tunnel

is created without...