Implementation of L2TP Compulsory Tunneling via RADIUS (RFC2809)
Original Publication Date: 2000-Apr-01
Included in the Prior Art Database: 2000-Sep-13
Internet Society Requests For Comment (RFCs)
B. Aboba: AUTHOR [+2]
This document discusses implementation issues arising in the provisioning of compulsory tunneling in dial-up networks using the L2TP protocol. This provisioning can be accomplished via the integration of RADIUS and tunneling protocols. Implementation issues encountered with other tunneling protocols are left to separate documents.
Network Working Group B. Aboba
Request for Comments: 2809 Microsoft
Category: Informational G. Zorn
Implementation of L2TP Compulsory Tunneling via RADIUS
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright (C) The Internet Society (2000). All Rights Reserved.
This document discusses implementation issues arising in the
provisioning of compulsory tunneling in dial-up networks using the
L2TP protocol. This provisioning can be accomplished via the
integration of RADIUS and tunneling protocols. Implementation issues
encountered with other tunneling protocols are left to separate
In voluntary tunneling, a tunnel is created by the user,
typically via use of a tunneling client.
In compulsory tunneling, a tunnel is created without any
action from the user and without allowing the user any
Tunnel Network Server
This is a server which terminates a tunnel. In L2TP
terminology, this is known as the L2TP Network Server
Network Access Server
The Network Access Server (NAS) is the device that clients
contact in order to get access to the network. In L2TP
terminology, a NAS performing compulsory tunneling is
referred to as the L2TP Access Concentrator (LAC).
RADIUS authentication server
This is a server which provides for
authentication/authorization via the protocol described in
In order to provide for the routing of RADIUS
authentication requests, a RADIUS proxy can be employed.
To the NAS, the RADIUS proxy appears to act as a RADIUS
server, and to the RADIUS server, the proxy appears to act
as a RADIUS client. Can be used to locate the tunnel
endpoint when realm-based tunneling is used.
2. Requirements language
In this document, the key words "MAY", "MUST, "MUST NOT", "optional",
"recommended", "SHOULD", and "SHOULD NOT", are to be interpreted as
described in .
Many applications of tunneling protocols involve dial-up network
access. Some, such as the provisioning of secure access to corporate
intranets via the Internet, are characterized by voluntary tunneling:
the tunnel is created at the request of the user for a specific
purpose. Other applications involve compulsory tunneling: the tunnel
is created without...