Community Groups Rewards Enterprise

L2TP tunnel call setup flow

gokibria
gokibria  Diamond  (1)
7 years 10 months ago  View: 1538  Reply: 1
1F
  1. The PC at user side initiates a connection request.
  2. The PC and LAC equipment (Eudemon A) negotiate PPP LCP parameters.
  3. LAC performs PAP (Password Authentication Protocol) or CHAP (Challenge Handshake Authentication Protocol) authentication based on the user information provided by the PC.
  4. LAC sends the access request, including VPN user name and password, to the RADIUS server for ID authentication.
  5. The RADIUS server authenticates this user and sends back access accept, such as LNS (Eudemon B)address, after authentication is passed successfully. Meanwhile, LAC is ready for initiating a new tunnel request.
  6. LAC initiates a tunnel request to the LNS specified by RADIUS server.
  7. LAC performs PAP or CHAP authentication based on the user information provided by LAC.
    Eudemon 8080E/8160E supports PAP authentication and CHAP authentication.
    • PAP requires twice handshake authentications. The password of PAP is in plain text.
      The LAC side first sends the user name and password to the authenticating side. Then the LNS side checks whether the user exists and whether the password is correct according to user configuration, and then returns response (Acknowledge or Not Acknowledge).
    • CHAP authentication is a three-way handshake authentication with encrypted passwords.
      LAC informs LNS of CHAP challenge, and LNS sends back CHAP response and its self CHAP challenge, LAC sends back CHAP response.
  8. Authentication passes.
  9. LAC transmits the information of CHAP response, response identifier and PPP negotiation parameters to LNS.
  10. LNS sends the access request to RADIUS server for authentication.
  11. The RADIUS server re-authenticates this access request and sends back a response if authentication is successful.
  12. If local mandatory CHAP authentication is configured at LNS, LNS will authenticate the VPN user by sending challenge and the VPN user at PC sends back responses.
  13. LNS re-sends this access request to RADIUS for authentication.
  14. RADIUS server re-authenticates this access request and sends back a response if authentication is successful.
  15. After all authentications are passed, the VPN user can use the resource of the enterprise.
Comment| Reply
Favorite Favorite (0) | Like |Report
mdmahossain
mdmahossain  Silver 
7 years 10 months ago
2F
Wow! its awesome ........... thanks for sharing.
Comment| Reply
|Report
Reply
Return New post Share

Hot Group

Fixed Network Info Community
Members:9595   Posts:9360
Wireless Network Info Community
Members:2501   Posts:11275
Support HedEx User Group
Members:14004   Posts:4898
Core Network Info Community
Members:1125   Posts:14720
Network OSS Club
Members:4641   Posts:1596
Information For
Consumers
Enterprises
Carriers
Journalist
Suppliers
Job Seekers
About HUAWEI
Corporate Information
Corporate Governance
Executives
Bond Investor Relations
Sustainability
Cyber Security
Publications
Annual Report
News & Events
Latest News
Media Kit
Media Contact
Security Bulletins
Events
Huawei| Huawei Connect| Support| Privacy| Terms of Use
Contact Us:hworld@huawei.com
Follow Huawei Connect :
Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.