Configuring an L2TPv3 VPN Tunnel

The Layer 2 Tunneling Protocol version 3 (L2TPv3) feature allows Instant AP to act as L2TPLayer-2 Tunneling Protocol. L2TP is a networking protocol used by the ISPs to enable VPN operations. Access Concentrator (LAC) and tunnel all wireless clients L2 traffic from AP to LNSL2TP Network Server. LNS is an equipment that connects to a carrier and handles the sessions from broadband lines. It is also used for dial-up and mobile links. LNS handles authentication and routing of the IP addresses. It also handles the negotiation of the link with the equipment and establishes a session.. In a centralized L2 model, the VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. on the corporate side are extended to remote branch sites. Wireless clients associated with Instant AP gets the IP address from the DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  server running on LNS. For this, AP has to transparently allow DHCP transactions through the L2TPv3 tunnel.

To configure an L2TPv3 tunnel by using Aruba Central, complete the following steps:

1. In the Network Operations app, set the filter to a group that contains at least one AP.

The dashboard context for the group is displayed.

2. Under Manage, click Devices > Access Points.

A list of access points is displayed in the List view.

3. Click the Config icon.

The tabs to configure the access points are displayed.

4. Click Show Advanced, and click the VPN tab.

The VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. details page is displayed.

5. Click the Controller accordion.

6. In the Protocol drop-down list, select L2TPv3.

7. To configure a tunnel profile, complete the following steps:

a. Turn on the Enable Tunnel Profile toggle switch.

b. Enter the profile name.

c. Enter the primary server IP address.

d. Enter the remote end backup tunnel IP address. This is an optional field and is required only when backup server is configured.

e. Enter the peer UDPUser Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received. and local UDP port numbers. The default value is 1701.

f. Enter the interval at which the hello packets are sent through the tunnel. The default value is 60 seconds.

g. Select the message digest as MD5Message Digest 5. The MD5 algorithm is a widely used hash function producing a 128-bit hash value from the data input. or SHASecure Hash Algorithm. SHA is a family of cryptographic hash functions. The SHA algorithm includes the SHA, SHA-1, SHA-2 and SHA-3 variants. used for message authentication.

h. Enter a shared key for the message digest. This key should match with the tunnel end point shared key.

i. If required, set the failover mode. The following two failover modes are supported:

Preemptive—In this mode, if the primary comes up when the backup is active, the backup tunnel is deleted and the primary tunnel resumes as an active tunnel. If you configure the tunnel to be preemptive, and when the primary tunnel goes down, it starts the persistence timer which tries to bring up the primary tunnel.

Non-Preemptive—In this mode, when the backup tunnel is established after the primary tunnel goes down, it does not make the primary tunnel active again.

j. Set an interval between every failover retry. The default value is 60 seconds.

k. Configure a number of retries before the tunnel fails over.

l. Ensure that Checksum is disabled.

m. Specify a value for the tunnel MTUMaximum Transmission Unit. MTU is the largest size packet or frame specified in octets (eight-bit bytes) that can be sent in networks such as the Internet. value if required. The default value is 1460.

n. Click Save Settings.