• All Files
Aruba Central Online Help
You are here: Home > Managing Access Points > Configuring Access Points > Configuring an L2TPv3 VPN Tunnel

Configuring an L2TPv3 VPN Tunnel

The Layer 2 Tunneling Protocol version 3 (L2TPv3) feature allows Instant Access Point (IAP) to act as L2TPLayer-2 Tunneling Protocol. L2TP is a networking protocol used by the ISPs to enable VPN operations. Access Concentrator (LAC) and tunnel all wireless clients L2 traffic from AP to LNSL2TP Network Server. LNS is an equipment that connects to a carrier and handles the sessions from broadband lines. It is also used for dial-up and mobile links. LNS handles authentication and routing of the IP addresses. It also handles the negotiation of the link with the equipment and establishes a session.. In a centralized L2 model, the VLANVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. on the corporate side are extended to remote branch sites. Wireless clients associated with IAP gets the IP address from the DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  server running on LNS. For this, AP has to transparently allow DHCP transactions through the L2TPv3 tunnel.

To configure an L2TPv3 tunnel by using Aruba Central (on-premises), complete the following steps:

  1. In the Network Operations app, set the filter to a group containing at least one AP.

    The dashboard context for the group is displayed.

  2. Under Manage, click Devices > Access Points.

    A list of APs is displayed in the List view.

  3. Click the Config icon.

    The tabs to configure the APs are displayed.

  4. Click Show Advanced.
  5. Click the VPN tab.

    The VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. page is displayed.

  6. Click the Controller accordion.
  7. In the Protocol drop-down list, select L2TPv3.
  8. To configure a tunnel profile, complete the following steps:
    1. Turn on the Enable Tunnel Profile toggle switch.
    2. Enter the profile name in the Profile Name text-box.
    3. Enter the primary server IP address in the Primary Peer Address text-box.
    4. Enter the remote end backup tunnel IP address in the Backup Peer Address text-box. This is an optional field and is required only when backup server is configured.
    5. Enter the peer UDPUser Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received. port numbers in the Peer UDP Port text-box. The default value is 1701.
    6. Enter the local UDP port numbers in the Local UDP Port text-box. The default value is 1701.
    7. Enter the interval in the Hello Interval text-box at which the hello packets are sent through the tunnel. The default value is 60 seconds.
    8. Select the message digest as MD5Message Digest 5. The MD5 algorithm is a widely used hash function producing a 128-bit hash value from the data input. or SHASecure Hash Algorithm. SHA is a family of cryptographic hash functions. The SHA algorithm includes the SHA, SHA-1, SHA-2 and SHA-3 variants. from the Message Digest Type drop-down list for message authentication.
    9. Enter a shared key in the Shared Key text-box for the message digest. This key should match with the tunnel end point shared key.
    10. Ensure that Checksum check-box is enabled.
    11. Specify a tunnel MTUMaximum Transmission Unit. MTU is the largest size packet or frame specified in octets (eight-bit bytes) that can be sent in networks such as the Internet. value in the MTU check-box. The default value is 1460.
  9. To configure a session profile, complete the following steps:
    1. Turn on the Enable Session Profile toggle switch.
    2. Enter the session profile name.
    3. Enter the tunnel profile name where the session will be associated.
    4. Configure the tunnel IP address with the corresponding network mask and VLAN ID. This is required to reach an AP from a corporate network. For example, SNMPSimple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention.  polling.
    5. Select the cookie length and enter a cookie value corresponding to the length. By default, the cookie length is not set.
    6. From the Branch Name drop-down list, select the branch name.
  10. Click Save Settings.