Avaya Configuring and Troubleshooting Bay Dial VPN (DVS) Networks Manual de usuario

Part No. 302272-A Rev. 00June 1998BayRS Version 12.20Site Manager Software Version 6.20 Configuring and Troubleshooting Bay Dial VPN Services

Configuring and Troubleshooting Bay Dial VPN Services7-2 302272-A Rev. 005.Specify the IP address for this frame relay or PPP interface.This is the

Configuring the Layer 3 Gateway302272-A Rev. 00 7-3 c.Specify the keys associated with this SPI value.Each SPI value has a 128-bit key associated wi

Configuring and Troubleshooting Bay Dial VPN Services7-4 302272-A Rev. 00h.Enter the IP address of the RADIUS server to which this client will conne

Configuring the Layer 3 Gateway302272-A Rev. 00 7-5 d.Specify the address of one or more DHCP servers on the home nework.Refer to Chapter 8 for addi

302272-A Rev. 00 8-1 Chapter 8Requirements Outside the ISP NetworkAlthough the responsibility for configuring network elements outside the Dial VPN

Configuring and Troubleshooting Bay Dial VPN Services8-2 302272-A Rev. 00Configuring a Static Route and an Adjacent HostA static route is a manually

Requirements Outside the ISP Network302272-A Rev. 00 8-3 In Figure 8-1, the IP addresses and the frame relay DLCI are in bold type. The dashed lines

Configuring and Troubleshooting Bay Dial VPN Services8-4 302272-A Rev. 00Dynamic mode lets you make changes to the currently running configuration f

Requirements Outside the ISP Network302272-A Rev. 00 8-5 Configuring the Adjacent Host and Static RoutesThe next step is to create a single adjacent

302272-A Rev. 00 xiFiguresFigure 1-1. Dial VPN Network with Layer 3 and Layer 2 Tunnels ...1-3Figure 1-2. Dial VPN Networ

Configuring and Troubleshooting Bay Dial VPN Services8-6 302272-A Rev. 00For a Bay Networks router with frame relay, the complete static route is a

Requirements Outside the ISP Network302272-A Rev. 00 8-7 • The IP address of the CPE router’s network interface to the adjacent host (next hop)• The

Configuring and Troubleshooting Bay Dial VPN Services8-8 302272-A Rev. 00Configuring Frame Relay on the CPE RouterIf the CPE router is a Bay Network

Requirements Outside the ISP Network302272-A Rev. 00 8-9 • Use the Site Manager Statistics Manager to verify that the frame relay connection is oper

Configuring and Troubleshooting Bay Dial VPN Services8-10 302272-A Rev. 00Configuring the CPE Router for IPX Support (Layer 3 Only)When configuring t

Requirements Outside the ISP Network302272-A Rev. 00 8-11 6. Enter the Novell Configured Network Number (in hexadecimal notation) of your Ethernet i

Configuring and Troubleshooting Bay Dial VPN Services8-12 302272-A Rev. 00Table 8-1 shows the relationship between interface types and encapsulation

Requirements Outside the ISP Network302272-A Rev. 00 8-13 This completes the CPE router Ethernet and Serial interface configuration for IPX.Configur

Configuring and Troubleshooting Bay Dial VPN Services8-14 302272-A Rev. 00Enabling L2TP on an Unconfigured WAN InterfaceTo enable L2TP on an unconfig

Requirements Outside the ISP Network302272-A Rev. 00 8-15 Enabling L2TP on an Existing PPP InterfaceTo enable L2TP on an interface with PPP and IP a

Configuring and Troubleshooting Bay Dial VPN Services8-16 302272-A Rev. 00Enabling L2TP on an Existing Frame Relay InterfaceTo enable L2TP on an inte

Requirements Outside the ISP Network302272-A Rev. 00 8-17 Installing and Configuring BSAC on the Home NetworkBSAC can run on a server running UNIX,

Configuring and Troubleshooting Bay Dial VPN Services8-18 302272-A Rev. 00Configuring IPX on the Home Network RADIUS ServerBaySecure Access Control (

Requirements Outside the ISP Network302272-A Rev. 00 8-19 recognize the gateway address (RADIUS client) and provide addresses from a second subnet.A

Configuring and Troubleshooting Bay Dial VPN Services8-20 302272-A Rev. 00Creating Scopes and a SuperscopeThe following sections describe the procedu

Requirements Outside the ISP Network302272-A Rev. 00 8-21 Creating the Scope of Assignable AddressesNext, create the scope of addresses that you wan

Configuring and Troubleshooting Bay Dial VPN Services8-22 302272-A Rev. 00Once you have completed these procedures, the DHCP is configured to dynamic

302272-A Rev. 00 9-1 Chapter 9Managing a Dial VPN NetworkManaging a Dial VPN network consists mainly of managing its elements, in particular the Bay

Configuring and Troubleshooting Bay Dial VPN Services9-2 302272-A Rev. 00You must also ensure that remote users have the information they need to di

302272-A Rev. 00 A-1 Appendix APlanning WorksheetThis appendix consists of a network planning worksheet. You may not have enough information yet to

302272-A Rev. 00xiiiTablesTable 1-1. Layer 3 and Layer 2 Dial VPN Feature Implementation ...1-4Table 4-1. Where to Find Config

Configuring and Troubleshooting Bay Dial VPN ServicesA-2 302272-A Rev. 00At the BayDVS Service Provider’s SiteRecord the equipment you have at your o

Planning Worksheet302272-A Rev. 00 A-3 • If this is a RADIUS-only configuration, list the IP address of the RADIUS TMS server.(name) _______________

Configuring and Troubleshooting Bay Dial VPN ServicesA-4 302272-A Rev. 00• For the static route between the CPE router and the remote node: -- What i

302272-A Rev. 00 B-1 Appendix BSyslog MessagesThe Remote Access Concentrator and the TMS write system and error messages to the system logfile, sysl

Configuring and Troubleshooting Bay Dial VPN ServicesB-2 302272-A Rev. 00Table B-1. Remote Access Concentrator Syslog MessagesType Syslog Contents Me

Syslog Messages302272-A Rev. 00 B-3 Error Messages in this category may include the following <reason> codes:• "Connection timed out"

Configuring and Troubleshooting Bay Dial VPN ServicesB-4 302272-A Rev. 00TMS Syslog MessagesWhen an error occurs in the embedded code or TMS portion

Syslog Messages302272-A Rev. 00 B-5 Table B-2. TMS Syslog MessagesType Message MeaningWarning tms: could not parse request from <NAS_IP_address&

Configuring and Troubleshooting Bay Dial VPN ServicesB-6 302272-A Rev. 00Critical tms: RAS database not found This is a serious problem indicating th

Syslog Messages302272-A Rev. 00 B-7 Notice tms: <domain/DNIS> RAS <NAS_IP_address> count already zeroThis message indicates a correction

Configuring and Troubleshooting Bay Dial VPN ServicesB-8 302272-A Rev. 00Error Messages in this category may include the following <reason> cod

Syslog Messages302272-A Rev. 00 B-9 Error(continued)ppp:<port#>:DVS:tunnel registration failed: <reason>An error occurred during the tun

302272-A Rev. 00 C-1 Appendix CTroubleshootingThis chapter assumes that you have a working knowledge of Site Manager and the Remote Access Concentra

Configuring and Troubleshooting Bay Dial VPN ServicesC-2 302272-A Rev. 00Preventing ProblemsThe suggestions that follow can help you anticipate and

Troubleshooting302272-A Rev. 00 C-3 5.Back up your files.Store backup copies of the configuration files on the Site Manager workstation. Use a log t

Configuring and Troubleshooting Bay Dial VPN ServicesC-4 302272-A Rev. 00Troubleshooting WorksheetThis section poses the initial questions you shoul

Troubleshooting302272-A Rev. 00 C-5 4.Are you using a workaround to prevent the symptoms from occurring? If so, what?_______________________________

Configuring and Troubleshooting Bay Dial VPN ServicesC-6 302272-A Rev. 00Table C-1. Problem Symptoms and Likely CausesIf the symptoms are limited t

Troubleshooting302272-A Rev. 00 C-7 Using the System Logs (syslogs) to Diagnose ProblemsThe Remote Access Concentrator provides two mechanisms for l

302272-A Rev. 00 xv About This GuideIf you are responsible for configuring Bay Dial Virtual Private Network (VPN) services on your network, you need

Configuring and Troubleshooting Bay Dial VPN ServicesC-8 302272-A Rev. 00• Displaying RAC statistics• Monitoring serial line activityYou can display

Troubleshooting302272-A Rev. 00 C-9 If a software entity experiences a fault and fails to recover:a.Disable and reenable the port.Watch the event lo

Configuring and Troubleshooting Bay Dial VPN ServicesC-10 302272-A Rev. 003.Display and change configuration settings and statistics.You can use the

Troubleshooting302272-A Rev. 00 C-11 • Screen Builder - Lets you build windows of statistics from scratch or customize statistics windows you copied

Configuring and Troubleshooting Bay Dial VPN ServicesC-12 302272-A Rev. 005.Display the encapsulated packet statistics using the netstat - s command.

Troubleshooting302272-A Rev. 00 C-13 7.Use Packet Capture to save data packets for later analysis.The Technician Interface Packet Capture tool allow

Configuring and Troubleshooting Bay Dial VPN ServicesC-14 302272-A Rev. 009.Document each step you do in the troubleshooting process.An effective tro

Troubleshooting302272-A Rev. 00 C-15 Troubleshooting Specific ProtocolsRead the following section if you have isolated the problem to a network prot

Configuring and Troubleshooting Bay Dial VPN ServicesC-16 302272-A Rev. 00Table C-2. Remote Access Concentrator Troubleshooting ChartProblem/Symptom

Troubleshooting302272-A Rev. 00 C-17 Hosts don’t appear in hosts display.The Remote Access Concentrator hosts command should list any hosts that bro

Configuring and Troubleshooting Bay Dial VPN Servicesxvi 302272-A Rev. 00Conventionsangle brackets (< >) Indicate that you choose the text to

Configuring and Troubleshooting Bay Dial VPN ServicesC-18 302272-A Rev. 00Network logins to BSD hosts are invisible.The Remote Access Concentrator us

Troubleshooting302272-A Rev. 00 C-19 Remote Access Concentrator does not advertise updates.1. Is the RAC parameter routed set to N?2. Did you reboot

Configuring and Troubleshooting Bay Dial VPN ServicesC-20 302272-A Rev. 00Remote Access Concentrator does not advertise updates.(continued)6. If your

Troubleshooting302272-A Rev. 00 C-21 RAC does not receive updates.1. Are the routes really being advertised?Check whether other routers on the netwo

Configuring and Troubleshooting Bay Dial VPN ServicesC-22 302272-A Rev. 00Tracing a Packet’s Path at the Remote Access ConcentratorYou can use the pi

Troubleshooting302272-A Rev. 00 C-23 Figure C-4. Network Topology for ping -t ExamplesGiven the topology in Figure 4, the command:annex# ping –t 13

Configuring and Troubleshooting Bay Dial VPN ServicesC-24 302272-A Rev. 00• Equipment failure• Configuration errors• TMS database errorsUser errors,

Troubleshooting302272-A Rev. 00 C-25 Troubleshooting the LACIn this example, the host ‘vega’ was configured as the syslog host for the LAC, or 5399.

Configuring and Troubleshooting Bay Dial VPN ServicesC-26 302272-A Rev. 00Mar 16 15:26:32 bay_lac ppp[1321]: ppp:asy23:l2tp tunnel call established,

Troubleshooting302272-A Rev. 00 C-27 # 1: 03/16/98 14:51:30.804 INFO SLOT 3 L2TP Code: 4L2TP LNS IP Address 132.245.56.6

About This Guide302272-A Rev. 00 xvii AcronymsACP Access Control ProtocolBRI Basic Rate InterfaceCHAP Challenge Handshake Authentication ProtocolCLI

Configuring and Troubleshooting Bay Dial VPN ServicesC-28 302272-A Rev. 00# 8: 03/16/98 15:32:27.152 INFO SLOT 3 RADIUS Code:

Troubleshooting302272-A Rev. 00 C-29 RADIUS Accounting Response received for id 1 # 22: 03/16/98 15:32:27.593 TRACE SLOT 3 PPP Code: 5

Configuring and Troubleshooting Bay Dial VPN ServicesC-30 302272-A Rev. 00[2:1]$ show l2tp statL2TP Statistics---------------Slot: 3 SCCRQ

Troubleshooting302272-A Rev. 00 C-31 None65534Up 10.10.10.254255.255.255.0E21 1 Up10.250.20.1255.255.255.0S31 2 U

Configuring and Troubleshooting Bay Dial VPN ServicesC-32 302272-A Rev. 00In this example, at 15:36:31 the user [email protected] was successfully auth

302272-A Rev. 00 Glossary-1 GlossaryAccess Control Protocol (ACP)Bay Networks software utility that provides a wide range of security features to A

Configuring and Troubleshooting Bay Dial VPN ServicesGlossary-2 302272-A Rev. 00decapsulationStripping protocol-specific information from a data pack

Glossary302272-A Rev. 00 Glossary-3 Internet Protocol (IP)Part of the TCP/IP suite of protocols defined in RFC 791. Describes the software responsib

Configuring and Troubleshooting Bay Dial VPN ServicesGlossary-4 302272-A Rev. 00NCPNetwork Control Protocol. Software that manages the traffic betwee

Glossary302272-A Rev. 00 Glossary-5 RIPRouting Information Protocol. A distance-vector protocol in the IP suite (used by IP and IPX network-layer pr

Configuring and Troubleshooting Bay Dial VPN Servicesxviii 302272-A Rev. 00PSTN public-switched telephone networkPVC permanent virtual circuitRADIUS

Configuring and Troubleshooting Bay Dial VPN ServicesGlossary-6 302272-A Rev. 00Tunnel Management System (TMS)A database of IP tunnel management info

302272-A Rev. 00Index-1AAccess Control Protocol log file, C-7Access Control Protocol server, 1-10Access Stack Node (ASN), 1-2accountinggateway and tun

Index-2302272-A Rev. 00configuringadjacent host, 8-6adjacent host and static route, 8-2Dial VPN, 1-7Remote Annex software, 4-1static route, 8-7congest

302272-A Rev. 00Index-3Events Manager, C-8Expedited Remote Procedure Call Daemon. See erpcdFfault event, C-8, C-9forwarding tables, saving, C-13Frame

Index-4302272-A Rev. 00layer 2 tunnel end point, configuring, 8-13LED indicators, C-5list tms_dbm command, 5-4LNSBay Networks implementation, 2-5confi

302272-A Rev. 00Index-5primary secret, 8-1primary_accounting_server_addr, TMS parameter, 5-8primary_authentication_ server_addr, TMS parameter, 5-8pri

Index-6302272-A Rev. 00secondary_accounting_server_addr, TMS parameter, 5-8secondary_authentication_server_addr, TMS parameter, 5-8secondary_dynamic_a

302272-A Rev. 00Index-7TMS syslog messages, B-5TMS, description, 1-10, 1-11, 2-6tms_dbm command arguments, 5-5tms_dbm commands, 5-4tool, configuration

About This Guide302272-A Rev. 00 xix Bay Networks Customer ServiceYou can purchase a support contract from your Bay Networks distributor or authoriz

ii302272-A Rev. 004401 Great America Parkway 8 Federal StreetSanta Clara, CA 95054 Billerica, MA 01821Copyright © 1998 Bay Networks, Inc.All rights re

Configuring and Troubleshooting Bay Dial VPN Servicesxx 302272-A Rev. 00Bay Networks Educational ServicesThrough Bay Networks Educational Services, y

302272-A Rev. 00 1-1 Chapter 1Tunneling OverviewBay Networks Dial Virtual Private Network Services provides secure dial-access services for corporat

Configuring and Troubleshooting Bay Dial VPN Services1-2 302272-A Rev. 00Dial VPN encapsulates multiprotocol data within an IP datagram. It then sen

Tunneling Overview302272-A Rev. 00 1-3 Dial VPN dynamically creates a tunnel when it connects to the remote node’s home network. One end point of th

Configuring and Troubleshooting Bay Dial VPN Services1-4 302272-A Rev. 00Layer 3 TunnelingIn Layer 3 tunneling, the tunnel exists between the Networ

Tunneling Overview302272-A Rev. 00 1-5 How a Dial VPN Network FunctionsAny authorized remote user (using a PC or dial-up router) who has access to a

Configuring and Troubleshooting Bay Dial VPN Services1-6 302272-A Rev. 00Figure 1-2. Dial VPN Network with Connections to Different Destination Type

Tunneling Overview302272-A Rev. 00 1-7 For Bay Networks routers used with a Layer 3 Dial VPN tunnel, you must specify an adjacent host and a static

Configuring and Troubleshooting Bay Dial VPN Services1-8 302272-A Rev. 00The following considerations apply only to Layer 2 (L2TP) tunnels:• If the

Tunneling Overview302272-A Rev. 00 1-9 GatewayUsed only in Layer 3 networks, the gateway can be an ASN, BLN, BLN-2, BCN, or System 5000 MSX equipped

302272-A Rev. 00 iiiBay Networks, Inc. Software License AgreementNOTICE: Please carefully read this license agreement before copying or using the acc

Configuring and Troubleshooting Bay Dial VPN Services1-10 302272-A Rev. 00Tunnel Management Server (TMS)The mechanism for identifying tunneled users

Tunneling Overview302272-A Rev. 00 1-11 L2TP Access Concentrator (LAC)The L2TP access concentrator (LAC) resides at the ISP network. The LAC establi

Configuring and Troubleshooting Bay Dial VPN Services1-12 302272-A Rev. 00Enterprise subscribers of this service must configure the CPE router to all

Tunneling Overview302272-A Rev. 00 1-13 • Providing accounting services for corporate billingFor Layer 3 tunnels, the RADIUS client of this server r

Configuring and Troubleshooting Bay Dial VPN Services1-14 302272-A Rev. 00DHCP ServerIf you implement the optional Dynamic Host Configuration Protoco

302272-A Rev. 00 2-1 Chapter 2Dial VPN Layer 2 TunnelingThis chapter describes how a Layer2 Dial VPN tunnel functions. Among these concepts are how

Configuring and Troubleshooting Bay Dial VPN Services2-2 302272-A Rev. 00Figure 2-1. Layer 2 Tunnel Packet PathBuilding a Network for Layer 2 Tunnel

Dial VPN Layer 2 Tunneling302272-A Rev. 00 2-3 2.Install and configure any intermediate nodes on the WAN.The WAN can include intermediate nodes. For

Configuring and Troubleshooting Bay Dial VPN Services2-4 302272-A Rev. 00• The CPE router that is the end point of Layer 2 tunnels is configured as

Dial VPN Layer 2 Tunneling302272-A Rev. 00 2-5 Figure 2-2. L2TP Packet Encapsulation ProcessBay Networks L2TP ImplementationIn an L2TP tunnel, the B

iv 302272-A Rev. 00its own data and information and for maintaining adequate procedures apart from the Software to reconstruct lost or altered files,

Configuring and Troubleshooting Bay Dial VPN Services2-6 302272-A Rev. 00• The LNS performs user authentication with a RADIUS server to prevent unau

Dial VPN Layer 2 Tunneling302272-A Rev. 00 2-7 When the LAC receives a call, it forwards the domain name to the TMS. The domain name is the portion

Configuring and Troubleshooting Bay Dial VPN Services2-8 302272-A Rev. 00During tunnel authentication, the LNS identifies the L2TP client or LAC by

Dial VPN Layer 2 Tunneling302272-A Rev. 00 2-9 Figure 2-3. Tunnel Authentication Control MessagesAfter tunnel authentication is complete, it need no

Configuring and Troubleshooting Bay Dial VPN Services2-10 302272-A Rev. 00RADIUS AccountingThe RADIUS server can provide accounting services in addit

Dial VPN Layer 2 Tunneling302272-A Rev. 00 2-11 Remote Router ConfigurationIf the host at the remote site is a Bay Networks router, you may need to

Configuring and Troubleshooting Bay Dial VPN Services2-12 302272-A Rev. 00Examples of L2TP TunnelsFigure 2-4 shows an L2TP network that uses a LAC to

Dial VPN Layer 2 Tunneling302272-A Rev. 00 2-13 Making a Connection Across an L2TP NetworkThe following steps explain how a remote user connects acr

Configuring and Troubleshooting Bay Dial VPN Services2-14 302272-A Rev. 00When Does Dial VPN Tear Down the Tunnel?The LAC brings down the tunnel for

302272-A Rev. 00 3-1 Chapter 3Dial VPN Layer 3 TunnelingThis chapter describes how a Layer 3 Dial VPN tunnel functions. Among these concepts are how

302272-A Rev. 00 vContents About This GuideBefore You Begin ...

Configuring and Troubleshooting Bay Dial VPN Services3-2 302272-A Rev. 00Figure 3-1. Layer 3 Tunnel Packet PathBuilding a Network for Layer 3 Tunnel

Dial VPN Layer 3 Tunneling302272-A Rev. 00 3-3 3.Install the software for the tunnel management server, Remote Access Concentrator, and (for the erp

Configuring and Troubleshooting Bay Dial VPN Services3-4 302272-A Rev. 0010.Make sure that the home network is configured to connect to the Dial VPN

Dial VPN Layer 3 Tunneling302272-A Rev. 00 3-5 The Grant message contains the following information, which is stored in the TMS database:• Remote no

Configuring and Troubleshooting Bay Dial VPN Services3-6 302272-A Rev. 00How the TMS Database WorksThe TMS database (by default, UNIX ndbm) resides

Dial VPN Layer 3 Tunneling302272-A Rev. 00 3-7 Using DHCP for Dynamic IP Address AllocationThis method requires a DHCP server on the home/corporate

Configuring and Troubleshooting Bay Dial VPN Services3-8 302272-A Rev. 00DHCP discover request to the DHCP server on the home network, and the serve

Dial VPN Layer 3 Tunneling302272-A Rev. 00 3-9 Using RADIUS for Dynamic IP Address AllocationEach dial-in user retains exclusive uses of a unique IP

Configuring and Troubleshooting Bay Dial VPN Services3-10 302272-A Rev. 00The BSAC (RADIUS) administrator at the customer’s site must enter one or mo

Dial VPN Layer 3 Tunneling302272-A Rev. 00 3-11 Figure 3-3. Dial VPN Dynamic IP Address Management SequenceAt the start of service delivery, a clien

vi 302272-A Rev. 00L2TP Network Server (LNS) ...1-12RADIUS Authentication Se

Configuring and Troubleshooting Bay Dial VPN Services3-12 302272-A Rev. 00the end of service delivery, the client sends the RADIUS server a Stop pack

Dial VPN Layer 3 Tunneling302272-A Rev. 00 3-13 If the TMS finds a match in its database for both the user and domain names, it determines that this

Configuring and Troubleshooting Bay Dial VPN Services3-14 302272-A Rev. 00If the home network is configured to assign IP addresses dynamically using

Dial VPN Layer 3 Tunneling302272-A Rev. 00 3-15 Figure 3-4. Packet Encapsulation and Decapsulation ProcessFlag FlagAddress Control Protocol Data FC

Configuring and Troubleshooting Bay Dial VPN Services3-16 302272-A Rev. 00How a Packet Moves Through a Dial VPN NetworkA data packet moves from a rem

Dial VPN Layer 3 Tunneling302272-A Rev. 00 3-17 5.The CPE router decapsulates the frame relay or PPP packet and routes the data to the intended reci

Configuring and Troubleshooting Bay Dial VPN Services3-18 302272-A Rev. 00The data packet travels from the home network to the remote node using a si

Dial VPN Layer 3 Tunneling302272-A Rev. 00 3-19 When Does Dial VPN Tear Down the Tunnel?Dial VPN tears down the tunnel when any of the following sit

302272-A Rev. 00 4-1 Chapter 4Configuring the Remote Access ConcentratorThis chapter describes how to use the command line interface (CLI) commands

302272-A Rev. 00 viiAssigning Addresses ...3-10Starting the

Configuring and Troubleshooting Bay Dial VPN Services4-2 302272-A Rev. 001.Install the RAC software.Use the installation script supplied for the RAC

Configuring the Remote Access Concentrator302272-A Rev. 00 4-3 ## If running IPX (Layer 3 only), include the following command.set port ppp_ncp all#

Configuring and Troubleshooting Bay Dial VPN Services4-4 302272-A Rev. 004.Enable the appropriate options.To display the options that are enabled, u

Configuring the Remote Access Concentrator302272-A Rev. 00 4-5 called_no <called number>call_action v.120set mode auto_detectend_session#begin

Configuring and Troubleshooting Bay Dial VPN Services4-6 302272-A Rev. 00For a default route, the syntax is: route add <default><next_hop&g

Configuring the Remote Access Concentrator302272-A Rev. 00 4-7 During the initial boot of the operational code, the ROM monitor requires the address

Configuring and Troubleshooting Bay Dial VPN Services4-8 302272-A Rev. 00Configuring the RAC to Advertise RIP 1 and/or RIP 2 UpdatesBy default, acti

302272-A Rev. 00 5-1 Chapter 5Configuring TMS and Security for erpcd NetworksIn a Dial VPN network, tunnel users are authenticated by a RADIUS serve

Configuring and Troubleshooting Bay Dial VPN Services5-2 302272-A Rev. 00Managing TMS Using the TMS Default DatabaseTunnel management in an erpcd-ba

Configuring TMS and Security for erpcd Networks302272-A Rev. 00 5-3 sauth=<ip addr of secondary authentication server>\[pacct=<ip addr of p

viii 302272-A Rev. 00Chapter 7 Configuring the Layer 3 GatewayConfiguring the Gateway ...

Configuring and Troubleshooting Bay Dial VPN Services5-4 302272-A Rev. 00Using Tunnel Management CommandsThe following sections describe the syntax

Configuring TMS and Security for erpcd Networks302272-A Rev. 00 5-5 All commands except add and help return an error if the entry is not found.Comma

Configuring and Troubleshooting Bay Dial VPN Services5-6 302272-A Rev. 00te=te_addrSpecifies the IP address of the frame relay port on the gateway o

Configuring TMS and Security for erpcd Networks302272-A Rev. 00 5-7 hwtype=hw_typehwaddr=hw_addrhwalen=hw_addr_lenhwtype indicates the type of netwo

Configuring and Troubleshooting Bay Dial VPN Services5-8 302272-A Rev. 00tutype=tunnel_typeSpecifies the type of tunnel to establish. For a Layer 3

Configuring TMS and Security for erpcd Networks302272-A Rev. 00 5-9 acctp=accounting_protocolSpecifies the accounting protocol used between the gate

Configuring and Troubleshooting Bay Dial VPN Services5-10 302272-A Rev. 00passwd=passwordRelevant only for Layer 2 tunnels, this parameter specifies

Configuring TMS and Security for erpcd Networks302272-A Rev. 00 5-11 Configuring Local Authentication Using the ACPDial VPN relies on the remote aut

Configuring and Troubleshooting Bay Dial VPN Services5-12 302272-A Rev. 00For IPX, use the network and node address combination; for example:0013ABC0

302272-A Rev. 00 6-1 Chapter 6Configuring the TMS Using Local RADIUSYou can configure the TMS database to use a RADIUS server on the service provide

302272-A Rev. 00 ixAppendix A Planning WorksheetBayDVS Network Planning Worksheet ...

Configuring and Troubleshooting Bay Dial VPN Services6-2 302272-A Rev. 00The NAS uses RADIUS accounting messages to determine when the TMS tunnel to

Configuring the TMS Using Local RADIUS302272-A Rev. 00 6-3 Figure 6-1. Message Exchanges Supporting RADIUS TMS OperationsLCP negotiateCHAP initiatio

Configuring and Troubleshooting Bay Dial VPN Services6-4 302272-A Rev. 00Using RADIUS AccountingThe NAS logs the tunnel-bound link sessions to the s

Configuring the TMS Using Local RADIUS302272-A Rev. 00 6-5 Table 6-2 summarizes the user stop messages that the NAS sends to the provider’s RADIUS s

Configuring and Troubleshooting Bay Dial VPN Services6-6 302272-A Rev. 00RADIUS Attributes That Support TunnelingThe RADIUS attributes that support

Configuring the TMS Using Local RADIUS302272-A Rev. 00 6-7 Table 6-4 lists the RADIUS attributes that the Layer 3 gateway supports.Table 6-4. RADIUS

Configuring and Troubleshooting Bay Dial VPN Services6-8 302272-A Rev. 00TMS Parameters for erpcd-based and All-RADIUS Tunnels While TMS operation i

Configuring the TMS Using Local RADIUS302272-A Rev. 00 6-9 TMS System Log (Syslog) MessagesTMS writes its system and error messages to the system lo

302272-A Rev. 00 7-1 Chapter 7Configuring the Layer 3 GatewayOnly Layer 3 tunnels use a gateway. To configure a Bay Networks router at the service p