LANCOM Support Knowledgebase Dokument-Nr. 1807.1311.5754.RHOO - V1.90

LCOS version 10.20 and later: Configuring a WLAN scenario for bridging payload data to the central site



Description:

From LCOS 10.20, layer-3 Ethernet tunnels can be configured to use L2TPv3. This is configured in the L2TP endpoints table, available since version 2 of the protocol, and in the new L2TP Ethernet table.

This is particularly useful for bridging WLAN traffic on access points to a central concentrator by means of an L2TPv3 Ethernet tunnel. Without L2TPv3, this would require the use of a WLAN controller operating CAPWAP layer-3 tunnels.

L2TPv3 does not require WLAN controllers and, for LMC-managed scenarios in particular, this allows WLAN traffic to be bridged through tunnels to the central site.

This document describes how L2TPv3 is used in a scenario where several access points use bridging to transfer their payload data to a central router (referred to here as the “concentrator”), where the data are made available via a separate Ethernet port.



Requirements:



Procedure:

1) Configuration steps on the LANCOM router operating as a concentrator:

1.1) In LANconfig, open the configuration dialog for the LANCOM router and switch to the menu item Communication -> Remote sites -> L2TP.

1.2) Under L2TP endpoints create a new entry with the following values:
  • Enter a descriptive name for the new entry. This device name will be used later in the L2TP negotiation and must be specified!
  • Set the L2TP version to L2TPv3.
  • Leave the field for the IP address blank. This ensures that the concentrator is able to accept L2TP connections from any remote site (access points).
  • Enter a password to increase the security.
  • Enable Authenticate remote end so that the password is prompted to authenticate the connection establishment.
  • Leave the remaining settings at the default values.

1.4) Under L2TP ethernet create a new entry with the following values:
  • Use Remote site to set a name for the Ethernet tunnel, e.g. the name of the SSID to which the tunnel on the access points is to be linked.
  • Leave the field L2TP endpoint empty so that any (authenticated) sessions can be accepted. This method avoids having to create an entry for each individual access point in the L2TP endpoint table: The wildcard entry created in step 1.2 is used instead.
  • Under Interface you configure the virtual interface to which the L2TP Ethernet tunnel is to be connected.
    If the access points operate multiple SSIDs that are to be bridged to the central site, use this table to create an entry for each SSID, each with a unique name under Remote site.



    Note:
    In this example, the payload data of all connected access points are routed to the virtual interface configured here. Furthermore, the payload data of all access points connected to this virtual interface are bridged to one another—rather like the WLAN controller-based layer-3 tunneling technique (also see Database 'SP Knowledgebase', View '03. Edit Documents\by Responsible, Status', Document 'Tutorial WLAN Layer-3 Tunneling: WLAN controller with Public Spot ').


1.5) Under Interfaces -> LAN -> LAN bridge settings -> Port table, link the virtual L2TP interface selected earlier to a LAN interface by assigning them both to the same bridge group.

Repeat this for any additional L2TP virtual interfaces for additional SSIDs.



1.6) You can now write the configuration back to the device.



2) Configuration steps for a LANCOM access point:

In this example, an access point has two SSIDs, each configured with its own logical WLAN interface (e.g. SSID_1 on WLAN-1-1 and SSID_2 on WLAN-1-2).

2.1) In LANconfig, open the configuration dialog for the LANCOM access point and switch to the menu item Communication -> Remote sites -> L2TP.

2.2) Under L2TP endpoints create a new entry with the following values:
  • Enter a descriptive name for the new entry. This device name will be used later in the L2TP negotiation and must be specified!
  • Set the L2TP version to L2TPv3.
  • Enter the IP address or host name where the access point contacts the concentrator.
  • Enter the password you set when configuring the concentrator (see step 1.2).
  • Enable Authenticate remote end so that the password is prompted to authenticate the connection establishment.
  • Leave the remaining settings at the default values.

2.3) Under L2TP ethernet create a new entry with the following values:
  • Under Remote site, enter a name that identifies the Ethernet tunnel. This must be the same as the name given to this Ethernet tunnel on the concentrator.
  • In the field L2TP endpoint, select the L2TP endpoint table entry that was created in the previous step. This endpoint is then used to establish the Ethernet tunnel.
  • Under Interface you configure the virtual interface to which the L2TP Ethernet tunnel is to be connected.

  • Because this example uses two SSIDs, this step needs to be repeated again.


2.4) Under Interfaces -> LAN -> LAN bridge settings -> Port table, link the virtual L2TP interface selected earlier to a WLAN interface by assigning them both to the same bridge group.

Repeat this for any additional L2TP virtual interfaces for additional SSIDs.



2.5) You can now write the configuration back to the device.


Note:
Carry out the configuration described here for the other access points.

Once the configuration has been completed in this way, the identical configuration can be used on all of the access points and no further adaptations are necessary for the individual APs.
© LANCOM Systems GmbH