What is Layer 2 Forwarding (L2F)?

Computer NetworkInternetMCA

Layer 2 Forwarding (L2F) is a Cisco Systems-developed media-independent t technology. Virtual private networks (VPNs) can be formed over a public network like the Internet using Layer 2 Forwarding (L2F), which tunnels data-link layer packets in protocols like Point-to-Point Protocol (PPP) or Serial Line Internet Protocol (SLIP).

L2F can be utilized on the server-side with capabilities like user authentication via Remote Authentication Dial-In User Service (RADIUS), dynamic address allocation, and quality of service (QoS). In addition, Cisco's Internetwork Operating System is used to implement L2F in routers (IOS).

Since the tunnelling approach is not connected to an IP (Internet Protocol) network, it can work directly in other network contexts such as Frame Relay or ATM.

How Does L2F Work?

PPP, for example, establishes a connection between a dial-up client and the network access server (NAS) that receives the call when utilizing L2F.

Client-initiated PPP connections are terminated at a PPP service provider's NAS, which is commonly an Internet service provider (ISP). L2F allows the client to extend the connection beyond the NAS to a remote target node, giving the impression that the client is directly linked to the remote node rather than the NAS. In L2F, the NAS's sole purpose is to project or forward PPP frames from the client to the distant node. In Cisco networking jargon, this distant node is referred to as a home gateway.

In brief, Cisco's protocol does not rely entirely on the IP protocol; it may also operate with other protocols directly. It can also be used in conjunction with VDU, a connectivity service (Virtual Dial-Up).

Types of Authentications

For remote user authentication, L2F VPN technology employs the PPP protocol and other authentication systems such as TACACS (Terminal Access Controller Access Control System) and RADIUS (Remote Authentication Dial-In User Service).

  • L2F tunnelling channels have several connections, which distinguishes them from PPTP tunnelling channels.

  • There are two stages of user authentication: one by the ISP before the tunnel is formed and another by the corporate gateway once the connection is established.

  • A two-user authentication mechanism is employed between the SP and a specified corporate company gateway before constructing a tunnel between the local and remote networks.

  • According to the OSI reference model, L2 operates on the data connection layer and allows users such as 1PX or NetBEUI rather than IP such as PPTP.

Password Authentication Protocol (PAP) − When a connection between the server and the client is established, the client delivers a packet containing the user's username and password. The user is logged in when a connection request is authenticated. After that, it is either verified or rejected.

Challenge Handshake Authentication Protocol (CHAP) − In this authentication mechanism, the client sends an authentication request regularly to the server with an authentication packet. These CHAP packets are transmitted between the server and the client regularly to verify the user/password form for authentication on both ends, thereby establishing or terminating the connection.

Advantages of L2F

  • It establishes an end-to-end tunnel for data encapsulation and transmission security.

  • The L2F protocol is safer since it works well with other security protocols.

  • L2F can provide user authentication via Remote Authentication Dial-In User Service (RADIUS), dynamic address allocation, and quality of service on the server-side (QoS).

  • Multiple connections can be supported using L2F tunnels.

Disadvantages of L2F

  • To preserve privacy, L2F does not provide encryption and instead relies on the protocol being tunnelled.

  • Data flow control is not provided by L2F.

  • Attribute-value (AV) pair hiding is not available in L2F.

Published on 19-Aug-2021 12:18:57