3Com MSR 50 Series Configuration Manual page 1608

1608 C 82: L2TP C
HAPTER ONFIGURATION
To do...
Enable the L2TP tunnel
authentication function
Configure the password for
tunnel authentication
Specify that attribute value
pair (AVP) data be transferred
in hidden mode
Set the hello interval
Specify to use the local AAA
scheme and configure the
users and passwords
Enable the tunnel flow control
function
Return to user view
Disconnect tunnels by force
Note that:
An L2TP group is intended to represent a group of parameters and is
■
corresponding to one or one group of VPN users. This not only allows for
flexible L2TP configuration on routers, but also facilitates one-to-one and
one-to-many networking applications between LAC and LNS. An L2TP group
has only local significance. However, you need to ensure that the relevant
settings of the corresponding L2TP groups on the LAC and LNS match
respectively. For example, the local tunnel name configured on the LAC must
match the remote tunnel name configured on the LNS.
An LAC can initiate tunneling requests for only specified users to specified
■
LNSs. Use the start l2tp command to specify the users and LNSs. Up to five
LNSs can be configured for one or one group of users. Normally, the LAC
initiates an L2TP tunneling request to its specified LNSs one by one in their
configuration order until it receives the acknowledgement of an LNS, which is
considered the tunnel peer.
You can specify whether tunnel authentication must be performed before a
■
tunnel is set up. Either of the LAC and the LNS can initiate a tunnel
authentication request. Whenever tunnel authentication is enabled on one
side, a tunnel can be set up successfully only if tunnel authentication is enabled
on the other side and the two sides are configured with the same password
that is not null. You are recommended to enable tunnel authentication for
tunnel security.
To check the connectivity of a tunnel, the LAC and the LNS regularly send Hello
■
packets to each other. Upon receipt of a Hello packet, the LAC or LNS returns a
response packet. When the LAC or LNS fails to receive a Hello response packet
from the peer in a specified period of time, it retransmits the Hello packet. If it
receives no response packet from the peer after retransmitting the Hello packet
Use the command...
tunnel authentication
tunnel password { simple |
cipher } password
tunnel avp-hidden
tunnel timer hello
hello-interval
Refer to "Configuring the
Local AAA Scheme and the
Users and Passwords" on
page 1609
tunnel flow-control
quit
reset l2tp tunnel
{ remote-name | tunnel-id }
Remarks
Optional
Enabled by default
Required
The password is null by
default.
Optional
By default, AVP data is
transferred in plain text.
Optional
60 seconds by default
Required
Optional
Disabled by default
-
Optional