Lac Configuration - 3Com 3C13636 Configuration Manual

3Com Router 3000 Ethernet Family
Configuration Guide
5) RADIUS server authenticates this user and sends back access accept, such as
LNS address, after authentication is passed successfully; LAC is ready for
initiating a new tunnel request;
6) LAC initiates a tunnel request to the LNS address sent back by RADIUS server;
7) LAC informs LNS of "CHAP challenge" information, LNS sends back CHAP
response and its own CHAP challenge, and LAC sends back CHAP response;
8) Authentication passes successfully;
9) LAC transmits the information of CHAP response, response identifier and PPP
negotiation parameters to LNS;
10) LNS sends the access request to RADIUS server for authentication;
11) RADIUS server authenticates this access request and sends back a response if
authentication is successful;
12) If local mandatory CHAP authentication is configured at LNS, LNS will
authenticate the VPN user by sending CHAP challenge and the VPN user at PC
sends back responses;
13) LNS resends this access request to RADIUS for authentication;
14) RADIUS server re-authenticates this access request and sends back a response if
authentication is successful;
The authentication passes and the VPN user can use the internal resources of the
enterprise.

2.2 LAC Configuration

Concerning L2TP configuration, configuration of LAC side differs from that of LNS side.
This section mainly covers the configuration of LAC side. In configuration task list,
L2TP must be enabled and L2TP group must be created before any other functions can
be configured. For detailed introduction to related PPP configuration commands, refer
to the chapters and sections for them.
Configuration tasks at LAC side include:
Enable L2TP (required)
Create L2TP group (required)
Set the condition triggering L2TP tunnel setup request and LNS addresses
(required)
Set local name (optional)
Set Tunnel authentication and password (optional)
Configure AVP hiding (optional)
Set Hello interval in the tunnel.(optional)
Set user name and password and configure user authentication (required)
Disconnect Tunnel by force (optional)
Enable/disable the flow control function of the tunnel (optional)
Set L2TP session idle-timeout timer (optional)
Configure the tunnel-hold function of L2TP (optional)
3Com Corporation
2-6
Chapter 2 Configuration of L2TP