Table of Contents
Advertisement
3Com Router 3000 Ethernet Family
Configuration Guide
virtual template is CHAP and that configured on LAC side is PAP, authentication fails
and session cannot be correctly created as the CHAP authentication level demanded
by LNS is higher than PAP authentication supplied by LAC.
Local end does not perform CHAP authentication by default.
2.3.10 Forcing LCP to Re-negotiate
For NAS-Initialized VPN, the user first performs PPP negotiation with NAS when PPP
session starts. If the negotiation passes, NAS initializes L2TP tunnel connection, and
transmits user information to LNS so that LNS can judge whether the user is legal or not
according to the received agent authentication information,
But in some cases (e.g. authentication and accounting need performing on LNS side
simultaneously), required re-negotiation needs to be created between LNS and the
user, and agent authentication information on NAS side will be ignored.
The configuration of mandatory LCP re-negotiation is optional on LNS side.
Perform the following configuration in L2TP group view.
Table 2-28 Enable/disable mandatory LCP re-negotiation
Enable mandatory LCP re-negotiation.
Disable mandatory LCP re-negotiation.
By default, LCP re-negotiation is not performed.
Despite LCP re-negotiation is enabled, LNS will not perform authentication on the user
if authentication is not configured in the associated virtual template. In this case, the
user is only authenticated once on LAC side, and the address from the global address
pool is assigned to the client directly.
2.3.11 Setting Local Address and Assigning Address Pool
After the L2TP tunnel connection between LAC and LNS is created, LNS should assign
IP addresses for VPN users from address pool. Before address pool is specified, you
must use the ip pool command in system view or domain view to define an address
pool. For detailed description about the ip pool command, refer to the "Security" part of
this manual. If LNS adopts agent authentication, mandatory CHAP authentication, or
LCP re-negotiation with authentication, the system uses the address pool configured in
domain view for address assignment; if you do not configure the LNS to authenticate or
the LNS adopts mandatory LCP re-negotiation that does not include the authentication
process, the system uses the global address pool for address assignment.
The address pool configuration is optional on LNS side.
Operation
3Com Corporation
2-21
Chapter 2 Configuration of L2TP
Command
mandatory-lcp
undo mandatory-lcp
Advertisement
Chapters
Table of Contents
Troubleshooting
