Configuring User Authentication On An Lns - HP MSR Router Series Wan Access Configuration Manual
Hide thumbs
Also See for MSR Router Series:
- Configuration manual (889 pages) ,
- Command reference manual (684 pages) ,
- Command reference manual (407 pages)
Table of Contents
Advertisement
Step
1.
Enter system view.
Enter L2TP group view in LNS
2.
mode.
3.
Configure the LNS to accept
tunneling requests from a
specific LAC and specify the VT
interface to be used for tunnel
setup.
Configuring user authentication on an LNS
An LNS can be configured to authenticate a user that has passed authentication on the LAC to increase
security. In this case, the user is authenticated once on the LAC and once on the LNS. An L2TP tunnel can
be established only when both authentications succeed.
An LNS provides the following authentication methods in ascending order of priority:
Proxy authentication—The LNS uses the LAC as an authentication proxy. The LAC sends the LNS all
•
user authentication information from users and the authentication method configured on the LAC
itself. The LNS then checks the user validity according to the received information and the locally
configured authentication method.
•
Mandatory CHAP authentication—The LNS uses CHAP authentication to reauthenticate users who
have passed authentication on the LAC.
LCP renegotiation—The LNS ignores the LAC proxy authentication information and performs a new
•
round of LCP negotiation with the user.
The LNS chooses an authentication method depending on your configuration.
If you configure both LCP renegotiation and mandatory CHAP authentication, the LNS uses LCP
•
renegotiation.
If you configure only mandatory CHAP authentication, the LNS performs CHAP authentication for
•
users after proxy authentication succeeds.
If you configure neither LCP renegotiation nor mandatory CHAP authentication, the LNS uses the
•
LAC for proxy authentication.
Configuring mandatory CHAP authentication
When mandatory CHAP authentication is configured, a user that uses an LAC to initiate tunneling
requests is authenticated by both the LAC and the LNS. Some users might not support the authentication
on the LNS. In this situation, do not enable this feature, because CHAP authentication on the LNS will fail.
For this feature to take effect, you must also configure CHAP authentication for the PPP user on the VT
interface of the LNS.
To configure mandatory CHAP authentication:
Command
system-view
l2tp-group group-number [ mode
lns ]
•
If the L2TP group number is 1:
allow l2tp virtual-template
virtual-template-number
[ remote remote-name ]
•
If the L2TP group number is
not 1:
allow l2tp virtual-template
virtual-template-number
remote remote-name
84
Remarks
N/A
N/A
By default, an LNS denies
tunneling requests from any LAC.
If the L2TP group number is 1, the
remote remote-name option is
optional. If you do not specify this
option, the LNS accepts tunneling
requests from any LAC.
- Quick Links:
- Configuring Ppp and Mp
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
