Huawei AR1200 series Configuration Manual page 270
Enterprise routers
Hide thumbs
Also See for AR1200 series:
- Configuration manual (342 pages) ,
- User configuration manual (232 pages) ,
- Hardware description (218 pages)
Table of Contents
Advertisement
Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN
this manner, an L2TP tunnel is established only after authentications on both the LAC and the
LNS are successful.
The LNS authenticates users in three ways, namely, agent authentication, mandatory CHAP
authentication, and LCP re-negotiation. Among them, the LCP re-negotiation has the highest
priority.
l
l
l
Pre-configuration Tasks
Before configuring the LNS, you need to complete the following tasks:
l
l
Data Preparation
To configure LNS, you need the following data.
Issue 01 (2012-04-20)
LCP re-negotiation
– LCP re-negotiation adopts the authentication mode configured on the related virtual
template.
– For the NAS-initialized VPN service, a user firstly performs the PPP negotiation with
the NAS when a PPP session starts. If the negotiation is performed well, then NAS
initializes an L2TP tunnel connection, and transmits user information to the LNS. The
LNS then judges whether the user is legal or not based on the received agent
authentication information.
– If a more restrict authentication is required on the LNS, or the LNS needs to obtain
certain user information directly (Mostly when the LNS and LAC are from different
providers), LCP re-negotiation needs to be performed between the LNS and the user,
whereas the agent authentication information on the NAS is ignored.
Mandatory CHAP authentication
If only mandatory CHAP authentication is configured, the LNS performs CHAP
authentication for users.
Agent authentication
If neither LCP re-negotiation nor mandatory CHAP authentication is configured, the LNS
performs agent authentication for users. In this authentication mode, the LAC sends all user
authentication information to the LNS. The LNS then authenticate the user information
based on the local configuration.
Suppose the authentication mode configured on the virtual template is CHAP, and that
configured on LAC is PAP when LNS adopts agent authentication. The authentication
cannot pass successfully, because the authentication level of CHAP is higher than that of
PAP.
NOTE
After LCP re-negotiation is enabled, if authentication is not configured on the related virtual template, LNS
will not perform secondary authentication for the user. In this manner, the user is authenticated only once
on the LAC.
For other cases, secondary authentication is performed. The authentication mode "none" is also a type of
authentication.
Configuring Basic L2TP Functions
Configuring a virtual template to establish an L2TP connection
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4 L2TP Configuration
259
Hide quick links:
Advertisement
Table of Contents
