Specifying Lns Ip Addresses; Configuring Transferring Avp Data In Hidden Mode; Configuring Aaa Authentication On An Lac - HP VSR1000 Layer 2 - Wan Access Configuration Manual
Virtual services router
Hide thumbs
Also See for VSR1000:
- Configuration manual (463 pages) ,
- Security configuration manual (361 pages) ,
- High availability configuration manual (91 pages)
Table of Contents
Advertisement
Specifying LNS IP addresses
You can specify up to five LNS IP addresses. The LAC initiates an L2TP tunneling request to its specified
LNSs consecutively in their configuration order until it receives an acknowledgement from an LNS, which
then becomes the tunnel peer.
To specify LNS IP addresses:
Step
1.
Enter system view.
2.
Enter L2TP group view in LAC
mode.
3.
Specify LNS IP addresses.
Configuring transferring AVP data in hidden mode
L2TP uses Attribute Value Pairs (AVPs) to transmit tunnel negotiation parameters, session negotiation
parameters, and user authentication information. Transferring AVP data in hidden mode can hide
sensitive AVP data such as user passwords. With this feature enabled, AVP data is encrypted before
transmission with the key configured by using the tunnel password command.
This configuration takes effect only when the tunnel authentication function is enabled. For more
information about configuring tunnel authentication, see
To configure transferring AVP data in hidden mode:
Step
1.
Enter system view.
2.
Enter L2TP group view in LAC
mode.
3.
Specify that AVP data be
transferred in hidden mode.
Configuring AAA authentication on an LAC
You can configure an LAC to authenticate the identities (usernames and passwords) of remote dialup
users by using AAA authentication and initiate a tunneling request only for qualified users. No tunnel will
be established for unqualified users.
The device supports both local AAA authentication and remote AAA authentication:
For local AAA authentication, create a local user and configure a password for each remote user
•
on the LAC. The LAC authenticates a remote user by matching the provided username and
password against those configured locally.
For remote AAA authentication, configure the username and password of each user on the
•
RADIUS/HWTACACS server. The LAC sends the remote user's username and password to the
server to authenticate.
Command
system-view
l2tp-group group-number [ mode
lac ]
lns-ip { ip-address }&<1-5>
"Configuring L2TP tunnel
Command
system-view
l2tp-group group-number [ mode
lac ]
tunnel avp-hidden
18
Remarks
N/A
N/A
By default, no LNS IP addresses
are specified.
authentication."
Remarks
N/A
N/A
By default, AVP data is transferred
in plain text.
Advertisement
Table of Contents
