Protocols And Standards; L2Tp Configuration Task List - HPE FlexNetwork MSR Series Comware 5 Layer 2 - Wan Access Configuration Manual
Hide thumbs
Also See for FlexNetwork MSR Series:
- Configuration manual (861 pages) ,
- Comware 7 layer 3 - ip services configuration manuals (554 pages) ,
- Comware 5 security configuration manual (547 pages)
Table of Contents
Advertisement
The iNode client (the user host) connects to the LNS device through L2TP. After the client
1.
passes PPP authentication, the CAMS/IMC server issues the isolation ACL to the device, which
will then filter packets from the client by using the firewall function.
After the IPCP negotiation, the CAMS/IMC server notifies the iNode client of its IP address (this
2.
IP address is permitted by the isolation ACL) through the device.
The CAMS/IMC server performs EAD authentication and security checks on the iNode client.
3.
After the client passes the security authentication, the CAMS/IMC server issues a security ACL
to the device to allow the client to access network resources.
When you configure L2TP-based EAD, follow these guidelines:
•
Make sure that the ACLs to be assigned by the authentication server are configured
appropriately on the LNS device. An empty ACL or incorrect ACL rules can cause EAD
authentication failure.
•
You can configure different ACLs for different hosts. The device filters packets of a host
according to the configured ACL.
•
L2TP-based EAD is usually used for remote users. For LAN users, deploy portal authentication.
For information about packet-filter firewalls, AAA, RADIUS, and portal authentication, see HPE
FlexNetwork MSR Router Series Comware 5 Security Configuration Guide.
Protocols and standards
•
RFC 1661, The Point-to-Point Protocol (PPP)
•
RFC 1918, Address Allocation for Private Internets
•
RFC 2661, Layer Two Tunneling Protocol "L2TP"
L2TP configuration task list
When configuring L2TP, perform the following operations:
Determine the network devices needed according to the networking environment. For
1.
NAS-initiated mode and LAC-auto-initiated mode, configure both the LAC and the LNS. For
client-initiated mode, you only need to configure the LNS.
Configure the devices accordingly based on the intended role (LAC or NAS) on the network.
2.
To configure a device as an LAC in NAS-initiated or LAC-auto-initiated mode, complete the following
tasks:
Task
Configuring basic L2TP
capabilities
Configuring an LAC
Enable L2TP
Create an L2TP group
Specify the local name of the
tunnel
Configuring an LAC to initiate
tunneling requests for specified
users
Configuring an LAC to transfer AVP
data in hidden mode
Configuring AAA authentication for
VPN users on LAC side
258
Remarks
Required.
Required.
Optional.
Required.
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the FlexNetwork MSR Series and is the answer not in the manual?