Configuring The Source Ip Address Of L2Tp Tunnel Packets; Enabling Transferring Avp Data In Hidden Mode; Configuring Aaa Authentication On An Lac - HPE FlexNetwork MSR series Configuration Manual
Comware 7 layer 2 - wan access
Hide thumbs
Also See for FlexNetwork MSR series:
- Configuration manual (861 pages) ,
- Comware 7 layer 3 - ip services configuration manuals (554 pages) ,
- Comware 5 security configuration manual (547 pages)
Table of Contents
Advertisement
Step
1.
Enter system view.
2.
Enter L2TP group view in
LAC mode.
3.
Specify LNS IP addresses.
Configuring the source IP address of L2TP tunnel packets
As a best practice to ensure high availability, use the IP address of a loopback interface as the
source IP address of L2TP tunnel packets on the LAC. If equal cost routing paths exist between the
LAC and LNS, you must use the IP address of a loopback interface as the source IP address of L2TP
tunnel packets. To do so, use the source-ip command or use the RADIUS server to assign a
loopback interface address.
To configure the source IP address of L2TP tunnel packets:
Step
1.
Enter system view.
2.
Enter L2TP group view in
LAC mode.
3.
Configure the source
address
packets.
Enabling transferring AVP data in hidden mode
L2TP uses Attribute Value Pairs (AVPs) to transmit tunnel negotiation parameters, session
negotiation parameters, and user authentication information. Transferring AVP data in hidden mode
can hide sensitive AVP data such as user passwords. This feature encrypts AVP data with the key
configured by using the tunnel password command before transmission.
This configuration takes effect only when the tunnel authentication feature is enabled. For more
information about configuring tunnel authentication, see
To enable transferring AVP data in hidden mode:
Step
1.
Enter system view.
2.
Enter L2TP group view in
LAC mode.
3.
Enable transferring AVP data
in hidden mode.
Configuring AAA authentication on an LAC
You can configure AAA authentication an LAC to authenticate the remote dialup users and initiate a
tunneling request only for qualified users. A tunnel will not be established for unqualified users.
The device supports both local AAA authentication and remote AAA authentication.
Command
system-view
l2tp-group group-number [ mode
lac ]
lns-ip { ip-address }&<1-5>
Command
system-view
l2tp-group group-number [ mode
lac ]
IP
of
L2TP
tunnel
source-ip ip-address
Command
system-view
l2tp-group group-number [ mode
lac ]
tunnel avp-hidden
"Configuring L2TP tunnel
76
Remarks
N/A
N/A
By default, no LNS IP addresses
are specified.
Remarks
N/A
N/A
By default, the source IP address
of L2TP tunnel packets is the IP
address of the egress interface.
authentication."
Remarks
N/A
N/A
By
default,
AVP
transferred in plain text.
data
is
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the FlexNetwork MSR series and is the answer not in the manual?