Table of Contents
Advertisement
Creating a VT interface
After an L2TP session is established, a PPP session is needed for data exchange with the peer. The
system will dynamically create PPP sessions based on the parameters of the virtual template (VT)
interface. To configure an LNS, first create a VT interface and configure the following parameters for
it:
•
Interface IP address.
•
Authentication mode for PPP users.
•
IP addresses allocated by the LNS to PPP users.
For information about configuring VT interfaces, see
Configuration Guide.
Configuring an LNS to accept L2TP tunneling requests from
an LAC
When receiving a tunneling request, an LNS performs the following operations:
•
Determines whether to accept the tunneling request by checking whether the name of the
tunnel peer (LAC) matches the one configured.
•
Determines the VT interface to be used for creating the PPP session.
To configure an LNS to accept L2TP tunneling requests from an LAC:
Step
1.
Enter system view.
2.
Enter L2TP group view in LNS
mode.
3.
Configure the LNS to accept
tunneling requests from an
LAC and specify the VT
interface to be used for tunnel
setup.
Configuring user authentication on an LNS
An LNS can be configured to authenticate a user that has passed authentication on the LAC to
increase security. In this case, the user is authenticated once on the LAC and once on the LNS. An
L2TP tunnel can be established only when both authentications succeed.
An LNS provides the following authentication methods in ascending order of priority:
•
Proxy authentication—The LNS uses the LAC as an authentication proxy. The LAC sends the
LNS all user authentication information from users and the authentication method configured on
the LAC itself. The LNS then checks the user validity according to the received information and
the locally configured authentication method.
•
Mandatory CHAP authentication—The LNS uses CHAP authentication to reauthenticate
users who have passed authentication on the LAC.
"Configuring
Command
system-view
l2tp-group group-number
[ mode lns ]
•
If the L2TP group number
is 1:
allow l2tp
virtual-template
virtual-template-number
[ remote remote-name ]
•
If the L2TP group number
is not 1:
allow l2tp
virtual-template
virtual-template-number
remote remote-name
262
PPP" and Layer 3—IP Services
Remarks
N/A
N/A
By default, an LNS denies
tunneling requests from any LAC.
If the L2TP group number is 1, the
remote remote-name option is
optional. If you do not specify this
option, the LNS accepts tunneling
requests from any LAC.
Advertisement
Table of Contents
Troubleshooting
