Table of Contents
Advertisement
•
LCP renegotiation—The LNS ignores the LAC proxy authentication information and performs
a new round of LCP negotiation with the user.
The LNS chooses an authentication method depending on your configuration.
•
If you configure both LCP renegotiation and mandatory CHAP authentication, the LNS uses
LCP renegotiation.
•
If you configure only mandatory CHAP authentication, the LNS performs CHAP authentication
for users after proxy authentication succeeds.
•
If you configure neither LCP renegotiation nor mandatory CHAP authentication, the LNS uses
the LAC for proxy authentication.
Configuring mandatory CHAP authentication
When mandatory CHAP authentication is configured, a user who uses an LAC to initiate tunneling
requests is authenticated by both the LAC and the LNS. Some users might not support the
authentication on the LNS. In this situation, do not enable this feature, because CHAP authentication
on the LNS will fail.
For this feature to take effect, you must also configure CHAP authentication for the PPP user on the
VT interface of the LNS.
To configure mandatory CHAP authentication:
Step
1.
Enter system view.
2.
Enter L2TP group view in
LNS mode.
3.
Configure mandatory CHAP
authentication.
Configuring LCP renegotiation
To establish a NAS-initiated L2TP tunnel, a user first negotiates with the LAC at the start of a PPP
session. If the negotiation succeeds, the LAC initiates an L2TP tunneling request and sends user
information to the LNS. The LNS then authenticates the user according to the proxy authentication
information received.
For the LNS not to accept LCP negotiation parameters, configure this feature to perform a new round
of LCP negotiation between the LNS and the user. In this case, the LNS authenticates the user by
using the authentication method configured on the corresponding VT interface.
If you enable LCP renegotiation but configure no authentication for the corresponding VT interface,
the LNS does not perform an additional authentication for users.
To configure the LNS to perform LCP renegotiation with users:
Step
1.
Enter system view.
2.
Enter L2TP group view in
LNS mode.
3.
Configure the LNS to
perform LCP renegotiation
with users.
Command
system-view
l2tp-group group-number [ mode
lns ]
mandatory-chap
Command
system-view
l2tp-group group-number [ mode
lns ]
mandatory-lcp
263
Remarks
N/A
N/A
By default, CHAP authentication
is not performed on an LNS.
This command is effective only on
NAS-initiated L2TP tunnels.
Remarks
N/A
N/A
By default, an LNS does not
perform LCP renegotiation with
users.
This command is effective only on
NAS-initiated L2TP tunnels.
Advertisement
Table of Contents
Troubleshooting
