Enabling Mandatory Local Chap Authentication - 3Com 3C13636 Configuration Manual

3Com Router 3000 Ethernet Family
Configuration Guide
Restore the default value of Hello
interval.
By default, Hello interval is 60 seconds. If this configuration is not performed on LNS
side, LNS will adopt this default value to send Hello packet to the peer end periodically.

2.3.9 Enabling Mandatory Local CHAP Authentication

After LAC performs agent authentication on a user, LNS can authenticate the user
again. The user therefore undergoes authentication twice: once on LAC side and once
on LNS side. Only after both the two authentications succeed, can L2TP tunnel be
created.
In an L2TP network, LNS side authenticates users in three ways: agent authentication,
mandatory CHAP authentication, and LCP re-negotiation.
Among these three authentication approaches, LCP re-negotiation is of the first priority.
If both LCP re-negotiation and mandatory CHAP authentication are configured on LNS
side, L2TP will choose the former, adopting the authentication mode configured in the
associated virtual template.
If only CHAP authentication is configured, LNS will perform CHAP authentication on
users.
To perform mandatory CHAP authentication on LNS side, you must configure
username, password and user authentication and enable AAA on this side. Mandatory
local CHAP authentication is optional on LNS side.
Perform the following configuration in L2TP group view.
Table 2-27 Enable mandatory local CHAP authentication
Enable mandatory local CHAP authentication.
Disable local CHAP authentication.
When LNS adopts agent authentication (that is, neither LCP re-negotiation nor
mandatory CHAP authentication is configured), the following applies: If no
authentication mode is configured in the virtual template, LAC sends to LNS all
authentication information received from the user as well as authentication mode
configured on LAC side, and LNS side will accept the authentication result on LAC side.
When LNS adopts agent authentication, the following applies: If the authentication
mode configured in the virtual template is PAP and the authentication is successful,
sessions are permitted to be established. If the authentication mode configured in the
Operation
Operation
3Com Corporation
2-20
Chapter 2 Configuration of L2TP
Command
undo tunnel timer hello
Command
mandatory-chap
undo mandatory-chap