610CHAPTER 43: CONFIGURING L2TP

Table 673 Configure the Name of the Receiving End of the Tunnel

Operation

Command

 

 

Set the name of the receiving end of the

allow l2tp virtual-template

tunnel.

virtual-template-number [ remote

 

remote-name ]

 

 

Remove the name of the receiving end of

undo allow

the tunnel.

 

 

 

When the group number of L2TP is 1 (the default L2TP group number), it is unnecessary to specify the remote-name. If the name of remote end is still specified in the view of L2TP group 1, L2TP group 1 will not work as the default L2TP group.

Only L2TP group 1 can be set as the default group.

The start l2tp command and the allow l2tp command are mutually exclusive.

That means after one is configured, the other will automatically become invalid. A

L2TP group cannot serve LAC and LNS at the same time.

By default, receiving dial-in from LAC is disabled.

Configure the Local VPN In the mode of “fullusername@domain” and password, LAC conveys these User information input by VPN users to LNS for authentication, LNS will perform the

local authentication first and then the RADIUS authentication to ensure these users are legal VPN users. The process of RADIUS authentication will be removed once users have passed local authentication. These VPN users can access internal resource after the authentication at LNS.

Perform the ppp authentication-modeconfiguration in interface view and make the other configurations in system view.

Table 674 Configure Local VPN Users

Operation

Command

 

 

Enable AAA.

aaa-enable

 

 

Configure the authentication method

aaa authentication-scheme ppp {

table of PPP user

default list-name } { method1} [

 

method2 ... ]

 

 

Specify accounting scheme configure

aaa accounting-scheme optional

information

 

 

 

Configure to authenticate users.

ppp authentication-mode { pap chap

 

}

 

 

Set user name and password.

local-user username password { simple

 

cipher } password

 

 

At LNS, local user name configured adopts the mode of “ fullusername@domain”

Advanced Configuration at LAC or LNS

Advanced configurations at LAC side includes:

Configure the local name

Enable tunnel authentication and set password

Configure the interval for sending Hello messages

Page 614
Image 614
3Com 10014299 manual Advanced Configuration at LAC or LNS, By default, receiving dial-in from LAC is disabled