Features of L2TP protocol | Huawei v200r001 manual

User Manual - Configuration Guide (Volume 3)	Chapter 2
Versatile Routing Platform	Configuration of L2TP
LAC RADIUS server	LNS RADIUS server
	LNS RADIUS server

(5)Request tunnel message

user = domain password = quidway

			Access request
			(15)(20)
	(6)AV PairsTunnel message		Access response
	Local name(LAC)		Access response
	Local name(LAC)		(16)(21)
	Tunnel password		(16)(21)
	Tunnel password	(15)	(16)
	Tunnel type	(15)	(16)
	LNS IP Address	(20)	(21)
		(20)	(21)

PSTN/ISDN

WAN

LAC	LNS

Call setup (1)

PPPLCPSetup (2) user CHAP challenge(3) user CHAP response(4)

Tunnel establishment(7)

Tunnel authentication CHAP challenge(8)

LNS CHAP response(9)

Authentication Passes (10)

CHAP challenge(11)

LAC CHAP response(12)

Authentication passes (13)

user CHAP response + response identifier + PPP consultation parameter (14) Pass (17)

Optional second time CHAP challenge(18)

CHAP response(19)

Authentication passes (22)

Figure VPN-2-3Call setup flow of L2TP channel

V. Features of L2TP protocol

zFlexible identity authentication mechanism and high security

L2TP protocol does not provide connection security, but it can depend on the authentication (e.g. CHAP and PAP) provided by PPP, so it has all security features of

PPP.L2TP can integrate with IPsec to fulfill data security, so it is difficult to attack the data transmitted with L2TP. As required by specific network security, L2TP adopts channel encryption technique, end-to-end data encryption or application layer data encryption on it to improve data security.

zMulti-protocol transmission

L2TP transmits PPP packet. Thus multi-protocol can be encapsulated in PPP packet.

zSupport the authentication of RADIUS server

LAC requires the authentication of RADIUS with user name and password. RADIUS server is in charging of receiving authentication request of the user, fulfilling the authentication and returning to LAC the configuration information for connection establishment.

zSupport internal address distribution

2-5

Image 25

Huawei v200r001 user manual Features of L2TP protocol, Figure VPN-2-3Call setup flow of L2TP channel

Contents

V200R001 Huawei BOM31010868 Manual Version T2-080168-20011213-C-1.5 About This Manual Contents Bracket, e.g. Enter , Tab , Backspace , or a Format Description KeyKey 1 + Key Key 1, Key Action Description Symbol Huawei Security Configuration SC II. IKE features Configuration of IKE Creating IKE Security Policy IKE Configuration Task List No IKE security policy is created by default Select Authentication AlgorithmSelect Encryption Algorithm Select Hashing Algorithm Set Pre-shared KeySelect DH Group ID Show IKE SA parameter Quidway# show crypto ike sa Set Lifetime of IKE Association SA Show IKE security policy Quidway# show crypto ike policy Networking requirements III. Configuration procedure II. Networking diagram Problem 1 Invalid user ID information VPN Configuration VPN Table of Contents VPN Overview VPN features Classification of IP VPN According to operation mode III. According to service purpose II. According to the layer where the tunnel is IV. According to networking model Brief Introduction to L2TP Protocol Configuration of L2TPOverview of Vpdn Brief induction to Vpdn III. Method to realize Vpdn 2 L2TP ProtocolTunnel and session III. Two typical L2TP tunnel modes II. Control message and data message Call setup flow of L2TP channel is shown in the following IV. Call setup flow of L2TP tunnel Figure VPN-2-3Call setup flow of L2TP channel Features of L2TP protocol 1 L2TP Configuration Task List Configuring L2TPConfiguring at LAC Side II. Create Vpdn group Disable Vpdn to run by default Disable Vpdn running by default Configuring at LNS SideIV. Set the connection request to originate L2TP channel Table VPN-2-4L2TP attribute table No vpdn group group-number III. Create/delete virtual interface templateAccept dialin l2tp virtual-template virtual No accept dialin III. Force local end to perform Chap authentication Optional configurationSet local name of channel LCP does not renegotiate by default Local end does not perform Chap authentication by defaultIV. LNS forces LCP to renegotiate Set domain name delimiter and search sequence Disable hiding AV pairs by default VII. Enable/disable hiding AV pairs VIII. Force to disconnect tunnel Monitoring and Maintenance of L2TP Show l2tp session command domain Typical Configuration of L2TPNAS-Initialized VPN Networking requirement III. Configuration procedure Client-Initialized VPN Figure VPN-2-5Networking diagram of Client-Initialized VPN Single User Interconnects Headquarters via Router Chapter Fault Diagnosis of L2TP Brief Introduction to GRE Protocol Configuration of GREBrief introduction to the protocol Figure VPN-3-2Format of transmission message in the tunnel II. Applicable range GRE Configuration Task List Configuring GRE Setting the Destination Address of Tunnel Interface Setting the Source Address of Tunnel InterfaceCreating Virtual Tunnel Interface Setting the Encapsulation Mode of Tunnel Interface Message Setting the Network Address of Tunnel InterfaceSetting the Identification Key Word of Tunnel Interface Setting Tunnel Interface to Check with Check Sum Disable tunnel interface to check with check sum by default Monitoring and Maintenance of GREShow interface tunnel tunnel-number Figure VPN-3-6Networking diagram of GRE application Typical Configuration of GRE Chapter Troubleshooting GRE Reliability Configuration LC Configuration of Hsrp Configuration of Backup Center Backup Center Overview Configuration of Backup CenterConfiguring the Backup Center Configuration Task List Backup logic-channel logic-channel No backup delay Backup state-down number Configuring Routes for Main and Backup InterfacesBackup state-up interval-time Typical Configuration of Backup Center Monitoring and Maintaining of Backup CenterAn example of Backup Between Interfaces An Example of Multiple Backup Interfaces Chapter Chapter Hsrp Overview Configuration of Hsrp Starting Hsrp Function Configuring Hsrp Setting Router’s Preemption Mode in Hsrp Standby Group Setting Router’s Priority in Hsrp Hot Standby GroupSetting Hsrp Authorization Word Standby group-number preempt Table LC-2-4Set Hsrp authorization word Setting Hsrp TimerStandby group-numberauthentication string Monitoring the Specified Interface Modifying Virtual MAC Address Using Actual Interface MAC AddressTable LC-2-6Monitor the specified interface An example for single hot standby group configuration Typical Configurations of HsrpMonitoring and Maintaining Hsrp Show relevant Hsrp information Quidway# show standby 202.38.160.111 An example for setting Hsrp to monitor a specified interface An example for multiple hot standby groups configuration Fault Diagnosis and Troubleshooting of Hsrp QoS Configuration QC Configure CAR Rules Based on the MAC Address CAR Configuration ExampleApply CAR Rules to Packets Which is Matched the ACL Best-effort Service Three service types of QoSII.Integrated Service QoS Overview Functions of QoS III. Differentiated Service Chapter Traffic Classification and Policing II. CAR Committed Access RateTraffic Classification and Policing Introduction to Traffic Classification Introduction to Traffic Policing Features of Token Bucket II.Traffic Measuring with Token Bucket Introduction to CARIII Complicacy Evaluation CAR Configuration Task List CAR ConfigurationNo CAR rule is specified by default Specify CAR rules Table QC-2-3Monitoring and maintenance of CAR Monitoring and Maintenance of CARApply the CAR Rule on the Interface Show CAR statistics Quidway# show car interface serial II.Configuration CAR Configuration ExampleApplying CAR Rules to All Packets Requirements Apply CAR Rules to Packets Which is Matched the ACL III. Configuration Configure CAR Rules Based on the MAC Address Configure CAR Rules Based on the Priority LevelII.Networking diagram Chapter Congestion and Congestion Management Congestion ManagementAbout Congestion Congestion Management Policy Fifo Queuing IV. WFQ Weighted Fair QueuingII. PQ Priority Queuing III. CQ Custom Queuing Selecting Congestion Management Policy No. Advantages Disadvantages Queue Working Principle of Congestion Management Policy Fifo III. CQ Configuring PQ Configuration of Congestion ManagementPQ Configuration task list II. Configuring priority queue Normal low Priority-list list-number interface type number high medium Interface adopts Fifo queuing by default Table QC-3-7Configuration of queue length of priority queueIII. Applying priority queue to the interface IV. Maintaining and monitoring the priority queue CQ configuration task list Configuring CQII. Configuring the custom queue No custom-list list-number interface type number Operation Command Configure the default custom queue No custom-list list-number queue queue-number limit III. Applying custom queue to the interfaceCustom-list list-number queue queue-number byte-count No custom-list list-number queue queue-number byte-count WFQ configuration task list Configuring WFQII. Configuring the weighted fair queue III. Maintenance and monitoring of the weighted fair queue PQ Configuration Example Configuration Example of Congestion ManagementCQ Configuration Example Figre QC-3-6Networking diagram of CQ Configuration Versatile Routing Platform Troubleshooting of Congestion Management DDR Configuration DC DDR Configuration Configuring Synchronous/Asynchronous Serial Port Using DDRDDR in Which the Router Calls Back PC Configuration of Modem Management Brief Introduction to Dial Configuration DDR ConfigurationIntroduction to DDR Technology Figure DC-1-1DDR configuration preparation flow Preparing DDR Configuration Configuring Legacy DDR Configuring DDRConfiguration tasks of Legacy DDR include II. Configure an interface to send calls Dialer string dial-string isdn-address Dialer rotary-group number Figure DC-1-2Schematic diagram of Dialer Rotary Group III. Configure an interface to receive calls Versatile Routing Platform DDR Configuration IV. Configure an interface to send and receive calls Set the attribute parameters of Legacy DDR Table DC-1-13Set the idle time of busy interface Access-list access-list-numberdeny permit Table DC-1-16Set access control of the dial interfaceAccess-list access-list-number deny permit Permit deny Default interval is 300 seconds Configuring Dialer ProfileIntroduction to Dialer Profile III. Configure a logic dial interface II. Configuration task list of Dialer ProfileIV. Set the attribute parameters of a dial interface Bind physical interfaces for a dialer pool Configuring CallbackSignificance of callback II. Terms and abbreviations Dialer caller remote-number callback IV. Configure Isdn calling line identification callbackOr dialer caller remote-number Interface dialer User name callback-dialstring telephone-number Configure PPP callback Chapter Table DC-1-28Client end using Legacy DDR to configure PPP Configure Isdn dedicated line Configuring DDR Special Functions III. Configure cyclic use of dialer map II. Configure autodialAutodial interval is 300 seconds by default Table DC-1-34Configure cyclic use of dialer map Monitoring and Maintenance of DDRName Meaning Legacy DDR DDR Typical Configuration ExampleNetwork requirements Chapter Dialer Profile Chapter II. Configuration procedure Networking diagramPoint-to-Point DDR Chapter Chapter 8810063 Point-to-Multipoint DDR Chapter Chapter 8810052 Multipoint-to-Multipoint DDR8810148 III. Configuration procedure Chapter Chapter Chapter Chapter DDR Bearing IPX Chapter Chapter Chapter DDR Bearing IP and IPX at the Same Time Chapter Chapter Chapter RouterA RouterB BRI0 Flow Control of Dialer Profile MP over Dialer Profile-Case2.2 661012 Chapter Channels for Dial-up and Connection to the Remote End Case Figure DC-1-11Networking diagram of DDR Case Chapter Two Serial Ports for Dial-up and Remote Dial Connection Case One Serial Port for Dial-up and Remote Dial Connection Case Chapter DDR for Access Service Chapter Chapter Chapter Chapter DDR for Inter-Router Callback Chapter DDR in Which the Router Calls Back PC III. Configuration procedure DDR for Autodial DDR Using Dialer Map Cyclically Solution 1 Logical interface as backup interface DDR Using Dialer Map as Backup Chapter Configuring Dialer-group Precautions for DDR ConfigurationConfiguring Synchronous/Asynchronous Serial Port Using DDR Configuring Network Layer Address Apply PAP authentication Configuring PPP In Dialer Profile Configuration Mode Chapter II. Apply Chap authentication Chapter Configuring PPP In Legacy DDR Configuration Mode Chapter II. Apply Chap authentication Chapter Configure Dialer-list Troubleshooting DDRDDR Fault Diagnosis Whether modem is normal III. Check whether dialer-group is configured IV. Check whether dialer-list is configured correctly Chapter DDR Fault Elimination How to acquire DDR debugging information Troubleshooting with DDR Debugging InformationInformation displayed at the calling end Information displayed at the call receiving end DDR link negotiation Down on interface Modem Management Functions Provided by VRP1.4 Configuration of Modem ManagementModem Script Function Key words Description Timeout seconds Modem Management Configuration Task List Configuring Modem ManagementConfiguring Modem Call-In and Call-Out Authorities Configuring Modem Script Executing Modem Script Manually Configuring Modem Answer ModeSpecifying the Event to Trigger Modem Script Managing Modem with Modem Script Typical Configuration of Modem Management Networking requirements Router Initialization with Initialization Script Configuration requirementsDirect Dial with Script Interactively Connect Cisco Router Through Modem VoIP Configuration VC IP Fax Configuration VoIP Configuration GK Client Configuration E1 Voice ConfigurationIphc Configuration Versatile Routing Platform Table of Contents VoIP Overview VoIP Configuration Basic composition VoIP PrincipleII. H.323 protocol stack III. a typical telephone call processing by VoIP IP Voice Implementation over VRP Switch Router Capacity channel IP Voice Feature over VRP Chapter Configuring Dial-peer VoIP Configuration Task List II. VoIP dial-peer configuration Pots dial-peer configuration Ip precedence priority-number Configuring Dial Terminator Configuring Voice Port Configuring Abbreviated DialingBy default, we do not configure the dial terminator By default, we do not configure the abbreviated dialing Table VC-1-6Configuring voice-port Configuring the Recovery Method of Voice Board Configuring Global Number Match PolicyBy default, please use the shortest number match policy By default, Watchdog is enabled VoIP Monitoring and Maintenance KHT Rcvccactivecall Channel = Status = Chtransframe Configuring Router FXS Port for Interconnection Typical VoIP Configuration Examples III. Configuration procedures Shanghai Chapter Figure VC-1-7RouterShenzhen FXO works in the Plar mode LAN III. Configuration description VoIP Troubleshooting Configuring IP Fax IP Fax ConfigurationTask List of IP Fax Configuration Overview to IP Fax Configuring Fax Rate Checking If Configuring Fax to Use ECM ModeGateway does not use ECM mode by default Configuring Fax Local-train Threshold Value Configuring Fax Train ModeBy default, the fax rate will be determined by voice mode Mode is local-train mode local by default Fax protocol t38 ls-redundancy number Configuring Gateway Carrier Transmit Energy LevelNo fax protocol t38 ls-redundancy Fax protocol t38 hs-redundancy number By default, T.38 protocol is used Monitoring and Maintenance of IP FaxBy default, rtp protocol is used Versatile Routing Platform IP Fax Configuration Typical Configuration of IP Fax Chapter Overview of E1 Voice Configuration E1 Voice ConfigurationFunction of E1 Voice Usage of cE1/PRI Interface Signaling modes supported Features of E1 VoiceII. Protocols and standards supported III. Support single stage dialing and two-stage dialing Configuration Task List of E1 Voice E1 Voice ConfigurationConfiguring Pots dial-peer IV. Integrated transmission of voice and data Table VC-3-1Configuration Commands of Pots dial-peer Configuring VoIP dial-peerIncoming called-number number No incoming called-number Table VC-3-2Configuration Commands of VoIP dial-peer Configuring the Basic Parameters of E1 Interface Table VC-3-3Configuration Commands of E1 Interface Configuring Voice Port E1 Interface Configuring DS0 group Configuring E1 Voice R2 SignalingTable VC-3-4Configuration Commands of E1 Voice Port By default, the system has not created any DS0 group II. Configuring Related Parameters of R2 Signaling Table VC-3-6Configuration Commands of R2 Signaling Pri-group timeslots timeslots-list Configuring the Basic Parameters of Isdn PRI InterfaceNo pri-group Interface serial serial-no Configuring Voice Port Isdn PRI Interface Monitoring and Maintenance of E1 VoiceMaintaining the MFC Channel and Circuit of the Specified TS II. show Command Related to E1 Voice Quidway# show voice-port R2 signalling call statistics III. debug Commands Related to E1 Voice Table VC-3-11debug Commands of E1 Voice Typical Configuration Examples of E1 VoiceRouter Connected to PBX through E1 Voice Port Versatile Routing Platform Router Connected to PBX in Isdn PRI Mode Two-stage Dialing Configuration II. Netwoking diagram Transmission of Data and Voice Simultaneously Parameter configuration of Beijing-side router Fault Diagnosis and Troubleshooting of E1 Voice Configuration of GK Client GK Client ConfigurationConfiguration Task List of GK Client Configuring One Interface as H.323 Gateway Interface Configure the GK Server Name and Address Configuring Gateway AliasBy default, GK Client function is deactivated Activating or Deactivate GK Client Function Configuring GK Interworking Mode Configuring Tech-PrefixBy default, there is not any tech-prefix Be default, the GK interworking mode is cisco mode Typical Configuration Examples of GK ClientVersatile Routing Platform GK Client Configuration Chapter Fault Diagnosis and Troubleshooting of GK Client Overview of Iphc Iphc Configuration Configuration Task List of Iphc Iphc ConfigurationEnable/disable RTP header compression No ip rtp compression-connections Configure the deleting of udpchk field from UDP header Configure the Cisco-compatible RTP header compressionBy default, the udpchk field in UDP packet field is set to No ip tcp header-compression Table VC-5-6Monitoring and Maintenance of Iphc Monitoring and Maintenance of Iphc Excellent Good Fair Poor How Are We Doing Mistake Suggested Correction Line No