User Manual - Configuration Guide (Volume 3)

Chapter 2

Versatile Routing Platform

Configuration of L2TP

2.2.4Optional configuration

I.Set local name of channel

After a channel is established, the users can respectively configure the local channel name at LAC side and LNS side.

Perform the following task in the configuration mode of VPDN group.

Table VPN-2-10Set local name of channel

Operation

Command

 

 

Set local channel name.

local name name

Delete local channel name.

no local name name

By default, the host name “hostname” of the router acts as the local channel name.

II. Start channel authentication and set authentication password

Before creating a channel connection, the users can decide as required whether to start channel authentication.

There are the following three channel authentication modes:

zLAC authenticates LNS.

zLNS authenticates LAC.

zLAC and LNS authenticate each other.

It can be found that LAC or LNS can originate channel authentication request. However, if one side starts the channel authentication, the channel can be established only when the passwords on both ends of the channel are totally the same. If channel authentication is disabled on both ends of the channel, whether the channel authentication passwords are the same will be meaningless.

In order to ensure channel security, users are recommended not to disable channel authentication.

Perform the following task in the configuration mode of VPDN group.

VPN-2-11Start channel authentication and set authentication password

Operation

Command

 

 

Start channel authentication

l2tp tunnel authentication

Disable channel authentication.

no l2tp tunnel authentication

Set the password of channel authentication.

l2tp tunnel password { 0 7 } password

Cancel the password of channel authentication.

no l2tp tunnel password

Start channel authentication by default. If no channel authentication password is configured, the “hostname” of the router will act as channel authentication password.

III. Force local end to perform CHAP authentication

In some cases (e.g. consider the security at LNS side), after LAC performs agent authentication on the users, LNS can authenticate the users again. Here, the users will be authenticated twice. The first authentication is at LAC side and the second one at

2-10

Page 30
Image 30
Huawei v200r001 Optional configuration, Set local name of channel, III. Force local end to perform Chap authentication