Configuring an LAC to establish an L2TP tunnel

To establish an L2TP tunnel in LAC-auto-initiated mode, you must create a virtual PPP user on the LAC. LAC performs PPP authentication for the virtual PPP user, that is, LAC is both the side that performs PPP authenticator and the side that is authenticated by PPP. An L2TP tunnel established in LAC-auto-initiated mode exists until you remove the tunnel by using the undo l2tp-auto-client enable command.

To configure an LAC to establish an L2TP tunnel, perform the following tasks:

Create a VT interface and configure an IP address for the interface.
In virtual template interface view, configure the side that performs PPP authentication: use the ppp authentication-mode command to specify the authentication method the LAC uses to authenticate the virtual PPP user.
In VT interface view, configure the side authenticated by PPP: use the ppp pap command or the ppp chap command to specify the PPP authentication method supported by the virtual PPP user, and the username and password of the virtual PPP user. The authentication method to be used by the LAC and that supported by the virtual PPP user must be consistent.
Configure AAA authentication for VPN users on the LAC. The configured username and password for AAA authentication must be the same as those of the virtual PPP user configured on the VT interface.
Trigger the LAC to establish an L2TP tunnel.

To trigger an LAC to establish an L2TP tunnel:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Create a VT interface and enter its view.	interface virtual-template virtual-template-number	By default, no VT interface exists.
3. Assign an IP address to the VT interface or enable IP address negotiation so that the VT interface accepts the IP address negotiated with the peer.	ip address address mask ip address ppp-negotiate	Use either command. By default, no IP address is assigned by default.
4. Configure the authentication method for the LAC to use to authenticate the virtual PPP user.	ppp authentication-mode { chap \| pap } * [ domain isp-name ]	By default, no authentication is performed for PPP users.
5. Configure the username and password for PAP authentication or CHAP authentication.	Method 1: Configure the username and password for PAP authentication:ppp pap local-user username password { cipher \| simple } password Method 2: Configure the username and password for CHAP authentication: ppp chap user username ppp chap password { cipher \| simple } password	Use one method according to the authentication method configured on the LAC for virtual PPP users. By default: No PAP username and password are configured for PPP users. No CHAP username and password are configured for PPP users.
6. Configure AAA authentication for VPN users on the LAC side.	See "Configuring AAA authentication for VPN users on LAC side."	N/A
7. Trigger the LAC to establish an L2TP tunnel with the LNS.	l2tp-auto-client enable	By default, an LAC does not establish an L2TP tunnel.

For more information about commands interface virtual-template, ppp authentication-mode, ppp pap, and ppp chap, see HPE FlexNetwork MSR Router Series Comware 5 Layer 2—WAN Command Reference.

prev	up	next
Configuring AAA authentication for VPN users on LAC side	home	Configuring an LNS