Configuring an LAC to establish an L2TP tunnel
To establish an L2TP tunnel in LAC-auto-initiated mode, you must create a virtual PPP user on the LAC. LAC performs PPP authentication for the virtual PPP user, that is, LAC is both the side that performs PPP authenticator and the side that is authenticated by PPP. An L2TP tunnel established in LAC-auto-initiated mode exists until you remove the tunnel by using the undo l2tp-auto-client enable command.
To configure an LAC to establish an L2TP tunnel, perform the following tasks:
Create a VT interface and configure an IP address for the interface.
In virtual template interface view, configure the side that performs PPP authentication: use the ppp authentication-mode command to specify the authentication method the LAC uses to authenticate the virtual PPP user.
In VT interface view, configure the side authenticated by PPP: use the ppp pap command or the ppp chap command to specify the PPP authentication method supported by the virtual PPP user, and the username and password of the virtual PPP user. The authentication method to be used by the LAC and that supported by the virtual PPP user must be consistent.
Configure AAA authentication for VPN users on the LAC. The configured username and password for AAA authentication must be the same as those of the virtual PPP user configured on the VT interface.
Trigger the LAC to establish an L2TP tunnel.
To trigger an LAC to establish an L2TP tunnel:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Create a VT interface and enter its view. | interface virtual-template virtual-template-number | By default, no VT interface exists. |
3. Assign an IP address to the VT interface or enable IP address negotiation so that the VT interface accepts the IP address negotiated with the peer. |
| Use either command. By default, no IP address is assigned by default. |
4. Configure the authentication method for the LAC to use to authenticate the virtual PPP user. | ppp authentication-mode { chap | pap } * [ domain isp-name ] | By default, no authentication is performed for PPP users. |
5. Configure the username and password for PAP authentication or CHAP authentication. |
| Use one method according to the authentication method configured on the LAC for virtual PPP users. By default:
|
6. Configure AAA authentication for VPN users on the LAC side. | See "Configuring AAA authentication for VPN users on LAC side." | N/A |
7. Trigger the LAC to establish an L2TP tunnel with the LNS. | l2tp-auto-client enable | By default, an LAC does not establish an L2TP tunnel. |
For more information about commands interface virtual-template, ppp authentication-mode, ppp pap, and ppp chap, see HPE FlexNetwork MSR Router Series Comware 5 Layer 2—WAN Command Reference.