Basic Configuration at LAC 607
Table 666 Create/Delete a L2TP Group
Originate L2TP
Connection Request and
Configure LNS Address
After a dial-up user passes VPN authentication successfully, LAC conveys the
request of creating tunnel to a designated LNS. Besides the IP address of the LNS,
LAC can fulfill authentication for 3 types (namely, 3 triggering conditions) of
dial-up users based on this configuration: full user name (fullusername), user
with a particular domain (domain) and called number (dnis). A maximum of 5
LNSs can be configured and LNSs will be searched for according to the address
order configured.
Perform the following configurations in L2TP group view.
Table 667 Originate L2TP Connection Request and LNS Address
There is no default value. One triggering condition must be configured.
Configure AAA and
Local Users
When configuring the AAA at LAC side, the local user name and password should
be configured at LAC side if the local (authenticating locally) mode is selected.
LAC will authenticate remote dial-in user name and password to see whether they
are compliant with the local registered user name and password, and hence to
check whether these users are legal VPN users. Only after passing authentication
successfully, can the request of establishing tunnel connection be processed,
otherwise the user will be turned to services of other types except VPN.
When user ID authentication is implemented at LAC side, user name can be given
in by the following means:
■ Adopting the authentication based on particular domain (domain), the local
user name and password configured are respectively the full user name and
password registered.
■ Adopting the authentication based on full user name (fullusername), the local
user name configured is the domain name of the VPN user and the user's
password.
Perform the ppp authentication-mode configuration in interface view and make
the other configurations in system view.
Operation Command
Create a L2TP group l2tp-group group-number
Delete a L2TP group. undo l2tp-group group-number
Operation Command
Configure to authenticate whether the
user is a VPN user and set the IP address of
the corresponding LNS
start l2tp { ip ip-address [ ip
ip-address … ] } { domain domain-name
| dnis dialed-number | fullusername
user-name }
Remove the connection request
configuration
undo start l2tp [ ip ip-address ]