3Com 10014299 Network Router User Manual


 
Advanced Configuration at LAC or LNS 615
Table 680 Force Local End to Perform CHAP Authentication
Local CHAP authentication will not be carried out by default.
Configure to Force the
LCP to Renegotiate
This configuration is applicable to LNS only.
For an NAS-originated VPN service request, at the beginning of PPP session, the
user will first perform the PPP negotiation with the NAS. If the negotiation
succeeds, the NAS will initiate the L2TP tunnel connection and transmit the user
information to the LNS where the user will be checked based on the received
proxy authentication information.
But in some specific cases (e.g., when it is necessary to authenticate and charge at
LNS side), the LCP renegotiation between the LNS and the user will be
implemented by force, at that time, the proxy authentication information at NAS
side will be ignored.
Perform the following configurations in L2TP group view.
Table 681 Force LCP to Renegotiate
LCP does not renegotiate by default.
After LCP renegotiation is enabled, LNS will not reauthenticate users if there is no
authentication information configured on the virtual template, then users are
authenticated only once at LAC.
Configure the Local
Address and Address
Pool
This configuration is applicable to LNS only.
After the L2TP tunnel connection between LAC and LNS is established, the LNS
should allocate the IP addresses in an address pool to the VPN users. Before
selecting an address pool, the user should use the
ip pool command in system
view.
Perform the following configurations in Virtual template interface view.
Table 682 Set the Local Address and the Address Pool
Operation Command
Force local end to perform CHAP
authentication.
mandatory-chap
Remove the local CHAP authentication. undo mandatory-chap
Operation Command
Force LCP to renegotiate. mandatory-lcp
Disable LCP to renegotiate. undo mandatory-lcp
Operation Command
Set the local IP address ip address ip-address netmask [ sub ]
Remove the local IP address undo ip address [ ip-address netmask
[ sub ] ]
Specify the address pool remote address { ip-address | pool [
pool-number ] }
Delete the address pool undo remote address