Support User Manuals

Huawei v200r001 Network Router User Manual

Open as PDF

of 258

User Manual - Configuration Guide (Volume 3)

Versatile Routing Platform

Chapter 2

Configuration of L2TP

2-10

2.2.4 Optional configuration

I. Set local name of channel

After a channel is established, the users can respectively configure the local channel

name at LAC side and LNS side.

Perform the following task in the configuration mode of VPDN group.

Table VPN-2-10 Set local name of channel

Operation Command

Set local channel name. local name name

Delete local channel name. no local name name

By default, the host name “

hostname”

of the router acts as the local channel name.

II. Start channel authentication and set authentication password

Before creating a channel connection, the users can decide as required whether to

start channel authentication.

There are the following three channel authentication modes:

z LAC authenticates LNS.

z LNS authenticates LAC.

z LAC and LNS authenticate each other.

It can be found that LAC or LNS can originate channel authentication request. However,

if one side starts the channel authentication, the channel can be established only when

the passwords on both ends of the channel are totally the same. If channel

authentication is disabled on both ends of the channel, whether the channel

authentication passwords are the same will be meaningless.

In order to ensure channel security, users are recommended not to disable channel

authentication.

Perform the following task in the configuration mode of VPDN group.

VPN-2-11 Start channel authentication and set authentication password

Operation Command

Start channel authentication l2tp tunnel authentication

Disable channel authentication. no l2tp tunnel authentication

Set the password of channel authentication. l2tp tunnel password { 0 | 7 } password

Cancel the password of channel authentication. no l2tp tunnel password

Start channel authentication by default. If no channel authentication password is

configured, the “hostname” of the router will act as channel authentication password.

III. Force local end to perform CHAP authentication

In some cases (e.g. consider the security at LNS side), after LAC performs agent

authentication on the users, LNS can authenticate the users again. Here, the users will

be authenticated twice. The first authentication is at LAC side and the second one at

previous next