Configuring basic l2tp capability – H3C Technologies H3C SecPath F1000-E User Manual
Page 41
8
Task
Remarks
Enable L2TP
Create an L2TP group
Configuring Basic L2TP
Capability
Specify the local name of the tunnel
Required
Configuring an LAC to Initiate Tunneling Requests for Specified
Users
Required
Configuring an LAC to Transfer AVP Data in Hidden Mode
Optional
Configuring AAA Authentication for VPN Users on LAC Side
Required
Creating a Virtual Template Interface
Required
Configuring the Local Address and the Address Pool for Allocation
Required
Configuring an LNS to Grant Certain L2TP Tunneling Requests
Required
Configuring User Authentication on an LNS
Optional
Configuring AAA Authentication for VPN Users on LNS Side
Optional
Optional
Optional
Configuring L2TP Tunnel Authentication
Configuring L2TP
Connection Parameters
Disconnecting Tunnels by Force
Optional
Configuring Basic L2TP Capability
An L2TP group is intended to represent a group of parameters and corresponds to one VPN user or one
group of VPN users. This enables not only flexible L2TP configuration on devices, but also one-to-one and
one-to-many networking applications for LACs and LNSs. An L2TP group only has local significance.
However, you need to ensure that the relevant settings of the corresponding L2TP groups on the LAC and
LNS match. For example, the local tunnel name configured on the LAC must match the remote tunnel
name configured on the LNS.
L2TP must be enabled for L2TP configuration to take effect. Tunnel names are used during tunnel
negotiation between an LAC and an LNS.
Follow these steps to configure basic L2TP capability:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enable L2TP
l2tp enable
Required
Disabled by default
Create an L2TP group and enter its
view
l2tp-group group-number
Required
By default, no L2TP group exists.