Configuring an lac – H3C Technologies H3C SecPath F1000-E User Manual

9

To do…

Use the command…

Remarks

Specify the local name of the tunnel tunnel name name

Optional
The system name of the device is
used by default.

Configuring an LAC

An LAC is responsible for establishing tunnels with corresponding LNSs for users and sends user packets

to LNSs through the tunnels. Before configuring an LAC, you need to enable L2TP and create an L2TP

group.

Configuring an LAC to Initiate Tunneling Requests for Specified
Users

An LAC initiates tunneling requests only to specified LNSs for specified users. You can specify the users
to be serviced and the LNSs that will be connected. Users can be specified by their fully qualified name

or the domain name.
Follow these steps to configure the LAC:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter L2TP group view

l2tp-group group-number

—

Enable the device to initiate
tunneling requests to one or more

IP addresses for one or more

specified VPN users

start l2tp { ip
ip-address }&<1-5> { domain
domain-name | fullusername

user-name }

Required

NOTE:

Up to five LNSs can be configured. The LAC initiates an L2TP tunneling request to its specified LNSs
consecutively in their configuration order until it receives an acknowledgement from an LNS, which then
becomes the tunnel peer.

Configuring an LAC to Transfer AVP Data in Hidden Mode

With L2TP, some parameters are transferred as attribute value pair (AVP) data. To improve security, you

can configure an LAC to transfer AVP data in hidden mode, that is, to encrypt AVP data before

transmission.
Follow these steps to configure an LAC to transfer AVP data in hidden mode:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter L2TP group view

l2tp-group group-number

—