Configuring user authentication on an lns – H3C Technologies H3C SecPath F1000-E User Manual
Page 46
13
To do…
Use the command…
Remarks
Configure the authentication mode
for PPP users
ppp authentication-mode
{ chap | pap } [ [ call-in ]
domain isp-name ]
Optional
By default, no authentication is
performed for PPP users.
Specify the address pool for
allocating an IP address to a VPN
user, or assign an IP address to the
user directly
remote address { pool
[ pool-number ] | ip-address }
Optional
By default, address pool 0 (the
default address pool) is used.
Configuring an LNS to Grant Certain L2TP Tunneling Requests
Upon receiving a tunneling request, an LNS determines whether to grant the tunneling request by
checking whether the tunnel name of the LAC matches the one configured, and determines the virtual
template interface to be used to create the VA interface.
Follow these steps to configure an LNS to grant certain L2TP tunneling requests:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter L2TP group view
l2tp-group group-number
—
If the L2TP group
number is not 1
allow l2tp virtual-template
virtual-template-number remote
remote-name [ domain
domain-name ]
Specify the
virtual template
interface for
receiving calls,
the tunnel name
on the LAC, and
the domain
name
If the L2TP group
number is 1 (the
default)
allow l2tp virtual-template
virtual-template-number
[ remote remote-name ]
[ domain domain-name ]
Required
Use either command.
By default, an LNS denies all
incoming calls.
NOTE:
•
The start l2tp and allow l2tp commands are mutually exclusive. Configuring one of them automatically
disables the other one.
•
The LAC side tunnel name configured on the LNS must be consistent with the local tunnel name
configured on the LAC.
Configuring User Authentication on an LNS
An LNS may be configured to authenticate a user that has passed authentication on the LAC to increase
security. In this case, the user is authenticated twice, once on the LAC and once on the LNS. Only when
the two authentications succeed can an L2TP tunnel be set up. This helps raise security.
An LNS authenticates users by using one the following three methods:
•
Proxy authentication: The LNS uses the LAC as an authentication proxy. The LAC sends the LNS all
user authentication information from users and the authentication mode configured on the LAC itself.
The LNS then checks the user validity according to the received information. When the user
authentication information passed from the LAC to the LNS is valid, the proxy authentication
succeeds and a session can be established for the user if the authentication type configured on the