H3C Technologies H3C SecPath F1000-E User Manual
Page 52
19
# Create an L2TP group and configure its attributes.
[LAC] l2tp-group 1
[LAC-l2tp1] tunnel name LAC
[LAC-l2tp1] start l2tp ip 1.1.2.2 fullusername vpdnuser
# Enable tunnel authentication and specify the tunnel authentication password.
[LAC-l2tp1] tunnel authentication
[LAC-l2tp1] tunnel password simple aabbcc
Step2
Configure the LNS
# Configure IP addresses for the interfaces. (Omitted)
# Create a local user named vpdnuser, set the password, and enable the PPP service. Note that the
username and password must match those configured on the client.
[LNS] local-user vpdnuser
[LNS-luser-vpdnuser] password simple Hello
[LNS-luser-vpdnuser] service-type ppp
[LNS-luser-vpdnuser] quit
# Configure local authentication for the VPN user.
[LNS] domain system
[LNS-isp-system] authentication ppp local
[LNS-isp-system] ip pool 1 192.168.0.2 192.168.0.100
[LNS-isp-system] quit
# Enable L2TP.
[LNS] l2tp enable
# Configure the virtual template interface.
[LNS] interface virtual-template 1
[LNS-virtual-template1] ip address 192.168.0.1 255.255.255.0
[LNS-virtual-template1] ppp authentication-mode chap domain system
[LNS-virtual-template1] remote address pool 1
[LNS-virtual-template1] quit
# Create an L2TP group, specify the virtual template interface for receiving calls and specify the name of
the tunnel on the peer.
[LNS] l2tp-group 1
[LNS-l2tp1] tunnel name LNS
[LNS-l2tp1] allow l2tp virtual-template 1 remote LAC
# Enable tunnel authentication and specify the tunnel authentication password.
[LNS-l2tp1] tunnel authentication
[LNS-l2tp1] tunnel password simple aabbcc
Step3
User side operation
In the dial-up network window, enter vpdnuser as the username, and Hello as the password.
Step4
Verify the configurations
# After the dial-up connection is established, the user host can obtain an IP address (for example,
192.168.0.2) and can ping the private IP address of the LNS (192.168.0.1).
# On the LNS, use the display l2tp tunnel command to check the established L2TP tunnels.