H3C Technologies H3C SecPath F1000-E User Manual

243

Item Description

Tunnel Authentication

Enable or disable L2TP tunnel authentication in the group. If you
enable tunnel authentication, you need to set the authentication
password.
The tunnel authentication request can be initiated by the LAC or
LNS. Once tunnel authentication is enabled on one end, a tunnel

can be established if tunnel authentication is also enabled on the
other end and the passwords configured on the two ends are the

same and not null; if these requirements cannot be satisfied, the

tunnel initiator will tear down the tunnel connection automatically. If

tunnel authentication is disabled on both ends, the tunnel
authentication passwords configured will not take effect.

IMPORTANT:

•

H3C recommends enabling tunnel authentication on both ends

of the tunnel for security. You can disable tunnel authentication if
you want to test the network connectivity or let the local end

receive connections initiated by unknown peers.

•

If you modify the tunnel authentication password when the
tunnel is working, you need to tear down the tunnel, so that the

modified authentication password can take effect when the

tunnel is reestablished.

Authentication Password

PPP
Authentication
Configuration

Authentication
Method

Select the authentication method for PPP users on the local end.
You can select PAP or CHAP. If you do not select an authentication
method, no authentication will be performed.

ISP Domain

Specify the ISP domain for PPP user authentication. You can
perform the following configurations:

•

Click Add to enter the page for adding an ISP domain, as shown

in

Figure 156

. See

Table 24

for further details.

•

Select an ISP domain and click Modify to enter the ISP domain

modification page. See

Table 24

for configuration details.

•

Select an ISP domain and click Delete to delete the ISP domain.

IMPORTANT:

•

If you specify an ISP domain, the specified domain will be used

for authentication, and IP addresses must be assigned from the
address pool configured in the specified domain. See

description on the User Address parameter for details.

•

If you do not specify any ISP domain, the system will check

whether domain information is carried in a username. If yes, the

domain will be used for authentication (if the domain does not

exist, the authentication will fail); otherwise, the default domain
(system by default) will be used for authentication.