Configuring basic l2tp capability – H3C Technologies H3C SecPath F1000-E User Manual
Page 266
254
Task Remarks
Creating a virtual template interface
Required
Configuring the local address and
the address pool for allocation
Required
Configuring an LNS to grant certain
L2TP tunneling requests
Required
Configuring user authentication on
an LNS
Optional
Configuring AAA authentication for
VPN users on an LNS
Optional
Optional
Optional
Configuring L2TP connection
parameters
Configuring L2TP tunnel
authentication
Optional
Disconnecting tunnels by force
Configuring basic L2TP capability
An L2TP group is intended to represent a group of parameters and corresponds to one VPN user or one
group of VPN users. This enables not only flexible L2TP configuration on devices, but also one-to-one and
one-to-many networking applications for LACs and LNSs. An L2TP group only has local significance.
However, you must make sure that the relevant settings of the L2TP groups on the LAC and LNS match. For
example, the local tunnel name configured on the LAC must match the remote tunnel name configured on
the LNS.
L2TP must be enabled for L2TP configuration to take effect. Tunnel names are used during tunnel
negotiation between an LAC and an LNS.
To configure basic L2TP capability:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enable L2TP.
l2tp enable
Disabled by default.
3.
Create an L2TP group and
enter its view.
l2tp-group group-number
By default, no L2TP group exists.
4.
Specify the local name of the
tunnel.
tunnel name name
Optional.
The system name of the firewall is
used by default.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS