Configuring an lac to establish an l2tp tunnel – H3C Technologies H3C SecPath F1000-E User Manual

256

To configure local authentication, authorization, and accounting:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create a local user and enter
its view.

local-user username

By default, no local user or
password is configured on an LAC.

3.

Configure a password for the
local user.

password { simple | cipher }
password

4.

Authorize the user to use the
PPP service.

service-type ppp

N/A

5.

Return to system view.

quit

N/A

6.

Create an ISP domain and
enter its view.

domain isp-name N/A

7.

Configure the domain to use
local

authentication/authorization/
accounting for its PPP users.

authentication ppp local

Optional.
Local authentication/authorization
/accounting is used by default.

authorization ppp local

accounting ppp local

NOTE:
•

For successful user authentication, configure PPP on the LAC’s corresponding interface, for example, the
asynchronous serial interface that connects with users. For PPP configuration information, see

Network

Management Configuration Guide.

•

Configure the authentication type of PPP users as PAP, CHAP, or MS-CHAP on the user access interfaces.

•

For information about AAA configuration commands and remote AAA authentication method
configuration, see

Access Control Configuration Guide.

Configuring an LAC to establish an L2TP tunnel

To establish an L2TP tunnel in LAC-auto-initiated mode, you need to create a virtual PPP user on the LAC.

LAC performs PPP authentication for the virtual PPP user, that is, LAC is both the side that performs PPP

authenticator and the side that is authenticated by PPP.
To configure an LAC to establish an L2TP tunnel, you must:

•

Create a virtual template interface and configure an IP address for the interface.

•

In virtual template interface view, configure the side that performs PPP authentication: use the ppp
authentication-mode command to specify the authentication method that the LAC uses to
authenticate the virtual PPP user.

•

In virtual template interface view, configure the side that is authenticated by PPP: use the ppp pap
command or the ppp chap command to specify the PPP authentication method supported by the

virtual PPP user, and the username and password of the virtual PPP user. The authentication method

to be used by the LAC and that supported by the virtual PPP user must be consistent.

•

Configure AAA authentication for VPN users on the LAC. The configured username and password
for AAA authentication must be the same as those of the virtual PPP user configured on the virtual
template interface.

•

Trigger the LAC to establish an L2TP tunnel.

To trigger an LAC to establish an L2TP tunnel: