Configuring an lns, Creating a virtual template interface – H3C Technologies H3C SecPath F1000-E User Manual

257

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create a virtual template

interface and enter its view.

interface virtual-template
virtual-template-number

By default, no virtual template
interface exists.

3.

Configure an IP address for the
virtual template interface.

•

Assign an IP address to the

virtual template interface:
ip address address mask

•

Enable IP address negotiation

so that the virtual template
interface accepts the IP

address negotiated with the

peer:
ip address ppp-negotiate

Use either command
By default, no IP address is

configured.

4.

Configure the authentication

method for the LAC to use to

authenticate the virtual PPP user.

ppp authentication-mode { chap
| pap } * [ domain isp-name ]

By default, no authentication is
performed for PPP users.

5.

Configure the username and
password.

•

(Approach 1) For PAP
authentication:

ppp pap local-user username
password { cipher | simple }

password

•

(Approach 2) For CHAP
authentication:

a.

ppp chap user username

b.

ppp chap password

{ cipher | simple }

password

Use either approach according to
the authentication method

configured on the LAC for virtual
PPP users.
By default, no username and
password are required for both

PAP authentication and CHAP
authentication.

6.

Configure AAA authentication

for VPN users on the LAC side.

See "

Configuring AAA

authentication for VPN users on
LAC side

."

N/A

7.

Trigger the LAC to establish an
L2TP tunnel with the LNS.

l2tp-auto-client enable

By default, an LAC does not
establish an L2TP tunnel.

NOTE:

An L2TP tunnel established in LAC-auto-initiated mode exists until you remove the tunnel by using the
undo l2tp-auto-client enable command.

Configuring an LNS

An LNS responds the tunneling requests from an LAC, authenticates users, and assigns IP addresses to
users.
Before configuring an LNS, enable L2TP and create an L2TP group.

Creating a virtual template interface

A virtual template interface is intended to provide parameters for virtual access interfaces to be

dynamically created by the firewall, such as logical MP interfaces and logical L2TP interfaces.
After an L2TP session is established, a virtual access interface is needed for data exchange with the peer.

An LNS can use different virtual access (VA) interfaces to exchange data with different LACs. You need