H3C Technologies H3C SecPath F1000-E User Manual

258

to specify the virtual template interface for receiving calls. The system will dynamically create a VA

interface based on the configuration parameters in the specified virtual template interface.
To create a virtual template interface:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create a virtual template
interface and enter its view.

interface virtual-template
virtual-template-number

By default, no virtual template
interface exists.

NOTE:
•

You must add the virtual interface template to a proper security zone through web. Otherwise, the L2TP
tunnel cannot be established.

•

Do not add the virtual interface template to zone Management. Otherwise, the L2TP tunnel cannot be
established.

•

For how to add an interface to a security zone, see

Access Control Configuration Guide.

Configuring the local address and the address pool for allocation

After an L2TP tunnel is set up between an LAC and an LNS, the LNS needs to assign an IP address to a

VPN user. For this purpose, you can directly specify an IP address, or specify an address pool. Before

specifying an address pool, use the ip pool command in system view or ISP domain view to define the
address pool. For a VPN user to be authenticated, an IP address will be selected from the address pool

configured in ISP domain view. For a VPN user not requiring authentication, the IP address will be

selected from the global address pool defined in system view.
To configure a local address and address pool:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter virtual template
interface view.

interface virtual-template
virtual-template-number

N/A

3.

Configure the local IP
address.

ip address ip-address { mask |
mask-length } [ sub ]

N/A

4.

Configure the authentication

mode for PPP users.

ppp authentication-mode { chap |

ms-chap | pap } * [ [ call-in ]
domain isp-name ]

Optional.
By default, no authentication is
performed for PPP users.

5.

Specify the address pool for
allocating an IP address to a

PPP user, or assign an IP

address to the user directly.

remote address { pool
[ pool-number ] | ip-address }

Optional.
By default, address pool 0 (the
default address pool) is used.

Configuring an LNS to grant certain L2TP tunneling requests

When receiving a tunneling request, an LNS determines whether to grant the tunneling request by

checking whether the tunnel name of the LAC matches the one configured, and determines the virtual

template interface to be used to create the VA interface.
To configure an LNS to grant certain L2TP tunneling requests: