beautypg.com

Creating a vt interface, Configuring user authentication on an lns – H3C Technologies H3C SecPath F5020 User Manual

Page 43

background image

35

Creating a VT interface

After an L2TP session is established, a virtual access (VA) interface is needed for data exchange with the

peer. The system will dynamically create VA interfaces based on the parameters of the virtual template

(VT) interface. To configure an LNS, first create a VT interface and configure parameters for it. These
parameters include the following:

Interface IP address.

Authentication mode for PPP users.

IP addresses allocated by the LNS to PPP users.

For information about configuring VT interfaces, see "

Configuring PPP

and MP" and Layer 3—IP Services

Configuration Guide.

Configuring an LNS to accept L2TP tunneling requests from a
specified LAC

When receiving a tunneling request, an LNS does the following:

Determines whether to accept the tunneling request by checking whether the name of the tunnel
peer (LAC) matches the one configured.

Determines the VT interface to be used for creating the VA interface.

To configure an LNS to accept L2TP tunneling requests from a specified LAC:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter L2TP group view in LNS
mode.

l2tp-group group-number [ mode
lns ]

N/A

3.

Configure the LNS to accept
tunneling requests from a

specified LAC and specify the

VT interface to be used for

tunnel setup.

If the L2TP group number is 1:

allow l2tp virtual-template
virtual-template-number

[ remote remote-name ]

If the L2TP group number is

not 1:

allow l2tp virtual-template

virtual-template-number

remote remote-name

By default, an LNS denies
tunneling requests from any LAC.
If the L2TP group number is 1, the
remote remote-name option is

optional. If you do not specify this

option, the LNS accepts tunneling
requests from any LAC.

Configuring user authentication on an LNS

An LNS can be configured to authenticate a user that has passed authentication on the LAC to increase

security. In this case, the user is authenticated twice: once on the LAC and once on the LNS. An L2TP

tunnel can be established only when both authentications succeed.
An LNS authenticates users by using one of the following methods:

Proxy authentication—The LNS uses the LAC as an authentication proxy. The LAC sends the LNS all
user authentication information from users and the authentication method configured on the LAC

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: