beautypg.com

Configuring aaa authentication on an lns, Configuring optional l2tp parameters, Configuring l2tp tunnel authentication – H3C Technologies H3C SecPath F5020 User Manual

Page 45

background image

37

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter L2TP group view in LNS
mode.

l2tp-group group-number [ mode
lns ]

N/A

3.

Configure the LNS to perform

LCP renegotiation with users. mandatory-lcp

By default, an LNS does not
perform LCP renegotiation with

users.
This command is effective only on

NAS-initiated L2TP tunnels.

Configuring AAA authentication on an LNS

After you configure AAA authentication on an LNS, the LNS can authenticate the identities (usernames

and passwords) of remote access users. If a user passes AAA authentication, the user can communicate

with the LNS to access the private network.
Configure AAA authentication on the LNS in the following cases:

LCP renegotiation is not configured in NAS-initiated mode.

The VT interface is configured with PPP user authentication and LCP renegotiation is configured in
NAS-initiated mode.

The VT interface is configured with PPP user authentication in client-initiated mode or
LAC-auto-initiated mode.

LNS side AAA configurations are similar to those on an LAC (see "

Configuring AAA authentication on

an LAC

").

Configuring optional L2TP parameters

The optional L2TP parameter configuration tasks apply to both LACs and LNSs.

Configuring L2TP tunnel authentication

You can enable tunnel authentication to allow the LAC and LNS to authenticate each other. Either the

LAC or the LNS can initiate a tunnel authentication request. To implement tunnel authentication, enable

tunnel authentication on both the LAC and LNS, and configure the same non-null key on them.
To ensure tunnel security, enable tunnel authentication.
Change the tunnel authentication key before tunnel negotiation is performed. Otherwise, your change

does not take effect.
To configure L2TP tunnel authentication:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter L2TP group view.

l2tp-group group-number [ mode { lac
| lns } ]

N/A

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: