R3303-HP HSR6800 Routers Layer 2 - WAN Configuration Guide
84
Step Command Remarks
5. Specify the address pool for
allocating an IP address to a
PPP user, or assign an IP
address to the user directly.
remote address { pool
[ pool-number ] | ip-address }
Optional.
By default, address pool 0 (the
default address pool) is used.
Configuring an LNS to grant certain L2TP tunneling requests
When receiving a tunneling request, an LNS determines whether to grant the tunneling request by
checking whether the tunnel name of the LAC matches the one configured, and determines the VT
interface to be used to create the VA interface.
The start l2tp command and the allow l2tp command are mutually exclusive. Configuring one of them
automatically disables the other one.
The LAC side tunnel name configured on the LNS must be consistent with the local tunnel name
configured on the LAC.
To configure an LNS to grant certain L2TP tunneling requests:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter L2TP group view.
l2tp-group group-number N/A
3. Specify the VT interface for
receiving calls, the tunnel name
on the LAC, and the domain
name.
• If the L2TP group number is 1
(the default):
allow l2tp virtual-template
virtual-template-number
[ remote remote-name ]
[ domain domain-name ]
• If the L2TP group number is
not 1:
allow l2tp virtual-template
virtual-template-number
[ remote remote-name ]
[ domain domain-name ]
Use either command.
By default, an LNS denies all
incoming calls.
If the L2TP group number is 1, do
not specify the LAC side tunnel
name. In L2TP group 1, the LNS
allows the LAC to initiate a
tunneling request by using any
tunnel name.
Configuring user authentication on an LNS
An LNS may be configured to authenticate a user that has passed authentication on the LAC to increase
security. In this case, the user is authenticated twice, once on the LAC and once on the LNS. Only when
the two authentications succeed can an L2TP tunnel be set up. This helps raise security.
An LNS authenticates users by using one of the following methods:
• Proxy authentication—The LNS uses the LAC as an authentication proxy. The LAC sends the LNS all
user authentication information from users and the authentication mode configured on the LAC itself.
The LNS then checks the user validity according to the received information and the locally
configured authentication method.
• Mandatory CHAP authentication—The LNS uses CHAP authentication to reauthenticate users who
have passed authentication on the LAC.