Manualshelf

R3303-HP HSR6800 Routers Layer 2 - WAN Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
919293949596979899100
86
Configuring AAA authentication for VPN users on an LNS
Configure AAA on the LNS in the following cases:
Proxy authentication is configured on the LNS
Mandatory CHAP authentication is configured on the LNS
Mandatory LCP renegotiation authentication is configured on the LNS and the VT interface requires
PPP user authentication.
After you configure AAA on the LNS, the LNS can authenticate the identities (usernames and passwords)
of VPN users for a second time. If a user passes AAA authentication, the user can communicate with the
LNS. Otherwise, the L2TP session will be removed.
LNS side AAA configurations are similar to those on an LAC (see "Configuring AAA authentication for
VPN u
sers on LAC side").
Enabling L2TP for VPNs
If multiple enterprises share the same LNS device and use the same name for the tunnel peers (LAC
devices), the LNS device is unable to differentiate which users belong to which enterprises. The L2TP
support for VPNs function can solve this problem. With this function, an LNS can differentiate multiple
VPN domains and service users of different enterprises simultaneously.
In an L2TP VPN application, specify the domain to which VPN users belong by using the domain
keyword in the allow l2tp virtual-template command. After an L2TP tunnel is established, the LNS
obtains the domain name from the session negotiation packet and searches for the same domain among
those locally configured for VPN users. If an L2TP group's tunnel peer name and domain name match,
the LNS establishes a session according to the group configuration. Thus, different sessions can be
established for VPN users of different domains.
If multiple L2TP groups on the LNS are configured with the same remote tunnel name, make sure that their
tunnel authentication settings are the same. Mismatching tunnel authentication keys will result in tunnel
establishment failure.
To enable L2TP for VPNs:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enable L2TP for VPNs.
l2tpmoreexam enable Disabled by default.
Configuring support of LNS for the IMSI or SN in PPP LCP
negotiation
You should perform configurations on both the LNS and L2TP client to enable this feature.
Configuring the LNS
To configure the LNS to initiate IMSI and/or SN negotiation: