R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101
265
Configuration procedure
1. Configure the LAC:
In this example, GigabitEthernet 0/1 and GigabitEthernet 0/3 on the LAC are both user access
interfaces. The IP address of GigabitEthernet 0/2 through which the LAC connects to the tunnel is
1.1.2.1. The IP address of GigabitEthernet 0/1 through which the LNS connects to the tunnel is
1.1.2.2.
# Create two local users, set the passwords, and enable the PPP service.
<LAC> system-view
[LAC] local-user vpdn1
[LAC-luser-vpdn1] password simple 11111
[LAC-luser-vpdn1] service-type ppp
[LAC-luser-vpdn1] quit
[LAC] local-user vpdn2
[LAC-luser-vpdn2] password simple 22222
[LAC-luser-vpdn2] service-type ppp
[LAC-luser-vpdn2] quit
# Configure local authentication for the users.
[LAC] domain aaa.net
[LAC-isp-aaa.net] authentication ppp local
[LAC-isp-aaa.net] quit
[LAC] domain bbb.net
[LAC-isp-bbb.net] authentication ppp local
[LAC-isp-bbb.net] quit
# Configure PPPoE servers on interfaces GigabitEthernet 0/1 and GigabitEthernet 0/3.
[LAC] interface gigabitethernet 0/3
[LAC-GigabitEthernet0/3] pppoe-server bind virtual-template 100
[LAC-GigabitEthernet0/3] quit
[LAC] interface gigabitethernet 0/1
[LAC-GigabitEthernet0/1] pppoe-server bind virtual-template 101
[LAC-GigabitEthernet0/1] quit
# Configure an IP address for interface GigabitEthernet 0/2.
[LAC] interface gigabitethernet 0/2
[LAC-GigabitEthernet0/2] ip address 1.1.2.1 255.255.255.0
[LAC-GigabitEthernet0/2] quit
# Create the virtual template interfaces and configure CHAP authentication.
[LAC] interface virtual-template 100
[LAC-Virtual-Template100] ppp authentication-mode chap domain aaa.net
[LAC-Virtual-Template100] quit
[LAC] interface virtual-template 101
[LAC-Virtual-Template101] ppp authentication-mode chap domain bbb.net
[LAC-Virtual-Template101] quit
# Create two L2TP groups and configure the related attributes.
[LAC] l2tp enable
[LAC] l2tp-group 1
[LAC-l2tp1] tunnel name LAC-1
[LAC-l2tp1] start l2tp ip 1.1.2.2 domain aaa.net