4000 Router Series Layer 2 - WAN Configuration Guide

LNS side AAA configurations are similar to those on an LAC (see "Configuring AAA authentication on

an LAC").

Configuring optional L2TP parameters

These optional L2TP parameter configuration tasks apply to both LACs and LNSs.

Configuring L2TP tunnel authentication

You can enable tunnel authentication to allow the LAC and LNS to authenticate each other. Either the

LAC or the LNS can initiate a tunnel authentication request. To implement tunnel authentication, enable

tunnel authentication on both the LAC and LNS, and configure the same non-null key on them.

To ensure tunnel security, enable tunnel authentication.

To change the tunnel authentication key, do so before tunnel negotiation is performed. Otherwise, your

change does not take effect.

To configure L2TP tunnel authentication:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter L2TP group view.

l2tp-group group-number [ mode { lac

| lns } ]

N/A

3. Enable L2TP tunnel

authentication.

tunnel authentication Enabled by default.

4. Configure the tunnel

authentication key.

tunnel password { cipher | simple }

password

By default, no key is configured.

Setting the Hello interval

To check the connectivity of a tunnel, the LAC and LNS periodically send each other Hello packets. On

receipt of a Hello packet, the LAC or LNS returns a response packet. If the LAC or LNS receives no

response packets from the peer within a specific period of time (the Hello interval), it retransmits the Hello

packet. If it receives no response packets from the peer after transmitting the Hello packet five times, it

considers the L2TP tunnel to be down.

To set the Hello interval:

Ste