4000 Router Series Layer 2 - WAN Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

Step Command Remarks

1. Enter system view.

system-view N/A

2. Enter L2TP group view in LNS

mode.

l2tp-group group-number [ mode

lns ]

N/A

3. Configure mandatory CHAP

authentication.

mandatory-chap

By default, CHAP authentication is

not performed on an LNS.

This command is effective only on

NAS-initiated L2TP tunnels.

Configuring LCP renegotiation

To establish a NAS-initiated L2TP tunnel, a user first negotiates with the LAC at the start of a PPP session.

If the negotiation succeeds, the LAC initiates an L2TP tunneling request and sends user information to the

LNS. The LNS then determines whether the user is valid according to the proxy authentication

information received.

If you do not expect the LNS to accept LCP negotiation parameters, configure this function to perform a

new round of LCP negotiation between the LNS and the user. In this case, the LNS authenticates the user

by using the authentication method configured on the corresponding VT interface.

If you enable LCP renegotiation but configure no authentication for the corresponding VT interface, the

LNS does not perform an additional authentication for users.

To configure the LNS to perform LCP renegotiation with users:

Step Command Remarks

1. Enter system view.

system-view N/A

2. Enter L2TP group view in LNS

mode.

l2tp-group group-number [ mode

lns ]

N/A

3. Configure the LNS to perform

LCP renegotiation with users.

mandatory-lcp

By default, an LNS does not

perform LCP renegotiation with

users.

This command is effective only on

NAS-initiated L2TP tunnels.

Configuring AAA authentication on an LNS

After you configure AAA authentication on an LNS, the LNS can authenticate the credentials of remote

access users. If a user passes AAA authentication, the user can communicate with the LNS to access the

enterprise network.

Configure AAA authentication on the LNS in the following cases:

• LCP renegotiation is not configured in NAS-initiated mode.

• The VT interface is configured with PPP user authentication and LCP renegotiation is configured in

NAS-initiated mode.

• The VT interface is configured with PPP user authentication in client-initiated mode, or

LAC-auto-initiated mode.