3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

111

112

113

114

115

116

117

118

119

120

LNS Configuration 117

Creating Virtual

Template Interface

Virtual template interface is mainly used to configure parameters of virtual

interface created dynamically by the security gateway in operation, e.g. MP logical

interface and L2TP logical interface, etc.

These configurations are compulsory on LNS side.

Perform the following configuration in system view.

By default, no virtual template interface is created.

Setting Parameters for

Call Receiving

LNS can adopt different virtual template interfaces for receiving Tunnel setup

request from different LACs. When receiving a Tunnel setup request from an LAC,

LNS needs to check that the name of LAC is a valid remote name of Tunnel before

allowing it to create the Tunnel.

These configurations are compulsory on LNS side.

Perform the following configuration in L2TP group view.

When the group number of L2TP is 1 (the default L2TP group number), you do not

need to specify remote-name. If remote-name is specified in L2TP group view 1,

L2TP group 1 will not be regarded as the default L2TP group.

■ Only L2TP group 1 can be set as default group.

■ Any device can initiate a Tunnel setup request when the L2TP group number is

the default L2TP group number 1.

■ The start command and the allow command are mutually exclusive to each

other. After one is configured, another one goes invalid automatically.

■ When the PPPoE client is used to trigger the Tunnel connection from LAC to

LNS, you are recommended to decrease the MTU value of the virtual template

interface on the side of LNS to 1,480 bytes.

Setting Local Name A user can configure local Tunnel name on LNS side.

Tab le 105 Create/delete virtual template interface

Operation Command

Create a virtual template interface interface virtual-template virtual-template-number

Delete the virtual template interface

undo interface virtual-template

virtual-template-number

Tab le 106 Set parameters for call receiving

Operation Command

Set remote name of Tunnel (L2TP group not

being 1)

allow l2tp virtual-template

virtual-template-number remote

remote-name [ domain domain-name ]

Set remote name of Tunnel (L2TP group being

allow l2tp virtual-template

virtual-template-number [ remote

remote-name ] [ domain domain-name ]

Remove remote name of Tunnel undo allow