3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

111

112

113

114

115

116

117

118

119

120

LNS Configuration 119

By default, AVP is transferred in plain text.

Setting Hello Interval in

Tunnel

In order to check the connectivity of the Tunnel between LAC and LNS, LAC and

LNS send Hello packets to each other periodically and the receiver will respond

upon the receipt of the packets. If LAC or LNS does not receive response from the

peer end in a specified interval, it will resend Hello packet and will regard the L2TP

Tunnel connection has been disconnected if receiving no response after making

three transmission attempts. In this case, LAC and LNS need to set up a new

Tunnel connection.

This configuration is optional on LNS side.

Perform the following configuration in L2TP group view.

By default, Hello interval is 60 seconds. If this configuration is not performed on

LNS side, LNS will adopt this default value to send Hello packet to the peer end

periodically.

Enabling Mandatory

Local CHAP

Authentication

After LAC performs agent authentication on a user, LNS can authenticate the user

again. The user therefore undergoes authentication twice: once on LAC side and

once on LNS side. Only after both the two authentications succeed, can L2TP

Tunnel be created.

In an L2TP network, LNS side authenticates users in three ways: agent

authentication, mandatory CHAP authentication, and LCP re-negotiation.

Among these three authentication approaches, LCP re-negotiation is of the first

priority. If both LCP re-negotiation and mandatory CHAP authentication are

configured on LNS side, L2TP will choose the former, adopting the authentication

mode configured in the associated virtual template interface.

If only CHAP authentication is configured, LNS will perform CHAP authentication

on users.

To perform mandatory CHAP authentication on LNS side, you must configure

username, password and user authentication and enable AAA on this side.

Mandatory local CHAP authentication is optional on LNS side.

Perform the following configuration in L2TP group view.

Restore default transfer mode of AVP undo tunnel avp-hidden

Table 109 Set the transfer mode of AVP data

Operation Command

Tab le 110 Set Hello interval

Operation Command

Set Hello interval tunnel timer hello hello-interval

Restore the default value of Hello interval undo tunnel timer hello