HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

241

242

243

244

245

246

247

248

249

250

239

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Create a local user and

enter its view.

local-user username

By default, no local user or

password is configured on

an LAC.

3. Configure a password for

the local user.

password [ { cipher | simple }

password ]

4. Authorize the user to use the

PPP service.

service-type ppp N/A

5. Return to system view.

quit N/A

6. Create an ISP domain and

enter its view.

domain isp-name N/A

7. Configure the domain to use

local

authentication/authorizatio

n/accounting for its PPP

users.

• authentication ppp local

• authorization ppp local

• accounting ppp local

Optional.

Local

authentication/authorizatio

n/accounting is used by

default.

For information about AAA configuration commands and remote AAA authentication method

configuration, see Access Control Configuration Guide.

Configuring an LAC to establish an L2TP tunnel

To establish an L2TP tunnel in LAC-auto-initiated mode, you must create a virtual PPP user on the LAC.

LAC performs PPP authentication for the virtual PPP user, that is, LAC is both the side that performs PPP

authenticator and the side that is authenticated by PPP. An L2TP tunnel established in LAC-auto-initiated

mode exists until you remove the tunnel by using the undo l2tp-auto-client enable command.

To configure an LAC to establish an L2TP tunnel, perform the following tasks:

• Create a VT interface and configure an IP address for the interface.

• In virtual template interface view, configure the side that performs PPP authentication: use the ppp

authentication-mode command to specify the authentication method the LAC uses to authenticate

the virtual PPP user.

• In VT interface view, configure the side authenticated by PPP: use the ppp pap command or the ppp

chap command to specify the PPP authentication method supported by the virtual PPP user, and the

username and password of the virtual PPP user. The authentication method to be used by the LAC

and that supported by the virtual PPP user must be consistent.

• Configure AAA authentication for VPN users on the LAC. The configured username and password

for AAA authentication must be the same as those of the virtual PPP user configured on the VT

interface.

• Trigger the LAC to establish an L2TP tunnel.

To trigger an LAC to establish an L2TP tunnel:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Create a VT interface and enter

its view.

interface virtual-template

virtual-template-number

By default, no VT interface exists.