85
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter L2TP group view in LNS
mode.
l2tp-group group-number [ mode
lns ]
N/A
3. Configure mandatory CHAP
authentication.
mandatory-chap
By default, CHAP authentication is
not performed on an LNS.
This command is effective only on
NAS-initiated L2TP tunnels.
Configuring LCP renegotiation
To establish a NAS-initiated L2TP tunnel, a user first negotiates with the LAC at the start of a PPP session.
If the negotiation succeeds, the LAC initiates an L2TP tunneling request and sends user information to the
LNS. The LNS then authenticates the user according to the proxy authentication information received.
For the LNS not to accept LCP negotiation parameters, configure this feature to perform a new round of
LCP negotiation between the LNS and the user. In this case, the LNS authenticates the user by using the
authentication method configured on the corresponding VT interface.
If you enable LCP renegotiation but configure no authentication for the corresponding VT interface, the
LNS does not perform an additional authentication for users.
To configure the LNS to perform LCP renegotiation with users:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter L2TP group view in LNS
mode.
l2tp-group group-number [ mode
lns ]
N/A
3. Configure the LNS to perform
LCP renegotiation with users.
mandatory-lcp
By default, an LNS does not
perform LCP renegotiation with
users.
This command is effective only on
NAS-initiated L2TP tunnels.
Configuring AAA authentication on an LNS
After you configure AAA authentication on an LNS, the LNS can authenticate the usernames and
passwords of remote access users. If a user passes AAA authentication, the user can communicate with
the LNS to access the private network.
Configure AAA authentication on the LNS in one of the following cases:
• LCP renegotiation is not configured in NAS-initiated mode.
• The VT interface is configured with PPP user authentication and LCP renegotiation is configured in
NAS-initiated mode.
• The VT interface is configured with PPP user authentication in client-initiated mode or
LAC-auto-initiated mode.
LNS side AAA configurations are similar to those on an LAC (see "Configuring AAA authentication on
an LAC").
To Next Page
Loading...
Need help?
General
