EasyManuals Logo

HPE FlexNetwork MSR Series Comware 5 Layer 2 - Wan Access Configuration Guide

HPE FlexNetwork MSR Series
420 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #269 background imageLoading...
Page #269 background image
258
1. The iNode client (the user host) connects to the LNS device through L2TP. After the client
passes PPP authentication, the CAMS/IMC server issues the isolation ACL to the device, which
will then filter packets from the client by using the firewall function.
2. After the IPCP negotiation, the CAMS/IMC server notifies the iNode client of its IP address (this
IP address is permitted by the isolation ACL) through the device.
3. The CAMS/IMC server performs EAD authentication and security checks on the iNode client.
After the client passes the security authentication, the CAMS/IMC server issues a security ACL
to the device to allow the client to access network resources.
When you configure L2TP-based EAD, follow these guidelines:
• Make sure that the ACLs to be assigned by the authentication server are configured
appropriately on the LNS device. An empty ACL or incorrect ACL rules can cause EAD
authentication failure.
• You can configure different ACLs for different hosts. The device filters packets of a host
according to the configured ACL.
• L2TP-based EAD is usually used for remote users. For LAN users, deploy portal authentication.
For information about packet-filter firewalls, AAA, RADIUS, and portal authentication, see HPE
FlexNetwork MSR Router Series Comware 5 Security Configuration Guide.
Protocols and standards
• RFC 1661, The Point-to-Point Protocol (PPP)
• RFC 1918, Address Allocation for Private Internets
• RFC 2661, Layer Two Tunneling Protocol "L2TP"
L2TP configuration task list
When configuring L2TP, perform the following operations:
1. Determine the network devices needed according to the networking environment. For
NAS-initiated mode and LAC-auto-initiated mode, configure both the LAC and the LNS. For
client-initiated mode, you only need to configure the LNS.
2. Configure the devices accordingly based on the intended role (LAC or NAS) on the network.
To configure a device as an LAC in NAS-initiated or LAC-auto-initiated mode, complete the following
tasks:
Task Remarks
Configuring basic L2TP
capabilities
Enable L2TP
Required.
Create an L2TP group
Specify the local name of the
tunnel
Configuring an LAC
Configuring an LAC to initiate
tunneling requests for specified
users
Required.
Configuring an LAC to transfer AVP
data in hidden mode
Optional.
Configuring AAA authentication for
VPN users on LAC side
Required.

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Configuration Guide
Configuration Guide861 pages
Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Security Configuration Guide
Comware 5 Security Configuration Guide547 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork MSR Series and is the answer not in the manual?

HPE FlexNetwork MSR Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork MSR Series
CategoryNetwork Router
LanguageEnglish

Related product manuals