Configuring user authentication on an lns – H3C Technologies H3C SecPath F1000-E User Manual

13

To do…

Use the command…

Remarks

Configure the authentication mode
for PPP users

ppp authentication-mode
{ chap | pap } [ [ call-in ]
domain isp-name ]

Optional
By default, no authentication is
performed for PPP users.

Specify the address pool for
allocating an IP address to a VPN

user, or assign an IP address to the
user directly

remote address { pool
[ pool-number ] | ip-address }

Optional
By default, address pool 0 (the
default address pool) is used.

Configuring an LNS to Grant Certain L2TP Tunneling Requests

Upon receiving a tunneling request, an LNS determines whether to grant the tunneling request by

checking whether the tunnel name of the LAC matches the one configured, and determines the virtual

template interface to be used to create the VA interface.
Follow these steps to configure an LNS to grant certain L2TP tunneling requests:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter L2TP group view

l2tp-group group-number

—

If the L2TP group
number is not 1

allow l2tp virtual-template
virtual-template-number remote
remote-name [ domain

domain-name ]

Specify the
virtual template

interface for
receiving calls,

the tunnel name

on the LAC, and

the domain
name

If the L2TP group
number is 1 (the

default)

allow l2tp virtual-template
virtual-template-number
[ remote remote-name ]
[ domain domain-name ]

Required
Use either command.
By default, an LNS denies all
incoming calls.

NOTE:
•

The start l2tp and allow l2tp commands are mutually exclusive. Configuring one of them automatically
disables the other one.

•

The LAC side tunnel name configured on the LNS must be consistent with the local tunnel name
configured on the LAC.

Configuring User Authentication on an LNS

An LNS may be configured to authenticate a user that has passed authentication on the LAC to increase

security. In this case, the user is authenticated twice, once on the LAC and once on the LNS. Only when

the two authentications succeed can an L2TP tunnel be set up. This helps raise security.
An LNS authenticates users by using one the following three methods:

•

Proxy authentication: The LNS uses the LAC as an authentication proxy. The LAC sends the LNS all

user authentication information from users and the authentication mode configured on the LAC itself.
The LNS then checks the user validity according to the received information. When the user

authentication information passed from the LAC to the LNS is valid, the proxy authentication

succeeds and a session can be established for the user if the authentication type configured on the