H3C Technologies H3C SecPath F1000-E User Manual

264

[LAC-luser-vpdnuser] quit

# Configure interface Async 1/0.

[LAC] interface async 1/0

[LAC-Async1/0] ip address 1.1.1.1 255.255.255.0

[LAC-Async1/0] ppp authentication-mode chap

[LAC-Async1/0] quit

# Enable L2TP.

[LAC] l2tp enable

# Create an L2TP group and configure its attributes.

[LAC] l2tp-group 1

[LAC-l2tp1] tunnel name LAC

[LAC-l2tp1] start l2tp ip 1.1.2.2 fullusername vpdnuser

# Enable tunnel authentication and specify the tunnel authentication password.

[LAC-l2tp1] tunnel authentication

[LAC-l2tp1] tunnel password simple aabbcc

2.

Configure the LNS:
# Configure IP addresses for the interfaces. (Details not shown.)
# Create a local user named vpdnuser, set the password, and enable the PPP service. The
username and password must match those configured on the client.

<LNS> system-view

[LNS] local-user vpdnuser

[LNS-luser-vpdnuser] password simple Hello

[LNS-luser-vpdnuser] service-type ppp

[LNS-luser-vpdnuser] quit

# Configure local authentication for the VPN user.

[LNS] domain system

[LNS-isp-system] authentication ppp local

[LNS-isp-system] ip pool 1 192.168.0.2 192.168.0.100

[LNS-isp-system] quit

# Enable L2TP.

[LNS] l2tp enable

# Configure the virtual template interface.

[LNS] interface virtual-template 1

[LNS-virtual-template1] ip address 192.168.0.1 255.255.255.0

[LNS-virtual-template1] ppp authentication-mode chap domain system

[LNS-virtual-template1] remote address pool 1

[LNS-virtual-template1] quit

# Add the virtual template interface to a proper security zone. For how to add an interface to a
security zone, see Access Control Configuration Guide.
# Create an L2TP group, specify the virtual template interface for receiving calls and specify the
name of the tunnel on the peer.

[LNS] l2tp-group 1

[LNS-l2tp1] tunnel name LNS

[LNS-l2tp1] allow l2tp virtual-template 1 remote LAC

# Enable tunnel authentication and specify the tunnel authentication password.

[LNS-l2tp1] tunnel authentication