No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - User Access 01

This is NE40E V800R010C10SPC500 Configuration Guide - User Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring L2TP Tunnel Authentication

Configuring L2TP Tunnel Authentication

An L2TP tunnel can be successfully established only after L2TP tunnel authentication succeeds.

Context

An L2TP tunnel supports either local or remote authentication (RADIUS authentication).

Perform the following steps on the NE40E:

NOTE:
  • The new password is at least eight characters long and contains at least two of upper-case letters, lower-case letters, digits, and special characters.
  • When configuring an authentication password, select the ciphertext mode becasue the password is saved in configuration files in simple text if you select simple text mode, which has a high risk. To ensure device security, change the password periodically.

Procedure

  • Local authentication

    If local authentication is used, the LAC or LNS must use only the tunnel password, but not the tunnel name. The tunnel name is used by the LNS to select an L2TP group to respond to the LAC connection request. The format of the tunnel name is not restricted; however, the tunnel name configured on the LAC must be the same as remote tunnel name configured on the LNS.

    1. Run system-view

      The system view is displayed.

    2. Run l2tp-group group-name

      The L2TP group view is displayed.

    3. Run tunnel name tunnel-name [ lns-ip lns-ip-address ]

      The local tunnel name is specified.

    4. Run tunnel authentication [ strict ]

      Tunnel authentication is enabled.

      You can decide whether to enable tunnel authentication before creating a tunnel connection. To ensure tunnel security, it is recommended that tunnel authentication be enabled.

      The tunnel authentication request can be initiated by the LAC or the LNS. As long as one end is enabled with tunnel authentication, the identity authentication is performed in the tunnel setup process. The tunnel can be set up only if the passwords of both ends are the same and not null; otherwise, the local end automatically tears down the tunnel. If tunnel authentication is disabled on both ends, tunnel authentication is not performed, irrespective of whether passwords on both ends are the same.

      The tunnel authentication strict command configuration takes effect only for the L2TP group on the LAC. After strict tunnel authentication is configured, the LAC performs validity check on the remote LNS's tunnel name and password. If the LNS tunnel name and password delivered by the RADIUS server or locally configured are different from those of the remote LNS, tunnel establishment fails. After strict tunnel authentication is configured, you can configure the RADIUS server to deliver the Tunnel-Server-Auth-ID attribute or configure an LNS tunnel name in the L2TP group view of the LAC based on site requirements.

    5. Run tunnel password { simple | cipher } password [ lns-ip lns-ip-address ]

      The password for tunnel authentication is set.

    6. Run commit

      The configuration is committed.

  • Remote authentication (RADIUS authentication)

    If remote authentication is used, the LAC or LNS takes the L2TP tunnel as a user; therefore, the format of the tunnel name must be username@domain. When the tunnel is set up, the LAC or LNS sends the received user name and password of each other to the AAA server (RADIUS server) for authentication. The AAA server must be configured with the identical user name and password.

    1. Run system-view

      The system view is displayed.

    2. Run l2tp-group group-name

      The L2TP group view is displayed.

    3. Run tunnel authentication

      Tunnel authentication is enabled.

      You can decide whether to enable tunnel authentication before creating a tunnel connection. To ensure tunnel security, it is recommended that tunnel authentication be enabled.

      The tunnel authentication request can be initiated by the LAC or the LNS. As long as one end is enabled with tunnel authentication, the identity authentication is performed in the tunnel setup process. The tunnel can be set up only if the passwords of both ends are the same and not null; otherwise, the local end automatically tears down the tunnel. If tunnel authentication is disabled on both ends, tunnel authentication is not performed, irrespective of whether passwords on both ends are the same.

    4. Run tunnel aaa-authentication

      The AAA tunnel authentication is enabled.

      AAA tunnel authentication indicates that the L2TP tunnel is not authenticated locally, but authenticated on the AAA server (RADIUS server).

    5. Run commit

      The configuration is committed.

  • Forcible RADIUS tunnel authentication
    1. Run system-view

      The system view is displayed.

    2. Run l2tp-group group-name

      The L2TP group view is displayed.

    3. Run tunnel radius-force

      The forcible tunnel authentication is enabled.

      Forcible RADIUS tunnel authentication indicates that the RADIUS server determines whether tunnel authentication is performed. If the attributes delivered by the RADIUS server contain the tunnel password, the tunnel password is used for tunnel authentication; otherwise, tunnel authentication is not performed.

    4. Run commit

      The configuration is committed.

Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055031

Views: 17406

Downloads: 70

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next