No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - User Access 01

This is NE40E V800R010C10SPC500 Configuration Guide - User Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring an L2TP Connection on the LNS

Configuring an L2TP Connection on the LNS

To set up a tunnel, you need to set the virtual template and user authentication domain in the L2TP group view on the LNS.

Context

The LNS can receive tunnel setup requests from different LACs by using different virtual templates. After receiving a tunnel setup request, the LNS checks the LAC name. The LNS allows the remote end to set up the tunnel if the LAC name is consistent with the name of the valid remote end.

The L2TP group is configured as the LNS (ACCEPT_DIALIN_L2TP) in this configuration.

NOTE:
  • When the NE40E functions as an LNS to interconnect with another Huawei device that functions as an LAC, it is recommended that you set the MTU in the virtual template to be less than 1462 (assume that the interface MTU is 1500).

  • When the NE40E functions as an LNS to interconnect with an LAC that does not support L2TP packet fragmentation, it is recommended that you set the MTU in the virtual template to a value smaller than 1454 (assume that the interface MTU on the LAC is 1500). If an L2TP packet is longer than 1500, the packet is fragmented into invalid packets on the LAC.

  • If the MTU is configured manually, ensure that the MTUs negotiated by the L2TP user, LAC, and LNS are the same.

Perform the following steps on the NE40E:

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run l2tp-group group-name

    The L2TP group view is displayed.

  3. Run allow l2tp virtual-template virtual-template-number remote remote-name

    An L2TP connection is configured on the LNS.

    Except for the default L2TP group default-lns, all L2TP groups must be configured with remote-name when the connection on the LNS is configured.

    NOTE:

    In an L2TP group, the start command and the allow command conflict with each other. This means that if you run either of the commands, the other command becomes invalid.

  4. (Optional) Run default-domain authentication { domain-name | force domain-name | replace domain-name }

    The authentication domain is configured for L2TP users.

    The default-domain authentication command configures the default authentication domain for L2TP users. When a user goes online from the LAC by using a user name without a domain name, the LNS logs the user in by using the default domain. The user domain adopts the configuration of the default domain. If the default authentication domain is not specified, when the user goes online from the LAC by using a user name without a domain name, the LNS allows the user to go online from domain default1.

    The default-domain authentication force command configures the forcible authentication domain for L2TP users. When a user goes online from the LAC, the LNS logs the user in by using the forcible authentication domain, but does not change the domain name. The user domain adopts the configuration of the forcible authentication domain.

    The default-domain authentication replace command configures the authentication domain substitute for L2TP users. When a user goes online from the LAC, the LNS switches the user to the domain substitute and changes the user domain name to the name of the authentication domain substitute. The user domain adopts the configuration of the authentication domain substitute.

  5. (Optional) Run roam-domain domain-name

    A roaming domain is configured for the LNS.

  6. (Optional) Run tunnel window receive window-size

    An L2TP receive window size is set for out-of-order packets.

  7. (Optional) Run lns calling-station-id format agent-remote-id

    The LNS is configured to parse the Agent-Remote-Id attribute carried in an IRCQ packet sent from the LAC and encapsulate the attribute into the Calling-Station-Id attribute to be sent to the RADIUS server.

  8. Run quit

    Return to the system view.

  9. (Optional) Run qos link-adjustment vendor redback { lns | lac } * [ slot slot-id ]

    Redback packet adjustment is configured so that user traffic statistics is collected based on the redback mode.

    This command is supported only on the Admin VS.

  10. (Optional) Run avp nas-port enable

    The LNS is enabled to parse the NAS-Port attribute carried in the AVP100 field of an ICRQ message received from the LAC.

  11. (Optional) Run radius-attribute include nas-port lns

    The LNS is enabled to encapsulate the NAS-Port attribute received from the LAC into a packet to be sent to the RADIUS server.

  12. (Optional) Run lns avp calling-number translate agent-remote-id

    The LNS is enabled to copy the value of the calling-number attribute carried in an ICRQ message from the LAC to the Agent-Remote-Id field.

  13. Run commit

    The configuration is committed.

Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055031

Views: 19374

Downloads: 87

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next