No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - User Access 01

This is NE40E V800R010C10SPC500 Configuration Guide - User Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring an L2TP Connection on the LAC

Configuring an L2TP Connection on the LAC

Enabling an L2TP connection on an LAC is the prerequisite of setting up an L2TP tunnel on the LAC.

Context

When an LAC and an LNS are interconnected, the LAC must have a route to the LNS. For example, when the NE40E functions as an LNS, if the LNS is configured with a loopback interface, a route to the loopback interface must be configured on the LAC.

Perform the following steps on the NE40E:

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run l2tp-group group-name

    The L2TP group view is displayed.

  3. Run tunnel name name

    The name of the local end of a tunnel is specified.

    The tunnel name is used for tunnel negotiation between the LAC and LNS. In different tunnel authentication modes, the tunnel name must meet different requirements.

    • In local authentication mode, only the tunnel password is needed. The tunnel name is used by the LNS to select an L2TP group to respond to a connection request from the LAC. There is no special requirement on the format of the tunnel name. The tunnel name configured on the LAC must be the same as the receiver tunnel name configured on the LNS. No tunnel name needs to be configured on the LNS. In strict local authentication mode, the LAC checks the validity of the tunnel name and password of the remote LNS. If the LNS tunnel name and password delivered by the RADIUS server or the locally configured LNS tunnel name and password are different from those of the remote LNS, the check fails and the tunnel cannot be established.

    • In AAA authentication mode, an L2TP tunnel is treated as a user, and the tunnel name is required to be in the format of username@domain. When establishing an L2TP tunnel, the LAC or LNS must forward the received user name and password to the AAA server for authentication. In addition, the user name and password must be configured on the AAA server.

  4. Run start l2tp { ip ip-address [ weight lns-weight | preference preference | remote lns-name | identifier-name identifier-name ] * } &<1-8>

    An L2TP connection is configured on the LAC.

    NOTE:
    • When configuring an L2TP connection on the LAC, you must specify the IP addresses and weights of the LNSs. Up to eight LNSs can be configured in each L2TP group.

    • The L2TP group is configured as the LAC in this configuration.

    • The IP address of the LNS is optional. If the IP address of the LNS is delivered by the RADIUS server, you do not need to configure it.

    • The LNS weights are applicable to only the load balancing mode. In load balancing mode, the NE40E allocates sessions to the LNSs in the proportion of their weights. In other modes, the NE40E sets up connections to the LNSs in the sequence in which the LNSs are configured until an LNS responds. Then, the other LNSs function as backups.

    • preference preference configured in the start l2tp command takes effect only after the tunnel priority command is run to configured priority-based load balancing for the LNS. The NE40E establishes a tunnel with the LNS with the highest priority. If the LNS with the highest priority is unavailable, the NE40E selects an LNS based on the LNS priorities in descending order. If multiple LNSs have the same priority, the NE40E establishes tunnels with the LNSs, and load balancing is implemented between these tunnels.

    • If the LAC is configured to check the tunnel name of the LNS, the remote lns-name parameter must be configured in the start l2tp command. This setting allows L2TP tunnel authentication to be enabled.

  5. (Optional) Run tunnel-per-user

    Each L2TP user is configured to use a separate L2TP tunnel.

  6. (Optional) Run lac mtu enable

    The MTU of the VT is applied to the LAC.

  7. (Optional) Run lac mss enable

    The MSS of the VT is applied to the LAC.

  8. (Optional) Run tunnel load-sharing

    Load balancing of LNSs is enabled.

  9. (Optional) Run l2tp aging time

    The duration during which the LNS is locked is configured.

    When the NE40E attempts to set up a tunnel to an LNS but finds that the LNS runs abnormally, the NE40E marks the LNS as unusable and does not set up a tunnel to the LNS during a period of time. This period is the LNS locking duration. After the locking duration expires, the NE40E attempts to set up a tunnel to the LNS again.

  10. (Optional) Run avp nas-port enable

    The LAC is enabled to encapsulate the NAS-Port attribute into the AVP100 field of an ICRQ message to be sent to the LNS.

  11. (Optional) Run tunnel source interface-type interface-number

    The source interface of tunnels is configured.

    NOTE:
    • When the LAC initiates a tunnel setup request, it sends the source IP address of the local end to the LNS for the communication between the LAC and LNS. To improve reliability of the communication between the LAC and LNS, you can configure the source interface of the tunnel. Then, the LAC uses the IP address of the specified interface as the source address to set up a tunnel.

    • The configuration of the IP of the tunnel source in the L2TP groups, of the source interface bounded to the LNS groups and of the RBS tunnel source of dual-device hot backup cannot be the same.

  12. (Optional) Run allow-address-change { setup-only | always }

    The NE40E is configured to use the changed source IP address of packets replied by the LNS as the destination IP address of packets to be sent during tunnel establishment or hello detection process.

  13. (Optional) Run tunnel window receive window-size

    An L2TP receive window size is set for out-of-order packets.

  14. Run quit

    Return to the system view.

  15. (Optional) Run tunnel priority

    Priority-based load balancing is configured

    After the tunnel priority command is run, the following situations are available:

    The NE40E establishes a tunnel with the LNS with the highest priority. If the LNS with the highest priority is unavailable, the NE40E selects an LNS based on the LNS priorities in descending order.

    The NE40E establishes tunnels with LNSs with the same priority, and load balancing is implemented between these tunnels.

    Load balancing can be implemented for tunnels in an L2TP group based on the master/backup status, weight, or priority. Any two of the three modes are mutually exclusive. If tunnels have been configured in an L2TP group, the load balancing configurations cannot be changed.

  16. (Optional) Run qos link-adjustment vendor redback { lns | lac } * [ slot slot-id ]

    Redback packet adjustment is configured so that user traffic statistics is collected based on the redback mode.

    This command is supported only on the Admin VS.

  17. Run commit

    The configuration is committed.

Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055031

Views: 17415

Downloads: 70

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next