No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - User Access 01

This is NE40E V800R010C10SPC500 Configuration Guide - User Access
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring LTS

Example for Configuring LTS

This section provides an example for configuring L2TP tunnel switching (LTS), including the networking requirements, configuration roadmap, configuration procedure, and configuration files.

Networking Requirements

As shown in Figure 10-10, DeviceA, DeviceB, and DeviceC function as the LAC, LTS, and LNS respectively.

  • A user dials in through PPPoE by using user name user1@domain1 and password hello.

  • RADIUS authentication and RADIUS accounting are used.

  • DeviceB and DeviceC do not perform authentication or accounting for the user.

  • DeviceC allocates an IP address to the user from the local address pool.

Figure 10-10 L2TP networking
NOTE:

Interfaces 1 is GE1/0/0.1.



Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure dial-up parameters at the user side.

  2. Configure the LAC.

  3. Configure the LTS.

  4. Configure the LNS.

Data Preparation

To complete the configuration, you need the following data:

  • IP address of Loopback0 on DeviceB

  • IP address of Loopback0 on DeviceC

  • Name of the domain that the user belongs to

NOTE:

This section provides only the procedures relevant to L2TP.

Procedure

  1. Configure the user side.

    Enter user1@domain1 as the user name and Hello as the password in the PPPoE dial-up dialog box to dial in.

  2. Configure DeviceA (LAC).

    # Configure virtual template 1.

    <Device> system-view
    <~Device> sysname DeviceA
    [*DeviceA] interface virtual-template 1
    [*DeviceA-Virtual-Template1] ppp authentication-mode chap
    [*DeviceA-Virtual-Template1] commit
    [~DeviceA-Virtual-Template1] quit

    # Bind virtual template 1 to GE 1/0/0.1.

    [~DeviceA] interface gigabitethernet 1/0/0.1
    [*DeviceA-GigabitEthernet1/0/0.1] pppoe-server bind virtual-template 1
    [*DeviceA-GigabitEthernet1/0/0.1] user-vlan 1 100
    [*DeviceA-GigabitEthernet1/0/0.1-vlan-1-100] commit
    [~DeviceA-GigabitEthernet1/0/0.1-vlan-1-100] quit

    # Configure the BAS interface.

    [~DeviceA-GigabitEthernet1/0/0.1] bas
    [*DeviceA-GigabitEthernet1/0/0.1-bas] access-type layer2-subscriber
    [*DeviceA-GigabitEthernet1/0/0.1-bas] authentication-method ppp
    [*DeviceA-GigabitEthernet1/0/0.1-bas] commit
    [~DeviceA-GigabitEthernet1/0/0.1-bas] quit
    [~DeviceA-GigabitEthernet1/0/0.1] quit
    [~DeviceA-GigabitEthernet1/0/0.1] bas
    [*DeviceA-GigabitEthernet1/0/0.1-bas] access-type layer2-subscriber
    [*DeviceA-GigabitEthernet1/0/0.1-bas] authentication-method ppp
    [*DeviceA-GigabitEthernet1/0/0.1-bas] commit
    [~DeviceA-GigabitEthernet1/0/0.1-bas] quit
    [~DeviceA-GigabitEthernet1/0/0.1] quit

    # Configure an L2TP group and configure relevant attributes.

    [~DeviceA] l2tp enable
    [~DeviceA] l2tp-group lac1
    [*DeviceA-l2tp-lac1] tunnel name lac1
    [*DeviceA-l2tp-lac1] start l2tp ip 30.30.30.1
    [*DeviceA-l2tp-lac1] tunnel authentication
    [*DeviceA-l2tp-lac1] tunnel password simple 1qaz#EDC
    [*DeviceA-l2tp-lac1] commit
    [~DeviceA-l2tp-lac1] quit

    # Configure the RADIUS server.

    [~DeviceA] radius-server group radius1
    [*DeviceA-radius-radius1] radius-server authentication 20.20.20.1 1812
    [*DeviceA-radius-radius1] radius-server accounting 20.20.20.1 1813
    [*DeviceA-radius-radius1] radius-server shared-key itellin
    [*DeviceA-radius-radius1] commit
    [~DeviceA-radius-radius1] quit

    # Configure the domain to which the user belongs.

    [~DeviceA] aaa
    [*DeviceA-aaa] domain domain1
    [*DeviceA-aaa-domain-domain1] l2tp-group lac1
    [*DeviceA-aaa-domain-domain1] radius-server group radius1
    [*DeviceA-aaa-domain-domain1] authentication-scheme default1
    [*DeviceA-aaa-domain-domain1] accounting-scheme default1
    [*DeviceA-aaa-domain-domain1] commit
    [~DeviceA-aaa-domain-domain1] quit
    [~DeviceA-aaa] quit
    NOTE:

    The user name user1@domain1 and the password Hello must be configured on the RADIUS server.

  3. Configure DeviceB that functions as an LTS.

    # Create virtual template 1 and configure relevant parameters.

    <Device> system-view
    <~Device> sysname DeviceB
    [*DeviceB] interface virtual-template 1
    [*DeviceB-Virtual-Template1] ppp authentication-mode chap
    [*DeviceB-Virtual-Template1] commit
    [~DeviceB-Virtual-Template1] quit

    # Configure loopback 0.

    [~DeviceB] interface loopback 0
    [*DeviceB-LoopBack0] ip address 30.30.30.1 255.255.255.255
    [*DeviceB-LoopBack0] commit
    [~DeviceB-LoopBack0] quit

    # Enable the L2TP service and configure an L2TP group to function as an LNS.

    [~DeviceB] l2tp enable
    [~DeviceB] l2tp-group lns1
    [*DeviceB-l2tp-lns1] tunnel name lns1
    [*DeviceB-l2tp-lns1] allow l2tp virtual-template 1 remote lac1
    [*DeviceB-l2tp-lns1] tunnel authentication
    [*DeviceB-l2tp-lns1] tunnel password simple 1qaz#EDC
    [*DeviceB-l2tp-lns1] commit
    [~DeviceB-l2tp-lns1] quit

    # Create an LNS group named group1, and bind the tunnel source interface to the tunnel board.

    [~DeviceB] lns-group group1
    [*DeviceB-lns-group-group1] bind slot 1 
    [*DeviceB-lns-group-group1] bind source loopback 0
    [*DeviceB-lns-group-group1] commit
    [~DeviceB-lns-group-group1] quit

    # Configure an L2TP group to function as an LAC.

    [~DeviceB] l2tp-group lac1
    [*DeviceB-l2tp-lac1] tunnel name lac2
    [*DeviceB-l2tp-lac1] start l2tp ip 40.40.40.1
    [*DeviceB-l2tp-lac1] tunnel authentication
    [*DeviceB-l2tp-lac1] tunnel password simple 1qaz#EDC2
    [*DeviceB-l2tp-lac1] commit
    [~DeviceB-l2tp-lac1] quit

    # Configure the RADIUS server.

    [~DeviceB] radius-server group radius1
    [*DeviceB-radius-radius1] radius-server authentication 20.20.20.1 1812
    [*DeviceB-radius-radius1] radius-server accounting 20.20.20.1 1813
    [*DeviceB-radius-radius1] radius-server shared-key itellin
    [*DeviceB-radius-radius1] commit
    [~DeviceB-radius-radius1] quit

    # Configure the domain to which the user belongs.

    [~DeviceB] aaa
    [*DeviceB-aaa] domain domain1
    [*DeviceB-aaa-domain-domain1] l2tp-group lac1
    [*DeviceB-aaa-domain-domain1] radius-server group radius1
    [*DeviceB-aaa-domain-domain1] authentication-scheme default1
    [*DeviceB-aaa-domain-domain1] accounting-scheme default1
    [*DeviceB-aaa-domain-domain1] commit
    [~DeviceB-aaa-domain-domain1] quit
    [~DeviceB-aaa] quit

  4. Configure DeviceC (LNS).

    # Configure virtual template 1.

    <Device> system-view
    <~Device> sysname DeviceC
    [*DeviceC] interface virtual-template 1
    [*DeviceC-Virtual-Template1] ppp authentication-mode chap
    [*DeviceC-Virtual-Template1] commit
    [~DeviceC-Virtual-Template1] quit

    # Configure loopback 0.

    [~DeviceC] interface loopback 0
    [*DeviceC-LoopBack0] ip address 40.40.40.1 255.255.255.255
    [*DeviceC-LoopBack0] commit
    [~DeviceC-LoopBack0] quit

    # Enable the L2TP service and create an L2TP group.

    [~DeviceC] l2tp enable
    [~DeviceC] l2tp-group lns1
    [*DeviceC-l2tp-lns1] tunnel name LNS2
    [*DeviceC-l2tp-lns1] allow l2tp virtual-template 1 remote lac2
    [*DeviceC-l2tp-lns1] tunnel authentication
    [*DeviceC-l2tp-lns1] tunnel password simple 1qaz#EDC2
    [*DeviceC-l2tp-lns1] commit
    [~DeviceC-l2tp-lns1] quit

    # Create an LNS group named group1, and bind the tunnel source interface to the tunnel board.

    [~DeviceC] lns-group group1
    [*DeviceC-lns-group-group1] bind slot 1 
    [*DeviceC-lns-group-group1] bind source loopback 0
    [*DeviceC-lns-group-group1] commit
    [~DeviceC-lns-group-group1] quit

    # Configure the address pool to allocate IP address to the user.

    [~DeviceC] ip pool pool1 bas local
    [*DeviceC-ip-pool-pool1] gateway 10.10.0.1 255.255.255.0
    [*DeviceC-ip-pool-pool1] section 0 10.10.0.2 10.10.0.100
    [*DeviceC-ip-pool-pool1] commit
    [~DeviceC-ip-pool-pool1] quit

    # Configure the RADIUS server.

    [~DeviceC] radius-server group radius1
    [*DeviceC-radius-radius1] radius-server authentication 20.20.20.1 1812
    [*DeviceC-radius-radius1] radius-server accounting 20.20.20.1 1813
    [*DeviceC-radius-radius1] radius-server shared-key itellin
    [*DeviceC-radius-radius1] commit
    [~DeviceC-radius-radius1] quit

    # Configure the domain to which the user belongs.

    [~DeviceC] aaa
    [*DeviceC-aaa] domain domain1
    [*DeviceC-aaa-domain-domain1] radius-server group radius1
    [*DeviceC-aaa-domain-domain1] authentication-scheme default1
    [*DeviceC-aaa-domain-domain1] accounting-scheme default1
    [*DeviceC-aaa-domain-domain1] ip-pool pool1
    [*DeviceC-aaa-domain-domain1] commit
    [~DeviceC-aaa-domain-domain1] quit
    [~DeviceC-aaa] quit

    # Verify the configuration.

    Check the status of the tunnel when the user gets online.

    <HUAWEI> display l2tp tunnel
      ---------------------------------------------------------
      -----------tunnel information in LAC----------------------
     Total 0,0 printed
    
      ---------------------------------------------------------
      -----------tunnel information in LNS----------------------
     The tunnel information of K board 1 
     LocalTID RemoteTID RemoteAddress    Port   Sessions RemoteName
     ------------------------------------------------------------------------------
     39       4         30.30.30.1    1701   1        user1@domain1
     ------------------------------------------------------------------------------
      Total 1, 1 printed from slot 1 

Configuration Files

  • Configuration file of DeviceA

    #
     l2tp enable
    #
    radius-server group radius1
     radius-server authentication 20.20.20.1 1812 
     radius-server accounting 20.20.20.1 1813 
     radius-server shared-key itellin
    #
    interface Virtual-Template1
     ppp authentication-mode chap
    #
    interface GigabitEthernet1/0/0
     undo shutdown
    #
    interface GigabitEthernet1/0/0.1
     pppoe-server bind Virtual-Template 1
     undo shutdown
     user-vlan 1 100
     bas
      access-type layer2-subscriber
    #
    interface GigabitEthernet2/0/0
    undo shutdown
     ip address 100.100.100.1 255.255.255.0
    #
    l2tp-group lac1
     tunnel password simple 1qaz#EDC
     tunnel name LAC1
     start l2tp ip 30.30.30.1
    #
    aaa
    domain  domain1
      authentication-scheme   default1
      accounting-scheme   default1
      radius-server group  radius1
      l2tp-group  lac1
    #
     ip route-static 30.30.30.1 255.255.255.255 100.100.100.2
    #
    return
  • Configuration file of DeviceB

    #
     sysname NE40EB
    #
    l2tp enable
    #
    radius-server group radius1
     radius-server authentication 20.20.20.1 1812 
     radius-server accounting 20.20.20.1 1813 
     radius-server shared-key itellin
    #
    interface Virtual-Template1
     ppp authentication-mode chap
    #
    interface GigabitEthernet2/0/0
     undo shutdown
     ip address 100.100.100.2 255.255.255.0
    #
    interface GigabitEthernet3/0/0
     undo shutdown
     ip address 200.200.200.1 255.255.255.0
    #
    interface LoopBack0
     ip address 30.30.30.1 255.255.255.255
    #
    l2tp-group lac1
     tunnel password simple  1qaz#EDC2
     tunnel name LAC2
     start l2tp ip 40.40.40.1
    #
    l2tp-group lns1
     allow l2tp virtual-template 1 remote LAC1
     tunnel password simple 1qaz#EDC
     tunnel name LNS1
    #
    lns-group group1
     bind slot 1 
     bind source LoopBack0
    #
    aaa
    domain  domain1
      radius-server group  radius1
     authentication-scheme   default1
     accounting-scheme   default1
     l2tp-group  lac1
    #
     ip route-static 40.40.40.1 255.255.255.255 200.200.200.2
    #
    return
  • Configuration file of DeviceC

    #
     sysname NE40EC
    #
     l2tp enable
    #
    radius-server group radius1
     radius-server authentication 20.20.20.1 1812 
     radius-server accounting 20.20.20.1 1813 
     radius-server shared-key itellin
    #
    interface Virtual-Template1
     ppp authentication-mode chap
    #
    interface GigabitEthernet2/0/0
     undo shutdown
     ip address 200.200.200.2 255.255.255.0
    #
    interface LoopBack0
     ip address 40.40.40.1 255.255.255.255
    #
    l2tp-group lns1
     allow l2tp virtual-template 1 remote LAC2
     tunnel password simple 1qaz#EDC2
     tunnel name LNS2
    #
    lns-group group1
     bind slot 1 
     bind source LoopBack0
    #
    ip pool pool1 local
     gateway 10.10.0.1 255.255.255.0
     section 0 10.10.0.2 10.10.0.100
    #
    aaa
    domain  domain1
      radius-server group  radius1
      authentication-scheme   default1
      accounting-scheme   default1
      ip-pool   pool1
    #
     ip route-static 30.30.30.1 255.255.255.255 200.200.200.1
    #
    return
Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055031

Views: 17347

Downloads: 70

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next