所选语种没有对应资源,请选择:

本站点使用Cookies,继续浏览表示您同意我们使用Cookies。Cookies和隐私政策>

提示

尊敬的用户,您的IE浏览器版本过低,为获取更好的浏览体验,请升级您的IE浏览器。

升级

NE40E V800R010C00 配置指南 - 用户接入 01

评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置L2TP隧道交换示例

配置L2TP隧道交换示例

介绍一个L2TP隧道交换的配置示例,结合配置组网图来理解业务的配置过程。配置示例包括组网需求、思路准备、操作步骤和配置文件。

组网需求

图10-10所示,DeviceA、DeviceB、DeviceC分别作为LAC、LTS、LNS设备。

  • 用户使用用户名user1@domain1和密码hello进行PPPoE拨号。

  • DeviceA对用户使用RADIUS认证和计费。

  • DeviceB和DeviceC无需对用户进行认证和计费。

  • DeviceC使用本地地址池为用户分配IP地址。

图10-10  L2TP综合实例组网图
说明:

本例中interface1代表GE 1/0/0.1。



配置思路

配置L2TP综合的思路如下:

  1. 在用户侧进行拨号配置

  2. 配置LAC

  3. 配置LTS

  4. 配置LNS

数据准备

为完成此配置例,需准备如下的数据:

  • DeviceB的Loopback0接口IP地址

  • DeviceC的Loopback0接口IP地址

  • 用户所在域的域名

说明:

本节只列出了与L2TP相关的配置步骤。

操作步骤

  1. 用户侧的配置

    在PPPoE拨号窗口中输入用户名user1@domain1和密码Hello进行拨号。

  2. DeviceA(LAC侧)的配置

    # 配置虚模板接口1。

    <Device> system-view
    <~Device> sysname DeviceA
    [*DeviceA] interface virtual-template 1
    [*DeviceA-Virtual-Template1] ppp authentication-mode chap
    [*DeviceA-Virtual-Template1] commit
    [~DeviceA-Virtual-Template1] quit

    # 在GE 1/0/0.1接口上绑定虚模板接口1,配置用户侧VLAN。

    [~DeviceA] interface gigabitethernet 1/0/0.1
    [*DeviceA-GigabitEthernet1/0/0.1] pppoe-server bind virtual-template 1
    [*DeviceA-GigabitEthernet1/0/0.1] user-vlan 1 100
    [*DeviceA-GigabitEthernet1/0/0.1-vlan-1-100] commit
    [~DeviceA-GigabitEthernet1/0/0.1-vlan-1-100] quit

    # 配置BAS接口。

    [~DeviceA-GigabitEthernet1/0/0.1] bas
    [*DeviceA-GigabitEthernet1/0/0.1-bas] access-type layer2-subscriber
    [*DeviceA-GigabitEthernet1/0/0.1-bas] authentication-method ppp
    [*DeviceA-GigabitEthernet1/0/0.1-bas] commit
    [~DeviceA-GigabitEthernet1/0/0.1-bas] quit
    [~DeviceA-GigabitEthernet1/0/0.1] quit

    # 设置一个L2TP组并配置相关属性。

    [~DeviceA] l2tp enable
    [~DeviceA] l2tp-group lac1
    [*DeviceA-l2tp-lac1] tunnel name lac1
    [*DeviceA-l2tp-lac1] start l2tp ip 30.30.30.1
    [*DeviceA-l2tp-lac1] tunnel authentication
    [*DeviceA-l2tp-lac1] tunnel password simple 1qaz#EDC
    [*DeviceA-l2tp-lac1] commit
    [~DeviceA-l2tp-lac1] quit

    # 配置RADIUS服务器。

    [~DeviceA] radius-server group radius1
    [*DeviceA-radius-radius1] radius-server authentication 20.20.20.1 1812
    [*DeviceA-radius-radius1] radius-server accounting 20.20.20.1 1813
    [*DeviceA-radius-radius1] radius-server shared-key itellin
    [*DeviceA-radius-radius1] commit
    [~DeviceA-radius-radius1] quit

    # 配置用户所在域。

    [~DeviceA] aaa
    [*DeviceA-aaa] domain domain1
    [*DeviceA-aaa-domain-domain1] l2tp-group lac1
    [*DeviceA-aaa-domain-domain1] radius-server group radius1
    [*DeviceA-aaa-domain-domain1] authentication-scheme default1
    [*DeviceA-aaa-domain-domain1] accounting-scheme default1
    [*DeviceA-aaa-domain-domain1] commit
    [~DeviceA-aaa-domain-domain1] quit
    [~DeviceA-aaa] quit
    说明:

    需要在RADIUS服务器上配置用户名user1@domain1和密码hello。

  3. DeviceB(LTS侧)的配置

    # 创建虚模板接口1并配置相关信息。

    <Device> system-view
    <~Device> sysname DeviceB
    [*DeviceB] interface virtual-template 1
    [*DeviceB-Virtual-Template1] ppp authentication-mode chap
    [*DeviceB-Virtual-Template1] commit
    [~DeviceB-Virtual-Template1] quit

    # 配置环回接口0。

    [~DeviceB] interface loopback 0
    [*DeviceB-LoopBack0] ip address 30.30.30.1 255.255.255.255
    [*DeviceB-LoopBack0] commit
    [~DeviceB-LoopBack0] quit

    # 使能L2TP服务,设置一个L2TP组(用于LNS功能)。

    [~DeviceB] l2tp enable
    [~DeviceB] l2tp-group lns1
    [*DeviceB-l2tp-lns1] tunnel name lns1
    [*DeviceB-l2tp-lns1] allow l2tp virtual-template 1 remote lac1
    [*DeviceB-l2tp-lns1] tunnel authentication
    [*DeviceB-l2tp-lns1] tunnel password simple 1qaz#EDC
    [*DeviceB-l2tp-lns1] commit
    [~DeviceB-l2tp-lns1] quit

    # 创建并配置LNS组group1,绑定隧道源接口和隧道板。

    [~DeviceB] lns-group group1
    [*DeviceB-lns-group-group1] bind slot 1 
    [*DeviceB-lns-group-group1] bind source loopback 0
    [*DeviceB-lns-group-group1] commit
    [~DeviceB-lns-group-group1] quit

    # 设置一个L2TP组(用于LAC功能)。

    [~DeviceB] l2tp-group lac1
    [*DeviceB-l2tp-lac1] tunnel name lac2
    [*DeviceB-l2tp-lac1] start l2tp ip 40.40.40.1
    [*DeviceB-l2tp-lac1] tunnel authentication
    [*DeviceB-l2tp-lac1] tunnel password simple 1qaz#EDC2
    [*DeviceB-l2tp-lac1] commit
    [~DeviceB-l2tp-lac1] quit

    # 配置RADIUS服务器。

    [~DeviceB] radius-server group radius1
    [*DeviceB-radius-radius1] radius-server authentication 20.20.20.1 1812
    [*DeviceB-radius-radius1] radius-server accounting 20.20.20.1 1813
    [*DeviceB-radius-radius1] radius-server shared-key itellin
    [*DeviceB-radius-radius1] commit
    [~DeviceB-radius-radius1] quit

    # 配置用户所在域。

    [~DeviceB] aaa
    [*DeviceB-aaa] domain domain1
    [*DeviceB-aaa-domain-domain1] l2tp-group lac1
    [*DeviceB-aaa-domain-domain1] radius-server group radius1
    [*DeviceB-aaa-domain-domain1] authentication-scheme default1
    [*DeviceB-aaa-domain-domain1] accounting-scheme default1
    [*DeviceB-aaa-domain-domain1] commit
    [~DeviceB-aaa-domain-domain1] quit
    [~DeviceB-aaa] quit

  4. DeviceC(LNS侧)的配置

    # 创建虚模板接口1。

    <Device> system-view
    <~Device> sysname DeviceC
    [*DeviceC] interface virtual-template 1
    [*DeviceC-Virtual-Template1] ppp authentication-mode chap
    [*DeviceC-Virtual-Template1] commit
    [~DeviceC-Virtual-Template1] quit

    # 配置环回接口0。

    [~DeviceC] interface loopback 0
    [*DeviceC-LoopBack0] ip address 40.40.40.1 255.255.255.255
    [*DeviceC-LoopBack0] commit
    [~DeviceC-LoopBack0] quit

    # 使能L2TP服务,并配置L2TP组。

    [~DeviceC] l2tp enable
    [~DeviceC] l2tp-group lns1
    [*DeviceC-l2tp-lns1] tunnel name LNS2
    [*DeviceC-l2tp-lns1] allow l2tp virtual-template 1 remote lac2
    [*DeviceC-l2tp-lns1] tunnel authentication
    [*DeviceC-l2tp-lns1] tunnel password simple 1qaz#EDC2
    [*DeviceC-l2tp-lns1] commit
    [~DeviceC-l2tp-lns1] quit

    # 创建并配置LNS组group1。

    [~DeviceC] lns-group group1
    [*DeviceC-lns-group-group1] bind slot 1 
    [*DeviceC-lns-group-group1] bind source loopback 0
    [*DeviceC-lns-group-group1] commit
    [~DeviceC-lns-group-group1] quit

    # 配置给用户分配的地址池。

    [~DeviceC] ip pool pool1 bas local
    [*DeviceC-ip-pool-pool1] gateway 10.10.0.1 255.255.255.0
    [*DeviceC-ip-pool-pool1] section 0 10.10.0.2 10.10.0.100
    [*DeviceC-ip-pool-pool1] commit
    [~DeviceC-ip-pool-pool1] quit

    # 配置RADIUS服务器。

    [~DeviceC] radius-server group radius1
    [*DeviceC-radius-radius1] radius-server authentication 20.20.20.1 1812
    [*DeviceC-radius-radius1] radius-server accounting 20.20.20.1 1813
    [*DeviceC-radius-radius1] radius-server shared-key itellin
    [*DeviceC-radius-radius1] commit
    [~DeviceC-radius-radius1] quit

    # 配置用户所在域。

    [~DeviceC] aaa
    [*DeviceC-aaa] domain domain1
    [*DeviceC-aaa-domain-domain1] radius-server group radius1
    [*DeviceC-aaa-domain-domain1] authentication-scheme default1
    [*DeviceC-aaa-domain-domain1] accounting-scheme default1
    [*DeviceC-aaa-domain-domain1] ip-pool pool1
    [*DeviceC-aaa-domain-domain1] commit
    [~DeviceC-aaa-domain-domain1] quit
    [~DeviceC-aaa] quit

    # 检查配置结果。

    显示用户上线隧道建立情况。

    <Device> display l2tp tunnel
      ---------------------------------------------------------
      -----------tunnel information in LAC----------------------
     Total 0,0 printed
    
      ---------------------------------------------------------
      -----------tunnel information in LNS----------------------
     The tunnel information of k board 1 
     LocalTID RemoteTID RemoteAddress    Port   Sessions RemoteName
     ------------------------------------------------------------------------------
     39       4         30.30.30.1    1701   1        user1@domain1
     ------------------------------------------------------------------------------
      Total 1, 1 printed from slot 1 
    

配置文件

  • DeviceA的配置文件

    #
     sysname DeviceA
    #
     l2tp enable
    #
    radius-server group radius1
     radius-server authentication 20.20.20.1 1812 
     radius-server accounting 20.20.20.1 1813 
     radius-server shared-key itellin
    #
    interface Virtual-Template1
     ppp authentication-mode chap
    #
    interface GigabitEthernet1/0/0
     undo shutdown
    #
    interface GigabitEthernet1/0/0.1
     pppoe-server bind Virtual-Template 1
     undo shutdown
     user-vlan 1 100
     bas
      access-type layer2-subscriber
    #
    interface GigabitEthernet2/0/0
    undo shutdown
     ip address 100.100.100.1 255.255.255.0
    #
    l2tp-group lac1
     tunnel password simple 1qaz#EDC
     tunnel name lac1
     start l2tp ip 30.30.30.1
    #
    aaa
    domain  domain1
      authentication-scheme   default1
      accounting-scheme   default1
      radius-server group  radius1
      l2tp-group  lac1
    #
     ip route-static 30.30.30.1 255.255.255.255 100.100.100.2
    #
    return
  • DeviceB的配置文件

    #
     sysname DeviceB
    #
    l2tp enable
    #
    radius-server group radius1
     radius-server authentication 20.20.20.1 1812 
     radius-server accounting 20.20.20.1 1813 
     radius-server shared-key itellin
    #
    interface Virtual-Template1
     ppp authentication-mode chap
    #
    interface GigabitEthernet2/0/0
     undo shutdown
     ip address 100.100.100.2 255.255.255.0
    #
    interface GigabitEthernet3/0/0
     undo shutdown
     ip address 200.200.200.1 255.255.255.0
    #
    interface LoopBack0
     ip address 30.30.30.1 255.255.255.255
    #
    l2tp-group lac1
     tunnel password simple  1qaz#EDC2
     tunnel name lac2
     start l2tp ip 40.40.40.1
    #
    l2tp-group lns1
     allow l2tp virtual-template 1 remote LAC1
     tunnel password simple 1qaz#EDC
     tunnel name lns1
    #
    lns-group group1
     bind slot 1 
     bind source LoopBack0
    #
    aaa
    domain  domain1
      radius-server group  radius1
     authentication-scheme   default1
     accounting-scheme   default1
     l2tp-group  lac1
    #
     ip route-static 40.40.40.1 255.255.255.255 200.200.200.2
    #
    return
  • DeviceC的配置文件

    #
     sysname DeviceC
    #
     l2tp enable
    #
    radius-server group radius1
     radius-server authentication 20.20.20.1 1812 
     radius-server accounting 20.20.20.1 1813 
     radius-server shared-key itellin
    #
    interface Virtual-Template1
     ppp authentication-mode chap
    #
    interface GigabitEthernet2/0/0
     undo shutdown
     ip address 200.200.200.2 255.255.255.0
    #
    interface LoopBack0
     ip address 40.40.40.1 255.255.255.255
    #
    l2tp-group lns1
     allow l2tp virtual-template 1 remote lac2
     tunnel password simple 1qaz#EDC2
     tunnel name lns2
    #
    lns-group group1
     bind slot 1 
     bind source LoopBack0
    #
    ip pool pool1 bas local
     gateway 10.10.0.1 255.255.255.0
     section 0 10.10.0.2 10.10.0.100
    #
    aaa
    domain  domain1
      radius-server group  radius1
      authentication-scheme   default1
      accounting-scheme   default1
      ip-pool   pool1
    #
     ip route-static 30.30.30.1 255.255.255.255 200.200.200.1
    #
    return
下载文档
更新时间:2018-07-12

文档编号:EDOC1100028564

浏览量:19508

下载量:225

平均得分:
本文档适用于这些产品
相关文档
相关版本
分享
上一页 下一页