3com 3031 Instruccion De Instalación
888
C
HAPTER
63: C
ONFIGURATION
OF
L2TP
The
l2tp match-order
command only configures search order between called
number and domain name. In real search, it is certain to search according to full
username first, and then according to the order configured in this command.
username first, and then according to the order configured in this command.
By default, search according to called number before according to domain name.
Setting user name,
password and User
Authentication
On configuring AAA authentication on LAC side, it needs to configure local
username and password on LAC side, if local authentication mode is adopted.
username and password on LAC side, if local authentication mode is adopted.
LAC performs user authentication by examining whether remote dial-up username
and password correspond to local registered username and password, to check
whether users are legal VPN users. Request for creating tunnel connection can
only be sent after passing authentication. Otherwise, the user will be diverted to
other kinds of services.
and password correspond to local registered username and password, to check
whether users are legal VPN users. Request for creating tunnel connection can
only be sent after passing authentication. Otherwise, the user will be diverted to
other kinds of services.
Concerning user authentication on LAC side, username is VPN user full name; and
password is VPN user registered password.
password is VPN user registered password.
These configurations are compulsory on LAC side.
Perform the following configuration in system view.
Perform the following configuration in interface view.
The configured local authentication interface must be the interface of access user.
By default, local username and password are not configured on LAC side.
By default, local username and password are not configured on LAC side.
Forcing to disconnect
Tunnel
Tunnel clearing process occurs when there is no user, or there is failure in network
or the administrator disconnect the tunnel on his own initiative. Either LAC side or
LNS side can send request for clearing tunnel initiatively. The side receiving clearing
request must send acknowledgement (ACK) information, and wait for a certain
period of time before clearing tunnel, so as to ensure resent clearing request from
the peer end can be correctly received in case that ACK information is lost. After
disconnecting tunnel compulsorily, tunnel can be recreated when new users dial
up.
or the administrator disconnect the tunnel on his own initiative. Either LAC side or
LNS side can send request for clearing tunnel initiatively. The side receiving clearing
request must send acknowledgement (ACK) information, and wait for a certain
period of time before clearing tunnel, so as to ensure resent clearing request from
the peer end can be correctly received in case that ACK information is lost. After
disconnecting tunnel compulsorily, tunnel can be recreated when new users dial
up.
These configurations are optional on LAC side.
Table 951 Setting user name, password and authentication mode
Operation
Command
Set user name and password.
local-user username password { simple |
cipher } password
Cancel the set user name and
password.
password.
undo local-user username
Enable AAA
aaa enable
Configure authentication
method list of PPP user
method list of PPP user
aaa authentication-scheme ppp { default |
list-name } local
Table 952 Configuring/removing user authentication types
Operation
Command
Configure user authentication
ppp authentication-mode { chap | pap } [
callin ] [ scheme
{
default | list-name
}
]
Remove user authentication
undo ppp authentication-mode