LNS Configuration
1611
Note that:
■
With the L2TP multi-instance function enabled, a router can serve as LNS for
multiple enterprises. The implementation of L2TP multi-instance enriches VPN
network applications, especially in MPLS-VPN. In practice, private routes of
enterprises need the support of VPN instances. For VPN instance configuration,
refer to
“MPLS Basics Configuration” on page 1311
. In L2TP multi-instance
applications, VPN instances must be configured on the LNS.
■
The
start l2tp
and
allow l2tp
commands are mutually exclusive.
■
An L2TP group is intended to represent a group of parameters and is
corresponding to one or one group of VPN users. This not only allows for
flexible L2TP configuration on routers, but also facilitates one-to-one and
one-to-many networking applications between LAC and LNS. An L2TP group
has only local significance. However, you need to ensure that the relevant
settings of the corresponding L2TP groups on the LAC and LNS match
respectively. For example, the local tunnel name configured on the LAC must
match the remote tunnel name configured on the LNS.
■
You can specify whether tunnel authentication must be performed before a
tunnel is set up. Either of the LAC and the LNS can initiate a tunnel
authentication request. Whenever tunnel authentication is enabled on one
side, a tunnel can be set up successfully only if tunnel authentication is enabled
on the other side and the two sides are configured with the same password
that is not null. You are recommended to enable tunnel authentication for
tunnel security. You can change the password for tunnel authentication, but
your change takes effect for only tunnels established later.
■
To check the connectivity of a tunnel, the LAC and the LNS regularly send Hello
packets to each other. Upon receipt of a Hello packet, the LAC or LNS returns a
response packet. When the LAC or LNS fails to receive a Hello response packet
from the peer in a specified period of time, it retransmits the Hello packet. If it
receives no response packet from the peer after retransmitting the Hello packet
for three times, it considers that the L2TP tunnel is down and tries to
re-establish a tunnel with the peer.
■
If neither LCP re-negotiation nor mandatory CHAP authentication is
configured, an LNS performs proxy authentication of users. In this case, the
LAC sends to the LNS all authentication information from users as well as the
authentication mode configured on the LAC itself, and the LNS, by default,
accepts the authentication results from the LAC.
■
A tunnel will be disconnected when there is no more user online, a network
failure occurs, or a network administrator wants to tear it down. Either of the
LAC and the LNS can initiate a tunnel disconnection request. Once a tunnel is
disconnected, the control connection and all the sessions within the tunnel will
be removed. When a user dials in, a new tunnel will be established.
Configuring Mandatory
CHAP Authentication
An LNS may be configured to authenticate a user that has passed authentication
on the LAC. In this case, the user is authenticated twice, once on the LAC and
Return to user view
quit
-
Disconnect the specified tunnel
by force
reset l2tp tunnel
{
remote-name
|
tunnel-id
}
Optional
To do...
Use the command...
Remarks
Summary of Contents for MSR 50 Series
Page 152: ...152 CHAPTER 5 ATM CONFIGURATION...
Page 210: ...210 CHAPTER 6 DCC CONFIGURATION...
Page 234: ...234 CHAPTER 7 DLSW CONFIGURATION...
Page 344: ...344 CHAPTER 14 X 25 AND LAPB CONFIGURATION...
Page 350: ...350 CHAPTER 15 LINK AGGREGATION OVERVIEW...
Page 358: ...358 CHAPTER 17 MODEM CONFIGURATION...
Page 486: ...486 CHAPTER 23 MSTP CONFIGURATION...
Page 506: ...506 CHAPTER 25 VOICE VLAN CONFIGURATION...
Page 510: ...510 CHAPTER 26 PORT ISOLATION CONFIGURATION...
Page 524: ...524 CHAPTER 27 DYNAMIC ROUTE BACKUP CONFIGURATION...
Page 538: ...538 CHAPTER 28 LOGICAL INTERFACE CONFIGURATION...
Page 548: ...548 CHAPTER 29 CPOS INTERFACE CONFIGURATION...
Page 572: ...572 CHAPTER 32 DHCP OVERVIEW...
Page 604: ...604 CHAPTER 36 DHCP SNOOPING CONFIGURATION...
Page 608: ...608 CHAPTER 37 BOOTP CLIENT CONFIGURATION...
Page 646: ...646 CHAPTER 42 IP UNICAST POLICY ROUTING CONFIGURATION...
Page 650: ...650 CHAPTER 43 UDP HELPER CONFIGURATION...
Page 738: ...738 CHAPTER 50 IPV6 UNICAST POLICY ROUTING CONFIGURATION...
Page 770: ...770 CHAPTER 51 TERMINAL ACCESS CONFIGURATION...
Page 798: ...798 CHAPTER 52 FEP INSTALLATION AND CONFIGURATION...
Page 808: ...808 CHAPTER 53 TERMINAL ACCESS TROUBLESHOOTING...
Page 814: ...814 CHAPTER 54 TERMINAL ACCESS FAQ...
Page 824: ...824 CHAPTER 55 IP ROUTING OVERVIEW...
Page 876: ...876 CHAPTER 56 BGP CONFIGURATION...
Page 916: ...916 CHAPTER 57 IS IS CONFIGURATION...
Page 970: ...970 CHAPTER 58 OSPF CONFIGURATION...
Page 1006: ...1006 CHAPTER 60 ROUTING POLICY CONFIGURATION...
Page 1013: ...Configuration Example 1013 3 1 ms 1 ms 1 ms 1 1 2 2 Trace complete...
Page 1014: ...1014 CHAPTER 61 STATIC ROUTING CONFIGURATION...
Page 1048: ...1048 CHAPTER 63 IPV6 IS IS CONFIGURATION...
Page 1068: ...1068 CHAPTER 64 IPV6 OSPFV3 CONFIGURATION...
Page 1080: ...1080 CHAPTER 65 IPV6 RIPNG CONFIGURATION...
Page 1114: ...1114 CHAPTER 68 MULTICAST ROUTING AND FORWARDING CONFIGURATION...
Page 1160: ...1160 CHAPTER 70 MSDP CONFIGURATION...
Page 1234: ...1234 CHAPTER 73 MLD CONFIGURATION...
Page 1278: ...1278 CHAPTER 74 IPV6 PIM CONFIGURATION...
Page 1310: ...1310 CHAPTER 75 MULTICAST VPN CONFIGURATION...
Page 1344: ...1344 CHAPTER 76 MPLS BASICS CONFIGURATION...
Page 1458: ...1458 CHAPTER 78 MPLS L2VPN CONFIGURATION...
Page 1556: ...1556 CHAPTER 79 MPLS L3VPN CONFIGURATION...
Page 1588: ...1588 CHAPTER 80 DVPN CONFIGURATION...
Page 1648: ...1648 CHAPTER 85 QOS POLICY CONFIGURATION...
Page 1696: ...1696 CHAPTER 89 MPLS QOS CONFIGURATION...
Page 1708: ...1708 CHAPTER 90 DAR CONFIGURATION...
Page 1728: ...1728 CHAPTER 91 FRAME RELAY QOS CONFIGURATION...
Page 1750: ...1750 CHAPTER 92 802 1X CONFIGURATION...
Page 1788: ...1788 CHAPTER 93 AAA RADIUS HWTACACS CONFIGURATION...
Page 1810: ...1810 CHAPTER 95 MAC AUTHENTICATION CONFIGURATION...
Page 1850: ...1850 CHAPTER 97 PKI CONFIGURATION...
Page 1872: ...1872 CHAPTER 98 PORTAL CONFIGURATION...
Page 1970: ...1970 CHAPTER 106 BACKUP CENTER CONFIGURATION...
Page 2048: ...2048 CHAPTER 110 NETSTREAM CONFIGURATION...
Page 2084: ...2084 CHAPTER 112 RMON CONFIGURATION...
Page 2094: ...2094 CHAPTER 113 SNMP CONFIGURATION...
Page 2114: ...2114 CHAPTER 115 FTP CONFIGURATION...
Page 2124: ...2124 CHAPTER 117 SYSTEM MAINTAINING AND DEBUGGING...
Page 2154: ...2154 CHAPTER 119 INFORMATION CENTER CONFIGURATION...
Page 2170: ...2170 CHAPTER 121 MAC ADDRESS TABLE MANAGEMENT CONFIGURATION...
Page 2186: ...2186 CHAPTER 123 POE CONFIGURATION...
Page 2198: ...2198 CHAPTER 125 ACFP CONFIGURATION...
Page 2206: ...2206 CHAPTER 126 ACSEI CONFIGURATION...
Page 2216: ...2216 CHAPTER 127 TRACK CONFIGURATION...
Page 2232: ...2232 CHAPTER 128 IPX CONFIGURATION...
Page 2242: ...2242 CHAPTER 129 VOICE OVERVIEW...
Page 2244: ...2244 CHAPTER 130 VOIP OVERVIEW...
Page 2288: ...2288 CHAPTER 132 VOICE ENTITY CONFIGURATION...
Page 2342: ...2342 CHAPTER 134 E1 AND T1 CONFIGURATION...
Page 2354: ...2354 CHAPTER 135 FAX OVER IP CONFIGURATION...
Page 2366: ...2366 CHAPTER 136 H 323 CONFIGURATION...
Page 2384: ...2384 CHAPTER 137 SIP OVERVIEW...