Thanks for you using huawei AR router.
I give you a link for product document.
http://support.huawei.com/ehedex/hdx.do?docid=DOC1000032949&lang=en
and I give you an example for l2tp. and you can obtain other example in product document.
Example for Configuring L2TP to Implement Communication Between the Headquarters and Users in Different Domains of the Branch
Specifications
This example applies to all AR models of V200R002C00 and later versions.
Networking Requirements
As shown in Figure 1, users on enterprise branches LAN1 and LAN2 connect to the LAC using PPPoE and initiate connections with enterprise headquarters LAN3.
Two domains are configured on the LAC: aaa.com and bbb.com. Users in the domain aaa.com are located on the network segment 10.1.1.0/24 and users in the domain bbb.com are located on the network segment 10.2.1.0/24.
There is a reachable route from the LNS to the LAC and a tunnel is set up between the LNS and the LAC. After access users are authenticated, the LNS allocates IP addresses and gateway addresses to the access users.
Figure 1 Networking diagram of multi-domain access
Procedure
-
Configure the LAC.
#
sysname LAC
#
l2tp enable //Enable L2TP.
#
aaa
local-user user1@aaa.com password cipher %@%@/|S75*sxcH2@FQL=wn#2@I`a%@%@
local-user user1@aaa.com service-type ppp
local-user user2@bbb.com password cipher %@%@qh-<X%_2QB+^!UR+UkxUA/6<%@%@
local-user user2@bbb.com service-type ppp //Configure local user names and passwords on the PPPoE server.
#
interface Virtual-Template1 //Create a virtual template interface VT1 and set parameters for the PPPoE server.
ppp authentication-mode pap //Set the authentication mode to PAP.
#
interface GigabitEthernet1/0/0
ip address 202.1.1.2 255.255.255.0
#
interface GigabitEthernet2/0/0
pppoe-server bind Virtual-Template 1 //Enable PPPoE server on the interface, import parameters configured on VT1, and authenticate dialup users.
#
interface GigabitEthernet3/0/0
pppoe-server bind Virtual-Template 1
#
l2tp-group 1 //Create an L2TP group and set parameters for L2TP setup.
tunnel password simple huawei //Enable tunnel authentication, and set the plain password to huawei, which is the same as that on the peer device. tunnel name lac1 //Set the tunnel name to lac1, which is identified by the peer LNS. start l2tp ip 202.1.1.1 domain aaa.com //Initiate L2TP tunnel setup to the peer device. This example assumes that the domain name of access users is aaa.com.
#
l2tp-group 2
tunnel password simple huawei tunnel name lac2 start l2tp ip 202.1.1.1 domain bbb.com #
-
Configure the LNS.
#
sysname LNS
#
l2tp enable
#
ip pool 1 //Create IP address pool 1 from which IP addresses are allocated to access users.
gateway-list 10.1.1.1 //Configure the gateway address.
network 10.1.1.0 mask 255.255.255.0 //Specify the IP address range.
#
ip pool 2
gateway-list 10.2.1.1
network 10.2.1.0 mask 255.255.255.0
#
aaa
local-user user1@aaa.com password cipher %@%@/|S75*sxcH2@FQL=wn#2@I`a%@%@
local-user user1@aaa.com service-type ppp
local-user user2@bbb.com password cipher %@%@qh-<X%_2QB+^!UR+UkxUA/6<%@%@
local-user user2@bbb.com service-type ppp
#
interface Virtual-Template1
ppp authentication-mode pap
remote address pool 1 //Import the IP address pool. The PPPoE server then allocates IP addresses from the IP address pool to the authenticated users.
ip address 10.1.1.1 255.255.255.0 //Configure the gateway address for the address pool.
#
interface Virtual-Template2
ppp authentication-mode pap
remote address pool 2
ip address 10.2.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
ip address 202.1.1.1 255.255.255.0
#
interface GigabitEthernet2/0/0
ip address 10.3.1.1 255.255.255.0
#
l2tp-group 1 allow l2tp virtual-template 1 remote lac1 //Specify the name of the remote end of the tunnel and the virtual template used by the remote end.
tunnel password simple huawei
tunnel name lns
#
l2tp-group 2 allow l2tp virtual-template 2 remote lac2 tunnel password simple huawei
tunnel name lns
#
-
Verify the configuration.
Run the display l2tp session command on the LNS. You can see that two sessions are set up.
PC1 and PC2 can ping PC3 successfully.
Configuration Notes
-
An L2TP group is created for each domain and different L2TP groups have different tunnel names.
-
An L2TP group uses tunnel authentication by default and passwords at both ends of the tunnel must be the same.