Got it

Configuring L2TP Between Headquarters and Users in Different Domains of Branch

1540 0 0 0 0

Specifications

This example applies to all AR models of V200R002C00 and later versions.

Networking Requirements

As shown in Figure 1-1, users on enterprise branches LAN1 and LAN2 connect to the LAC using PPPoE and initiate connections with enterprise headquarters LAN3.

Two domains are configured on the LAC: aaa.com and bbb.com. Users in the domain aaa.com are located on the network segment 10.1.1.0/24 and users in the domain bbb.com are located on the network segment 10.2.1.0/24.

There is a reachable route from the LNS to the LAC and a tunnel is set up between the LNS and the LAC. After access users are authenticated, the LNS allocates IP addresses and gateway addresses to the access users.

Figure 1-1 Networking diagram of multi-domain access

20170504145553078001.png

 

Procedure

                      Step 1    Configure the LAC.

#
 sysname LAC
#
 l2tp enable  //Enable L2TP.
#
aaa
 authentication-scheme lmt
 domain aaa.com
  authentication-scheme lmt
 domain bbb.com
  authentication-scheme lmt 
 local-user user1@aaa.com password cipher %@%@/|S75*sxcH2@FQL=wn#2@I`a%@%@
 local-user user1@aaa.com service-type ppp
 local-user user1@aaa.com privilege level 0
 local-user user2@bbb.com password cipher %@%@qh-<X%_2QB+^!UR+UkxUA/6<%@%@
 local-user user2@bbb.com privilege level 0
 local-user user2@bbb.com service-type ppp  //Configure local user names and passwords on the PPPoE server.
#
interface Virtual-Template1  //Create a virtual template interface VT1 and set parameters for the PPPoE server.
 ppp authentication-mode chap  //Set the authentication mode to CHAP.
#
interface GigabitEthernet1/0/0
 ip address 202.1.1.2 255.255.255.0
#
interface GigabitEthernet2/0/0
 pppoe-server bind Virtual-Template 1  //Enable PPPoE server on the interface, import parameters configured on VT1, and authenticate dialup users.
#
interface GigabitEthernet3/0/0
 pppoe-server bind Virtual-Template 1
#
l2tp-group 1  //Create an  L2TP group and set parameters for L2TP setup.
 tunnel password cipher %@%@/-#)Lg[S4F:#2~ZNvqa$]\DL%@%@  //Enable tunnel authentication, and set the cipher password to huawei, which is the same as that on the peer device.
 tunnel name lac1  //Set the tunnel name to lac1, which is identified by the peer LNS.
 start l2tp ip 202.1.1.1 domain aaa.com  //Initiate L2TP tunnel setup to the peer device. This example assumes that the domain name of access users is aaa.com.
#
l2tp-group 2
 tunnel password cipher %@%@EB~j7Je>;@>uNr''D=J<]\WL%@%@
 tunnel name lac2
 start l2tp ip 202.1.1.1 domain bbb.com
#                                        

                      Step 2    Configure the LNS.

#
 sysname LNS
#
 l2tp enable
#
ip pool 1  //Create IP address pool 1 from which IP addresses are allocated to access users.
 gateway-list 10.1.1.1  //Configure the gateway address.
 network 10.1.1.0 mask 255.255.255.0  //Specify the IP address range.
#
ip pool 2
 gateway-list 10.2.1.1
 network 10.2.1.0 mask 255.255.255.0
#
aaa
 local-user user1@aaa.com password cipher %@%@/|S75*sxcH2@FQL=wn#2@I`a%@%@
 local-user user1@aaa.com privilege level 0
 local-user user1@aaa.com service-type ppp
 local-user user2@bbb.com password cipher %@%@qh-<X%_2QB+^!UR+UkxUA/6<%@%@
 local-user user2@bbb.com privilege level 0
 local-user user2@bbb.com service-type ppp
#
interface Virtual-Template1
 ppp authentication-mode chap
 remote address pool 1  //Import the IP address pool. The PPPoE server then allocates IP addresses from the IP address pool to the authenticated users.
 ip address 10.1.1.1 255.255.255.0  //Configure the gateway address for the address pool.
#
interface Virtual-Template2
 ppp authentication-mode chap
 remote address pool 2
 ip address 10.2.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
 ip address 202.1.1.1 255.255.255.0
#
interface GigabitEthernet2/0/0
 ip address 10.3.1.1 255.255.255.0
#
l2tp-group 1
 allow l2tp virtual-template 1 remote lac1  //Specify the name of the remote end of the tunnel and the virtual template used by the remote end.
 
 tunnel password cipher %@%@eS*)0t-0D!,~pa;IPll=3liC%@%@
 tunnel name lns
#
l2tp-group 2
 allow l2tp virtual-template 2 remote lac2
 tunnel password cipher %@%@Cyor,=OAk#tWwA;%2\!W3lwj%@%@
 tunnel name lns
#

                      Step 3    Verify the configuration.

# Run the display l2tp session command on the LNS. You can see that two sessions are set up.

# PC1 and PC2 can ping PC3 successfully.

----End

Configuration Notes

l   An L2TP group is created for each domain and different L2TP groups have different tunnel names.

l   An L2TP group uses tunnel authentication by default and passwords at both ends of the tunnel must be the same.

 

 

  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.