Specifications
This example applies to all AR models of V200R002C00 and later versions.
Networking Requirements
As shown in Figure 1-1a, an enterprise has some branches located in other cities, and branches use the Ethernet network.
Users in a branch need to establish virtual private dial-up network (VPDN) connections with the headquarters. Layer 2 Tunneling Protocol (L2TP) is deployed between the branch and the headquarters. The branch has no dial-up network, and its gateway functions as a Point-to-Point Protocol over Ethernet (PPPoE) server to allow Point-to-Point Protocol (PPP) dial-up data to be transmitted over the Ethernet. The branch gateway also functions as an L2TP access concentrator (LAC) to establish L2TP tunnels with the headquarters.
The gateway at the enterprise headquarters is configured as the L2TP network server (LNS) to establish L2TP connections between the branch and headquarters.
Figure 1-1 Configuring PPPoE users connected to the LAC to establish an L2TP tunnel to communicate with the headquarters
Procedure
Step 1 Configure the LAC.
#
sysname LAC
#
l2tp enable //Enable L2TP.
#
aaa //Configure an L2TP user name and password.
local-user huawei password cipher %^%#_<`.CO&(:LeS/$#F\H0Qv8B]KAZja3}3q'RNx;VI%^%#
local-user huawei privilege level 0
local-user huawei service-type ppp
#
interface Virtual-Template1
ppp authentication-mode chap
#
interface GigabitEthernet1/0/0
ip address 1.1.2.1 255.255.255.0
#
interface GigabitEthernet2/0/0
pppoe-server bind Virtual-Template 1
#
l2tp-group 1 //Create an L2TP group and set L2TP connection parameters.
tunnel password cipher %@%@/-#)Lg[S4F:#2~ZNvqa$]\DL%@%@
tunnel name lac
start l2tp ip 1.1.1.1 fullusername huawei
#
ip route-static 1.1.1.1 255.255.255.255 1.1.2.2
#
return
Step 2 Configure the LNS.
#
sysname LNS
#
l2tp enable //Enable L2TP.
#
ip pool 1 //Create an IP address pool to allocate IP addresses to users.
gateway-list 10.1.1.1
network 10.1.1.0 mask 255.255.255.0
#
aaa //Configure an L2TP user name and password.
local-user huawei password cipher %^%#_<`.CO&(:LeS/$#F\H0Qv8B]KAZja3}3q'RNx;VI%^%#
local-user huawei privilege level 0
local-user huawei service-type ppp
#
interface Virtual-Template1 //Create a virtual tunnel template and set dialup parameters.
ppp authentication-mode chap
remote address pool 1
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
ip address 1.1.1.1 255.255.255.0
#
interface GigabitEthernet2/0/0
ip address 10.1.2.1 255.255.255.0
#
l2tp-group 1 //Create an L2TP group and set L2TP connection parameters.
allow l2tp virtual-template 1 remote lac
tunnel password cipher %@%@EB~j7Je>;@>uNr''D=J<]\WL%@%@
tunnel name lns
#
ip route-static 1.1.2.1 255.255.255.255 1.1.1.2
#
return
Step 3 Verify the configuration.
# Run the display l2tp tunnel command on the LAC or LNS. You can find that an L2TP tunnel and a session numbered 1 have been established.
# Users in the enterprise headquarters and branch can ping each other.
----End
Configuration Notes
l The LAC and LNS must use the same user name and password.
l When you configure static routes on the LAC, the outbound interface in the route destined for the headquarters network segment must be the VT1 interface.
