Method used to configure L2TP users logout on the AR

12

The methods of enabling the L2TP users to logout are as follows: when all users of L2TP tunnel go offline, 1. Run the display l2tp tunnel [ tunnel-item | tunnel-name ] command in any view to check tunnel ID that needs to be disconnected or the remote tunnel name.2. Run the reset l2tp tunnel { peer-name | } command in the user view to disconnect the tunnel forcibly according to local tunnel ID or remote tunnel name. As a result, all users on the tunnel go offline.When a L2TP user goes offline, 1. Run the display l2tp session [ destination-ip | session-item | source-ip ] command in any view to check the local session ID that needs to be disconnected according to remote IP address. 2. Run the reset l2tp session session-id

Other related questions:
Method used to configure the timeout interval of L2TP users on the AR
The timeout interval of L2TP users can be configured using the local-user <user-name> idle-timeout <minutes> [ seconds ] command. For example, the timeout interval of user1 is 30 minutes.
[Huawei] aaa
[Huawei-aaa] local-user user1 idle-timeout 30

Method used to configure L2TP over IPSec on the AR
L2TP over IPSec can be used to ensure secure communication between the branch and headquarters. This function is applicable to all versions and models of AR series routers. L2TP over IPSec can be used to ensure secure communication between the LAC and LNS. For details, see Configuration Guide-VPN.

Method used to configure the L2TP user name and password on the USG6000
The L2TP user name and password can be configured as follows: Configure the L2TP user name and password using the CLI: 1. Set the user name and password (consistent with those set on the LAC), and bind the user with the authentication domain. a. Configure the authentication domain for the L2TP user. [LNS] aaa [LNS-aaa] domain domain1.com [LNS-aaa-domain-domain1.com] quit [LNS-aaa] quit b. Configure the L2TP user. [LNS] user-manage user vpdnuser domain domain1.com [LNS-localuser-vpdnuser@domain1.com] password Password1 [LNS-localuser-vpdnuser@domain1.com] quit 2. Enable the L2TP. [LNS] l2tp enable 3. Create and configure the L2TP group. [LNS] l2tp-group 1 [LNS-l2tp1] tunnel name LNS [LNS-l2tp1] allow l2tp virtual-template 1 remote LAC [LNS-l2tp1] tunnel authentication [LNS-l2tp1] tunnel password cipher Password1 [LNS-l2tp1] quit 4. Configure the address pool allocated to the user. [LNS] aaa [LNS-aaa] domain domain1.com [LNS-aaa-domain-domain1.com] ip pool 1 192.168.0.2 192.168.0.100 [LNS-aaa-domain-domain1.com] quit [LNS-aaa] quit Configure the L2TP user name and password using the web UI: 1. Configure the L2TP user. a. Choose Object > User > User/Group. b. Select the default authentication domain. c. In Member Management, click New and select New User. Configure parameters as follows: User name: pc1 Password: Password1 Confirm password: Password1 d. Click OK. 2. Configure the L2TP parameters. a. Choose Network > L2TP > L2TP. b. In Configure L2TP, select Enable and click Apply. c. In L2TP Group List, click New. d. Set Group Type to LNS. e. Configure the L2TP parameters. The server address shall be in the same network segment as the address in the address pool. In this way, you do not need to configure a route. Peer Tunnel Name must be consistent with Local Tunnel Name configured on the LAC. Group Type: LNS Peer Tunnel Name: LAC Tunnel Password Authentication: Enable Password Type: Ciphertext Tunnel password: Hello123 Confirm Tunnel password: Hello123 User Group: default Set the user address allocation parameters as follows: Server Address/Subnet Mask: 10.2.1.1/255.255.255.0 User Address Pool: 10.2.1.2-10.2.1.100 f. Click OK.

How is an AAA local user configured on an AR
When local authentication and authorization are configured, configure authentication and authorization information on the AR, including the user name, password, and priority. The configuration is as follows: 1. Run the aaa command to enter the AAA view. 2. Run the local-user user-name password { cipher | irreversible-cipher } password command create a local account and configure the login password. 3. Run the local-user user-name service-type command to configure the access type for local users. Run the local-user user-name privilege level level command to set the local user level.

Method used to configure the L2TP VPN on the USG6300
The L2TP is configured on the LAC side and the LNS side. The L2TP configuration on the LAC side is as follows: 1. Enable the L2TP. 2. Create the VT interface and access the VT interface view. interface virtual-template virtual-template-number 3. Configure the PPP authentication mode. ppp authentication-mode chap [ pap ] [ eap ], ppp authentication-mode pap [ eap ] or ppp authentication-mode eap 3. Bind the interface with the VT interface. interface interface-type interface-number pppoe-server bind virtual-template virtual-template-number 4. Add the VT interface to the security zone. The VT interface can be added to any security zone. When configuring the inter-zone relationship, to ensure that dial-up users can access the network normally, configure the packet filter for the security zone where the physical interface of the NGFW that receives and sends L2TP tunnel packets resides and the Local security zone. 5. Create the L2TP group, and access the L2TP group view. l2tp-group group-name 6. Specify the trigger conditions for originating calls when the local end serves as the L2TP LAC. Access based on domain names: start l2tp { lns-domain domain-name | ip ip-address &<1-5> } domain domain-name [ vpn-instance vpn-instance-name ]. Set the trigger condition to domain names. Access based on full names: start l2tp { lns-domain domain-name | ip ip-address &<1-5> } fullusername user-name [ vpn-instance vpn-instance-name ] The L2TP configuration on the LNS side is as follows: 1. Enable the L2TP. l2tp enable 2. Create the VT interface and access the VT interface view. interface virtual-template virtual-template-number 3. Configure the local IP address. ip address ip-address { mask | mask-length } [ sub ] 4. Configure the PPP authentication mode. ppp authentication-mode { chap | eap | pap } * 5. Configure the address allocated to the peer end or a service plan for allocating an address for the peer end. remote { address ip-address | service-scheme service-scheme } 6. Create the L2TP group, and access the L2TP group view. l2tp-group group-name 7. Configure the name for the peer end and the used virtual interface template. allow l2tp virtual-template virtual-template-number [ remote remote-name ] [ domain domain-name ] [ vpn-instance vpn-instance-name ] 8. Configure the name of the local end of the tunnel. tunnel name tunnel-name

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top