Huawei L2TP Configuration
1. PC-LAC-LNS
The PC accesses the LAC through the PSTN, and then the LAC initiates L2TP setup with the LNS.
[Router LAC]
Sysname LAC
#
L2tp enable / Enable l2tp/.
The separator of l2tp domain suffix-separator @ /domain is @/.
L2tp match-order domain-dnis
#
Dialer-rule 1 ip permit
#
Domain huawei.com / Create huawei.com domain /
The scheme none / authentication mode is as follows: No authentication is required. The LNS authenticates the user. If authentication is required, the local account needs to be configured.
Domain system
#
Enable the dialup function on the interface Analogmodem1/0 /AM interface.
Async mode protocol
Link-protocol ppp
Dialer enable-circular
Dialer-group 1
Dialer circular-group 0
#
Interface Dialer0
Link-protocol ppp
Ppp authentication-mode pap domain huawei.com /PPP The authentication domain is huawei.com/.
Ip address 1.1.1.1 255.255.255.0
Dialer enable-circular
Dialer-group 1
#
Interface Ethernet0/0
Ip address 202.101.100.2 255.255.255.252
#
L2tp-group 1
The tunnel password simple quidway /tunnel authentication password is quidway/.
Tunnel name lac-end
The start l2tp ip 202.101.100.1 domain huawei.com / initiates a request for establishing a tunnel based on the domain name of the user.
#
User-interface tty 17
Authentication-mode scheme
Modem/ is enabled on the modem both /AM interface.
Return
[Router LNS]
#
Sysname LNS
#
L2tp enable / Enable l2tp/.
The separator of l2tp domain suffix-separator @ /domain is @/.
L2tp match-order domain
#
Domain huawei.com / Create huawei.com domain /
Address allocated by the ip pool 1 192.168.0.2 192.168.0.20 / to the dial-up user /
Domain system
#
Local-user usera / Creating a Local Account for Authenticating a User /
Password simple usera
Service-type ppp
#
Interface Virtual-Template0
Ppp authentication-mode pap domain huawei.com /PPP The authentication domain is huawei.com/.
Ip address 192.168.0.1 255.255.255.0
Remote address pool 1 / Specify the address allocated by the ip pool 1 to the user. /
#
Interface Ethernet2/0
Ip address 202.101.100.1 255.255.255.252
#
L2tp-group 1
Mandatory-lcp /LCP Renegotiation /
The allow l2tp virtual-template 0 remote lac-end / accepts the L2TP request from the lac-end and binds the request to the VT0/.
The tunnel password simple quidway /tunnel authentication password is quidway/.
Tunnel name lns-end
#
[Note]
1) and lac can be routers or dial-up access servers.
2). The user enters the account and password usera@huawei.com/usera on the dial-up network.
The 2 PC uses L2TP as the lac to connect to the lns router.
#
Sysname LNS
#
L2tp enable / Enable l2tp/.
#
Domain system
Address allocated by the ip pool 1 192.168.0.2 192.168.0.100 / to the dial-up user /
#
Local-user usera / Create a local account for authenticating the user.
Password simple usera
Service-type ppp
#
Interface Virtual-Template0
Ppp authentication-mode pap /PPP The authentication mode is PAP, and the system default domain is used.
Ip address 192.168.0.1 255.255.255.0
Remote address pool 1 / Specify the IP address assigned by the ip pool 1 to the user. /
#
Interface Ethernet2/0
Ip address 202.101.100.1 255.255.255.252
#
L2tp-group 1
Mandatory-lcp /LCP Renegotiation /
The allow l2tp virtual-template 0 / receives L2TP requests from any LAC and binds them to the VT0/.
Undo tunnel authentication / Tunnel authentication is not performed.
#
Ip route-static 0.0.0.0 0.0.0.0 202.101.100.2 preference 60
Return