Home > 3Com > Router > 3Com Router User Manual

3Com Router User Manual

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual 3Com Router User Manual. The 3Com manuals for Router are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 611

    Page 611 Basic Configuration at LAC607 Ta b l e 666 Create/Delete a L2TP Group Originate L2TP Connection Request and Configure LNS AddressAfter a dial-up user passes VPN authentication successfully, LAC conveys the request of creating tunnel to a designated LNS. Besides the IP address of the LNS, LAC can fulfill authentication for 3 types (namely, 3 triggering conditions) of dial-up users based on this configuration: full user name (fullusername), user with a particular domain (domain) and called number... 
    Basic Configuration at LAC607
Ta b l e 666   Create/Delete a L2TP Group
Originate L2TP 
Connection Request and 
Configure LNS AddressAfter a dial-up user passes VPN authentication successfully, LAC conveys the 
request of creating tunnel to a designated LNS. Besides the IP address of the LNS, 
LAC can fulfill authentication for 3 types (namely, 3 triggering conditions) of 
dial-up users based on this configuration: full user name (fullusername), user 
with a particular domain (domain) and called number...

    Page 612

    Page 612 608CHAPTER 43: CONFIGURING L2TP Ta b l e 668 Configure AAA and Local Users By default, the local user name and password are not configured. As the AAA attributes of L2TP are not standard attributes of RADIUS protocol, it is necessary to add the definition of L2TP attributes to the attribute set of RADIUS server. Ta b l e 669 L2TP Attribute Table Basic Configuration at LNSBasic configuration at LNS side includes: ■Enable L2TP ■Create a L2TP group ■Create a virtual template ■Configure the name of... 
    608CHAPTER 43: CONFIGURING L2TP 
Ta b l e 668   Configure AAA and Local Users
By default, the local user name and password are not configured.
As the AAA attributes of L2TP are not standard attributes of RADIUS protocol, it is 
necessary to add the definition of L2TP attributes to the attribute set of RADIUS 
server.
Ta b l e 669   L2TP Attribute Table
Basic Configuration at 
LNSBasic configuration at LNS side includes:
■Enable L2TP
■Create a L2TP group
■Create a virtual template
■Configure the name of...

    Page 613

    Page 613 Basic Configuration at LNS609 Create an L2TP GroupTo configure related parameters of L2TP, L2TP group should be added. The L2TP group is used to configure the L2TP functions on the router and facilitate the networking applications of one-to-one, one-to-multiple, multiple-to-one and multiple-to-multiple connections between the LAC and LNS. L2TP group is numbered separately on the LAC and the LNS. Hence, it is only necessary to keep the corresponding relations between the related configurations of... 
    Basic Configuration at LNS609
Create an L2TP GroupTo configure related parameters of L2TP, L2TP group should be added. The L2TP 
group is used to configure the L2TP functions on the router and facilitate the 
networking applications of one-to-one, one-to-multiple, multiple-to-one and 
multiple-to-multiple connections between the LAC and LNS. L2TP group is 
numbered separately on the LAC and the LNS. Hence, it is only necessary to keep 
the corresponding relations between the related configurations of...

    Page 614

    Page 614 610CHAPTER 43: CONFIGURING L2TP Ta b l e 673 Configure the Name of the Receiving End of the Tunnel When the group number of L2TP is 1 (the default L2TP group number), it is unnecessary to specify the remote-name. If the name of remote end is still specified in the view of L2TP group 1, L2TP group 1 will not work as the default L2TP group. Only L2TP group 1 can be set as the default group. The start l2tp command and the allow l2tp command are mutually exclusive. That means after one is configured,... 
    610CHAPTER 43: CONFIGURING L2TP 
Ta b l e 673   Configure the Name of the Receiving End of the Tunnel
When the group number of L2TP is 1 (the default L2TP group number), it is 
unnecessary to specify the remote-name. If the name of remote end is still 
specified in the view of L2TP group 1, L2TP group 1 will not work as the default 
L2TP group.
Only L2TP group 1 can be set as the default group.
The start l2tp command and the allow l2tp command are mutually exclusive. 
That means after one is configured,...

    Page 615

    Page 615 Advanced Configuration at LAC or LNS611 ■Configure to disconnect tunnel by force ■Configure the receiving window size for controlling flow over tunnel ■Enable/Disable hiding AV pairs ■Configure the maximum number of L2TP sessions ■Configure domain delimiter and searching order Advanced configurations at LNS side includes: ■Configure the local name ■Enable tunnel authentication and set password ■Configure the interval for sending Hello messages ■Configure to disconnect tunnel by force ■Configure the... 
    Advanced Configuration at LAC or LNS611
■Configure to disconnect tunnel by force
■Configure the receiving window size for controlling flow over tunnel
■Enable/Disable hiding AV pairs
■Configure the maximum number of L2TP sessions
■Configure domain delimiter and searching order
Advanced configurations at LNS side includes:
■Configure the local name
■Enable tunnel authentication and set password
■Configure the interval for sending Hello messages
■Configure to disconnect tunnel by force
■Configure the...

    Page 616

    Page 616 612CHAPTER 43: CONFIGURING L2TP ■LAC and LNS authenticate each other. It can be found that either LAC or LNS can originate tunnel authentication request. However, if one side enables the tunnel authentication, the tunnel can be established only when the passwords on both ends of the tunnel are exactly the same. If tunnel authentication is disabled on both ends, whether or not the tunnel authentication passwords are the same will make no sense. Perform the following configurations in L2TP group... 
    612CHAPTER 43: CONFIGURING L2TP 
■LAC and LNS authenticate each other.
It can be found that either LAC or LNS can originate tunnel authentication 
request. However, if one side enables the tunnel authentication, the tunnel can be 
established only when the passwords on both ends of the tunnel are exactly the 
same. If tunnel authentication is disabled on both ends, whether or not the tunnel 
authentication passwords are the same will make no sense. 
Perform the following configurations in L2TP group...

    Page 617

    Page 617 Advanced Configuration at LAC or LNS613 By default, the interval for sending the tunnel Hello message is 60 seconds. If this configuration is not implemented, LAC or LNS will adopt the default value as the interval to send the Hello message to the peer. Configure Domain Delimiter and Searching OrderThis configuration is applicable to LAC only. If there are a lot of users dialing in domain name mode, it is time-consuming to search users in sequence. Therefore, it is recommended to set the necessary... 
    Advanced Configuration at LAC or LNS613
By default, the interval for sending the tunnel Hello message is 60 seconds. If this 
configuration is not implemented, LAC or LNS will adopt the default value as the 
interval to send the Hello message to the peer.
Configure Domain 
Delimiter and Searching 
OrderThis configuration is applicable to LAC only.
If there are a lot of users dialing in domain name mode, it is time-consuming to 
search users in sequence. Therefore, it is recommended to set the necessary...

    Page 618

    Page 618 614CHAPTER 43: CONFIGURING L2TP information (ACK) and wait for some time before clearing the tunnel, so that the request transmitted again from the peer can be properly received when ACK message is lost. After disconnecting the tunnel by force, all control connections and session connections on the tunnel will also be cleared. After tunnel disconnection, a new tunnel will be established again when new users dial in. Perform the following configuration in system view. Ta b l e 679 Force to... 
    614CHAPTER 43: CONFIGURING L2TP 
information (ACK) and wait for some time before clearing the tunnel, so that the 
request transmitted again from the peer can be properly received when ACK 
message is lost. After disconnecting the tunnel by force, all control connections 
and session connections on the tunnel will also be cleared. After tunnel 
disconnection, a new tunnel will be established again when new users dial in. 
Perform the following configuration in system view.
Ta b l e 679   Force to...

    Page 619

    Page 619 Advanced Configuration at LAC or LNS615 Ta b l e 680 Force Local End to Perform CHAP Authentication Local CHAP authentication will not be carried out by default. Configure to Force the LCP to RenegotiateThis configuration is applicable to LNS only. For an NAS-originated VPN service request, at the beginning of PPP session, the user will first perform the PPP negotiation with the NAS. If the negotiation succeeds, the NAS will initiate the L2TP tunnel connection and transmit the user information to... 
    Advanced Configuration at LAC or LNS615
Ta b l e 680   Force Local End to Perform CHAP Authentication
Local CHAP authentication will not be carried out by default.
Configure to Force the 
LCP to RenegotiateThis configuration is applicable to LNS only.
For an NAS-originated VPN service request, at the beginning of PPP session, the 
user will first perform the PPP negotiation with the NAS. If the negotiation 
succeeds, the NAS will initiate the L2TP tunnel connection and transmit the user 
information to...

    Page 620

    Page 620 616CHAPTER 43: CONFIGURING L2TP By default, address pool 0 (the default one) will be used by the peer for allocating addresses. When specifying the address pool from which addresses are allocated for users, the default address pool will be used for allocating addresses if no specific pool-number value is configured after the key word pool. Configure the Receiving Window Size for Controlling Flow over TunnelThis configuration is applicable to LAC and LNS. L2TP has simple flow control function. The... 
    616CHAPTER 43: CONFIGURING L2TP 
By default, address pool 0 (the default one) will be used by the peer for allocating 
addresses.
When specifying the address pool from which addresses are allocated for users, 
the default address pool will be used for allocating addresses if no specific 
pool-number value is configured after the key word pool.
Configure the Receiving 
Window Size for 
Controlling Flow over 
TunnelThis configuration is applicable to LAC and LNS.
L2TP has simple flow control function. The...
    Start reading 3Com Router User Manual

    Related Manuals for 3Com Router User Manual

    All 3Com manuals