H3c-technologies H3C SecPath F5020 Manual de usuario

H3C Firewall DevicesLayer 2—WAN AccessConfiguration Guide (Comware V7) Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Soft

2 If the interface is configured with an IP address, the IPCP negotiation is performed. IPCP configuration options include IP addresses and DNS serve

3 An interface can act as a client or a server during IP address negotiation: • Client—Obtains an IP address from the server. Use the client mode wh

4 • Method 3—The client requests prefixes through DHCPv6 and assigns them to downstream hosts. The hosts then uses the prefixes to generate global I

5 Configuring PAP authentication Configuring the authenticator Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface vie

6 Step Command Remarks 2. Enter interface view. interface interface-type interface-number N/A 3. Configure the authenticator to authenticate the p

7 Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Configure

8 Step Command Remarks 2. Enter interface view. interface interface-type interface-number N/A 3. Configure the authenticator to authenticate the p

9 To set the keepalive retry limit, use the timer-hold retry command. On a slow link, increase the keepalive interval to prevent false shutdown of t

10 Step Command Remarks 2. Enter interface view. interface interface-type interface-number N/A 3. Enable IP address negotiation. ip address ppp-neg

11 Step Command Remarks 4. (Optional.) Configure a PPP address pool route. ppp ip-pool route ip-address { mask-length | mask } [ vpn-instance vpn-in

Copyright © 2015, Hangzhou H3C Technologies Co., Ltd. and its licensors All rights reserved No part of this manual may be reproduced or transmitted

12 Step Command Remarks 1. Enter system view. system-view N/A 2. Configure a PPP address pool. ip pool pool-name start-ip-address [ end-ip-address

13 Step Command Remarks 4. Associate the ISP domain with the configured DHCP address pool for address assignment. authorization-attribute ip-pool po

14 Step Command Remarks 3. Specify the primary and secondary DNS server IP addresses to be allocated to the peer in PPP negotiation. ppp ipcp dns pr

15 Configuring PFC negotiation PPP can compress the protocol field of PPP packets from 2 bytes to 1 byte to increase the payload size. PFC negotiati

16 To enable PPP accounting: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interfa

17 Task Command Display PPP address pools. display ip pool [ pool-name ] [ group group-name ]

18 Configuring PPPoE Overview Point-to-Point Protocol over Ethernet (PPPoE) extends PPP by transporting PPP frames encapsulated in Ethernet over poin

19 • As shown in Figure 3, a PPPoE session is established between each host (PPPoE client) and the carrier router (PPPoE server). The service provid

20 Configuring a dialer interface Before establishing a PPPoE session, you must first create a dialer interface and configure bundle dial-on-demand r

21 Step Command Remarks 10. Set the MTU for the dialer interface mtu size By default, the MTU on a dialer interface is 1500 bytes. The dialer interf

Preface The H3C firewall devices configuration guides (Comware V7) describe the software features and configuration procedures for the Comware V7-base

22 Task Command Display summary information for a PPPoE session. display pppoe-client session summary [ dial-bundle-number number ] Display the prot

23 Configuring L2TP Overview The Layer 2 Tunneling Protocol (L2TP) is the most widely used Virtual Private Dialup Network (VPDN) tunneling protocol.

24 L2TP message types and encapsulation structure L2TP uses the following types of messages: • Control messages—Used to establish, maintain, and de

25 Figure 7 NAS-initiated tunneling mode A NAS-initiated tunnel has the following characteristics: • The remote system only needs to support PPP,

26 4. The LAC sends the authentication information (username and password) to its RADIUS server (RADIUS server A) for authentication. 5. RADIUS ser

27 As shown in Figure 10, the workflow for establishing a client-initiated tunnel is similar to that for establishing a NAS-initiated tunnel. (Detail

28 Figure 12 Establishment process for LAC-auto-initiated tunnels L2TP features • Flexible identity authentication mechanism and high security—L2T

29 Table 2 Tunnel attributes that can be issued by the RADIUS server Attribute number Attribute name Description 64 Tunnel-Type Tunnel type, which

30 • RFC 1918, Address Allocation for Private Internets • RFC 2661, Layer Two Tunneling Protocol "L2TP" • RFC 2868, RADIUS Attributes fo

31 Tasks at a glance (Optional.) Configuring optional L2TP parameters • Configuring L2TP tunnel authentication • Setting the Hello interval • Enab

Conventions This section describes the conventions used in this document. Command conventions Convention Description Boldface Bold text represents co

32 You can specify a user by configuring one of the following: • Fully qualified name—The LAC initiates tunneling requests to the LNS only if the us

33 Configuring transferring AVP data in hidden mode L2TP uses Attribute Value Pairs (AVPs) to transmit tunnel negotiation parameters, session negotia

34 To configure an LAC to automatically establish an L2TP tunnel: Step Command Remarks 1. Enter system view. system-view N/A 2. Create a virtual

35 Creating a VT interface After an L2TP session is established, a virtual access (VA) interface is needed for data exchange with the peer. The syste

36 itself. The LNS then checks the user validity according to the received information and the locally configured authentication method. • Mandatory

37 Step Command Remarks 1. Enter system view. system-view N/A 2. Enter L2TP group view in LNS mode. l2tp-group group-number [ mode lns ] N/A 3. C

38 Step Command Remarks 3. Enable L2TP tunnel authentication. tunnel authentication Enabled by default. 4. Configure the tunnel authentication key

39 Step Command Remarks 1. Enter system view. system-view N/A 2. Enter L2TP group view. l2tp-group group-number [ mode { lac | lns } ] N/A 3. Con

40 Step Command Remarks 2. Configure the TSA ID of the LTS device and enable L2TP loop detection on the LTS device. l2tp tsa-id tsa-id By default, t

41 # Configure local authentication for PPP users in ISP domain system. [LAC] domain system [LAC-isp-system] authentication ppp local [LAC-isp-system

Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a ro

42 [LNS] l2tp-group 1 mode lns # Configure the local tunnel name as LNS. [LNS-l2tp1] tunnel name LNS # Specify Virtual-Template 1 for receiving calls

43 [LNS-GigabitEthernet1/0/1] ip binding vpn-instance vpn1 [LNS-GigabitEthernet1/0/1] quit # Configure IP addresses for the interfaces. (Details not

44 Verifying the configuration # On the remote host, initiate the L2TP connection. After the connection is established, the remote host can obtain th

45 [LNS-isp-system] quit # Enable L2TP, and create L2TP group 1 in LNS mode. [LNS] l2tp enable [LNS] l2tp-group 1 mode lns # Configure the local tunn

46 LocalSID RemoteSID LocalTID State 21409 3395 4501 Established # On the LNS, use the display l2tp tunnel

47 Analysis and solution Possible reasons for the data transmission failure are as follows: • No route is available. The LAC must have a route to th

48 Index C D E F L O P T C Configuring a PPPoE client,19 Configuring an LAC,31 Configuring an LNS,34 Configuring basic L2TP capabilities,31 Config

Obtaining documentation Access the most up-to-date H3C product documentation on the World Wide Web at http://www.h3c.com. Click the following links to

i Contents Configuring PPP ···························································································································

ii Configuring an LNS ································································································································

1 Configuring PPP Overview Point-to-Point Protocol (PPP) is a point-to-point link layer protocol. It provides user authentication, supports synchrono