Configure VPDN Directory

VPDN sub-module is a sub-module to deal with VPDN group in L2TP module, its major function is to create and manage VPDN group information, Both LAC and LNS need get related information from VPDN ,to create channel and session.

VPDN module encapsulation

Create VPDN group

Set domain name of LAC

Set IP address of remote LNS corresponding to LAC

Set local channel name of VPDN group

Set channel name of remote LNS corresponding to LAC

Set LNS and CLIENT terminal to re-authentication

Set LNS and CLIENT terminal to re-arrange LCP

Set source IP address of VPDN group

Set source interface of clown configuration in LNS workgroup

Set channel authentication

Set channel password

Set time interval to send “hello”

Set size of channel receive windows

Set L2TP attribute hiding

Show VPDN group

Show L2TP event information

Show L2TP packet information

Show mistakes in L2TP mutual courses

Configure examples

 

VPDN module encapsulation

Only when encapsulation VPDN module, CLIENT SEND “LCP OPEN” TO “LAC”, if default, VPEN is forbidden. After executing VPDN enable, VPDN opens. “NO” forbids sub-functions of VPDN.   

If enable VPDN module, please use command as follows;

commands

purpose

Vpdn enable

encapsulation VPDN module

 

CREATE VPDN GROUP

Information of channel controlling all get from VPDN group, you can creat 300 VPDN groups at most now, if you want to create VPDN group, use command as follows:

instrctions

purposes

Vpdn-group group number

Create VPDN group

 

set VPDN group to LNS dialing

VPDN group can be LAC or LNS, the command to set VPDN group to LNS are follow:

command

purpose

Accept-dialing

Set VPDN group to LNS dialing

set VPDN group to LAC dialing

VPDN group can be LAC or LNS, the command to set VPDN group to LAC are follow:

command

purpose

Request-dialing

Set VPDN group to LAC dialing

protocol negotiating

VPDN group must negotiate with related protocols, now, we only support L2TP, the command is follow:

 

command

purpose

Protocol  L2TP

Negotiate VPDN group with L2TP

 

Set domain name of LAC

only when apply for user name which is in a domain of a VPDN group, LAC will response, send “sccrq”,

user name must include ’-@_’,  the character behind ’-@_’ is the domain name the user belongs to,

the command to set LAC  is follow:

command

purpose

Domain domain name

Set LAC domain name

 

Set IP address of remote LNS corresponding to LAC

When LAC response to LCP OPEN request from CLIENT and send SCCRQ, it should has a target LNS, so you need to set IP address of remote LNS corresponding to LAC , now, LAC can response to many LNS, when send, it turns by PRI from small to big ,if PRI is the same ,turns by IP address from small to big .If without response ,send to next IP address LNS. You can define 5 different IP address LNS, PRI valued from 0 to 5,default is 5, the value is smaller, PRI is higher ,related commands are follow:  

instrctions

purpose

Initiate-to ip ipaddr priority

    Priority num

SET IP address of remote LNS corresponding to LAC

 

Set local channel name of VPDN group

When LAC sends “SCCRQ”, it must send local channel name together, so LNS can find corresponding local VDPN group according channel name. The name of local channel name includes 244 characters at most, related command is follow:

command

purpose

Local local name

set local channel name of VPDN group

 

Set channel name of remote LNS corresponding to LAC

After receive SCCRQ, according to channel name of LAC, LNS look for remote channel name and VPDN group matching to LAC channel name, so, as a LNS VPDN group can set a remote channel name corresponding to LNS in order to match after receiving SCCRQ. If a VPDN group does not set remote channel name, that it is default VPDN group, if there is no other matching VPDN group, you need to adopt its information. 

command

purpose

Terminate-from  remote LAC name

SET channel name of remote LNS corresponding to LAC

Set LNS and CLIENT terminal to re-authentication

After successfully create session, and LNS replacing LAC to authenticate CLIENT, you can choose LNS and CLIENT to re-authentication, related command is follow:    

command

purpose

Force-local-chap

set LNS and CLIENT terminal to re-authentication

 

Set LNS and CLIENT terminal to re-arrange LCP

    After successfully create session, LNS can choose to re-arrange the whole PPP protocol with CLIENT, related command is follow: 

command

purpose

Lcp-renegotiation

set LNS and CLIENT terminal to re-arrange LCP

Set source IP address of VPDN group

you can define source IP address of VPDN group, so, when send controlling document,  the source IP address of  the document will conform to VPDN group, but source IP address must be the ethernet card address exist on  Router, or negotiation will fail, related command is follow: 

instrction

purpose

Source-ip ipaddr

set source ip address of VPDN group

 

Set source interface of clown configuration in LNS workgroup

After create session, LNS must interact with CLIENT by a virtual interface, this virtual interface could be the virtual module interface created, if such a interface has not been created, you should create this interface, related command is follow:  

command

purpose

Virtual-template virtual-temp-num

set source interface of clown configuration in LNS workgroup

Set channel authentication

You can authenticate between LAC and LNS using courses like CHAP, only after this, you can create channel, related command is follow:  

command

purpose

L2tp tunnel anthenticate

Set channel authentications

 

Set channel password

If you have configured channel authentications on both LNS and LAC, you should set the same password on both channels, thus , authentication will be successful, the character number of password can not pass 254. Related command is follow:  

command

purpose

L2tp tunnel password   password

Set channel password

 

Set time interval to send hello

After successfully create session between LAC and LNS , it will send “hello” each other time to check whether the connecting is ok. You can set time interval to send “hello’, its value is from “0” to “4294967294”,and its unit is second, related command is follow:  

command

purpose

L2tp tunnel hello hellointerval

set time interval to send “hello”

Set sizes of channel receive windows

This command uses to define sizes of BUFFER of local receiving . And tell corresponding terminal in L2TP channel negotiating, and the corresponding terminal set size of sliding window . The value of sliding window is from “1” to “100”, related command is follow:  

command

purpose

L2tp tunnel  receive-window receive-window-size

set sizes of channel receive windows

Set L2TP attribute hiding

  Change instructions to hide sensitivity information , only when configure channel password on local, this command will work. The default is not hide, related command is follow: 

instrction

purpose

L2tp hidden

set L2TP attribute hiding

   

Show VPDN group

show current VPDN group information, related command is follow: 

command

purpose

Show vpdn group

Show VPDN group

   

Show L2TP event information

show control information in the courses of creating L2TP,related command is follow: 

instrction

purpose

Debug l2tp event

Show L2TP event information

Show L2TP packet information

Show content information in the courses of creating L2TP channel and session, related command is follow: 

command

purpose

Debug l2tp packet

show L2TP packet information

 

Show mistakes in L2TP mutual courses

Show mistake information in the courses of creating L2TP channel and session, related command is follow: 

command

purpose

Debug l2tp error

show mistakes in L2TP mutual courses

Configure examples

Serial 0/1 of router 2650-CLIENT and 2650-LAC take PPP protocol, LAC adopt CHAP authentication; the input user name of CHAP authentication must be the user name in “prompt”

Of corresponding router; the passwords must be the same to authentication of CHAP of two routers, router  2650-LAC is connected with router 2650-LNS by Ethernet card .For an example:

 

configurations:

Client configurations :

username ht1@D-Link.com.cn password 123

interface Serial0/0

 ip address 11.9.9.1 255.255.255.0

 no ip directed-broadcast

 encapsulation ppp

 ppp chap hostname ht1@D-Link.com.cn

 

LAC configurations:

username ht1@D-Link.com.cn password 123

interface Serial0/0

 ip address 11.9.9.2 255.255.255.0

 no ip directed-broadcast

 encapsulation ppp

 ppp authentication chap

 ppp chap hostname ht1@D-Link.com.cn

 physical-layer speed 115200

vpdn-group 1

 request-dialin

 domain D-Link.com.cn

 initiate-to ip 192.168.20.204 priority 1

 no l2tp tunnel authentication

 local-name lac

 protocol l2tp

 source-ip 192.168.20.92

 

LNS configurations:

username ht1@D-Link.com.cn password 123

vpdn-group 1

 accept-dialin

 terninate-from lac

 no l2tp tunnel authentication

 protocol l2tp  

 virtual-template 1

 

interface Virtual-Template1

 ip address 11.9.9.3 255.255.255.0

 ppp authentication chap

 ppp chap hostname ht1@D-Link.com.cn