Configure VPDN Directory
VPDN sub-module is a sub-module to deal with
VPDN group in L2TP module, its major function is to create and manage VPDN
group information, Both LAC and LNS need get related information from VPDN ,to
create channel and session.
Set IP address of remote LNS corresponding to LAC
Set local channel name of VPDN group
Set channel name of remote LNS corresponding to LAC
Set LNS and CLIENT terminal to re-authentication
Set LNS and CLIENT terminal to re-arrange LCP
Set source IP address of VPDN group
Set source interface of clown configuration in LNS workgroup
Set time interval to send “hello”
Set size of channel receive windows
Show mistakes in L2TP mutual courses
Only when encapsulation VPDN module, CLIENT SEND “LCP OPEN” TO “LAC”, if default, VPEN is forbidden. After executing VPDN enable, VPDN opens. “NO” forbids sub-functions of VPDN.
If enable VPDN module, please use command as follows;
commands |
purpose |
Vpdn enable |
encapsulation VPDN module |
Information of channel controlling all get from VPDN group, you can creat 300 VPDN groups at most now, if you want to create VPDN group, use command as follows:
instrctions |
purposes |
Vpdn-group group number |
Create VPDN group |
set VPDN group to LNS dialing
VPDN group can be LAC or LNS, the command to set VPDN group to LNS are follow:
command |
purpose |
Accept-dialing |
Set VPDN group to LNS dialing |
set VPDN group to LAC dialing
VPDN group can be LAC or LNS, the command to set VPDN group to LAC are follow:
command |
purpose |
Request-dialing |
Set VPDN group to LAC dialing |
protocol negotiating
VPDN group must negotiate with related protocols, now, we only support L2TP, the command is follow:
command |
purpose |
Protocol L2TP |
Negotiate VPDN group with L2TP |
only
when apply for user name which is in a domain of a VPDN group, LAC will
response, send “sccrq”,
user
name must include ’-@_’, the character behind ’-@_’ is the
domain name the user belongs to,
the
command to set LAC is follow:
command |
purpose |
Domain domain name |
Set LAC domain name |
Set IP address of remote LNS corresponding to LAC
When LAC response to LCP OPEN request from CLIENT and send SCCRQ, it should has a target LNS, so you need to set IP address of remote LNS corresponding to LAC , now, LAC can response to many LNS, when send, it turns by PRI from small to big ,if PRI is the same ,turns by IP address from small to big .If without response ,send to next IP address LNS. You can define 5 different IP address LNS, PRI valued from 0 to 5,default is 5, the value is smaller, PRI is higher ,related commands are follow:
instrctions |
purpose |
Initiate-to ip ipaddr priority Priority num |
SET IP address of remote LNS corresponding to LAC |
Set local channel name of VPDN group
When
LAC sends “SCCRQ”, it must send local channel name together, so LNS can
find corresponding local VDPN group according channel name. The name of local
channel name includes 244 characters at most, related command is follow:
command |
purpose |
Local local name |
set local channel name of VPDN group |
Set channel name of remote LNS corresponding to LAC
After receive SCCRQ, according to channel name of LAC, LNS look for remote channel name and VPDN group matching to LAC channel name, so, as a LNS VPDN group can set a remote channel name corresponding to LNS in order to match after receiving SCCRQ. If a VPDN group does not set remote channel name, that it is default VPDN group, if there is no other matching VPDN group, you need to adopt its information.
command |
purpose |
Terminate-from remote LAC name |
SET channel name of remote LNS corresponding to LAC |
Set
LNS and CLIENT terminal to re-authentication
After successfully create session, and LNS replacing LAC to authenticate CLIENT, you can choose LNS and CLIENT to re-authentication, related command is follow:
command |
purpose |
Force-local-chap |
set LNS and CLIENT terminal to re-authentication |
Set LNS and CLIENT terminal to re-arrange LCP
After successfully create session, LNS can choose to re-arrange the whole PPP protocol with CLIENT, related command is follow:
command |
purpose |
Lcp-renegotiation |
set LNS and CLIENT terminal to re-arrange LCP |
Set source IP address of VPDN group
you can define source IP address of VPDN group, so, when send controlling document, the source IP address of the document will conform to VPDN group, but source IP address must be the ethernet card address exist on Router, or negotiation will fail, related command is follow:
instrction |
purpose |
Source-ip ipaddr |
set source ip address of VPDN group |
Set source interface of clown configuration in LNS workgroup
After create session, LNS must interact with CLIENT
by a virtual interface, this virtual interface could be the virtual module
interface created, if such a interface has not been created, you should create
this interface, related command is follow:
command |
purpose |
Virtual-template virtual-temp-num |
set source interface of clown configuration in LNS workgroup |
You can authenticate between LAC and LNS using courses like CHAP, only after this, you can create channel, related command is follow:
command |
purpose |
L2tp tunnel anthenticate |
Set channel authentications |
If you have configured channel authentications on
both LNS and LAC, you should set the same password on both channels, thus ,
authentication will be successful, the character number of password can not
pass 254. Related command is follow:
command |
purpose |
L2tp tunnel password password |
Set channel password |
Set time interval to send “hello”
After successfully create session between LAC and
LNS , it will send “hello” each other time to check whether the connecting
is ok. You can set time interval to send “hello’, its value is from
“0” to “4294967294”,and its unit is second, related command is follow:
command |
purpose |
L2tp tunnel hello hellointerval |
set time interval to send “hello” |
Set sizes of channel receive windows
This
command uses to define sizes of BUFFER of local receiving . And tell
corresponding terminal in L2TP channel negotiating, and the corresponding
terminal set size of sliding window . The value of sliding window is from
“1” to “100”, related command is follow:
command |
purpose |
L2tp tunnel receive-window receive-window-size |
set sizes of channel receive windows |
instrction |
purpose |
L2tp hidden |
set L2TP attribute hiding |
show current VPDN group information, related command is follow:
command |
purpose |
Show vpdn group |
Show VPDN group |
show control information in the courses of creating L2TP,related command is follow:
instrction |
purpose |
Debug l2tp event |
Show L2TP event information |
Show content information in the courses of creating L2TP channel and session, related command is follow:
command |
purpose |
Debug l2tp packet |
show L2TP packet information |
Show mistakes in L2TP mutual courses
Show mistake information in the courses of creating L2TP channel and session, related command is follow:
command |
purpose |
Debug l2tp error |
show mistakes in L2TP mutual courses |
Serial
0/1 of router 2650-CLIENT and 2650-LAC take PPP protocol, LAC adopt CHAP
authentication; the input user name of CHAP authentication must be the user
name in “prompt”
Of corresponding router; the passwords must be the same to authentication of CHAP of two routers, router 2650-LAC is connected with router 2650-LNS by Ethernet card .For an example:
configurations:
Client
configurations :
username
ht1@D-Link.com.cn password 123
interface
Serial0/0
ip
address 11.9.9.1 255.255.255.0
no
ip directed-broadcast
encapsulation ppp
ppp
chap hostname ht1@D-Link.com.cn
LAC
configurations:
username
ht1@D-Link.com.cn password 123
interface
Serial0/0
ip
address 11.9.9.2 255.255.255.0
no
ip directed-broadcast
encapsulation ppp
ppp
authentication chap
ppp
chap hostname ht1@D-Link.com.cn
physical-layer speed 115200
vpdn-group
1
request-dialin
domain D-Link.com.cn
initiate-to ip 192.168.20.204 priority 1
no
l2tp tunnel authentication
local-name lac
protocol l2tp
source-ip 192.168.20.92
LNS
configurations:
username
ht1@D-Link.com.cn password 123
vpdn-group
1
accept-dialin
terninate-from lac
no
l2tp tunnel authentication
protocol l2tp
virtual-template 1
interface
Virtual-Template1
ip
address 11.9.9.3 255.255.255.0
ppp
authentication chap
ppp
chap hostname ht1@D-Link.com.cn