一、组网需求
现场有两个域的用户,通过LAC自动拨号发起L2TP访问,不同域的用户从不同的L2TP隧道连接LNS。LAC非我司设备,不确定是否需要在LAC上配置多域接入。
二、组网图
三、配置步骤
LAC侧:
#
l2tp enable
#
l2tp-group 1 mode lac
lns-ip 2.2.2.1
undo tunnel authentication
tunnel name LAC1
#
l2tp-group 2 mode lac
lns-ip 2.2.2.1
undo tunnel authentication
tunnel name LAC2
#
interface Virtual-PPP1
ppp pap local-user test1@test1 password cipher
$c$3$JCkNxgG6Xo1n+2d5H1q2AzdB163SMWn8FA== //拨入的用户需要带域名
l2tp-auto-client l2tp-group 1 //配置自动拨号
#
interface Virtual-PPP2
ppp pap local-user test2@test2 password cipher $c$3$H9uwRHpRpFR/vO8FuTqcoFvXEMTMyd2ODQ==
ip address ppp-negotiate
l2tp-auto-client l2tp-group 2
#
LNS侧:
#
l2tp enable
#
ip pool test1 172.168.1.10 172.168.1.20 //为拨入的不同域的隧道对端定义不同地址池
ip pool test1 gateway 172.168.1.1
ip pool test2 192.168.1.10 192.168.1.20
ip pool test2 gateway 192.168.1.1
#
interface Virtual-Template1
ppp authentication-mode pap
remote address pool test1
#
interface Virtual-Template2
ppp authentication-mode pap
remote address pool test2
#
domain test1
authentication ppp local
#
domain test2 //在LNS设备上需要配置多域
authentication ppp local
#
local-user test1 class network
password cipher $c$3$3XsHMPkPjKxbiRWEA0plPWcZz6oCnDY40g==
service-type ppp
authorization-attribute user-role network-operator
#
local-user test2 class network
password cipher $c$3$UHcNe8hHEyIiy8coK7uEIFG+iGjcQjqWgQ==
service-type ppp
authorization-attribute user-role network-operator
#
l2tp-group 1 mode lns
allow l2tp virtual-template 1 remote LAC1
undo tunnel authentication
tunnel name LNS
#
l2tp-group 2 mode lns
allow l2tp virtual-template 2 remote LAC2
undo tunnel authentication
tunnel name LNS
#
四、结果验证
在LNS上查看隧道已建立
[LNS]display l2tp tunnel
LocalTID RemoteTID State Sessions RemoteAddress RemotePort RemoteName
33759 40163 Established 1 2.2.2.2 1701 LAC2
35116 38328 Established 1 2.2.2.2 1701 LAC1
在LAC侧查看也能够分配到地址
[LAC]dis interface brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
VPPP1 UP UP 172.168.1.14
VPPP2 UP UP 172.168.1.15
五、配置关键点
1、在LAC上不需要配置,但是发起自动拨号的用户需要写成用户名@域名
2、在有多个LAC隧道的情况下,一定要通过 allow l2tp virtual-template 1 remote命令指定对端隧道口名称
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作