L2TP 相关配置
VPN L2TP测试项目—网络示意图:
有关资料:CISCO(LNS)202.101.103.126 ver 12.0
TNT(LAC) 202.101.103.99
RADIUS SERVER 202.101.103.53
TNT的配置:
; configuration
; saving profiles of type L2-TUNNEL-GLOBAL
new L2-TUNNEL-GLOBAL
set server-profile-required = no
set l2tp-mode = lac
set l2tp-auth-enabled = no
set l2tp-rx-window = 0
set l2tp-system-name = maxtnt
set l2tp-config first-retry-timer = 1000
set l2tp-config retry-count = 6
set l2tp-config hello-timer = 60
set l2tp-config control-connect-establish-timer = 60
set l2tp-config lac-incoming-call-timer = 60
set l2tp-config base-udp-port = 0
set l2tp-config mbit-dnis-clid = no
set udp-queue-length = 256
write –f
; saving profiles of type ANSWER-DEFAULTS
new ANSWER-DEFAULTS
set use-answer-for-all-defaults = yes
set force-56kbps = no
set profiles-required = yes
set clid-auth-mode = ignore(clid-first; dnis-first)
若在TNT本地进行认证,不在外部RADIUS,可’new connection vpdntest’:
[in CONNECTION/vpdntest]
station* = vpdntest
active = yes
encapsulation-protocol = mpp
shared-prof = yes
lis telco-o
set data-service = 56k-restricted
lis ppp-o
set ppp-options send-auth-mode = no-ppp-auth
set ppp-options recv-password = 12345
在CISCO上的配置:
2610#sh run
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 2610
!
enable password 7 1513180F01242F
!
username l2tp password 7 1533180F01242F
username ly password 7 151E12
username mao password 0 mao
!
!
memory-size iomem 10
ip subnet-zero
ip name-server 202.96.199.133
ip name-server 202.96.0.133
!
vpdn enable
!
vpdn-group 1
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
local name runway
lcp renegotiation always
no l2tp tunnel authentication
!
!
!
!
process-max-time 200
!
interface Loopback0
ip address 10.10.10.1 255.255.255.0
no ip directed-broadcast
!
interface Ethernet0/0
ip address 202.101.103.126 255.255.255.240
no ip directed-broadcast
!
interface Serial0/0
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
no fair-queue
!
interface Serial0/1
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1/0
no ip address
no ip directed-broadcast
shutdown
no ignore-hw local-loopback
!
interface Serial1/1
no ip address
no ip directed-broadcast
shutdown
no ignore-hw local-loopback
!
interface Serial1/2
no ip address
no ip directed-broadcast
shutdown
no ignore-hw local-loopback
!
interface Serial1/3
no ip address
no ip directed-broadcast
shutdown
no ignore-hw local-loopback
!
interface Serial1/4
no ip address
no ip directed-broadcast
shutdown
no ignore-hw local-loopback
!
interface Serial1/5
no ip address
no ip directed-broadcast
shutdown
no ignore-hw local-loopback
!
interface Serial1/6
no ip address
no ip directed-broadcast
shutdown
no ignore-hw local-loopback
!
interface Serial1/7
no ip address
no ip directed-broadcast
no ignore-hw local-loopback
clockrate 64000
!
interface Virtual-Template1
ip unnumbered Ethernet0/0
no ip directed-broadcast
peer default ip address pool default
!
ip local pool default 10.10.10.2 10.10.10.254
ip classless
ip route 0.0.0.0 0.0.0.0 202.101.103.93
no ip http server
!
banner login ^C
Welcome to 2610 ! This is the cisco Lab.
2610 s1/0 10.10.10.6
2501 s0 10.10.10.5
^C
!
line con 0
transport input none
line aux 0
line vty 0 4
exec-timeout 0 0
password 7 011215075E0502
login
!
!
no scheduler allocate
end
在RADIUS上的配置:
users:
# vpdn user files to local auth
l2tpascend Password = "l2tpascend"
Service-Type = Framed,
Framed-Protocol = PPP,
Tunnel-Type = L2TP,
Tunnel-Medium-Type = IP,
Tunnel-Server-Endpoint = 202.101.103.126
# DNIS auth (Authentication-Type=DNIS-REALM)
99163 Password = "Ascend-DNIS"
Tunnel-Type = L2TP,
Tunnel-Medium-Type = IP,
Tunnel-Server-Endpoint = 202.101.103.126
# domain name realm
DEFAULT Authentication-Type = Realm
# dnis realm
#DEFAULT Authentication-Type = DNIS-REALM
附件: 您所在的用户组无法下载或查看附件
