The start l2tp command sets a triggering condition for initiating calls when the local end acts as a LAC.
The undo start command deletes the specified triggering condition.
start l2tp { lns-domain domain-name | ip ip-address &<1-5> } { domain domain-name | fullusername user-name } [ vpn-instance vpn-instance-name ]
undo start
| Parameter | Description | Value |
|---|---|---|
lns-domain domain-name |
Specifies the domain name of an LNS. |
The value is a case-insensitive string of 1 to 64 characters. |
ip-address |
Specifies the IP address of an LNS. |
You can set a maximum of five IP addresses of LNSs for backup. |
domain domain-name |
Specifies the domain name for triggering a connection request. |
The value is a case-insensitive string of 1 to 64 characters. |
user-name |
Specifies the full user name for triggering a connection request. |
The value is a case-insensitive string of 1 to 64 characters. |
vpn-instance-name |
Specifies the name of a VPN instance. |
The value of vpn-instance-name must be the name of an existing virtual system. |
By default, no triggering condition is specified on the FW.
You can run the start l2tp command on the LAC.
The FW supports the following connection requests:
Request based on the domain name. For example, if the domain name of the user's company is domain1.com, users whose names contain domain name domain1.com can be configured as VPN users.
Request based on the full user name. You can configure users as VPN users based on their full names.
If the call initiator is a VPN user and initiates a call, the LAC sends L2TP tunnel connection requests to LNSs in the configuration sequence. If a response from an LNS is received, the LNS acts as the remote end of a tunnel. Otherwise, the LAC sends a connection request to another LNS.
The LAC determines whether a user is a VPN user as follows:
Check whether a full user name is the same as the specified full name of a VPN user. If yes, the user is a VPN user.
If no, check whether the domain name in the user name is the same as the specified domain name. If yes, the user is a VPN user.
If no, the user is not a VPN user.
To run the start l2tp lns-domain command to obtain the peer IP address based on the domain name of an LNS, set the domain name on the LNS. To enable dynamic refreshing of domain names, configure DDNS on the LNS.
# Identify VPN users according to domain name domain1.com with 10.1.1.1 being the IP address of an L2TP access server at the headquarters.
<sysname> system-view [sysname] l2tp-group 1 [sysname-l2tp-1] start l2tp ip 10.1.1.1 domain domain1.com
# The LAC resolves an IP address based on domain name domain2.com of the LNS. Use the IP address and user name test123 to connect to the LNS.
[sysname] l2tp-group 2 [sysname-l2tp-2] start l2tp lns-domain domain2.com fullusername test123