l2tp-lab(lac auto initiate)

一、Lac auto -initiated方式

    PPP 用户接入之前,在 LAC 和 LNS 之间采用 LAC-Auto-Initiated 模式建立 L2TP 隧道,  拓扑:
 

图片

 初始配置:NAC的G0/0IP能PING通LNS的G0/0接口IP。NAC lo0的IP1.1.1.1/32,LNS  lo0IP:3.3.3.3/32,l2tp会话建立后,1.1.1.1能ping通3.3.3.3

NAC配置:

#
 sysname NAC
#
ospf 1
 area 0.0.0.0
  network 192.168.12.0 0.0.0.255
#              
interface Virtual-PPP1
 ppp pap local-user vpdnuser password cipher $c$3$yY/2BMeATJ+2S3QLMvShuX0DZaNlxppU 
 ip address ppp-negotiate
 l2tp-auto-client l2tp-group 1
#
interface LoopBack0
 ip address 1.1.1.1 255.255.255.255
#
interface GigabitEthernet0/0
 port link-mode route
 combo enable copper
 ip address 192.168.12.1 255.255.255.0
#
 ip route-static 3.3.3.3 32 Virtual-PPP1
#              
l2tp-group 1 mode lac
 lns-ip 192.168.23.3
 tunnel name lac
 tunnel password cipher $c$3$ys8K8KUzlqOpzcFrq5w8XlhyI1kvCbRiWg==
#
 l2tp enable
#

LNS配置:

 sysname LNS
#
ospf 1
 area 0.0.0.0
  network 192.168.23.0 0.0.0.255
#            
interface Virtual-Template1
 ppp authentication-mode pap 
 remote address 10.1.1.2 
 ip address 10.1.1.1 255.255.255.0
#
interface LoopBack0
 ip address 3.3.3.3 255.255.255.255
#
interface GigabitEthernet0/0
 port link-mode route
 combo enable copper
 ip address 192.168.23.3 255.255.255.0
#
 ip route-static 1.1.1.1 32 10.1.1.2
#
domain system
 authentication ppp local

#
user-group system
#
local-user vpdnuser class network
 password cipher $c$3$KXo23zd79fbi5cwtq+UKKAb2lP+5WhQV
 service-type ppp
 authorization-attribute user-role network-operator
#
l2tp-group 1 mode lns
 allow l2tp virtual-template 1 remote lac
 tunnel name lns
 tunnel password cipher $c$3$36ecaTTazyE0PeErO5wUsWC02dIreWun8g==
#
 l2tp enable

INTERNET配置:

#
 sysname INTERNET
#
ospf 1
 area 0.0.0.0
  network 0.0.0.0 255.255.255.255
#
interface GigabitEthernet0/0
 port link-mode route
 combo enable copper
 ip address 192.168.12.2 255.255.255.0
#
interface GigabitEthernet0/1
 port link-mode route
 combo enable copper
 ip address 192.168.23.2 255.255.255.0

 检查:

[NAC]dis l2tp session 
LocalSID    RemoteSID    LocalTID    State
26915       17571        27757       Established

[NAC]dis l2tp tunnel 
LocalTID RemoteTID State        Sessions RemoteAddress   RemotePort RemoteName
27757    5288      Established  1        192.168.23.3    1701       lns

 

posted @ 2025-09-29 17:07  hopeccie  阅读(6)  评论(0)    收藏  举报