HP VSR1000 Layer 2 - Wan Access Configuration Manual
  1. Manuals
  2. Brands
  3. HP Manuals
  4. Network Router
  5. VSR1000
  6. Layer 2 - wan access configuration manual
HP VSR1000 Layer 2 - Wan Access Configuration Manual

HP VSR1000 Layer 2 - Wan Access Configuration Manual

Virtual services router
Hide thumbs Also See for VSR1000:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Configuration Manual
HP VSR1000 Virtual Services Router
Layer 2 - WAN Access

Configuration Guide

Part number: 5998-4656
Software version: VSR1000_HP-CMW710-E0101P01-X64
Document version: 5W100-20130918

Advertisement

Table of Contents
loading

Related Manuals for HP VSR1000

Summary of Contents for HP VSR1000

  • Page 1: Configuration Guide

    HP VSR1000 Virtual Services Router Layer 2 - WAN Access Configuration Guide Part number: 5998-4656 Software version: VSR1000_HP-CMW710-E0101P01-X64 Document version: 5W100-20130918...
  • Page 2 The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an...

  • Page 3: Table Of Contents

    Contents Configuring PPPoE ······················································································································································· 1   Overview ············································································································································································ 1   PPPoE network structure ···················································································································································· 1   PPPoE client ········································································································································································ 2   Configuring a PPPoE client ··············································································································································· 3   Configuring a dialer interface ································································································································ 3   Configuring a PPPoE session ··································································································································· 4  ...
  • Page 4 Configuring an interface to place calls for bundle DDR ···························································································· 33   Configuring attributes for a dialer interface ················································································································ 34   Support and other resources ····································································································································· 35   Contacting HP ································································································································································ 35   Subscription service ·············································································································································· 35   Related information ························································································································································ 35  ...

  • Page 5: Configuring Pppoe

    Configuring PPPoE Overview Point-to-Point Protocol over Ethernet (PPPoE) extends PPP by transporting PPP frames encapsulated in Ethernet over point-to-point links. PPPoE specifies the methods for establishing PPPoE sessions and encapsulating PPP frames over Ethernet. PPPoE requires a point-to-point relationship between peers instead of a point-to-multipoint relationship as in multi-access environments such as Ethernet.

  • Page 6: Pppoe Client

    As shown in Figure 2, a PPPoE session is established between each host (PPPoE client) and the • carrier router (PPPoE server). The service provider assigns an account to each host for billing and control. The host must be installed with PPPoE client software. Figure 2 Network structure 2 PPPoE client Host A...

  • Page 7: Configuring A Pppoe Client

    the ADSL modem to the ADSL server (PPPoE server) and finally to the Internet. The whole process is achieved without PPPoE client software installed on hosts. Configuring a PPPoE client PPPoE client configuration includes dialer interface configuration and PPPoE session configuration. A PPPoE session can operate in one of the following modes: •...

  • Page 8: Configuring A Pppoe Session

    Set the auto-dial interval. autodial-interval when the auto-dial timer expires. HP recommends that you set a shorter auto-dial interval for DDR to soon originate a new call. Configuring a PPPoE session Step...

  • Page 9: Displaying And Maintaining Pppoe

    To reset a PPPoE session: Step Command Remarks reset pppoe-client { all | Reset a PPPoE session. Available in user view. dial-bundle-number number } Displaying and maintaining PPPoE Execute display commands in any view and reset commands in user view. Task Command Display summary information about a PPPoE...

  • Page 10: Configuring Pppoe Client In On-Demand Mode

    [RouterB-Dialer1] ip address ppp-negotiate [RouterB-Dialer1] quit # Configure a PPPoE session that corresponds to dialer bundle 1 (dialer bundle 1 corresponds to interface Dialer 1). [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] pppoe-client dial-bundle-number 1 [RouterB-Ethernet1/1] quit # Configure the PPPoE session to operate in permanent mode. [RouterB] interface dialer 1 [RouterB-Dialer1] dialer timer idle 0 # Set the DDR auto-dial interval to 60 seconds.

  • Page 11: Configuring Pppoe Client In Diagnostic Mode

    [RouterB-Ethernet1/1] pppoe-client dial-bundle-number 1 [RouterB-Ethernet1/1] quit # Set the link-idle timeout timer to 150 seconds. [RouterB] interface dialer 1 [RouterB-Dialer1] dialer timer idle 150 [RouterB-Dialer1] quit Verify the configuration by displaying summary information about the PPPoE session established between Router B and Router A (PPPoE server). [RouterB-Dialer1] display pppoe-client session summary Bundle ID Interface...
  • Page 12 # Set the DDR auto-dial interval to 10 seconds. [RouterB-Dialer1] dialer timer autodial 10 Verify the configuration by displaying summary information about the PPPoE session established between Router B and Router A (PPPoE server). [RouterB-Dialer1] display pppoe-client session summary Bundle ID Interface RemoteMAC LocalMAC...

  • Page 13: Configuring L2Tp

    Configuring L2TP Overview The Layer 2 Tunneling Protocol (L2TP) is the most widely used Virtual Private Dialup Network (VPDN) tunneling protocol. L2TP sets up point-to-point tunnels across a public network (for example, the Internet) and transmits encapsulated PPP frames (L2TP packets) over the tunnels. With L2TP, remote users (for example, remote branches and mobile workers) can access the corporate intranets through L2TP tunnels after connecting to a public network by using PPP.

  • Page 14: L2Tp Message Types And Encapsulation Structure

    L2TP message types and encapsulation structure L2TP uses the following types of messages: • Control messages—Used to establish, maintain, and delete L2TP tunnels and sessions. Control messages are transmitted over a reliable control channel, which supports flow control and congestion control. Data messages—Used to encapsulate PPP frames, as shown in Figure 8.
  • Page 15 Figure 10 NAS-initiated tunneling mode A NAS-initiated tunnel has the following characteristics: The remote system only needs to support PPP, and does not need to support L2TP. • • Authentication and accounting of the remote system can be implemented on the LAC or the LNS. Figure 11 Establishment process for NAS-initiated tunnels Remote system RADIUS server A...
  • Page 16 The LAC sends the authentication information (username and password) to its RADIUS server (RADIUS server A) for authentication. RADIUS server A authenticates the user and returns the result. If the user passes the authentication and the user is determined to be an L2TP user according to the username or the ISP domain to which the user belongs, the LAC initiates an L2TP tunneling request to the LNS (Device B).
  • Page 17 As shown in Figure 13, the workflow for establishing a client-initiated tunnel is similar to that for establishing a NAS-initiated tunnel. (Details not shown.) Figure 13 Establishment process for client-initiated tunnels LAC client RADIUS server Host A Device A (1) Tunnel setup request (2) CHAP authentication (challenge/response) (3) Setup a session (4) LCP negotiation and user authentication...

  • Page 18: L2Tp Features

    Figure 15 Establishment process for LAC-auto-initiated tunnels L2TP features Flexible identity authentication mechanism and high security—L2TP by itself does not provide • security for connections. However, it has all the security features of PPP and allows for PPP authentication (CHAP or PAP). L2TP can also cooperate with IPsec to guarantee data security, strengthening the guard against attacks for tunneled data.

  • Page 19: Protocols And Standards

    Table 1 Tunnel attributes that can be issued by the RADIUS server Attribute number Attribute name Description Tunnel-Type Tunnel type, which can only be L2TP. Transmission medium type for the tunnel, which can Tunnel-Medium-Type only be IPv4. Tunnel-Server-Endpoint IP address of the LNS. Tunnel-Password Key used to authenticate a peer of the tunnel.

  • Page 20: Configuring Basic L2Tp Capabilities

    Tasks at a glance Remarks Configuring an LAC The first task is required for • (Required.) Configuring an LAC to initiate tunneling requests for a NAS-initiated mode and specified user unnecessary for LAC-auto-initiated • mode. (Required.) Specifying LNS IP addresses •...

  • Page 21: Configuring An Lac

    Configuring the local tunnel name—The local tunnel name identifies the tunnel at the local end • during tunnel negotiation between an LAC and an LNS. To configure basic L2TP capabilities: Step Command Remarks Enter system view. system-view Enable L2TP. l2tp enable By default, L2TP is disabled.

  • Page 22: Specifying Lns Ip Addresses

    Specifying LNS IP addresses You can specify up to five LNS IP addresses. The LAC initiates an L2TP tunneling request to its specified LNSs consecutively in their configuration order until it receives an acknowledgement from an LNS, which then becomes the tunnel peer. To specify LNS IP addresses: Step Command...

  • Page 23: Configuring An Lac To Automatically Establish An L2Tp Tunnel

    For more information about configuring AAA authentication, see Security Configuration Guide. To enable AAA authentication on an LAC, you also need to configure the authentication type of PPP users as PAP or CHAP on the user access interfaces. For information about configuring PAP or CHAP, see "Configuring PPP and MP."...

  • Page 24: Configuring An Lns

    Step Command Remarks (Optional.) Restore the default default settings for the interface. (Optional.) Bring up the undo shutdown By default, an interface is up. interface. Configuring an LNS An LNS responds to the tunneling requests from an LAC, authenticates users, and assigns IP addresses to users.

  • Page 25: Configuring User Authentication On An Lns

    Configuring user authentication on an LNS An LNS can be configured to authenticate a user that has passed authentication on the LAC to increase security. In this case, the user is authenticated twice: once on the LAC and once on the LNS. An L2TP tunnel can be established only when both authentications succeed.

  • Page 26: Configuring Aaa Authentication On An Lns

    LNS. The LNS then determines whether the user is valid according to the proxy authentication information received. If you do not expect the LNS to accept LCP negotiation parameters, configure this function to perform a new round of LCP negotiation between the LNS and the user. In this case, the LNS authenticates the user by using the authentication method configured on the corresponding VT interface.

  • Page 27: Setting The Hello Interval

    Step Command Remarks Enter system view. system-view l2tp-group group-number [ mode { lac Enter L2TP group view. | lns } ] Enable L2TP tunnel tunnel authentication Enabled by default. authentication. Configure the tunnel tunnel password { cipher | simple } By default, no key is configured.

  • Page 28: Configuring The Dscp Value Of L2Tp Packets

    Configuring the DSCP value of L2TP packets The Differentiated Services Code Point (DSCP) field is the first 6 bits of the IP ToS byte. This field marks the priority of IP packets for forwarding. This feature sets the DSCP value for the IP packet when L2TP encapsulates a PPP frame into an IP packet.

  • Page 29: L2Tp Configuration Examples

    Task Command display interface [ virtual-ppp ] [ brief [ down ] ] Display information about virtual PPP interfaces. display interface [ virtual-ppp [ interface-number ] ] [ brief [ description ] ] Disconnect a specified L2TP tunnel. reset l2tp tunnel { id tunnel-id | name remote-name } Clear the statistics for virtual PPP interfaces.
  • Page 30 # Create L2TP group 1 in LAC mode, configure the local tunnel name as LAC, specify PPP user vpdnuser as the condition for the LAC to initiate tunneling requests, and specify the LNS IP address as 1.1.2.2. [LAC] l2tp-group 1 mode lac [LAC-l2tp1] tunnel name LAC [LAC-l2tp1] user fullusername vpdnuser [LAC-l2tp1] lns-ip 1.1.2.2...

  • Page 31: Configuration Example For Client-Initiated L2Tp Tunnel

    Verifying the configuration # After the dial-up connection is established, the remote system can obtain an IP address (for example, 192.168.0.2) and can ping the private IP address of the LNS (192.168.0.1). # On the LNS, use the display l2tp tunnel command to check the established L2TP tunnels. [LNS] display l2tp tunnel LocalTID RemoteTID State Sessions RemoteAddress...
  • Page 32 [LNS-isp-system] quit # Enable L2TP. [LNS] l2tp enable # Create interface Virtual-Template 1, configure its IP address as 192.168.0.1/24 and PPP authentication as CHAP, and specify 192.168.0.2 as the IP address to be allocated to the PPP user. [LNS] interface virtual-template 1 [LNS-virtual-template1] ip address 192.168.0.1 255.255.255.0 [LNS-virtual-template1] ppp authentication-mode chap domain system [LNS-virtual-template1] remote address 192.168.0.2...

  • Page 33: Configuration Example For Lac-Auto-Initiated L2Tp Tunnel

    Configuration example for LAC-auto-initiated L2TP tunnel Network requirements As shown in Figure 18, in LAC-auto-initiated mode, before a PPP user initiates a connection to the LAC, the LAC initiates an L2TP tunnel with the LNS. When the PPP user initiates a connection, it uses the established tunnel to access the corporate network.
  • Page 34 # Configure a static route so that packets destined for the PPP user will be forwarded through the L2TP tunnel. [LNS] ip route-static 10.2.0.0 16 192.168.0.2 Configure the LAC: # Configure IP addresses for the interfaces. (Details not shown.) # Enable L2TP. <LAC>...

  • Page 35: Troubleshooting L2Tp

    56 bytes from 10.2.0.1: icmp_seq=1 ttl=128 time=1.000 ms 56 bytes from 10.2.0.1: icmp_seq=2 ttl=128 time=1.000 ms 56 bytes from 10.2.0.1: icmp_seq=3 ttl=128 time=1.000 ms 56 bytes from 10.2.0.1: icmp_seq=4 ttl=128 time=1.000 ms --- Ping statistics for 10.2.0.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 1.000/1.000/1.000/0.000 ms Troubleshooting L2TP Symptom 1: Failure to access the corporate intranet...

  • Page 36: Configuring Ddr

    Configuring DDR Overview A router uses dial-on-demand routing (DDR) to set up a connection when communication needs arise and to tear down the connection when the communication is complete. DDR is a dialup technology used when routers interconnect through a public switched network. It can provide the dial-on-demand service in which any two routers dial to set up a connection when data needs transferring instead of setting up a connection before that.

  • Page 37: Configuring An Interface To Place Calls For Bundle Ddr

    Interesting packets—Permitted protocol packets or packets that match a permit statement of an ACL. • When receiving such a packet, DDR either sends it out if a link is present and resets the idle-timeout timer, or originates a new call to set up a link if no link is present. •...

  • Page 38: Configuring Attributes For A Dialer Interface

    Step Command Remarks Return to system view. quit interface interface-type Enter physical interface view. interface-number By default, a physical interface does not belong to any dialer bundle. Assign the physical interface dialer bundle-member Make sure the number arguments in the to the specified dialer bundle.

  • Page 39: Support And Other Resources

    Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...

  • Page 40: Conventions

    Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
  • Page 41 Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 42: Index

    Configuring basic L2TP capabilities,16 PPPoE client,2 Configuring link layer/network/routing protocols on a PPPoE client configuration examples,5 dialer interface,32 PPPoE network structure,1 Configuring optional L2TP parameters,22 Contacting HP,35 Related information,35 Conventions,36 Troubleshooting L2TP,31 Displaying and maintaining L2TP,24 Displaying and maintaining PPPoE,5...

Table of Contents