LNS Configuration 1613If you enable LCP negotiation but do not configure authentication for thecorresponding virtual interface template, the LNS will not perform additionauthentication of users (In this case, users are authenticated only once on the LAC)and will directly allocate addresses from the global address pool to the users.Follow these steps to specify to perform LCP negotiation with users:Configuring the LocalAddress and the AddressPool for AllocationAfter an L2TP tunnel is set up between an LAC and an LNS, the LNS needs toallocate an IP address from its address pool to a VPN user. Before specifying anaddress pool, use the ip pool command in system view or ISP domain view todefine the address pool. For detailed description about the ip pool command,refer to “AAA/RADIUS/HWTACACS Configuration” on page 1751. The systemprefers the address pool configured in domain view when allocating an IP addressto a VPN user.Follow these steps to configure a local address and address pool:To do... Use the command... RemarksEnter system view system-view -Enable L2TP l2tp enable RequiredDisabled by defaultCreate an L2TP group andenter its viewl2tp-group group-number RequiredBy default, no L2TP group iscreated.Specify to perform LCPnegotiation with usersmandatory-lcp RequiredBy default, an LNS does notperform LCP negotiation withusers.To do... Use the command... RemarksEnter system view system-view -Create a virtual interfacetemplate and enter its viewinterface virtual-templatevirtual-template-numberRequiredBy default, no virtual interfacetemplate exists.A virtual interface template isintended to provideparameters for virtualinterfaces to be dynamicallycreated by the router, such aslogical MP interfaces andlogical L2TP interfaces.Configure the local IP address ip address ip-address { mask |mask-length } [ sub ]RequiredConfigure the authenticationmode for PPP usersppp authentication-mode{ chap | pap } [ call-in |domain isp-name ]RequiredBy default, no authenticationis performed for PPP users.Specify the address pool forallocating an address to a VPNuserremote address { pool[ pool-number ] | ip-address }OptionalBy default, address pool 0 (thedefault address pool) is used.