l2tp-authorize

Function

The l2tp-authorize command configures domain name-based authorization for L2TP users.

The undo l2tp-authorize command cancels domain name-based authorization for L2TP users.

By default, L2TP users do not adopt domain name-based authorization.

This command is supported only on the NetEngine 8000 F1A.

Format

l2tp-authorize password { simple simple-password | cipher ciper-password }

undo l2tp-authorize

Parameters

Parameter	Description	Value
simple simple-password	Specifies a simple password. You are advised to configure your password in ciphertext mode.	The value is a case-sensitive string of 1 to 16 characters without such metacharacters as spaces and question marks.
cipher ciper-password	Specifies a password in ciphertext.	The value is a string of 1 to 128 case-sensitive characters if non-encrypted characters are entered. The value cannot include such metacharacters as spaces and question marks.

Parameter

Description

Value

simple simple-password

Specifies a simple password.

You are advised to configure your password in ciphertext mode.

The value is a case-sensitive string of 1 to 16 characters without such metacharacters as spaces and question marks.

cipher ciper-password

Specifies a password in ciphertext.

The value is a string of 1 to 128 case-sensitive characters if non-encrypted characters are entered. The value cannot include such metacharacters as spaces and question marks.

Views

AAA domain view

Default Level

2: Configuration level

Task Name and Operations

Task Name	Operations
l2tp	write

Usage Guidelines

Usage Scenario

After the l2tp-authorize command is run, the domain name, rather than each user name and password, is used to authorize L2TP users. This facilitates implementing batch services.

<cipher-password> is a case-sensitive string without such metacharacters as spaces and question marks that <cipher-password> can be in ciphertext or simple text. The simple password is a character string of 1 to 16 characters, for example, 1234567. The cipher password displayed as 1 to 128 characters.

Precautions

In VS mode, this command is supported only by the admin VS.
When configuring an authentication password, select the ciphertext mode. For security purposes, use an eight-character or longer password that contains at least two types of the following: uppercase letters, lowercase letters, digits, and special characters.
You are advised to configure your password in ciphertext mode and change it periodically.

Example

# Configure domain name-based authorization for the L2TP users in the domain named huawei.

<HUAWEI> system-view
[*HUAWEI] l2tp-group lac1
[*HUAWEI-l2tp-lac1] commit
[*HUAWEI-l2tp-lac1] quit
[~HUAWEI] aaa
[*HUAWEI-aaa] domain huawei
[*HUAWEI-aaa-domain-huawei] l2tp-group lac1
[*HUAWEI-aaa-domain-huawei] l2tp-authorize password cipher huawei_123