tunnel password

Function

The tunnel password command specifies a password for tunnel authentication.

The undo tunnel password command deletes the password.

By default, tunnel authentication is enabled, and no password is used.

This command is supported only on the NetEngine 8000 F1A.

Format

tunnel password [ lns-ip lns-ip-address ] { simple password | cipher cipher-password }

undo tunnel password

undo tunnel password lns-ip lns-ip-address

Parameters

Parameter	Description	Value
lns-ip lns-ip-address	Specifies the IP address of an LNS.	-
simple password	Specifies a password in simple text. When configuring an authentication password, select the ciphertext mode because the password is saved in configuration files in plaintext if you select simple mode, which has a high risk. To ensure device security, change the password periodically.	-
cipher cipher-password	Specifies a password in ciphertext.	-

Parameter

Description

Value

lns-ip lns-ip-address

Specifies the IP address of an LNS.

simple password

Specifies a password in simple text.

When configuring an authentication password, select the ciphertext mode because the password is saved in configuration files in plaintext if you select simple mode, which has a high risk. To ensure device security, change the password periodically.

cipher cipher-password

Specifies a password in ciphertext.

Views

L2TP group view

Default Level

2: Configuration level

Task Name and Operations

Task Name	Operations
l2tp	write

Usage Guidelines

Usage Scenario

For the sake of security, it is recommended to enable the tunnel authentication.When configuring an authentication password, select the ciphertext mode because the password is saved in configuration files in simple text if you select simple text mode, which has a high risk. To ensure device security, change the password periodically.

If the tunnel authentication is enabled on LAC side or LNS side, the other end must also be enabled with authentication.

To configure a tunnel password based on a specified LNS IP addresses, specify the lns-ip parameter.

Precautions

When you configure a tunnel password based on an LNS IP address, the LNS IP address must be that configured using the start l2tp ip ip-address command. Otherwise, the configuration does not take effect.

If the weak password dictionary has been loaded during configuration of the tunnel password command, a weak password check is performed. If the configured password is a weak password, an error message will be displayed indicating that the command fails to be delivered.

Example

# Set the password of tunnel authentication as huawei_123 in cipher text.

<HUAWEI> system-view
[~HUAWEI] l2tp-group 1
[*HUAWEI-l2tp-1] tunnel password cipher huawei_123

# Set the password for tunnel authentication to match weak passwords.

<~HUAWEI> system-view
[~HUAWEI] l2tp-group test
[~HUAWEI-l2tp-test] tunnel password simple huawei_123

# Set the tunnel authentication password of the specified LNS IP to match the weak password.

<~HUAWEI> system-view
[~HUAWEI] l2tp-group test
[~HUAWEI-l2tp-test] tunnel password lns-ip 1.1.1.1 simple huawei_123