l2tp enable

 l2tp domain suffix-separator @

#

interface Virtual-Template1

 ppp authentication-mode chap

 ip address 192.168.100.1 255.255.255.0

 remote address pool 0

 service-manage ping permit    (特别注意这条命令的填写否则设备后方的业务地址不通教训)

 service-manage telnet permit

#

firewall zone local

 set priority 100

#

firewall zone trust

 set priority 85

 add interface GigabitEthernet0/0/0

 add interface GigabitEthernet1/0/1

 add interface GigabitEthernet1/0/2

 add interface Virtual-Template1    (注意接口的安全区域的添加)

#

l2tp-group 1

 allow l2tp virtual-template 1

 tunnel password cipher password

 tunnel name lns                          

#

aaa

 #

 authorization-scheme default

 #

 domain default

  service-type access internetaccess

  ip pool 0 192.168.100.2 192.168.100.254   (分配地址池的添加注意在AAA 的模式下)

  reference user current-domain

  new-user deny-authentication

最后在页面上添加L2TP ××× 账号即可。利用华为自带的××× 客户端拨号即可。