Manualshelf

R2511-HP MSR Router Series Security Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router
301302303304305306307308309310
296
8. The access device sends an authentication reply to the portal server. This reply carries the
EAP-Success message in the EAP-Message attribute.
9. The portal server notifies the authentication client of the authentication success.
10. The portal server sends an authentication reply acknowledgment to the access device.
The remaining steps are for extended portal authentication. For more information about the steps, see the
portal authentication process with CHAP/PAP authentication.
Portal authentication across VPNs
Use portal authentication across MPLS VPNs in cases where branches belong to different VPNs that are
isolated from each other, and all portal users in the branches need to be authenticated by the server at
the headquarters. As shown in Figure 91, the P
E connecting the authentication clients serves as the NAS.
The NAS is configured with portal authentication and AAA authentication, both of which support
authentication across VPNs. The NAS can transmit a client's portal authentication packets in a VPN
transparently through the MPLS backbone to the servers in another VPN. This feature implements
centralized client authentication across different VPNs while ensuring the separation of packets of the
different VPNs.
This feature is not applicable to VPNs with overlapping address spaces.
Figure 91 Network diagram for portal authentication across VPNs
Portal authentication configured on MCE devices can also support authentication across VPNs. For
information about MCE, see MPLS Configuration Guide.
For information about AAA implementation across VPNs, see "Configuring AAA."
Portal configuration task list
Task Remarks
Specifying the local portal server for Layer 2 portal authentication Required.
Configuring the local
portal server
Customizing authentication pages Optional.
Configuring the local portal server Required.
Enabling Layer 2 portal authentication Required.
Controlling access of
portal users
Configuring a portal-free rule
Optional.
Setting the maximum number of online portal users
P
MPLS backbone
PE
PE
CE
CE
CE
VPN 1
VPN 2
VPN 3
AAA
server
Portal server
Host
Host
NAS