Layer 3 portal authentication across vpns, Network requirements, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual
Page 40
39
URL : http://192.168.0.111:8080/portal
Status : Up
Layer 3 Portal Authentication Across VPNs
Network requirements
As shown in
, Device A, as the PE device connecting the user side, needs to provide Layer 3
portal authentication for hosts in VPN 1 through communication with the RADIUS server and portal
server in VPN 3.
Figure 21 Network diagram for Layer 3 portal authentication across VPNs
Configuration procedure
NOTE:
•
Before enabling portal authentication, be sure to configure the MPLS L3VPN capabilities properly and
specify VPN targets for VPN 1 and VPN 3 so that VPN 1 and VPN 3 can communicate with each other.
This example gives only the access authentication configuration on the user-side PE.
•
Configure the RADIUS server properly to provide normal authentication/accounting functions for users.
Perform the following configuration on Device A:
Step1
Configure a RADIUS scheme
# Create a RADIUS scheme named rs1 and enter its view.
[DeviceA] radius scheme rs1
# Configure the VPN instance to which the RADIUS scheme belongs as vpn3.
[DeviceA-radius-rs1] vpn-instance vpn3
# Set the server type for the RADIUS scheme. When using the CAMS or iMC server, you need to set the
server type to extended.
[DeviceA-radius-rs1] server-type extended
# Specify the primary authentication server and primary accounting server, and configure the keys for
communication with the servers.
[DeviceA-radius-rs1] primary authentication 192.168.0.111
[DeviceA-radius-rs1] primary accounting 192.168.0.111
[DeviceA-radius-rs1] key accounting radius
[DeviceA-radius-rs1] key authentication radius
# Configure Device A to exclude the ISP domain name from the username sent to the RADIUS server.