Aaa For Mpls L3Vpns; Protocols And Standards - HP 6125XLG Configuration Manual

authorized commands. For more information about command accounting, see Fundamentals
Configuration Guide.
User role authentication—Authenticates each user who wants to obtain a temporary user role
•
without logging out or getting disconnected. For more information about temporary user role
authorization, see Fundamentals Configuration Guide.

AAA for MPLS L3VPNs

In an MPLS L3VPN scenario where clients in different VPNs are centrally authenticated, you can deploy
AAA across VPNs to enable forwarding of RADIUS and HWTACACS packets across MPLS VPNs. For
example, in the network shown in
multi-VPN-instance CE (MCE) at the left side of the MPLS backbone serves as a NAS and transparently
delivers the AAA packets of private users in VPN 1 and VPN 2 to the AAA servers in VPN 3 for
centralized authentication. Authentication packets of private users in different VPNs do not affect each
other.
Figure 9 Network diagram

Protocols and standards

The following protocols and standards are related to AAA, RADIUS, HWTACACS, and LDAP:
RFC 2865, Remote Authentication Dial In User Service (RADIUS)
•
RFC 2866, RADIUS Accounting
•
RFC 2867, RADIUS Accounting Modifications for Tunnel Protocol Support
•
• RFC 2868, RADIUS Attributes for Tunnel Protocol Support
RFC 2869, RADIUS Extensions
•
RFC 1492, An Access Control Protocol, Sometimes Called TACACS
•
RFC 1777, Lightweight Directory Access Protocol
•
RFC 2251, Lightweight Directory Access Protocol (v3)
•
Figure 9, you can deploy the AAA across VPNs feature, so that the
13