Aaa For Mpls L3Vpns; Protocols And Standards - HP FlexNetwork 10500 Series Security Configuration Manual

command authorization is enabled, command accounting enables the accounting server to
record all authorized commands. For more information about command accounting, see
Fundamentals Configuration Guide.
•
User role authentication—Authenticates each user who wants to obtain another user role
without logging out or getting disconnected. For more information about user role authentication,
see Fundamentals Configuration Guide.

AAA for MPLS L3VPNs

You can deploy AAA across VPNs in an MPLS L3VPN scenario where clients in different VPNs are
centrally authenticated. The deployment enables forwarding of RADIUS and HWTACACS packets
across MPLS VPNs. For example, as shown in
PE at the left side of the MPLS backbone acts as a NAS. The NAS transparently delivers the AAA
packets of private users in VPN 1 and VPN 2 to the AAA servers in VPN 3 for centralized
authentication. Authentication packets of private users in different VPNs do not affect each other.
Figure 9 Network diagram
This feature can also help an MCE to implement portal authentication for VPNs. For more
information about MCE, see MPLS Configuration Guide. For more information about portal
authentication, see

Protocols and standards

•
RFC 2865, Remote Authentication Dial In User Service (RADIUS)
•
RFC 2866, RADIUS Accounting
•
RFC 2867, RADIUS Accounting Modifications for Tunnel Protocol Support
•
RFC 2868, RADIUS Attributes for Tunnel Protocol Support
•
RFC 2869, RADIUS Extensions
•
RFC 5176, Dynamic Authorization Extensions to Remote Authentication Dial In User Service
(RADIUS)
•
RFC 1492, An Access Control Protocol, Sometimes Called TACACS
•
RFC 1777, Lightweight Directory Access Protocol
•
RFC 2251, Lightweight Directory Access Protocol (v3)
"Configuring portal authentication."
Figure 9, you can deploy AAA across the VPNs. The
13