Support For Mpls L3Vpn - H3C SR8800-F Configuration Manual

Access procedure for unclassified-IP users
Figure 144 Access procedure for unclassified-IP users
1. The host sends an IP packet to the BRAS.
2. The BRAS obtains user information from the IP packet, and matches the user information
against existing IPoE sessions.
If no match is found, the BRAS initiates an IPoE session for the user. (This section uses this
case as an example.)
If the information matches an authenticated session, the BRAS forwards the IP packet.
If the information matches an unauthenticated session, the BRAS discards the IP packet.
3. The BRAS sends the AAA server an access request containing the obtained information, such
as the source IP address or source MAC address.
4. The AAA server returns an access accept that contains authorization information if the
authentication succeeds. If the authentication fails, the AAA server returns a reject message.
5. The BRAS assigns a user profile and marks the IPoE session state as online.
6. The BRAS sends the AAA server a message to start the service accounting.
Access procedure for static and leased users
The access procedure for static users is the same as that for unclassified-IP users except in the
following aspects:
•
The IPoE static session is configured at the CLI.
•
The IPoE static session can be initiated by IP packets or ARP packets.
The access procedure for leased users is the same as that for unclassified-IP users except in the
following aspects:
•
The IPoE leased session is configured at the CLI.
•
The IPoE leased session does not need to be initiated by packets. Users are not required to
send IP packets to trigger authentication. The BRAS initiates user authentication based on the
configured username and password.

Support for MPLS L3VPN

IPoE supports MPLS L3VPN. It uses AAA to authorize VPNs for users. Before you bind a VPN
instance to an interface, you must delete existing IPoE sessions on the interface for the users to
communicate in their authorized VPNs.
389