L2Tp-Based Ead Configuration; L2Tp-Based Ead Overview - H3C SR6600 Configuration Manual
Layer 2 – wan configuration
Hide thumbs
Also See for SR6600:
- Command reference manual (265 pages) ,
- Fundamentals configuration manual (184 pages) ,
- Configuration manual (143 pages)
Table of Contents
Advertisement
5
L2TP-Based EAD Configuration
The H3C SR6600 routers support L2TP-based EAD without the need of any configuration.
An SR6600 router determines whether to perform EAD authentication for an L2TP user
according to whether the router receives the isolation ACL and security ACL from the
CAMS/iMC server.
This chapter includes these sections:
L2TP-Based EAD Overview
L2TP-Based EAD Configuration Example
L2TP-Based EAD Overview
When EAD is used, a PPP user that has passed access authentication must also pass
security authentication on the EAD server before accessing network resources. If the
security authentication fails, the user can access only the resources in the quarantined
area.
The following describes the detailed procedure:
1) The iNode client (the user host) connects to the LNS device (a router) through L2TP.
After the client passes PPP authentication, the CAMS/iMC server issues the isolation
ACL to the router, which will then filter packets from the client using the firewall
function.
2) After the IP Control Protocol (IPCP) negotiation, the CAMS/iMC server notifies its IP
address (this IP address is permitted by the isolation ACL) to the iNode client through
the router.
3) The CAMS/iMC server performs EAD authentication and security check for the iNode
client. After the client passes the security authentication, the CAMS/iMC server issues
a security ACL to the router to allow the client to access network resources normally.
5-93
Advertisement
Table of Contents
Troubleshooting
