L2Tp-Based Ead Configuration Example; Network Requirements - H3C SR6600 Configuration Manual

Ensure that the ACLs to be assigned by the authentication server are configured
appropriately on the LNS device. An empty ACL or incorrect ACL rules can cause EAD
authentication to fail.
You can configure different ACLs for different hosts. The router filters packets of a host
according to the corresponding ACL.
It is recommended to deploy this function for remote clients across the Internet. For
LAN users, it is recommended to use portal authentication instead.
For information about packet filtering firewall, see Firewall in the Security
Configuration Guide.
For information about AAA and RADIUS, see AAA in the Security Configuration Guide.
For information about portal, see Portal in the Security Configuration Guide.

L2TP-Based EAD Configuration Example

Network Requirements

As shown in
In the public network, the Host communicates with the LNS at Layer 3 through an L2TP
tunnel.
The intranet is on network segment 10.100.0.0/24.
Both the security policy server and the RADIUS server are hosted by the CAMS/iMC
platform, whose IP address is 10.110.91.146/24.
The virus and patch server is in the quarantined area, and its IP address is
10.22.2.2/24.
The client agent is in the quarantined area, and its IP address is 10.22.2.1/24.
The host is on the network segment 10.200.1.0/24.
It is required that the host must pass identity authentication and security authentication to
access the network resources. If the host fails the security authentication, it can access
only the virus and patch server.
Figure 5-1, configure the router to implement the EAD function:
5-94