140
Portal server: newpt
IP : 192.168.0.111
VPN instance : Not configured
Port : 50100
Server Detection : Timeout 40s Action: log
User synchronization : Timeout 600s
Status : Up
The Up status of the portal authentication server indicates that the portal authentication server is
reachable. If the access device detects that the portal authentication server is unreachable, the Status
field in the command output displays Down. The access device generates a server unreachable log
"Portal server newpt turns down from up" and disables portal authentication on the access interface, so
the host can access the external network without authentication.
Configuring cross-subnet portal authentication for MPLS
L3VPNs
Network requirements
As shown in Figure 64, the PE device Switch A provides portal authentication for the host in VPN 1. A
portal server in VPN 3 serves as the portal authentication server, portal Web server, and RADIUS server.
Configure cross-subnet portal authentication on Switch A, so the host can access Internet resources after
passing identity authentication.
Figure 64 Network diagram
Configuration prerequisites
• Before enabling portal authentication, configure the MPLS L3VPN function and specify VPN targets
for VPN 1 and VPN 3 so that VPN 1 and VPN 3 can communicate with each other. This example
describes only the access authentication configuration on the user-side PE. For information about
MPLS L3VPN configurations, see MPLS Configuration Guide.
• Configure the RADIUS server properly to provide authentication and accounting functions.
Configuration procedure
Perform the following tasks on Switch A.
1. Configure a RADIUS scheme:
# Create a RADIUS scheme named rs1 and enter its view.
<SwitchA> system-view
[SwitchA] radius scheme rs1
# Specify the VPN instance vpn3 for the RADIUS scheme.
To Next Page
Loading...
