EasyManuals Logo
Home>HPE>Network Router>FlexNetwork MSR Series

HPE FlexNetwork MSR Series Comware 5 Layer 2 - Wan Access Configuration Guide

HPE FlexNetwork MSR Series
420 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #292 background imageLoading...
Page #292 background image
281
Configuring L2TP-based EAD
Overview
When endpoint admission detection (EAD) is used, a PPP user that has passed access
authentication must also pass security authentication on the EAD server before accessing network
resources. If the security authentication fails, the user can access only the resources in the
quarantined area.
The following describes the detailed procedure:
1. The iNode client (the user host) connects to the LNS device through L2TP. After the client
passes PPP authentication, the CAMS/iMC server issues the isolation ACL to the device, which
will then filter packets from the client using the firewall function.
2. After the IP Control Protocol (IPCP) negotiation, the CAMS/iMC server notifies its IP address
(this IP address is permitted by the isolation ACL) to the iNode client through the device.
3. The CAMS/iMC server performs EAD authentication and security checks on the iNode client.
After the client passes the security authentication, the CAMS/iMC server issues a security ACL
to the device to allow the client to access network resources.
Make sure that the ACLs to be assigned by the authentication server are configured appropriately on
the LNS device. An empty ACL or incorrect ACL rules can cause EAD authentication to fail.
You can configure different ACLs for different hosts. The device filters packets of a host according to
the configured ACL.
L2TP-based EAD is usually used for remote users. For LAN users, deploy portal authentication.
For information about packet filtering firewalls, AAA and RADIUS, and portal authentication, see
HPE FlexNetwork MSR Router Series Comware 5 Security Configuration Guide.
Configuration procedure
Before configuring L2TP-based EAD, AAA, RADIUS, L2TP, packet filtering firewall, and PPP related
configurations must be complete.
To configure the L2TP-based EAD function:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Create a virtual template (VT)
interface and enter VT
interface view.
interface virtual-template
virtual-template-number
N/A
3. Enable the L2TP-based EAD
function.
ppp access-control enable
Disabled by default.
4. Specify the fragment match
mode for all packet filtering
firewalls on the virtual access
(VA) interfaces created on the
VT interface.
ppp access-control
match-fragments
{
exactly
|
normally
}
Optional.
Standard mode applies by
default.

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Configuration Guide
Configuration Guide861 pages
Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Security Configuration Guide
Comware 5 Security Configuration Guide547 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork MSR Series and is the answer not in the manual?

HPE FlexNetwork MSR Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork MSR Series
CategoryNetwork Router
LanguageEnglish

Related product manuals