28
Release 0306P07
This release has the following changes:
New feature: L2TP-based EAD
New feature: CFD configuration
Modified feature: Support using dots in user profile name
Modified feature: Default size of the TCP receive and send buffer
Modified feature: Support for obtaining fan tray and power module vendor information through MIB
Modified feature: Supporting per-packet load sharing
Modified feature: Automatic configuration
Modified feature: Software image signature
New feature: L2TP-based EAD
Enabling L2TP-based EAD
EAD authenticates PPP users that pass the access authentication. PPP users that pass EAD
authentication can access network resources. PPP users that fail EAD authentication can only
access the resources in the quarantine areas.
EAD uses the following procedure:
1. The iNode client uses L2TP to access the LNS. After the client passes the PPP authentication,
the CAMS/IMC server assigns isolation ACLs to the LNS. The LNS uses the isolation ACLs to
filter incoming packets.
2. After the IPCP negotiation, the LNS sends the IP address of the CAMS/IMC server to the iNode
client. The server IP address is permitted by the isolation ACLs.
3. The CAMS/IMC sever authenticates the iNode client and performs security check for the iNode
client. If the iNode client passes security check, the CAMS/IMC server assigns security ACLs
for the iNode client to the LNS. The iNode client can access network resources.
To enable L2TP-based EAD:
32. Enter system view.
system-view
N/A
33. Create a VT interface and
enter its view
interface virtual-template
virtual-template-number
N/A
34. Enable L2TP-based EAD.
ppp access-control enable
By default, L2TP-based EAD is
disabled.
To Next Page
Loading...
Need help?
General
