Questo sito utilizza cookie di profilazione (propri e di terze parti) per ottimizzare la tua esperienza online e per inviarti pubblicità in linea con le tue preferenze. Continuando a utilizzare questo sito senza modificare le tue preferenze acconsenti all’uso dei cookie. Se vuoi saperne di più o negare il consenso a tutti o ad alcuni cookie clicca qui>
The website that you are visiting also provides Arabian language. Do you wish to switch language version?
يوفر موقع الويب الذي تزوره المحتوى باللغة العربية أيضًا. هل ترغب في تبديل إصدار اللغة؟
The website that you are visiting also provides Russia language Do you wish to switch language version?
Данный сайт есть в английской версии. Желаете ли Вы перейти на английскую версию?
It is well-known that 8090 product (ne40e/80e/5000e/cx600) can be authenticated and authorized by hwtacacs server located in mpls vpn as there are commands to associate hwtacacs-server and vpn-instance such as follows:
hwtacacs-server authentication ip-address [ port ] [ vpn-instance vpn-instance-name ]
hwtacacs-server authorization ip-address [ port ] [ vpn-instance vpn-instance-name ]
But 8011 product (ne40/80) are earlier high-end routers which don’t support association of hwtacacs-server and vpn-instance, so we provide the following solution.
1. Choose two idle interfaces of LPU board, and connect them directly by cable or fiber.
ip address 18.104.22.168 255.255.255.252
ip binding vpn-instance hwtacacs
ip address 22.214.171.124 255.255.255.252
hwtacacs-server template test1
hwtacacs-server source-ip 126.96.36.199
2. Add the route to server ip 188.8.131.52/32, the next hop is 184.108.40.206, so server packets can be sent to vpn-instance.
ip route-static 220.127.116.11 255.255.255.255 18.104.22.168
As the above solution, the protocol packets to hwtacacs server will be sent out from ethernet0/0/0 and will come back from ethernet0/0/1, the packets are successfully imported to vpn-instance. ne40/80 can ping hwtacacs server directly according to public routing table and can be authenticated and authorized by hwtacacs server located in mpls vpn successfully.
1. This solution is only available for routing-mode LPU board but not available for switching-mode LPU, because the two looped interfaces of switching-mode LPU will learn mac-address from each other but they share the same mac-address.
2. This solution is also applicable for radius server located in vpn-instance.