To have a better experience, please upgrade your IE browser.upgrade
Questo sito utilizza cookie di profilazione (propri e di terze parti) per ottimizzare la tua esperienza online e per inviarti pubblicità in linea con le tue preferenze. Continuando a utilizzare questo sito senza modificare le tue preferenze acconsenti all’uso dei cookie. Se vuoi saperne di più o negare il consenso a tutti o ad alcuni cookie clicca qui>
The website that you are visiting also provides Arabian language. Do you wish to switch language version?
يوفر موقع الويب الذي تزوره المحتوى باللغة العربية أيضًا. هل ترغب في تبديل إصدار اللغة؟
The website that you are visiting also provides Russia language Do you wish to switch language version?
Данный сайт есть в английской версии. Желаете ли Вы перейти на английскую версию?
It is well-known that 8090 product (ne40e/80e/5000e/cx600) can be authenticated and authorized by hwtacacs server located in mpls vpn as there are commands to associate hwtacacs-server and vpn-instance such as follows:
hwtacacs-server authentication ip-address [ port ] [ vpn-instance vpn-instance-name ]
hwtacacs-server authorization ip-address [ port ] [ vpn-instance vpn-instance-name ]
But 8011 product (ne40/80) are earlier high-end routers which don’t support association of hwtacacs-server and vpn-instance, so we provide the following solution.
1. Choose two idle interfaces of LPU board, and connect them directly by cable or fiber.
ip address 188.8.131.52 255.255.255.252
ip binding vpn-instance hwtacacs
ip address 184.108.40.206 255.255.255.252
hwtacacs-server template test1
hwtacacs-server source-ip 220.127.116.11
2. Add the route to server ip 18.104.22.168/32, the next hop is 22.214.171.124, so server packets can be sent to vpn-instance.
ip route-static 126.96.36.199 255.255.255.255 188.8.131.52
As the above solution, the protocol packets to hwtacacs server will be sent out from ethernet0/0/0 and will come back from ethernet0/0/1, the packets are successfully imported to vpn-instance. ne40/80 can ping hwtacacs server directly according to public routing table and can be authenticated and authorized by hwtacacs server located in mpls vpn successfully.
1. This solution is only available for routing-mode LPU board but not available for switching-mode LPU, because the two looped interfaces of switching-mode LPU will learn mac-address from each other but they share the same mac-address.
2. This solution is also applicable for radius server located in vpn-instance.