Portal Authentication Across Vpns; Configuration Task List - HP 10500 Series Configuration Manual

8. The access device sends an authentication reply to the portal server. This reply carries the
EAP-Success message in the EAP-Message attribute.
9. The portal server notifies the authentication client of the authentication success.
10. The portal server sends an authentication reply acknowledgment to the access device.
The remaining steps are for extended portal authentication. For more information, see the portal
authentication process with CHAP/PAP authentication.

Portal authentication across VPNs

This feature does not apply to VPNs with overlapping address spaces.
Use portal authentication across MPLS VPNs in cases where branches belong to different VPNs that are
isolated from each other and all portal users in the branches must be authenticated by the server at the
headquarters. As shown in
NAS is configured with portal authentication and AAA authentication, both of which support
authentication across VPNs. The NAS can transmit a client's portal authentication packets in a VPN
transparently through the MPLS backbone to the servers in another VPN. This feature implements
centralized client authentication across different VPNs while ensuring the separation of packets of
different VPNs.
Figure 54 Network diagram for portal authentication across VPNs
VPN 1
Host
VPN 2
Host
Portal authentication configured on MCE devices can also support authentication across VPNs. For
information about MCE, see MPLS Configuration Guide.
For information about AAA implementation across VPNs, see

Configuration task list

Task
Specifying the portal server
Enabling portal authentication
Figure 54, the PE connecting the authentication clients serves as the NAS. The
CE
NAS
PE
CE
MPLS backbone
PE
P
131
VPN 3
AAA
server
CE
Portal server
"Configuring AAA."
Remarks
Required.
Required.