< Home

Applying a Virtual Network in the Free Mobility Scenario

A security group will be assigned to a user when the user connects to the network through an authentication device. When the user attempt to access resources on other devices, no further authentication and authorization are required. A key technology in the free mobility solution is to synchronize the association between users and security groups from a device to other devices, eliminating the need of authentication and authorization when the users access these devices. This technology saves authentication and authorization resources.

Figure 1 Carrying user group information in VXLAN packets in the free mobility scenario
  1. Establish VXLAN tunnels between VTEP1 and VTEP2 and between VTEP1 and VTEP3.
  2. A user accesses the network through Switch1. After the user is authenticated on VTEP2, the RADIUS server (controller) associates the user with a user group.
  3. Configure an ACL rule on VTEP3 to forbid the user group to access the mail server.
  4. When the user attempts to access the mail server, the request packet is sent to VTEP3 through the VXLAN tunnels. The corresponding user group information is matched in the ACL rule on VTEP3, so the user's access request is denied.
Parent Topic: Application Scenarios for VXLANs
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic