trust vpn-instance access-interface

Usage Scenario

By default, a domain does not have the coexistence between public and private network users or the coexistence between VPN users in different VPN instances. After you configure the trust vpn-instance access-interface command, the device trusts the VPN instance bound to the BAS interface rather than that bound to the domain. If a VPN instance is bound to the BAS interface through which Layer 2 users go online, the device uses the users' domain names to obtain IP addresses from the IP address pool bound to the VPN instance in the domain. If no VPN instance is bound to the BAS interface through which Layer 2 users go online, the device uses the users' domain names to obtain IP addresses from the IP address pool that is not bound to any VPN instance in the domain. Private IP address pools are bound to VPN instances and traffic is forwarded through VPN routes. Public IP address pools are not bound to any VPN instance and traffic is forwarded through public network routes.

Precautions

This command is supported only on the admin VS.

The trust vpn-instance access-interface command takes effect only to Layer 2 common users and static users.

For VPN users, run the vpn-instance command on the BAS interface through which VPN users go online to bind a VPN instance to the BAS interface. Note that the VPN instance bound to the BAS interface must be the same as a VPN instance bound to an IP address pool.

If a RADIUS server delivers a VPN instance and another VPN instance is bound to a BAS interface, the device preferentially trusts the VPN instance delivered by the RADIUS server.