trust vpn-instance framed-pool
Function
The trust vpn-instance framed-pool command configures a device to trust only the VPN instance bound to the address pool or address pool group that the RADIUS server uses to deliver IP addresses to Layer 2 users.
The undo trust vpn-instance framed-pool command restores the default configuration.
By default, the device trusts only the VPN instance bound to the domain to which Layer 2 users belong.
This command is supported only on the NetEngine 8000 F1A.
Usage Guidelines
Usage Scenario
By default, a domain cannot have both public and private network users or have users belonging to different VPN instances. To enable users belonging to different VPN instances or public and private network users access the network through the same BAS interface and coexist in the same domain, run the trust vpn-instance framed-pool command. After this command is run, the device trust only the VPN instance bound to the address pool or address pool group that the RADIUS server uses to deliver IP addresses.
Configuration Impact
By default, a device trusts only the VPN instance bound to a domain. After the trust vpn-instance access-interface command is configured, the device trusts only the VPN instance bound to the BAS interface.
After the trust vpn-instance framed-pool command is configured, the device trusts only the VPN instance bound to the address pool or address pool group that the RADIUS server uses to deliver IP addresses.Precautions
This command is supported only on the admin VS.
This command applies only to Layer 2 common users and static users. The VPN instance bound to the address pool or address pool group that the RADIUS server uses to deliver IP addresses has the highest priority, followed by the VPN instance bound to the BAS interface. The VPN instance bound to the domain has the lowest priority.Example
<HUAWEI> system-view [~HUAWEI] aaa [~HUAWEI-aaa] domain huawei [*HUAWEI-AAA-domain-huawei] commit [~HUAWEI-AAA-domain-huawei] trust vpn-instance framed-pool