| 摘要 |
A method of securely extending a protected network through secure relay of AAA information, when an isolated device lacks Layer 3 connectivity to an AAA infrastructure of the protected network, comprises receiving a first authentication message, from an isolated first network device, wherein the first authentication message is encapsulated in a first Layer 2 message, wherein the first authentication message seeks to authenticate a second network device using an authentication server, and wherein the second network device and the authentication server are within a protected network; extracting the first authentication message from the first Layer 2 message; forming a packet that includes the first authentication message; sending the packet with the extracted authentication message over a Layer 3 link to the authentication server, without modifying the extracted authentication message. Thus a network node within a protected network can relay AAA requests and responses between an isolated AAA client, encapsulated in Layer 2 messages, and an AAA server, in Layer 3 messages.
|
