MPLS VPN Group Setup Information
As the campus moves towards full implementation of MPLS, individual VPN groups with small sets of IP addresses will be phased out. Unfortunately, departmental VPN groups were created in the past as a form of authorization to various networks and resources on those networks. This practice does not scale to a campus our size. Authorization to resouces is the responsibility of the resource owner and needs to be done at or near the resource.
UITS Secops will be creating VPN groups for each of the MPLS VRFs (buckets). The intent of this will be working in conjunction with the CATNET administrators to provide VPN groups that are automatically populated with NetIDs of the folks associated with each of the MPLS VRFs. These groups will be augmented with Netmgr's groups where DCCs and others with temporary NetIDs may be added. The automatically populated and Netmgr's groups will be combined so that every elligible NetID can be authenticated to use the MPLS VRF VPN group.