No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Use Vlanif to achieve dual ADSL dial-up access

Publication Date:  2012-10-11 Views:  2 Downloads:  0
Issue Description
 
The USG2160 default only one Layer 3 interface, 8 LANs share a virtual Layer 3 interface. The user has dual ADSL to access. The network planning appears the difficulty that Layer 3 interface is not enough. 
Alarm Information
None
Handling Process
1. Doing dialer interface configuration
interface Dialer0
link-protocol ppp
ppp chap user shudm @ xmadsl
ppp chap password simple 123456
ppp pap local-user shudm @ xmadsl password simple 123456
ip address ppp-negotiate
dialer user shudm @ xmadsl
dialer bundle 1
 
interface Dialer1
link-protocol ppp
ppp chap user xmbsd @ xmadsl
ppp chap password simple 123456
ppp pap local-user xmbsd @ xmadsl password simple 123456
ip address ppp-negotiate
dialer user xmbsd @ xmadsl
dialer bundle 5

2. Because the dialer interface needs to be bonded to a Layer 3 interface, it needs two, but USG2160 only one, to consider use VLAN interfaces to achieve.
vlan 2
interface Ethernet1/0/0
port access vlan 2

3. Bonding the two dialer interfaces to Ethernet0/0/0 and Vlanif 2, successful.
interface Vlanif2
pppoe-client dial-bundle-number 1
interface Ethernet0/0/0
pppoe-client dial-bundle-number 5

4. Add the interface into the regional.
firewall zone untrust
set priority 5
  add interface Ethernet0/0/0
add interface Dialer0
 
firewall zone name untrust2
set priority 10
add interface Dialer1
add interface Vlanif2

5. Complete the network address translation configuration.
acl number 2000
rule 5 permit
 
acl number 3001
rule 5 permit ip
 
firewall interzone trust untrust
nat outbound 2000 interface Dialer0
 
firewall interzone trust untrust2
nat outbound 3001 interface Dialer1
 
6. The static routing and policy routing configuration
ip route-static 0.0.0.0 0.0.0.0 Dialer0
ip route-static 0.0.0.0 0.0.0.0 Dialer1 preference 70
 
 
acl number 3002
rule 10 permit ip source address-set adsl2 (neglect the addresses set configuration, adsl2 for all the even-numbered IP)
acl number 3003
rule 5 permit ip source address-set adsl1 (neglect the addresses set configuration, adsl1 for all the odd-numbered IP)
route-policy adsl permit node 5
if-match acl 3002
apply output-interface Dialer0
route-policy adsl permit node 10
if-match acl 3003
apply output-interface Dialer1

7. Check the results, the two dialer interfaces were successfully obtain IP, the Ethernet 0/0/0 interface and Vlanif 2 interface states are same.
[USG2160BSR] dis ip interface brief
* Down: administratively down
(L): loopback
(S): spoofing
Interface IP Address Physical Protocol Description
Dialer0 222.76.128.12 up up (s) Huawei Symantec,
Dialer1 125.77.223.2 up up (s) Huawei Symantec,
Ethernet0/0/0 unassigned up down Huawei Symantec,
Ethernet1/0/0 unassigned up down Huawei Symantec,
Ethernet1/0/1 unassigned up down Huawei Symantec,
Ethernet1/0/2 unassigned up down Huawei Symantec,
Ethernet1/0/3 unassigned up down Huawei Symantec,
Ethernet1/0/4 unassigned up down Huawei Symantec,
Ethernet1/0/5 unassigned up down Huawei Symantec,
Ethernet1/0/6 unassigned up down Huawei Symantec,
Ethernet1/0/7 unassigned up down Huawei Symantec,
Vlanif1 192.168.1.1 up up Huawei Symantec,
Vlanif2 unassigned up down Huawei Symantec,
Root Cause
1. USG2100 series firewall, standard configuration Layer 3 interfaces are too little;
2. Environment too special, you needn’t to add modules, achieve dual ADSL access.
Suggestions
None

END