ME60认证接口下如何管理汇聚设备管理地址

发布时间:  2016-06-23 浏览次数:  169 下载次数:  0
问题描述

ME60 BAS子接口下接入汇聚交换机,如何管理汇聚设备设备管理地址使其能够与管理网络通信。

解决方案

ME60侧配置:

1.配置管理网段认证方案
[HUAWEI] aaa
[HUAWEI-aaa] authentication-scheme local
[HUAWEI-aaa-authen-local] authentication-mode none
[HUAWEI-aaa-authen-local] quit
2.配置管理网段地址池
[HUAWEI] ip pool pool1 bas local
[HUAWEI-ip-pool-pool1] gateway 172.192.0.1 255.255.255.0
[HUAWEI-ip-pool-pool1] section 0 172.192.0.2 172.192.0.200
[HUAWEI-ip-pool-pool1] excluded-ip-address 172.192.0.8
[HUAWEI-ip-pool-pool1] quit
3.配置域
[HUAWEI] aaa
[HUAWEI-aaa] domain Net
[HUAWEI-aaa-domain-Net] authentication-scheme local
[HUAWEI-aaa-domain-Net] accounting-scheme default0
[HUAWEI-aaa-domain-Net] ip-pool pool1
[HUAWEI-aaa-domain-Net] quit
[HUAWEI-aaa] quit
4.配置BAS管理网段子接口
[HUAWEI-GigabitEthernet7/0/2] interface GigabitEthernet 7/0/2.1000
[HUAWEI-GigabitEthernet7/0/2.1000] user-vlan 1000
[HUAWEI-GigabitEthernet7/0/2.1000-vlan-1000-1000] quit
[HUAWEI-GigabitEthernet7/0/2.1000] bas
[HUAWEI-GigabitEthernet7/0/2.1000-bas] access-type layer2-subscriber
[HUAWEI-GigabitEthernet7/0/2.1000-bas] authentication-method bind
[HUAWEI-GigabitEthernet7/0/2.1000-bas] default-domain authentication isp1
[HUAWEI-GigabitEthernet7/0/2.1000-bas] ip-trigger
[HUAWEI-GigabitEthernet7/0/2.1000-bas] arp-trigger
[HUAWEI-GigabitEthernet7/0/2.1000-bas] quit
[HUAWEI-GigabitEthernet7/0/2.1000] quit
5.配置静态用户
[HUAWEI] static-user 172.192.0.100 gateway 172.192.0.1 interface GigabitEthernet 7/0/2.1000 vlan 1000 detect

 

汇聚交换机侧配置:

 
1.配置设备管理地址 
[HUAWEI]interface Vlanif1000
[HUAWEI-Vlanif1000]ip address 172.192.0.100 255.255.255.0 
[HUAWEI-Vlanif1000]quit 
2.配置设备缺省路由
[HUAWEI]ip route-static 0.0.0.0 0.0.0.0 172.192.0.1

END