No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Examples for NE and ME60 Routers in Typical Enterprise Scenarios 2.0

This document provides NE series routers typical configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Web, PPPoE, and Static Access Modes on the Same Network

Example for Configuring Web, PPPoE, and Static Access Modes on the Same Network

This section provides an example for configuring web, PPPoE, and static access modes on the same network.

Applicable Products and Versions

This configuration example applies to NE40E/ME60 series products running V600R008C10 or later.

Networking Requirements

On the network shown in Figure 1-11, configure web, PPPoE, and static access modes. The configurations include:
  • Configure web access to allow a user to access the network. After the user goes online, the user information can be viewed on the device, and charging information of the user is generated on a RADIUS server.

  • Configure PPPoE access to allow a user to access the network. After the user goes online, the user information can be viewed on the device, and charging information of the user is generated on a RADIUS server.

  • Configure static access to allow a user to access the network. After the user goes online, the user information can be viewed on the device, and charging information of the user is generated on a RADIUS server.

Figure 1-11  Configuring web, PPPoE, and static access modes on the same network
Table 1-23  Data Preparation

Device

Item

Data

Device

IP address of the RADIUS authentication server

172.16.45.220

Gateway IP address

10.0.0.1

IP address of the web authentication server

192.168.10.2

IP address of the portal server

192.168.10.2

Configuration Roadmap

  1. Configure web authentication.

  2. Configure PPPoE access.

  3. Configure static access.

Procedure

  1. Configure web access.

    # 
    //Configure a RADIUS server.
    radius-server group radius
     radius-server authentication 172.16.45.220 1812 weight 0
     radius-server accounting 172.16.45.220 1813 weight 0
    radius-server shared-key Huawei
    #
    //Configure an address pool.
    ip pool pool1 bas local
     gateway 10.0.0.1 255.255.255.0
     section 0 10.0.0.2 10.0.0.200
    #
    //Configure a web server.
    web-auth-server 192.168.10.2 port 50100 key simple huawei
    //Configure a pre-authentication domain.
    user-group preweb     
    #
    aaa
     http-redirect enable
     authentication-scheme none
      authentication-mode none
     #
     accounting-scheme none
      accounting-mode none
     #
     domain preweb
      authentication-scheme none
      accounting-scheme none
      ip-pool pool1
    user-group preweb
      web-server 192.168.10.2
      web-server url http://192.168.10.2
     #
    #
    //Limit the resources available to the user when the user is in the pre-authentication domain.
    acl number 6000    
     rule 5 permit ip source user-group preweb destination ip-address 127.0.0.1 0
     rule 15 permit ip source ip-address 127.0.0.1 0 destination user-group preweb
     rule 20 permit ip source user-group preweb destination ip-address 192.168.10.2 0
     rule 25 permit ip source ip-address 192.168.10.2 0 destination user-group preweb
    #
    acl number 6001   
     rule 5 permit tcp source user-group preweb destination-port eq www
     rule 10 permit tcp source user-group preweb destination-port eq 8080
    #
    acl number 6002   
     rule 5 permit ip source ip-address any destination user-group preweb
     rule 10 permit ip source user-group preweb destination ip-address any
    #
    traffic classifier web-deny operator or   
     if-match acl 6002
    traffic classifier web-permit operator or
     if-match acl 6000
    traffic classifier preweb operator or
     if-match acl 6001
    #
    traffic behavior web-deny
     deny
    traffic behavior web-permit
    traffic behavior preweb
     http-redirect
    #
    traffic policy preweb
     share-mode
    //Allow the access to the web server.
     classifier web-permit behavior web-permit   
    //Enable the device to redirect a user to the web authentication page when the user enters an HTTP address.
     classifier preweb behavior preweb    
    //Configure the device to deny other traffic.
     classifier web-deny behavior web-deny 
    #
    traffic-policy preweb inbound
    //Configure an authentication domain.
    aaa
    domain jyc
      authentication-scheme radius
      accounting-scheme radius
      radius-server group radius
      portal-server 192.168.10.2
      portal-server url http://192.168.10.2/portal/admin
    //Configure an authentication interface.
    interface GigabitEthernet0/1/1
     bas
     #
    //Configure an authentication domain (this configuration is not needed if manual input of an authentication domain is configured using the access-type layer2-subscriber default-domain pre-authentication preweb access-type command). 
    access-type layer2-subscriber default-domain pre-authentication preweb authentication jyc  
      authentication-method web ppp
     #
    #
    //Configure a QoS profile to limit the traffic rates.
    qos-profile 1M
     car cir 1000 cbs 1000 green pass red discard
    #
    aaa
     domain jyc
      qos-profile 1M inbound
      qos-profile 1M outbound
    

  2. Configure PPPoE access.

    //Configure an address pool that does not contain the IP addresses of static users.
    ip pool pool1 bas local
     gateway 10.0.0.1 255.255.255.0
     section 0 10.0.0.2 10.0.0.200
     excluded-ip-address 10.0.0.101
    //Configure PPPoE authentication on a BAS interface. Enable ARP packet trigger on the BAS interface.
    interface GigabitEthernet0/1/1
     bas
      authentication-method ppp web  
      arp-trigger   
    

  3. Configure static access.

    //Configure the methods for obtaining the default user name and password.
    aaa
     default-user-name include ip-address //Indicates that the device uses the IP address contained in an access request packet as the user name.
     default-password cipher Root@123  
    //Configure a static user.
    static-user 10.0.0.101 10.0.0.101 gateway 10.0.0.1 interface GigabitEthernet0/1/1 mac-address 2c27-d724-1649 domain-name jyc

  4. Verify the configuration.

    • Run the display access-user domain preweb command to check information about online users of the specified domain.

Updated: 2019-05-16

Document ID: EDOC1000120969

Views: 25915

Downloads: 872

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next