No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Examples for NE and ME60 Routers in Typical Enterprise Scenarios 2.0

This document provides NE series routers typical configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Dumb Terminal Access Based on a VLAN ID

Example for Configuring Dumb Terminal Access Based on a VLAN ID

This section provides an example for configuring dumb terminal access based on a VLAN ID.

Applicable Products and Versions

This configuration example applies to NE40E/ME60 series products running V800R010C00 or later.

Networking Requirements

Dumb terminals refer to printers and access control devices on a campus network. Generally, these devices are not assigned IP addresses. Dumb terminals access the Internet in static user mode, and authentication based on a sub-interface's VLAN ID is used.

On the network shown in Figure 1-22, the printer accesses the router through GE 0/1/2.1 in static user mode. The fixed IP address is 172.30.0.8.

Figure 1-22  Networking for configuring dumb terminal access based on a VLAN ID
NOTE:

Interface1 through Interface2 in this example are GE0/1/2.1,GE 0/1/1, respectively.



Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure an authentication scheme, with local authentication specified.

  2. Configure an address pool, with the IP address 172.30.0.8 reserved for the printer.

  3. Configure an authentication domain named printer.

  4. Configure a BAS interface, with the default authentication domain set to printer.

  5. Configure a static user.

Data Preparation

To complete the configuration, you need the following data:

  • Authentication scheme name and authentication mode

  • Address pool name, gateway address, and DNS server address

  • Domain name

  • BAS interface parameters

Procedure

  1. Configure an authentication scheme, with local authentication specified.

    [~HUAWEI] aaa
    [*HUAWEI-aaa] authentication-scheme local
    [*HUAWEI-aaa-authen-local] authentication-mode local
    [*HUAWEI-aaa-authen-local] commit
    [~HUAWEI-aaa-authen-local] quit

  2. Configure the user name format and password.

    [*HUAWEI-aaa] default-user-name include ip-address
    [*HUAWEI-aaa] default-password cipher Root@123
    [*HUAWEI-aaa] commit
    [~HUAWEI-aaa] quit

  3. Configure a local account.

    [*HUAWEI] local-aaa-server
    [*HUAWEI-local-aaa-server] user 172.30.0.8@printer password cipher Root@123 authentication-type b
    [*HUAWEI-local-aaa-server] commit
    [~HUAWEI-local-aaa-server] quit

  4. Configure an address pool.

    [*HUAWEI] ip pool pool1 bas local
    [*HUAWEI-ip-pool-pool1] gateway 172.30.0.1 255.255.255.0
    [*HUAWEI-ip-pool-pool1] section 0 172.30.0.2 172.30.0.200
    [*HUAWEI-ip-pool-pool1] excluded-ip-address 172.30.0.8
    [*HUAWEI-ip-pool-pool1] commit
    [~HUAWEI-ip-pool-pool1] quit

  5. Configure a domain.

    [~HUAWEI] aaa
    [~HUAWEI-aaa] domain printer
    [*HUAWEI-aaa-domain-isp1] authentication-scheme local
    [*HUAWEI-aaa-domain-isp1] accounting-scheme default0
    [*HUAWEI-aaa-domain-isp1] ip-pool pool1
    [*HUAWEI-aaa-domain-isp1] commit
    [~HUAWEI-aaa-domain-isp1] quit
    [~HUAWEI-aaa] quit

  6. Configure a BAS interface.

    [~HUAWEI] license
    [*HUAWEI-license]active bas slot 1
    [*HUAWEI-license] commit
    [~HUAWEI-license]quit
    [~HUAWEI] interface GigabitEthernet 0/1/2.1
    [*HUAWEI-GigabitEthernet0/1/2.1] user-vlan 100
    [~HUAWEI-GigabitEthernet0/1/2.1-vlan-100-100] quit
    [*HUAWEI-GigabitEthernet0/1/2.1] bas
    [*HUAWEI-GigabitEthernet0/1/2.1-bas] access-type layer2-subscriber
    [*HUAWEI-GigabitEthernet0/1/2.1-bas] default-domain authentication printer
    [*HUAWEI-GigabitEthernet0/1/2.1-bas] authentication-method bind
    [*HUAWEI-GigabitEthernet0/1/2.1-bas] ip-trigger
    [*HUAWEI-GigabitEthernet0/1/2.1-bas] arp-trigger
    [*HUAWEI-GigabitEthernet0/1/2.1-bas] commit
    [~HUAWEI-GigabitEthernet0/1/2.1-bas] quit
    [~HUAWEI-GigabitEthernet0/1/2.1] quit
    NOTE:

    In this example, binding authentication is configured. A user name and password for authentication are automatically generated. The automatically generated user name and password must be the same as the created local user name and password because local authentication is used. The user name and password configured using the default-user-name and default-password commands in the AAA view are used as the automatically generated user name and password. For details, see "Configuration Files."

  7. Configure a static user.

    [*HUAWEI] static-user 172.30.0.8 interface GigabitEthernet 0/1/2.1 vlan 100 detect
    [*HUAWEI] static-user detect interval 1
    [*HUAWEI] commit

  8. Verify the configuration.

    After completing the preceding configurations, run the display access-user domain command to check that the user in the domain goes online properly.

    [~HUAWEI] display access-user domain isp1
    ------------------------------------------------------------------------------
      UserID  Username                Interface      IP address       MAC          IPv6 address
      ------------------------------------------------------------------------------
      20      172.30.0.8@isp1        GE0/1/2.1      172.30.0.8      00e0-fc12-3456 -
      ------------------------------------------------------------------------------
      Total users                        : 1

Configuration Files

#
 sysname HUAWEI
#
license
 active bas slot 1
#
interface GigabitEthernet0/1/2.1
 user-vlan 100
 bas
  access-type layer2-subscriber  default-domain  authentication printer
  ip-trigger
  arp-trigger
  authentication-method  bind
#
ip pool pool1 bas local
 gateway 172.30.0.1 255.255.255.0
 section 0 172.30.0.2 172.30.0.200
 excluded-ip-address  172.30.0.8
#
aaa
 default-user-name include ip-address
 default-password cipher Root@123 
authentication-scheme  local
 authentication-mode local
domain  printer
 authentication-scheme   local
 accounting-scheme   default0
 ip-pool pool1
#
local-aaa-server
 user 172.30.0.8@isp1 password cipher Root@123 authentication-type B
#
 static-user 172.30.0.8 172.30.0.8 interface GigabitEthernet0/1/2.1 vlan 100 detect
 static-user detect interval 1
#
return
Updated: 2019-05-16

Document ID: EDOC1000120969

Views: 26256

Downloads: 879

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next