No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Examples for NE and ME60 Routers in Typical Enterprise Scenarios 2.0

This document provides NE series routers typical configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring BAS and NAT Dual-Device Hot Backup

Example for Configuring BAS and NAT Dual-Device Hot Backup

This section provides an example for configuring BAS and NAT dual-device hot backup.

Applicable Products and Versions

This configuration applies to NE40E/ME60 series products running V600R008C10 or later.

Networking Requirements

In the traditional single-BRAS access scenario, if a link or node fails, services of all users are interrupted and the service recovery time is uncertain. Dual-device backup can be deployed to improve network reliability by enhancing service reliability. If a network fault occurs, the backup BRAS can quickly take over user services. And in this case, users are unaware of the network fault. As shown in Figure 1-10, two BRASs are connected to Ps in bypass mode. BRAS1 and BRAS2 work in hot backup mode, including BAS hot backup and NAT hot backup. In this manner, the following functions are implemented on the entire network:

  • Provides PPPoE dial-up access (including IPv4 and IPv6) authentication and accounting for home ADSL users and allocates private network addresses. When a user accesses the Internet, a BRAS performs NAT.
  • Provides Layer 3 BAS access authentication and accounting for small enterprise users, configures static routes to the intranet, and provides NAT for enterprise users to access the Internet.
  • Provides the DHCP server for IPTV users and address allocation and authentication for the STB DHCP requests of the lower-layer PE relay.
Figure 1-10  Networking of BAS and NAT dual-device hot backup
Table 1-22  Network planning data

Device

Item

Data

BRAS1

IP address of the Eth-Trunk 3.1 interface

10.1.1.21/30

IP address of the Eth-Trunk 4 interface

10.1.1.1/29

BRAS2

IP address of the Eth-Trunk 3.1 interface

10.1.1.31/30

IP address of the Eth-Trunk 4 interface

10.1.1.2/29

P1

IP address of the Eth-Trunk 13.1 interface

10.1.1.22/30

P2

IP address of the Eth-Trunk 13.1 interface

10.1.1.32/30

Configuration Roadmap

  1. The traffic of lower-layer users should be evenly distributed to two BRASs. Therefore, BRAS1 and BRAS2 must be configured to work in hot backup mode.

  2. BRAS1 and BRAS2 support mutual hot backup of HA. The Internet access traffic of lower-layer users is evenly distributed to the two BRASs for NAT. Normally, when BRAS1 is preferred for BAS of the lower-layer users, it is also preferred for NAT.

  3. Routes are configured so that the Internet return traffic of users who prefer BRAS1 for NAT is forwarded along the path of IGW-P1-BRAS1.

Procedure

  1. Configure BAS dual-device hot backup.

    # Configure BRAS1.

    #
    //Configure address pools. (ipv4_hsi_1 is primary on BRAS1, and ipv4_hsi_2 is secondary on BRAS1).
    #
    ip pool ipv4_hsi_1 bas local
     gateway 10.1.0.1 255.255.128.0
     section 0 10.1.0.2 10.1.127.254
     dns-server 172.16.3.3 192.168.8.8
    #
    ip pool ipv4_hsi_2 bas local rui-slave 
     gateway 10.1.128.1 255.255.128.0
     # LOCAL
       section 0 10.1.128.2 10.1.255.254
     # REMOTE
     dns-server 172.16.3.3 192.168.8.8
    #
    //Configuration interfaces.
    #
    interface LoopBack1
     description for RUI
     ip address 10.1.1.11 255.255.255.255
    #
    interface Eth-Trunk1
     description to P1 Eth-trunk 11 for access
     mode lacp-static
    #
    interface Eth-Trunk1.4000
     vlan-type dot1q 4000
     description for BRAS RUI
     ip address 10.0.253.2 255.255.255.248
     vrrp vrid 3 virtual-ip 10.0.253.1
     admin-vrrp vrid 3    
     vrrp vrid 3 priority 120
     vrrp vrid 3 preempt-mode timer delay 120
     vrrp vrid 3 track interface Eth-Trunk3.1 reduced 50  //Monitor the interface status.
     vrrp vrid 3 track bfd-session 2 peer  //Monitor the BFD session status.
     vrrp vrid 3 track service-location 1 reduced 50  //Monitor the status of the service location.
    #
    interface Eth-Trunk2
     description to P1 Eth-trunk 12 for access
     mode lacp-static
    #
    interface Eth-Trunk2.4000
     vlan-type dot1q 4000
     description for BRAS RUI
     ip address 10.0.253.10 255.255.255.248
     vrrp vrid 4 virtual-ip 10.0.253.9
     admin-vrrp vrid 4
     vrrp vrid 4 preempt-mode timer delay 120
     vrrp vrid 4 track interface Eth-Trunk3.1 reduced 50  
     vrrp vrid 4 track bfd-session 10 peer  
     vrrp vrid 4 track service-location 2 reduced 50  
    #
    interface Eth-Trunk4
     description to BRAS2 Eth-trunk 4
     ip address 10.1.1.1 255.255.255.248
    #
    //Configure routes.
    #
    ospf 1 router-id 10.1.1.11
    area 0.0.0.0
      network 10.1.1.0 0.0.0.7
      network 10.1.1.11 0.0.0.0
    #
    //Configure BFD sessions.
    #
    bfd bras_rui_1 bind peer-ip 10.0.253.3
     discriminator local 2
     discriminator remote 3
     min-tx-interval 100
     min-rx-interval 100
     commit
    #
    bfd bras_rui_2 bind peer-ip 10.0.253.11
     discriminator local 10
     discriminator remote 11
     min-tx-interval 100
     min-rx-interval 100
     commit
    #
    //Configure an RBS and RBPs.
    #
    remote-backup-service s1
     peer 10.1.1.12 source 10.1.1.11 port 2046
     track interface Eth-Trunk3    
     protect redirect ip-nexthop 10.1.1.2 interface Eth-Trunk4
     ip-pool ipv4_hsi_1 metric 10  //Configure the cost values of the address pools. The master address pool has a smaller cost value.
     ip-pool ipv4_hsi_2 metric 20
    #
    remote-backup-profile p1
     service-type bras
     backup-id 10 remote-backup-service s1
     peer-backup hot
     vrrp-id 3 interface Eth-Trunk1.4000
     nas logic-ip 10.51.250.250
    #
    remote-backup-profile p2
     service-type bras
     backup-id 20 remote-backup-service s1
     peer-backup hot
     vrrp-id 4 interface Eth-Trunk2.4000
     nas logic-ip 10.51.250.250
    #
    //Configure a domain.
    #
    aaa
     domain abc.com
      authentication-scheme radius
      accounting-scheme radius 
      ip-pool ipv4_hsi_1
      ip-pool ipv4_hsi_2
      dns primary-ip 172.16.3.3
      dns second-ip 192.168.8.8
      radius-server group aaa
      trust upstream default
      qos rate-limit-mode car inbound
      qos rate-limit-mode car outbound
      user-priority upstream trust-8021p-outer
    #
    //Configure BAS interfaces.
    #
    interface Eth-Trunk1.1
     pppoe-server bind Virtual-Template 1
     description for Home HSI user access 1
     user-vlan 1001 1030 qinq 10
     remote-backup-profile p1
     bas
     #
      access-type layer2-subscriber default-domain authentication abc.com
      client-option82
      option82-relay-mode dslam config-identify
      ip-trigger
      arp-trigger
     #
    #
    interface Eth-Trunk2.1
     pppoe-server bind Virtual-Template 1
     description for home HSI user access 2
     user-vlan 1031 1073 qinq 10
     remote-backup-profile p2
     bas
     #
      access-type layer2-subscriber default-domain authentication abc.com
      client-option82
      option82-relay-mode dslam config-identify
      ip-trigger
      arp-trigger
     #
    #
    

    # Configure BRAS2.

    #
    //Configure address pools. (ipv4_hsi_1 is primary on BRAS1, and ipv4_hsi_2 is secondary on BRAS1).
    #
    ip pool ipv4_hsi_1 bas local rui-slave
     gateway 10.1.0.1 255.255.128.0
    # LOCAL
       section 0 10.1.0.2 10.1.127.254
    # REMOTE
     dns-server 172.16.3.3 192.168.8.8
    #
    ip pool ipv4_hsi_2 bas local
     gateway 10.1.128.1 255.255.128.0
     section 0 10.1.128.2 10.1.255.254
     dns-server 172.16.3.3 192.168.8.8
    #
    //Configuration interfaces.
    #
    interface LoopBack1
     description for RUI
     ip address 10.1.1.12 255.255.255.255
    #
    interface Eth-Trunk1
     description to P2 Eth-trunk 11 for access
     mode lacp-static
    #
    interface Eth-Trunk1.4000
     vlan-type dot1q 4000
     description for BRAS RUI
     ip address 10.0.253.3 255.255.255.248
     vrrp vrid 3 virtual-ip 10.0.253.1
     admin-vrrp vrid 3
     vrrp vrid 3 preempt-mode timer delay 120
     vrrp vrid 3 track interface Eth-Trunk3.1 reduced 50  //Monitor the interface status.
     vrrp vrid 3 track bfd-session 3 peer  //Monitor the BFD session status.
     vrrp vrid 3 track service-location 1 reduced 50  //Monitor the status of the service location.
    #
    interface Eth-Trunk2
     description to P2 Eth-trunk 12 for access
     mode lacp-static
    #
    interface Eth-Trunk2.4000
     vlan-type dot1q 4000
     description for BRAS RUI
     ip address 10.0.253.11 255.255.255.248
     vrrp vrid 4 virtual-ip 10.0.253.9
     admin-vrrp vrid 4
     vrrp vrid 4 priority 120
     vrrp vrid 4 preempt-mode timer delay 120
     vrrp vrid 4 track interface Eth-Trunk3.1 reduced 50  
     vrrp vrid 4 track bfd-session 11 peer  
     vrrp vrid 4 track service-location 2 reduced 50  
     #
    interface Eth-Trunk4
     description to BRAS1 Eth-trunk 4
     ip address 10.1.1.2 255.255.255.248
    #
    //Configure routes.
    #
    ospf 1 router-id 10.1.1.12
    area 0.0.0.0
      network 10.1.1.0 0.0.0.7
      network 10.1.1.12 0.0.0.0
    #
    //Configure BFD sessions.
    #
    bfd bras_rui_1 bind peer-ip 10.0.253.2
     discriminator local 3
     discriminator remote 2
     min-tx-interval 100
     min-rx-interval 100
     commit
    #
    bfd bras_rui_2 bind peer-ip 10.0.253.10
     discriminator local 11
     discriminator remote 10
     min-tx-interval 100
     min-rx-interval 100
     commit
    #
    //Configure an RBS and RBPs.
    #
    remote-backup-service s1
     peer 10.1.1.11 source 10.1.1.12 port 2046
     track interface Eth-Trunk3    
     protect redirect ip-nexthop 10.1.1.1 interface Eth-Trunk4
     ip-pool ipv4_hsi_1 metric 20  //Configure the cost values of the address pools. The master address pool has a smaller cost value.
     ip-pool ipv4_hsi_2 metric 10
    #
    remote-backup-profile p1
     service-type bras
     backup-id 10 remote-backup-service s1
     peer-backup hot
     vrrp-id 3 interface Eth-Trunk1.4000
     nas logic-ip 10.51.250.250
    #
    remote-backup-profile p2
     service-type bras
     backup-id 20 remote-backup-service s1
     peer-backup hot
     vrrp-id 4 interface Eth-Trunk2.4000
     nas logic-ip 10.51.250.250
    #
    //Configure a domain.
    #
    aaa
     domain abc.com
      authentication-scheme radius
      accounting-scheme radius 
      ip-pool ipv4_hsi_1
      ip-pool ipv4_hsi_2
      dns primary-ip 172.16.3.3
      dns second-ip 192.168.8.8
      radius-server group aaa
      trust upstream default
      qos rate-limit-mode car inbound
      qos rate-limit-mode car outbound
      user-priority upstream trust-8021p-outer
    #
    //Configure BAS interfaces.
    #
    interface Eth-Trunk1.1
     pppoe-server bind Virtual-Template 1
     description for Home HSI user access 1
     user-vlan 1001 1030 qinq 10
     remote-backup-profile p1
     bas
     #
      access-type layer2-subscriber default-domain authentication abc.com
      client-option82
      option82-relay-mode dslam config-identify
      ip-trigger
      arp-trigger
     #
    #
    interface Eth-Trunk2.1
     pppoe-server bind Virtual-Template 1
     description for home HSI user access 2
     user-vlan 1031 1073 qinq 10
     remote-backup-profile p2
     bas
     #
      access-type layer2-subscriber default-domain authentication abc.com
      client-option82
      option82-relay-mode dslam config-identify
      ip-trigger
      arp-trigger
     #
    #
    

  2. Configure NAT dual-device hot backup.

    # Configure BRAS1.

    #
    //Configure user groups.
    #
     user-group hsi_1
     user-group hsi_2
    #
    //Configure ACL rules.
    #
    acl number 3001
     rule 5 permit ip source 10.1.0.0 0.0.255.255
     rule 10 permit ip source 10.5.0.0 0.0.255.255
    #
    acl number 6001
     rule 0 permit ip source user-group hsi_1
    #
    acl number 6002
     rule 0 permit ip source user-group hsi_2
    #
    //Configure traffic classifiers, NAT behavior, and NAT traffic policies, and apply the policies.
    #
    traffic classifier hsi_nat operator or
     if-match acl 6001
    traffic classifier hsi2_nat operator or
     if-match acl 6002
    #
    traffic behavior hsi_nat
     nat bind instance hsi
    traffic behavior hsi2_nat
     nat bind instance hsi2
    #
    traffic policy hsi_nat
     share-mode
     classifier hsi_nat behavior hsi_nat
     classifier hsi2_nat behavior hsi2_nat
    #
    traffic-policy hsi_nat inbound
    #
    //Configuration interfaces.
    #
    interface Eth-Trunk4
     description to BRAS2 Eth-trunk 4
     ip address 10.1.1.1 255.255.255.248
     vrrp vrid 1 virtual-ip 10.1.1.3
     admin-vrrp vrid 1 ignore-if-down
     vrrp vrid 1 priority 120
     vrrp vrid 1 preempt-mode timer delay 120
     vrrp vrid 1 track interface Eth-Trunk3.1 reduced 50  
     vrrp vrid 1 track service-location 1 reduced 50  
     vrrp vrid 2 virtual-ip 10.1.1.4
     admin-vrrp vrid 2 ignore-if-down
     vrrp vrid 2 track service-location 2 reduced 50  
     ospf cost 5
    #
    //Configure the HA hot backup function.
    #
    service-ha hot-backup enable
    #
    service-location 1
     location slot 8 engine 0
     remote-backup interface Eth-Trunk4 peer 10.1.1.2  //The IP address of the peer device must be the IP address of the interface connected to BRAS2.
     vrrp vrid 1 interface Eth-Trunk4
    service-location 2
     location slot 8 engine 0
     remote-backup interface Eth-Trunk4 peer 10.1.1.2  //The IP address of the peer device must be the IP address of the interface connected to BRAS2.
     vrrp vrid 2 interface Eth-Trunk4
    #
    service-instance-group hsi
     service-location 1
    service-instance-group hsi2
     service-location 2
    #
    //Configure a NAT instance.
    #
    nat instance hsi id 1
     port-range 2048
     service-instance-group hsi  //Bind the NAT instance to an HA instance group.
     nat address-group 1 group-id 1
       section 0 10.1.2.0 mask 23
     nat outbound 3001 address-group 1
     nat session-limit total 200
     nat port-limit tcp 2048
     nat port-limit udp 2048
     nat alg all
     nat filter mode full-cone
     nat log session enable
    nat instance hsi2 id 2
     port-range 2048
     service-instance-group hsi2  
     nat address-group 1 group-id 1
       section 0 10.1.3.0 mask 23
     nat outbound 3001 address-group 1
     nat session-limit total 200
     nat port-limit tcp 2048
     nat port-limit udp 2048
     nat alg all
     nat filter mode full-cone
     nat log session enable
    #
    //Configure a domain and bind the NAT instance to the user group in the domain.
    # 
    aaa
     domain abc.com
      user-group hsi_1 bind nat instance hsi
      user-group hsi_2 bind nat instance hsi2
    #
    

    # Configure BRAS2.

    #
    //Configure user groups.
    #
     user-group hsi_1
     user-group hsi_2
    #
    //Configure ACL rules.
    #
    acl number 3001
     rule 5 permit ip source 10.1.0.0 0.0.255.255
     rule 10 permit ip source 10.5.0.0 0.0.255.255
    #
    acl number 6001
     rule 0 permit ip source user-group hsi_1
    #
    acl number 6002
     rule 0 permit ip source user-group hsi_2
    #
    //Configure traffic classifiers, NAT behavior, and NAT traffic policies, and apply the policies.
    #
    traffic classifier hsi_nat operator or
     if-match acl 6001
    traffic classifier hsi2_nat operator or
     if-match acl 6002
    #
    traffic behavior hsi_nat
     nat bind instance hsi
    traffic behavior hsi2_nat
     nat bind instance hsi2
    #
    traffic policy hsi_nat
     share-mode
     classifier hsi_nat behavior hsi_nat
     classifier hsi2_nat behavior hsi2_nat
    #
    traffic-policy hsi_nat inbound
    #
    //Configuration interfaces.
    #
    interface Eth-Trunk4
     description to BRAS1 Eth-trunk 4
     ip address 10.1.1.2 255.255.255.248
     vrrp vrid 1 virtual-ip 10.1.1.3
     admin-vrrp vrid 1 ignore-if-down
     vrrp vrid 1 track service-location 1 reduced 50 
     vrrp vrid 2 virtual-ip 10.1.1.4
     admin-vrrp vrid 2 ignore-if-down
     vrrp vrid 2 priority 120
     vrrp vrid 2 preempt-mode timer delay 120
     vrrp vrid 2 track interface Eth-Trunk3.1 reduced 50 
     vrrp vrid 2 track service-location 2 reduced 50  
     ospf cost 5
    #
    //Configure the HA hot backup function.
    #
    service-ha hot-backup enable
    #
    service-location 1
     location slot 8 engine 0
     remote-backup interface Eth-Trunk4 peer 10.1.1.1  //The IP address of the peer device must be the IP address of the interface connected to the BRAS1.
     vrrp vrid 1 interface Eth-Trunk4
    service-location 2
     location slot 8 engine 0
     remote-backup interface Eth-Trunk4 peer 10.1.1.1  //The IP address of the peer device must be the IP address of the interface connected to the BRAS1.
     vrrp vrid 2 interface Eth-Trunk4
    #
    service-instance-group hsi
     service-location 1
    service-instance-group hsi2
     service-location 2
    #
    //Configure a NAT instance.
    #
    nat instance hsi id 1
     port-range 2048
     service-instance-group hsi  //Bind the NAT instance to an HA instance group.
     nat address-group 1 group-id 1
       section 0 10.1.2.0 mask 23
     nat outbound 3001 address-group 1
     nat session-limit total 200
     nat port-limit tcp 2048
     nat port-limit udp 2048
     nat alg all
     nat filter mode full-cone
     nat log session enable
    nat instance hsi2 id 2
     port-range 2048
     service-instance-group hsi2  
     nat address-group 1 group-id 1
       section 0 10.1.3.0 mask 23
     nat outbound 3001 address-group 1
     nat session-limit total 200
     nat port-limit tcp 2048
     nat port-limit udp 2048
     nat alg all
     nat filter mode full-cone
     nat log session enable
    #
    //Configure a domain and bind the NAT instance to the user group in the domain.
    # 
    aaa
     domain abc.com
      user-group hsi_1 bind nat instance hsi
      user-group hsi_2 bind nat instance hsi2
    #
    

  3. Configure Internet routes.

    # Configure BRAS1.

    #
    //Configuration interfaces.
    #
    interface Eth-Trunk3
     description to P1 Eth-trunk 13
    #
    interface Eth-Trunk3.1
     vlan-type dot1q 1
     description to eth-trunk13.1 for internet
     ip address 10.1.1.21 255.255.255.252
    #
    interface Eth-Trunk4
     description to BRAS2 Eth-trunk 4
     ip address 10.1.1.1 255.255.255.248
     ospf cost 5
    #
    //Configure the IP prefix list.
    #
    ip ip-prefix ipv4-hsi index 10 permit 10.1.2.0 23 greater-equal 23 less-equal 32
    ip ip-prefix ipv4-hsi index 20 permit 10.1.3.0 23 greater-equal 23 less-equal 32
    #
    //Configure a routing policy.
    #
    route-policy ipv4-hsi permit node 10
     if-match ip-prefix ipv4-hsi
    #
    //Enable the function of automatically controlling the route cost priority.
    #
     peer-backup route-cost auto-advertising
    #
    //Configure OSPF.
    #
    ospf 1 router-id 10.1.1.11
     default cost inherit-metric
     import-route unr type 1 route-policy ipv4-hsi
    area 0.0.0.0
      network 10.1.1.20 0.0.0.3
      network 10.1.1.0 0.0.0.7
      network 10.1.1.11 0.0.0.0
    #
    

    # Configure BRAS2.

    #
    //Configuration interfaces.
    #
    interface Eth-Trunk3
     description to P2 Eth-trunk 13
    #
    interface Eth-Trunk3.1
     vlan-type dot1q 1
     description to eth-trunk13.1 for internet
     ip address 10.1.1.31 255.255.255.252
    #
    interface Eth-Trunk4
     description to BRAS2 Eth-trunk 4
     ip address 10.1.1.2 255.255.255.248
     ospf cost 5
    #
    //Configure the IP prefix list.
    #
    ip ip-prefix ipv4-hsi index 10 permit 10.1.2.0 23 greater-equal 23 less-equal 32
    ip ip-prefix ipv4-hsi index 20 permit 10.1.3.0 23 greater-equal 23 less-equal 32
    #
    //Configure a routing policy.
    #
    route-policy ipv4-hsi permit node 10
     if-match ip-prefix ipv4-hsi
    #
    //Enable the function of automatically controlling the route cost priority.
    #
     peer-backup route-cost auto-advertising
    #
    //Configure OSPF.
    #
    ospf 1 router-id 10.1.1.12
     default cost inherit-metric
     import-route unr type 1 route-policy ipv4-hsi
    area 0.0.0.0
      network 10.1.1.30 0.0.0.3
      network 10.1.1.0 0.0.0.7
      network 10.1.1.12 0.0.0.0
    #
    

    # Configure P1.

    #
    //Configuration interfaces.
    #
    interface Eth-Trunk13
    description to BRAS1 Eth-Trunk3
    #
    interface Eth-Trunk13.1
    vlan-type dot1q 1
    description to eth-trunk3.1 for internet
    ip binding vpn-instance HSI
    ip address 10.1.1.22 255.255.255.252
    #
    //Configure OSPF.
    #
    ospf 1 router-id 10.3.3.31 vpn-instance HSI
    description for HSI
    default-route-advertise permit-calculate-other 
    area 0.0.0.0
    network 10.1.1.20 0.0.0.3
    #
    //Configure the IP prefix list.
    # 
    ip ip-prefix BRAS1-HSI index 10 permit 10.1.2.0 23 greater-equal 23 less-equal 32
    ip ip-prefix BRAS2-HSI index 10 permit 10.1.3.0 23 greater-equal 23 less-equal 32
    ip ip-prefix default index 10 permit 0.0.0.0 0
    #
    //Configure routing policies.
    # 
    route-policy to_igw permit node 10
    if-match ip-prefix BRAS1-HSI
    apply community 100:3000
    #
    route-policy to_igw permit node 20
    if-match ip-prefix BRAS2-HSI
    apply community 100:3000
    #
    route-policy default_in permit node 10
    if-match ip-prefix default
    #
    //Configure BGP.
    # 
    bgp 65002
    #
    ipv4-family vpn-instance HSI
    import-route ospf 1
    peer 10.1.1.41 as-number 100  
    peer 10.1.1.41 description to IGW
    peer 10.1.1.41 route-policy default_in import
    peer 10.1.1.41 route-policy to_igw export
    peer 10.1.1.41 advertise-community
    #
    #
    

    # Configure P2.

    #
    //Configuration interfaces.
    #
    interface Eth-Trunk13
    description to BRAS2 Eth-Trunk3
    #
    interface Eth-Trunk13.1
    vlan-type dot1q 1
    description to eth-trunk3.1 for internet
    ip binding vpn-instance HSI
    ip address 10.1.1.32 255.255.255.252
    #
    //Configure OSPF.
    #
    ospf 1 router-id 10.3.3.32 vpn-instance HSI
    description for HSI
    default-route-advertise permit-calculate-other
    area 0.0.0.0
    network 10.1.1.30 0.0.0.3
    #
    //Configure the IP prefix list.
    # 
    ip ip-prefix BRAS1-HSI index 10 permit 10.1.2.0 23 greater-equal 23 less-equal 32
    ip ip-prefix BRAS2-HSI index 10 permit 10.1.3.0 23 greater-equal 23 less-equal 32
    ip ip-prefix default index 10 permit 0.0.0.0 0
    #
    //Configure routing policies.
    # 
    route-policy to_igw permit node 10
    if-match ip-prefix BRAS1-HSI
    apply community 100:3000
    #
    route-policy to_igw permit node 20
    if-match ip-prefix BRAS2-HSI
    apply community 100:3000
    #
    route-policy default_in permit node 10
    if-match ip-prefix default
    #
    //Configure BGP.
    # 
    bgp 65002
    #
    ipv4-family vpn-instance HSI
    import-route ospf 1
    peer 10.1.1.43 as-number 100  
    peer 10.1.1.43 description to IGW
    peer 10.1.1.43 route-policy default_in import
    peer 10.1.1.43 route-policy to_igw export
    peer 10.1.1.43 advertise-community
    #
    #
    

  4. Verify the configuration.

    # Check BAS information.

    • Run the display access-user command to view information about all online users.
    • Run the display access-user domain domain-name command to check information about access users in a domain.
    • Run the display access-user username username verbose command to check details about a user.
    • Run the display backup-user [ user-id user-id | username user-name ] command to check backup user information.

    # Check NAT information.

    • Run the display nat board-state command to check the NAT board status.
    • Run the display nat session-table size command to check information about session table resources assigned to each service board.
    • Run the display nat session aging-time command to check the configured aging time for NAT session entries.
    • Run the display nat statistics command to check application statistics of the NAT board.
    • Run the display nat address-usage command to view the usage of public network ports of an address pool.
    • Run the display nat user-information command to check information about online NAT users. This information is the same on the two BRASs when dual-device hot backup is enabled.
    • Run the display nat session table command to check information about NAT session entries. This information is the same on the two BRASs when NAT hot backup is enabled.

Updated: 2019-05-16

Document ID: EDOC1000120969

Views: 25918

Downloads: 872

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next