No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Examples for NE and ME60 Routers in Typical Enterprise Scenarios 2.0

This document provides NE series routers typical configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring a Dynamic Address Pool to Assign IP Addresses to Access Users

Example for Configuring a Dynamic Address Pool to Assign IP Addresses to Access Users

This section provides an example for configuring a dynamic address pool to assign IP addresses to access users.

Applicable Products and Versions

This configuration example applies to ME60 series routers running V600R009C00 or later.

Networking Requirements

On the network shown in Figure 1-15, configure a dynamic address pool to assign an IP address to an access user. The requirements are as follows:

  • A dynamic address pool is used to assign an IP address to the user in the domain isp2.

  • The RADIUS server address is 10.1.1.1 in the dynamic address pool, and no backup RADIUS server is available.

  • Non-authentication and non-accounting are used for the user.

Figure 1-15  Networking for configuring a dynamic address pool to assign an IP address to an access user

Configuration Roadmap

The configuration roadmap is as follows:

  1. Create a RADIUS server group and a dynamic IP address pool, and bind the dynamic address pool to the RADIUS server group.

  2. Configure a domain named isp2, and specify authentication and the accounting modes.

  3. Configure a BAS interface, and specify a user access mode.

Data Preparation

To complete the configuration, you need the following data:

  • Address pool name

  • Gateway address

  • User domain name

  • IP address of the interface connected to the server

  • User access mode

Procedure

  1. Perform the following configurations on the router:

    # Create a RADIUS server group.

    <HUAWEI> system-view
    [HUAWEI] radius-server group group1
    [HUAWEI-radius-group1] radius-server authentication 10.1.1.1 1812
    [HUAWEI-radius-group1] radius-server accounting 10.1.1.1 1813
    [HUAWEI-radius-group1] quit

    # Create a dynamic address pool and bind it to the RADIUS server group.

    [HUAWEI] ip pool pool2 bas dynamic
    [HUAWEI-ip-pool-pool2] authentication-name dap password cipher 123456
    [HUAWEI-ip-pool-pool2] subnet length initial 24 extend 28
    [HUAWEI-ip-pool-pool2] radius-server group group1
    [HUAWEI-ip-pool-pool2] ip used-threshold upper-limit 80 lower-limit 40
    [HUAWEI-ip-pool-pool2] detect retransmit 3 interval 0 12 0
    [HUAWEI] quit

    # Configure a domain named isp2.

    [HUAWEI] aaa
    [HUAWEI-aaa] domain isp2
    [HUAWEI-aaa-domain-isp2] authentication-scheme default0
    [HUAWEI-aaa-domain-isp2] accounting-scheme default0
    [HUAWEI-aaa-domain-isp2] ip-pool pool2
    [HUAWEI-aaa-domain-isp2] quit
    [HUAWEI-aaa] quit
    # Enable BAS.
    [HUAWEI] license
    [HUAWEI-license] active bas slot 1
    [HUAWEI-license] quit

    # Configure a user access interface.

    [HUAWEI] interface GigabitEthernet1/0/0.1
    [HUAWEI-GigabitEthernet1/0/0.1] user-vlan 1
    [HUAWEI-GigabitEthernet1/0/0.1-vlan-1-1] bas
    [HUAWEI-GigabitEthernet1/0/0.1-bas] access-type layer2-subscriber
    [HUAWEI-GigabitEthernet1/0/0.1-bas] authentication-method bind
    [HUAWEI-GigabitEthernet1/0/0.1-bas] default-domain authentication isp2
    [HUAWEI-GigabitEthernet1/0/0.1-bas] quit
    [HUAWEI-GigabitEthernet1/0/0.1] quit

    # Configure the interface connected to the server.

    [HUAWEI] radius-server source interface GigabitEthernet 3/0/0
    [HUAWEI] interface GigabitEthernet 3/0/0
    [HUAWEI-GigabitEthernet3/0/0] ip address 10.1.1.2 255.255.255.0
    [HUAWEI-GigabitEthernet3/0/0] quit

  2. Verify the configuration.

    # Check the configuration of the RADIUS server group group1.

    [HUAWEI] display radius-server configuration group group1
      -------------------------------------------------------
      Server-group-name    :  group1
      Authentication-server:  IP:10.1.1.1 Port:1812 Weight[0] [UP]
                              Vpn: -
      Authentication-server:  -
      Authentication-server:  -
      Authentication-server:  -
      Authentication-server:  -
      Authentication-server:  -
      Authentication-server:  -
      Authentication-server:  -
      Authentication-server:  -
      Authentication-server:  -
      Authentication-server:  -
      Authentication-server:  -
      Authentication-server:  -
      Authentication-server:  -
      Authentication-server:  -
      Authentication-server:  -
      Accounting-server    :  IP:10.1.1.1 Port:1813 Weight[0] [UP]
                              Vpn: -
      Accounting-server    :  -
      Accounting-server    :  -
      Accounting-server    :  -
      Accounting-server    :  -
      Accounting-server    :  -
      Accounting-server    :  -
      Accounting-server    :  -
      Accounting-server    :  -
      Accounting-server    :  -
      Accounting-server    :  -
      Accounting-server    :  -
      Accounting-server    :  -
      Accounting-server    :  -
      Accounting-server    :  -
      Accounting-server    :  -
      Protocol-version     :  radius
      Shared-secret-key    :  ******
      Retransmission       :  3
      Timeout-interval(s)  :  5
      Acct-Start-Packet Resend  :  NO
      Acct-Start-Packet Resend-Times  :  0
      Acct-Stop-Packet Resend  :  NO
      Acct-Stop-Packet Resend-Times  :  0
      Traffic-unit         :  B
      ClassAsCar           :  NO
      User-name-format     :  Domain-included
      Option82 parse mode  :  -
      Attribute-translation:  NO
      Packet send algorithm:  Master-Backup
      Tunnel password      :  cipher
      Attribute decode-error-policy list: -
      Trust server username:  NO
      Attach username in ACK:  -
      Qos-profile no-exist-policy  :  Offline
      Policy-name no-exist-policy  :  Offline
      Hw-domain-name block policy  :  Online
      Accounting-merge max-length  :  --
      Radius-attribute include agent-circuit-id value-added-service  :  FALSE
      Radius-attribute include agent-remote-id value-added-service  :  FALSE

    # Check the configuration of the dynamic address pool pool2.

    <HUAWEI> display ip pool name pool2
      Pool-Name      : pool2                                                                                 
      Pool-No        : 4          
      Pool-constant-index: -       
      Lease          : 3 Days 0 Hours 0 Minutes   
      NetBios Type   : N-Node     
      Auto recycle   : 30          
      Option 3       : Enable     
      DNS-Suffix     : -           
      Dom-Search-List0: -          
      Dom-Search-List1: -          
      Dom-Search-List2: -         
      Dom-Search-List3: -          
      Option-Code 125 : enterprise-code : 2011, string: -      
      Position       : Dynamic         Status           : Unlocked   
      Authen-Name    : dap         
      Subnet size(Initial/extend): 24/28    Utilization(high/low): 80/40      
      RUI-Flag       : -           
      Attribute      : Private     
      Gateway        : -               Mask             : -      
      Vpn instance   : --              Unnumbered gateway: -      
      Profile-Name   : -               Server-Name     : -       
      Total Idle     : 14              Have Dhcp IP     : 0      
      Timeouts       : 0           
      Timeout Count  : 0               Sub Option Count : 0    
      Option Count   : 0               Force-reply Count: 0     
      Codes: CFLCT(conflicted)       
      ---------------------------------------------------------------------------------------   
      ID          subnet            mask total  used  idle CFLCT    Status     
                         acct-session-id   
      ---------------------------------------------------------------------------------------        
       0      10.20.10.1   255.255.255.0   254   253     1     0  Unlocked   
            1R02000000002621440403534018   
       1     10.53.147.1 255.255.255.240    14    13     1     0  Unlocked   
            1R02000000002621453742463693   
       2     10.53.150.1 255.255.255.240    14    13     1     0  Unlocked      
            1R02000000002621461037666957  
       3     10.53.159.1 255.255.255.240    14    13     1     0  Unlocked   
            1R02000000002621473263018427       
       4     10.53.184.1 255.255.255.240    14    13     1     0  Unlocked  
            1R02000000002621483936456929   
       5     10.53.206.1 255.255.255.240    14    13     1     0  Unlocked     
            1R02000000002621494157549668 
       6     10.53.221.1 255.255.255.240    14    13     1     0  Unlocked  
            1R02000000002621500091514840    
       7      10.54.13.1 255.255.255.240    14    13     1     0  Unlocked  
            1R02000000002621512969133302     
       8      10.54.50.1 255.255.255.240    14    13     1     0  Unlocked     
            1R02000000002621522307902544  
       9      10.54.65.1 255.255.255.240    14    13     1     0  Unlocked     
            1R02000000002621533320077218   
      10     10.54.108.1 255.255.255.240    14    13     1     0  Unlocked     
            1R02000000002621541826076061     
      11     10.54.220.1 255.255.255.240    14    13     1     0  Unlocked     
            1R02000000002621554281200823   
      12     10.54.239.1 255.255.255.240    14    13     1     0  Unlocked  
            1R02000000002621563386150018  
      13     10.54.247.1 255.255.255.240    14    13     1     0  Unlocked     
            1R02000000002621573367266572  
      --------------------------------------------------------------------------------------- 

    # Check the configuration of the domain isp2.

    [HUAWEI] display domain isp2
      ------------------------------------------------------------------------------
      Domain-name                     : isp2                                         
      Domain-state                    : Active                                      
      Authentication-scheme-name      : default0                                    
      Accounting-scheme-name          : default0                                    
      Authorization-scheme-name       : -                                           
      Primary-DNS-IP-address          : -                                           
      Second-DNS-IP-address           : -                                           
      Primary-DNS-IPV6-address        : -                                           
      Second-DNS-IPV6-address         : -                                           
      Web-server-URL-parameter        : No                                          
      Portal-server-URL-parameter     : No                                          
      Primary-NBNS-IP-address         : -                                           
      Second-NBNS-IP-address          : -                                           
      Time-range                      : Disable                                     
      Idle-cut direction              : Both                                        
      Idle-data-attribute (time,flow) : 0, 60                                       
      User detect interval            : 0s                                          
      User detect retransmit times    : 2                                           
      Install-BOD-Count               : 0                                           
      Report-VSM-User-Count           : 0                                           
      Value-added-service             : default                                     
      User-access-limit               : 283648                                      
      Online-number                   : 422                                         
      Web-IP-address                  : -                                    
      Web-IPv6-address                : -                                           
      Web-URL                         : -                      
      Web-auth-server                 : -                                           
      Web-auth-state                  : -                                           
      Web-server-mode                 : get                                         
      Slave Web-IP-address            : -                                           
      Slave Web-IPv6-address          : -                                           
      Slave Web-URL                   : -                                           
      Slave Web-auth-server           : -                                           
      Slave Web-auth-state            : -                                           
      Web-server identical-url        : Disable                                     
      Portal-server-IP                : -                                           
      Portal-URL                      : -                                           
      Portal-force-times              : 2                                           
      Portal-server identical-url     : Disable                                     
      Service-policy(Portal)          : -                                           
      Ds-lite IPv4 portal             : Disable                                     
      PPPoE-user-URL                  : Disable                                     
      AdminUser-priority              : 16                                          
      IPUser-ReAuth-Time              : 300s                                        
      mscg-name-portal-key            : -                                           
      Portal-user-first-url-key       : -                                           
      User-session-limit              : 4294967295                                  
      Ancp auto qos adapt             : Disable                                     
      L2TP-group-name                 : -                                           
      User-lease-time-no-response     : 0s                                          
      RADIUS-server-template          : -                                          
      Two-acct-template               : -                                           
      RADIUS-server-pre-template      : -                                           
                                        -                                           
                                        -                                           
      HWTACACS-server-template        : -                                           
      Bill Flow                       : Disable                                     
      Tunnel-acct-2867                : Disable                                     
      Qos-profile-name inbound        : -                                           
      Qos-profile-name outbound       : -                                           
                                                                                    
      Flow Statistic:                                                               
      Flow-Statistic-Up               : Yes                                         
      Flow-Statistic-Down             : Yes                                         
      Source-IP-route                 : Disable                                     
      IP-warning-threshold            : -                                           
      IP-warning-threshold(Low)       : -                                           
      IPv6-warning-threshold          : -                                           
      IPv6-warning-threshold(Low)     : -                                           
      Multicast Forwarding            : Yes                                         
      Multicast Virtual               : No                                          
      Max-multilist num               : 4                                           
      Multicast-profile               : -                                           
      Multicast-profile ipv6          : -                                           
      IP-address-pool-name            : pool2                                           
      Quota-out                       : Offline                                     
      Service-type                    : -                                           
      User-basic-service-ip-type      : -/-/-                                       
      PPP-ipv6-address-protocol       : Ndra                                        
      IPv6-information-protocol       : Stateless dhcpv6                            
      IPv6-PPP-assign-interfaceid     : Disable                                     
      IPv6-PPP-NDRA-halt              : Disable                                     
      IPv6-PPP-NDRA-unicast           : Disable                                     
      Trigger-packet-wait-delay       : 60s                                         
      Peer-backup                     : Enable                                      
      Reallocate-ip-address           : Disable                                     
      Cui  enable                     : Disable                                     
      Igmp enable                     : Enable                                      
      L2tp-user radius-force          : Disable                                     
      Accounting dual-stack           : Separate                                    
      Radius server domain-annex      : -                                           
      Dhcp-option64-service           : Disable                                     
      Parse-separator                 : -                                           
      Parse-segment-value             : -                                           
      Dhcp-receive-server-packet      : -                                           
      Http-hostcar                    : Disable                                     
      Public-address assign-first     : Disable                                     
      Public-address nat              : Enable                                      
      Dhcp-user auto-save             : Disable                                     
      IP-pool usage-status threshold  : 255 , 255                                   
      Select-Pool-Rule                : gateway + local priority                     
      AFTR name                       : -                                           
      Traffic-rate-mode               : Separate                                    
      Traffic-statistic-mode          : Separate                                    
      Rate-limit-mode-inbound         : Car                                         
      Rate-limit-mode-outbound        : Car                                         
      Service-change-mode             : Stop-start                                  
      DAA Direction                   : both                                        
      Session Volumequota apply direction: both                                     
      Soap-server group               : -                                           
      Nas logic-sysname               : -                                           
      Multicast-flow separate(L2tp)   : No                                          
      Accounting exclude-type vlan    : -/-                                         
      Framed-ip urpf                  : Enable                                      
      ------------------------------------------------------------------------------
    

Configuration Files

router configuration file

#
 sysname HUAWEI
#
license
 active bas slot 1
#
 radius-server source interface GigabitEthernet3/0/0
radius-server group group1
 radius-server authentication 10.1.1.1 1812 weight 0 
 radius-server accounting 10.1.1.1 1813 weight 0
#
ip pool pool2 bas dynamic
 radius-server group group1
 ip used-threshold upper-limit 80 lower-limit 40
 subnet length initial 24 extend 28 
 authentication-name dap password cipher %^%#)B"z>Fsxa)R/sLBPK[#XHqh^)i5iP<[A"}.D6Z#5%^%#
 detect retransmit 3 interval 0 12 0
#
aaa
 authentication-scheme default0
 #
 accounting-scheme default0
 #
domain isp2
 authentication-scheme default0
 accounting-scheme default0
 ip-pool pool2
 #
interface GigabitEthernet1/0/0.1
 user-vlan 1
 bas
 #
  access-type layer2-subscriber default-domain authentication isp2
  authentication-method bind
#
interface GigabitEthernet3/0/0
 undo shutdown
 ip address 10.1.1.2 255.255.255.0
#
return
Updated: 2019-05-16

Document ID: EDOC1000120969

Views: 26211

Downloads: 879

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next