No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R011C10 Configuration Guide - User Access and Authentication

This document describes the working mechanisms, configuration procedures, and configuration examples of User Access and Authentication features, such as AAA, DAA, NAC, PPPoE, Policy Association, and IP session.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring the IP Session Function

Example for Configuring the IP Session Function

Networking Requirements

As shown in Figure 3-2, STB-A (a set top box) connects to GE1/0/1.100 of the switch and STB-B (the other set top box) connects to GE1/0/2.100 of the switch.

STB-A and STB-B users need to go online immediately after they power on their computers.

Figure 3-2  Networking diagram of IPTV

Configuration Roadmap

On the switch, enable the IP session function and bind user authentication domains to sub-interfaces to enable STB-A and STB-B users online immediately after they power on their computers.

NOTE:

Only IP session-related configurations are involved in this example. The AAA configuration, RADIUS configuration, multicast configuration, and router configuration are not mentioned in this example.

Procedure

  1. Enable DHCP globally.

    <HUAWEI> system-view
    [HUAWEI] sysname Switch
    [Switch] dhcp enable

  2. Enable the IP session function on sub-interfaces.

    # Enable the IP session function on GE1/0/1.100.

    [Switch] interface gigabitethernet 1/0/1
    [Switch-GigabitEthernet1/0/1] port link-type hybrid
    [Switch-GigabitEthernet1/0/1] quit
    [Switch] interface gigabitethernet 1/0/1.100
    [Switch-GigabitEthernet1/0/1.100] ip-session enable
    [Switch-GigabitEthernet1/0/1.100] quit

    # Enable the IP session function on GE1/0/2.100.

    [Switch] interface gigabitethernet 1/0/2
    [Switch-GigabitEthernet1/0/2] port link-type hybrid
    [Switch-GigabitEthernet1/0/2] quit
    [Switch] interface gigabitethernet 1/0/2.100
    [Switch-GigabitEthernet1/0/2.100] ip-session enable
    [Switch-GigabitEthernet1/0/2.100] quit

  3. Bind user authentication domains to sub-interfaces.

    # Bind user authentication domain stb-a to GE1/0/1.100.

    [Switch] aaa
    [Switch-aaa] domain stb-a
    [Switch-aaa-domain-stb-a] quit
    [Switch-aaa] quit
    [Switch] interface gigabitethernet 1/0/1.100
    [Switch-GigabitEthernet1/0/1.100] authentication-domain stb-a
    [Switch-GigabitEthernet1/0/1.100] quit

    # Bind user authentication domain stb-b to GE1/0/2.100.

    [Switch] aaa
    [Switch-aaa] domain stb-b
    [Switch-aaa-domain-stb-b] quit
    [Switch-aaa] quit
    [Switch] interface gigabitethernet 1/0/2.100
    [Switch-GigabitEthernet1/0/2.100] authentication-domain stb-b
    [Switch-GigabitEthernet1/0/2.100] quit

  4. Set sub-interface-related parameters on the Switch.

    # Set the detection interval for sending ARP probes to 60s and the number of ARP probe timeouts to 8 for GE1/0/1.100.

    [Switch] interface gigabitethernet 1/0/1.100
    [Switch-GigabitEthernet1/0/1.100] dot1q termination vid 100
    [Switch-GigabitEthernet1/0/1.100] dhcp user-detect retransmit 8 interval 60
    [Switch-GigabitEthernet1/0/1.100] quit

    # Set the detection interval for sending ARP probes to 60s and the number of ARP probe timeouts to 8 for GE1/0/2.100.

    [Switch] interface gigabitethernet 1/0/2.100
    [Switch-GigabitEthernet1/0/2.100] dot1q termination vid 100
    [Switch-GigabitEthernet1/0/2.100] dhcp user-detect retransmit 8 interval 60
    [Switch-GigabitEthernet1/0/2.100] quit

  5. Set the format of the DHCP user name to mac-address and the password to huawei@123 in cipher text.

    [Switch] dhcp user-name format-include mac-address
    [Switch] dhcp user-password cipher huawei@123

  6. Configure a DHCP server group.

    [Switch] dhcp server group dhcp-group
    [Switch-dhcp-server-group-dhcp-group] dhcp-server 10.10.10.10
    [Switch-dhcp-server-group-dhcp-group] gateway 10.20.20.20 
    [Switch-dhcp-server-group-dhcp-group] quit
    

  7. Configure an egress gateway.

    [Switch] interface loopback 0
    [Switch-LoopBack0] ip address 10.20.20.20 32
    [Switch-LoopBack0] quit

  8. Configure a static route.

    [Switch] ip route-static 10.10.10.0 255.255.255.0 NULL 0
    [Switch] quit

  9. Verify the configuration.

    # Check the IP session configuration on GE1/0/1.100.

    <Switch> display session-interface gigabitethernet 1/0/1.100
    
      Access type                            : Enable
      IPSessIF state                         : Updated
      Authentication default domain          : stb-a
      Nas port type                          : ethernet (15)
      Vpn Instance                           :
      User detect interval                   : 60 (s)
      User detect retransmit times           : 8
      Option82 policy                        : none (0)
      Service policy                         : default (0)

    # Check the IP session configuration on GE1/0/2.100.

    <Switch> display session-interface gigabitethernet 1/0/2.100
    
      Access type                            : Enable
      IPSessIF state                         : Updated
      Authentication default domain          : stb-b
      Nas port type                          : ethernet (15)
      Vpn Instance                           :
      User detect interval                   : 60 (s)
      User detect retransmit times           : 8
      Option82 policy                        : none (0)
      Service policy                         : default (0)

Configuration Files

Configuration file of the switch

#
sysname Switch
#
dhcp enable
#
dhcp user-name format-include mac-address
dhcp user-password cipher %^%#Ev7YUOKM=60]3g9h`+s1hG:V$iZ$`-V&aKWdFaY!%^%#
#
dhcp server group dhcp-group
 dhcp-server 10.10.10.10 0
 gateway 10.20.20.20
#
aaa
 domain stb-a
 domain stb-b
#
interface GigabitEthernet1/0/1                                                  
 port link-type hybrid                                                          
#
interface GigabitEthernet1/0/1.100
 dot1q termination vid 100
 ip-session enable
 authentication-domain stb-a
 dhcp user-detect retransmit 8 interval 60
#
interface GigabitEthernet1/0/2                                                  
 port link-type hybrid                                                          
#
interface GigabitEthernet1/0/2.100
 dot1q termination vid 100
 ip-session enable
 authentication-domain stb-b
 dhcp user-detect retransmit 8 interval 60
#
interface LoopBack0
 ip address 10.20.20.20 255.255.255.255
#
ip route-static 10.10.10.0 255.255.255.0 NULL0
#
return
Translation
Download
Updated: 2019-10-21

Document ID: EDOC1000178117

Views: 120006

Downloads: 55

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next