No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Security

S9300, S9300E, and S9300X V200R011C10

This document describes the configurations of Security, including ACL, reflective ACL, local attack defense, MFF, attack defense, traffic suppression and storm control, ARP security, port security, DHCP snooping, ND snooping, PPPoE+, IPSG, SAVI, URPF, keychain, separating the management plane from the service plane, security risks.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring PPPoE+

Example for Configuring PPPoE+

Networking Requirements

As shown in Figure 11-3, the Switch is connected to an upstream BRAS and a downstream PPPoE client. The BRAS functions as a PPPoE server. On networks, unauthorized users listen to PPPoE packets of authorized users and even embezzle accounts of authorized users. The administrator wants to prevent these problems and ensure user account security.

Figure 11-3  Networking diagram for configuring PPPoE+

Configuration Roadmap

The configuration roadmap is as follows:

  1. Enable PPPoE+ globally to authenticate the user account and access interface information, preventing the user account from embezzling.

  2. Configure the interface connecting the Switch and the PPPoE server as a trusted interface, preventing PPPoE packets from being listened by unauthorized users when the packets are forwarded to non-PPPoE service port.

  3. Configure the policy for processing user-side PPPoE packets on the Switch, enabling the Switch to properly communicate with the PPPoE server.

Procedure

  1. Enable PPPoE+.

    <Quidway> system-view
    [Quidway] sysname Switch
    [Switch] pppoe intermediate-agent information enable
    
    NOTE:

    After PPPoE+ is enabled globally, PPPoE+ is enabled on all the interfaces.

  2. Configure the GE1/0/0 interface as a trusted interface.

    [Switch] interface gigabitethernet 1/0/0
    [Switch-GigabitEthernet1/0/0] pppoe uplink-port trusted
    [Switch-GigabitEthernet1/0/0] quit
    

  3. Set the policy for processing original fields in user-side PPPoE packets to replace on all interfaces, and replace original fields in PPPoE packets with the circuit ID and remote ID of the Switch.

    [Switch] pppoe intermediate-agent information policy replace
    

  4. Set the format of circuit-id to extend.

    [Switch] pppoe intermediate-agent information format circuit-id extend
    

  5. Verify the configuration.

    # Run the display pppoe intermediate-agent information policy command to verify the policy for processing original fields in user-side packets.
    [Switch] display pppoe intermediate-agent information policy
     The current information Policy :REPLACE
     The current ignore-reply Policy:ENABLE
    
    # Run the display pppoe intermediate-agent information format to verify the format of circuit-id.
    [Switch] display pppoe intermediate-agent information format
     The current information format :
      Circuit ID : EXTEND
      Remote  ID : COMMON
     For example:
      interface Ethernet0/0/0 SVLAN:200 CVLAN:100
      The PPPOE Intermediate Agent information follow:
      Circuit ID:00 04 00 c8 00 00
      Remote  ID:0025-9efb-494a                   

Configuration Files

Configuration file of Switch

#
sysname Switch
#
pppoe intermediate-agent information enable
pppoe intermediate-agent information format circuit-id extend
#
interface GigabitEthernet1/0/0
 pppoe uplink-port trusted
#
return
Translation
Download
Updated: 2019-04-01

Document ID: EDOC1000178410

Views: 126470

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next