No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - QoS 01

This is NE40E V800R010C10SPC500 Configuration Guide - QoS
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring a Device to Obtain an EDSG Service Rate Limit from a RADIUS Server (Simplified Mode)

Example for Configuring a Device to Obtain an EDSG Service Rate Limit from a RADIUS Server (Simplified Mode)

Networking Requirements

Carriers A and B both provide Internet services for users but have different rate limits. In Figure 5-14, users A and B access the router through switches and subscribe to Internet services from carriers A and B, respectively.

  • Carrier A provides user A a rate limit of 1 Mbit/s and has the RADIUS server deliver the traffic policy p_carrier_A and EDSG service policy edsgA.

  • Carrier B provides user B a rate limit of 2 Mbit/s and has the RADIUS server deliver the traffic policy p_carrier_B and EDSG service policy edsgB.

  • The CIR and CBS of TCP protocol packets are 100 kbit/s and 18700 bytes, respectively.

Figure 5-14 Configuring a device to obtain an EDSG service rate limit from a RADIUS server
NOTE:
In this example, interface 1 and interface 2 represent GE 1/0/1 and GE 1/0/2, respectively.


Configuration Roadmap

  1. Configure user access.

  2. Configure User Group.

  3. Configure EDSG Service Group.

  4. Configure ACL rule.

  5. Configure traffic classifiers.

  6. Configure traffic behaviors.

  7. Configure traffic policys.

  8. Configure a global traffic policy.

  9. Configure an EDSG service policy.

  10. Configure the device to obtain the traffic policy, EDSG service policy, and user group information from the RADIUS server.

  11. Verify the configuration.

Data Preparation

  • Authentication and accounting schemes and their names

  • RADIUS server group name and server address

  • User domain

  • BAS interface parameters

  • User group name

  • Name of an EDSG service group

  • ACL number

  • Traffic classifier name, traffic behavior name, and traffic policy name

  • Name of an EDSG service policy

Procedure

  1. Configure user access.

    For details about user access configuration, see the configuration file.

  2. Create user groups.

    # Create user groups.

    [~Device] user-group groupA
    [~Device] user-group groupB
    [~Device] commit

    # Specify the user groups in the domains from which users go online.

    [~Device] aaa
    [~Device-aaa] domain isp1 
    [~Device-aaa-domain-isp1] user-group groupA
    [~Device-aaa-domain-isp1] quit
    [~Device-aaa] domain isp2
    [~Device-aaa-domain-isp2] user-group groupB
    [~Device-aaa-domain-isp2] quit

  3. Enable the value-added service function.

    [~Device] value-added-service enable

    # Create service groups.

    [~Device] service-group s_1m
    [~Device] commit
    [~Device] service-group s_2m
    [~Device] commit

  4. Configure ACL rules.

    [~Device] acl number 6020
    [~Device-acl-ucl-6020] rule 5 permit tcp source-port eq 1
    [*Device-acl-ucl-6020] commit
    [~Device-acl-ucl-6020] quit
    [~Device] acl number 6021
    [~Device-acl-ucl-6021] rule 5 permit ip destination ip-address 192.168.100.0 0.0.0.255
    [*Device-acl-ucl-6021] commit
    [~Device-acl-ucl-6021] quit
    [~Device] acl number 6022
    [~Device-acl-ucl-6022] rule 20 permit ip source ip-address 192.168.100.0 0.0.0.255
    [*Device-acl-ucl-6022] commit
    [~Device-acl-ucl-6022] quit
    NOTE:
    ACL 6021 and ACL 6022 are used to match packets of users accessing the Internet.

  5. Define traffic classifiers.

    [~Device] traffic classifier cin1
    [~Device-classifier-cin1] if-match acl 6020
    [*Device-classifier-cin1] commit
    [~Device-classifier-cin1] quit
    [~Device] traffic classifier cout1
    [~Device-classifier-cout1] if-match acl 6020
    [*Device-classifier-cout1] commit
    [~Device-classifier-cout1] quit
    [~Device] traffic classifier cin2
    [~Device-classifier-cin2] if-match acl 6021
    [*Device-classifier-cin2] commit
    [~Device-classifier-cin2] quit
    [~Device] traffic classifier cout2
    [~Device-classifier-cout2] if-match acl 6022
    [*Device-classifier-cout2] commit
    [~Device-classifier-cout2] quit

  6. Define traffic behaviors.

    [~Device] traffic behavior b_user-group
    [~Device-behavior-b_user-group] car cir 100 cbs 18700 green pass red discard
    [*Device-behavior-b_user-group] commit
    [~Device-behavior-b_user-group] quit
    [~Device] traffic behavior b_s_1m
    [*Device-behavior-b_s_1m] commit
    [~Device-behavior-b_s_1m] quit
    [~Device] traffic behavior b_s_2m
    [*Device-behavior-b_s_2m] commit
    [~Device-behavior-b_s_2m] quit

  7. Define traffic policys that associates the traffic classifier with the traffic behavior.

    [~Device] traffic policy p_carrier_A
    [~Device-trafficpolicy-p_carrier_A] undo share-mode
    [*Device-trafficpolicy-p_carrier_A] statistics enable
    [*Device-trafficpolicy-p_carrier_A] classifier cin1 source user-group groupA behavior b_user-group precedence 1
    [*Device-trafficpolicy-p_carrier_A] classifier cout1 destination user-group groupA behavior b_user-group precedence 2
    [*Device-trafficpolicy-p_carrier_A] classifier cin2 source service-group s_1m behavior b_s_1m precedence 3
    [*Device-trafficpolicy-p_carrier_A] classifier cout2 destination service-group s_1m behavior b_s_1m precedence 4
    [*Device-trafficpolicy-p_carrier_A] commit
    [~Device-trafficpolicy-p_carrier_A] quit
    [~Device] traffic policy p_carrier_B
    [~Device-trafficpolicy-p_carrier_B] undo share-mode
    [*Device-trafficpolicy-p_carrier_B] statistics enable
    [*Device-trafficpolicy-p_carrier_B] classifier cin1 source user-group groupb behavior b_user-group precedence 1
    [*Device-trafficpolicy-p_carrier_B] classifier cout1 destination user-group groupb behavior b_user-group precedence 2
    [*Device-trafficpolicy-p_carrier_B] classifier cin2 source service-group s_2m behavior b_s_2m precedence 3
    [*Device-trafficpolicy-p_carrier_B] classifier cout2 destination service-group s_2m behavior b_s_2m precedence 4
    [*Device-trafficpolicy-p_carrier_B] commit
    [~Device-trafficpolicy-p_carrier_B] quit

  8. Apply the traffic policies.

    [~Device] traffic-policy p_carrier_A inbound
    [~Device] traffic-policy p_carrier_A outbound
    [~Device] traffic-policy p_carrier_B inbound
    [~Device] traffic-policy p_carrier_B outbound
    [*Device] commit

  9. Configure EDSG traffic policies.

    [~Device] service-policy name service_edsgA edsg
    [~Device-service-policy-service_edsgA] accounting-scheme acct1
    [*Device-service-policy-service_edsgA] radius-server group rd1
    [*Device-service-policy-service_edsgA] service-group s_1m
    [*Device-service-policy-service_edsgA] rate-limit cir 1000 inbound
    [*Device-service-policy-service_edsgA] rate-limit cir 1000 outbound
    [*Device-service-policy-service_edsgA] commit
    [~Device-service-policy-service_edsgA] quit
    [~Device] service-policy name service_edsgB edsg
    [~Device-service-policy-service_edsgB] accounting-scheme acct1
    [*Device-service-policy-service_edsgB] radius-server group rd1
    [*Device-service-policy-service_edsgB] service-group s_2m
    [*Device-service-policy-service_edsgB] rate-limit cir 2000 inbound
    [*Device-service-policy-service_edsgB] rate-limit cir 2000 outbound
    [*Device-service-policy-service_edsgB] commit
    [~Device-service-policy-service_edsgB] quit

  10. Configure the device to obtain the traffic policy, EDSG service policy, and user group information from the RADIUS server.

    # Deliver the RADIUS attributes Filter-Id, HW-Policy-Name, and HW-AVpair for user A on the AAA server.
    • <Filter-Id>: delivers the user group groupA.

    • HW-Policy-Name: delivers the EDSG service policy service_edsgA.

    • <subscriber:traffic-policy> in the HW-AVpair attribute: delivers the traffic policy p_carrier_A.

    # Deliver the RADIUS attributes Filter-Id, HW-Policy-Name, and HW-AVpair for user B on the AAA server.
    • <Filter-Id>: delivers the user group groupB.

    • HW-Policy-Name: delivers the EDSG service policy service_edsgB.

    • <subscriber:traffic-policy> in the HW-AVpair attribute: delivers the traffic policy p_carrier_B.

  11. Verify the configuration.

    # After users go online, run the following command to view user A information. The RADIUS server has delivered the traffic policy p_carrier_A for user A.

    [~Device] display access-user user-id 2
     
      -------------------------------------------------------------------
      User access index             : 2
      State                         : Used
      User name                     : user#
      Domain name                   : isp1
      User backup state             : No
      RUI user state                : -
      User access interface         : GigabitEthernet1/0/1.1
      User access PeVlan/CeVlan     : 1/-
      User access slot              : 1
      User MAC                      : 0001-0101-0101
      User IP address               : 10.82.0.195
      User IP netmask               : 255.255.255.255
      User gateway address          : 10.82.0.1
      User Authen IP Type           : ipv4/-/-
      User Basic IP Type            : -/-/-
      User MSIDSN name              : -
      EAP user                      : No
      MD5 end                       : No
      MTU                           : 1480
      MRU                           : 1480
      Vpn-Instance                  : -
      User access type              : PPPoE
      User authentication type      : PPP authentication
      RADIUS-server-template        : rd1 
      Server-template of second acct: -
      Agent-Circuit-Id              : -
      Agent-Remote-Id               : -
      Access-line-id Information(pppoe+): -
      Current authen method         : RADIUS authentication
      Authen result                 : Success
      Current author method         : Idle
      Author result                 : Success
      Action flag                   : Idle
      Authen state                  : Authed
      Author state                  : Idle
      Configured accounting method  : RADIUS accounting
      Quota-out                     : Offline
      Current accounting method     : RADIUS accounting
      Realtime-accounting-switch            : Close     
      Realtime-accounting-interval(sec)     : -
      Realtime-accounting-send-update       : No                  
      Realtime-accounting-traffic-update    : No                  
      Access start time             : 2016-09-24 16:35:44
      Accounting start time         : -
      Online time (h:min:sec)       : 00:00:29
      Accounting state              : Idle
      Idle-cut direction            : Both
      Idle-cut-data (time,rate,idle): 0 sec, 60 kbyte/min, 0 min 0 sec
      Ipv4 Realtime speed           : 0 kbyte/min
      Ipv4 Realtime speed inbound   : 0 kbyte/min
      Ipv4 Realtime speed outbound  : 0 kbyte/min
      Link bandwidth auto adapt     : Disable
      UpPriority                    : Unchangeable
      DownPriority                  : Unchangeable
      TrafficPolicy                 : p_carrier_A(Radius)
      Multicast-profile             : - 
      Multicast-profile-ipv6        : - 
      Max Multicast List Number     : 4
      IGMP enable                   : Yes
      User-Group                    : groupA
      Next-hop                      : - 
      Policy-route-IPV6-address     : - 
      If flow info contain l2-head  : Yes
      Flow-Statistic-Up             : Yes
      Flow-Statistic-Down           : Yes
      Up packets number(high,low)   : (0,0)
      Up bytes number(high,low)     : (0,0)
      Down packets number(high,low) : (0,0)
      Down bytes number(high,low)   : (0,0)
      IPV6 Up packets number(high,low)     : (0,0)
      IPV6 Up bytes number(high,low)       : (0,0)
      IPV6 Down packets number(high,low)   : (0,0)
      IPV6 Down bytes number(high,low)     : (0,0)
      Service-type                  : -
      -------------------------------------------------------------------

    # Run the following command to view statistics about the traffic policy p_carrier_A.

    [~Device] display traffic policy name p_carrier_A statistics ucl inbound
    Traffic policy inbound: p_carrier_A
    Slot: 1
    Traffic policy applied at 2016-09-24 16:25:10
    Statistics enabled at 2016-09-24 16:21:35
    Statistics last cleared: Never
    Rule number: 4 IPv4, 0 IPv6
    Current status: OK!
    Item                             Packets                      Bytes
    -------------------------------------------------------------------
    Matched                            1,000                    100,000
      +--Passed                          500                     50,000
      +--Dropped                         500                     50,000
    Missed                               500                     50,000
    
    Last 30 seconds rate
    Item                                 pps                        bps
    -------------------------------------------------------------------
    Matched                            1,000                    100,000
      +--Passed                          500                     50,000
      +--Dropped                         500                     50,000
    Missed                               500                     50,000

Configuration Files

#
sysname HUAWEI
#
value-added-service enable
#
service-group s_1m
service-group s_2m
ser
#
user-group groupA
user-group groupB
#
radius-server group rd1
 radius-server authentication 192.168.7.249 1813 weight 0 
 radius-server accounting 192.168.7.249 1812 weight 0 
#
ip pool pool1 bas local
 gateway 10.82.0.1 255.255.255.0
 section 0 10.82.0.2 10.82.0.200 
#
acl number 6020
 rule 5 permit tcp source-port eq 1
#
acl number 6021
 rule 5 permit ip destination ip-address 192.168.100.0 0.0.0.255
#
acl number 6022
 rule 20 permit ip source ip-address 192.168.100.0 0.0.0.255
#
traffic classifier cin1 operator or
 if-match acl 6020
#
traffic classifier cin2 operator or
 if-match acl 6021
#
traffic classifier cout1 operator or
 if-match acl 6020
#
traffic classifier cout2 operator or
 if-match acl 6022
#
traffic behavior b_s_1m
#
traffic behavior b_s_2m
#
traffic behavior b_user-group
 car cir 100 cbs 18700 green pass red discard
#
traffic policy p_carrier_A
 undo share-mode
 statistics enable
 classifier cin1 source user-group groupA behavior b_user-group precedence 1
 classifier cout1 destination user-group groupA behavior b_user-group precedence 2
 classifier cin2 source service-group s_1m behavior b_s_1m precedence 3
 classifier cout2 destination service-group s_1m behavior b_s_1m precedence 4
#
traffic policy p_carrier_B
 undo share-mode
 statistics enable
 classifier cin1 source user-group groupB behavior b_user-group precedence 1
 classifier cout1 destination user-group groupB behavior b_user-group precedence 2
 classifier cin2 source service-group s_2m behavior b_s_2m precedence 3
 classifier cout2 destination service-group s_2m behavior b_s_2m precedence 4
#
aaa
#
 authentication-scheme auth1
#
 accounting-scheme acct1
#
 domain isp1
  authentication-scheme auth1
  accounting-scheme acct1
  radius-server group rd1
  ip-pool pool1
  user-group groupA
 #
 domain isp2
  authentication-scheme auth1
  accounting-scheme acct1
  radius-server group rd1
  ip-pool pool1
  user-group groupB
#
service-policy name service_edsgA edsg
 accounting-scheme acct1
 radius-server group rd1
 service-group s_1m
 rate-limit cir 1000 inbound
 rate-limit cir 1000 outbound
#
service-policy name service_edsgB edsg
 accounting-scheme acct1
 radius-server group rd1
 service-group s_2m
 rate-limit cir 2000 inbound
 rate-limit cir 2000 outbound
#
interface GigabitEthernet1/0/1.1
 user-vlan 1
 bas
 #
  access-type layer2-subscriber default-domain authentication isp1
 #
#
interface GigabitEthernet1/0/1.2
 user-vlan 2
 bas
 #
  access-type layer2-subscriber default-domain authentication isp2
 #
#
interface GigabitEthernet1/0/2
 undo shutdown
 ip address 192.168.100.1 255.255.255.0
 dcn
#
traffic-policy p_carrier_A inbound
traffic-policy p_carrier_B inbound
traffic-policy p_carrier_A outbound
traffic-policy p_carrier_B outbound
#
return
Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055024

Views: 22041

Downloads: 114

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next