No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - User Access 01

This is NE40E V800R010C10SPC500 Configuration Guide - User Access
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring a BAS Interface

Configuring a BAS Interface

When an interface is used for broadband access, you need to configure it as a BAS interface. When PPPoX users use a BAS interface to access the network, you must specify the access type as Layer 2 subscriber access.

Context

When configuring a BAS interface, you need the following parameters:

  • BAS interface number

  • Access type and authentication scheme

  • (Optional) Maximum number of users that are allowed to access through the BAS interface and maximum number of users that are allowed to access through a specified VLAN

  • (Optional) Default domain, roaming domain, and domains that users are allowed to access

  • (Optional) Whether to enable the functions of accounting packet copy and locating a user

Perform the following steps on the NE40E:

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The interface view is displayed.

  3. Run bas

    NOTE:
    In scenarios with BRAS access through L2VPN termination, run the ve-group ve-group-id l2-terminate command to configure the VE interface as an L2VE interface to terminate an L2VPN and bind the interface to a VE group. The preceding commands are configured in the VE interface view.

    A BAS interface is created and the BAS interface view is displayed.

    The bas command run in the view of an interface configures the interface as a BAS interface. A GE interface or its sub-interface, an Eth-Trunk interface or its sub-interface, an ATM interface or its sub-interface, or a VE interface or its sub-interface can be configured as a BAS interface.

  4. Run access-type layer2-subscriber [ default-domain { authentication [ force | replace ] dname | pre-authentication predname } * | bas-interface-name bname | accounting-copy radius-server rd-name ] *

    The access type is set to Layer 2 subscriber access and the attributes of this access type are configured.

    When setting the access type on the BAS interface, you can set the service attributes of the access users at the same time. You can also set these attributes in later configurations.

    The access type cannot be configured on the Ethernet interface that is added to an Eth-Trunk interface. You can configure the access type of such an Ethernet interface only on the associated Eth-Trunk interface.

  5. (Optional) Run access-limit number [ start-vlan start-vlan [ end-vlan end-vlan ] [ qinq qinq-vlan ] [ user-type { ipoe | pppoe } ] ]

    The number of users that are allowed access through the interface is configured.

    • If the access-limit command is configured on a sub-interface enabled with BAS, the number of VLAN users that access the sub-interface is limited.
    • If the access-limit command is configured on a main interface enabled with BAS and the VLAN range is not specified in the command, the total number of VLAN users that access the main interface is limited. Note that the configuration of access-limit on a sub-interface takes precedence over that on the corresponding main interface.
    • You can also specify the user-type parameter to limit the maximum number of access users based on access types.

  6. (Optional) Run default-domain pre-authentication domain-name

    The default pre-authentication domain is specified.

    • Or run:

      default-domain authentication ppp-user domain-name

      The default authentication domain for PPP users is specified.

      NOTE:
      • If the default-domain authentication ppp-user domain-name command is configured, the authentication domain specified in this step is used as the default authentication domain for PPP users.
      • If the default-domain authentication ppp-user domain-name command is not configured but the default-domain authentication [ force | replace ] domain-name command is configured, the authentication domain specified using the default-domain authentication [ force | replace ] domain-name command is used as the default authentication domain for PPP users.
      • If neither of the commands is configured, the default authentication domain for PPP users is default1.
    • Or run:

      roam-domain domain-name

      The roaming domain is specified.

    • Or run:

      permit-domain domain-name &<1-16>

      The domain in which users are allowed to access is specified.

      Or run:

      deny-domain domain-name &<1-16>

      The domain in which users are denied to access is specified.

      The permit-domain-list command, deny-domain-list, deny-domain, or permit-domain command cannot be configured together on one BAS interface.

    • Or run:

      permit-domain-list domainlist-name>

      The list of domains whose users are allowed to access is specified, and users of other domains are denied the access by using the BAS interface.

      Or run:

      deny-domain-list domainlist-name

      The list of domains whose users are denied to access is specified.

  7. (Optional) Run client-option82 [ { basinfo-insert { cn-telecom | version3 } | version1 } ]

    The NE40E is configured to trust the access-line-id information reported by clients.

    Or, run basinfo-insert cn-telecom

    The NE40E is configured to insert the access-line-id information in the format defined by China Telecom insteading of trusting the access-line-id information reported by clients.

    Or run basinfo-insert version2

    The NE40E is configured to insert the access-line-id information in the format defined by version2 insteading of trusting the access-line-id information reported by clients.

    The router will parse and transmit access-line-id information based on the following configurations:

    • Run the option82-relay-mode dslam { auto-identify | config-identify } command to allow the router to extract information from the access-line-id field in the packet sent from the DSLAM and add the information to Agent-CircuitID and Agent-RemoteID attributes sent to the RADIUS server. Or run the option82-relay-mode include { allvalue | { agent-circuit-id | agent-remote-id [ separator ] } * } command to allow the NAS-Port-Id attribute sent to the RADIUS server to contain access-line-id information.
    • Run the option82-relay-mode subopt { agent-circuit-id { hex | string } | agent-remote-id { hex | string } command to configure the format of Agent-CircuitID or Agent-RemoteID information.

    Or run vbas vbas-mac-address [ auth-mode { ignore | reject } ]

    The function of locating a user through the virtual BAS (VBAS) is enabled.

  8. (Optional) Run link-account resolve

    An accounting request packet that the NE40E sends to a RADIUS server is allowed to carry the link-account attribute.

    Before running the command, set the access type to Layer 2 subscriber access.

    The command affects RADIUS No. 25 attribute in accounting request packets sent by the NE40E to a RADIUS accounting server.

    An interface fills the link-account information in the RADIUS No. 25 attribute class if both the following situations are met:
    • Users getting online from the interface do not need to be authenticated, and RADIUS accounting is configured on the interface.
    • For common Layer 2 users, VLANs and VLAN descriptions are configured on the interface.

  9. (Optional) Run accounting-copy radius-server radius-name

    The accounting packet copy function is enabled.

  10. (Optional) Run block [ start-vlan { start-vlan [ end-vlan end-vlan ] [ qinq pe-vlan ] | any qinq start-qinq-vlan [ end-qinq-vlan ] } | pvc start-vpi/start-vci [ end-vpi/end-vci ] ]

    The BAS interface is blocked.

  11. (Optional) Run authentication-method ppp [ web ]

    PPP authentication, or PPP and web authentication is configured.

  12. (Optional) Run ppp keepalive slow

    PPP slow reply is configured on the BAS interface, allowing the BAS interface to send PPP echo packets to the CPU for processing.

  13. Run commit

    The configuration is committed.

Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055031

Views: 17241

Downloads: 70

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next