No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - User Access 01

This is NE40E V800R010C10SPC500 Configuration Guide - User Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring IPoEv6 Access Using Web Authentication

Example for Configuring IPoEv6 Access Using Web Authentication

This section provides an example for configuring IPoEv6 access using web authentication.

Networking Requirements

On the IPoEv6 network shown in Figure 6-11, the subscriber belongs to the domain isp2. The requirements are as follows:

  • The subscriber and accesses the Internet through GE 1/0/2 on Device A in IPoEv6 mode.

  • The subscriber uses web authentication, and the web authentication server address is 192.168.8.251.

Figure 6-11 Configuring IPoEv6 access using web authentication
NOTE:

Interface1 in this example is GE 1/0/2.



Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure a local IPv6 address pool.

  2. Configure a pre-authentication domain and an authentication domain for web authentication.

  3. Configure a web authentication server and Device A's interface directly connecting to the web authentication server.

  4. Configure UCL rules and a traffic policy.

  5. Configure a BAS interface.

Data Preparation

To complete the configuration, you need the following data:

  • IPv6 address pool name

  • Domain name

  • Web authentication server's IP address

  • UCL rule numbers

  • Traffic policy name

  • BAS interface parameters

Procedure

  1. Configure a local IPv6 address pool.

    # Configure Device A.

    <DeviceA> system-view
    [~DeviceA] ipv6 prefix prefix1
    [*DeviceA-ipv6-prefix-prefix1] prefix 2000:2021::/64
    [*DeviceA-ipv6-prefix-prefix1] commit
    [~DeviceA-ipv6-prefix-prefix1] quit
    [~DeviceA] ipv6 pool pool_local bas local
    [~DeviceA-ipv6-pool-pool_local] prefix prefix1
    [*DeviceA-ipv6-pool-pool_local] commit
    [~DeviceA-ipv6-pool-pool_local] quit
    [~DeviceA] dhcpv6 duid llt
    [~DeviceA] commit

  2. Configure a domain.

    # Configure the domain default0 as the pre-authentication domain for web authentication.

    [~DeviceA] user-group web-before
    [*DeviceA] commit
    [~DeviceA] aaa
    [~DeviceA-aaa] domain default0
    [~DeviceA-aaa-domain-default0] user-group web-before
    [*DeviceA-aaa-domain-default0] web-server url http://[2000::1]/portal/default.portal
    [*DeviceA-aaa-domain-default0] web-server identical-url
    [*DeviceA-aaa-domain-default0] ipv6-pool pool_local
    [*DeviceA-aaa-domain-default0] authentication-scheme none
    [*DeviceA-aaa-domain-default0] accounting-scheme none
    [*DeviceA-aaa-domain-default0] commit
    [~DeviceA-aaa-domain-default0] quit

    # Configure the domain isp2 as the authentication domain for web authentication.

    [~DeviceA-aaa] domain isp2
    [~DeviceA-aaa-domain-isp2] authentication-scheme none
    [*DeviceA-aaa-domain-isp2] accounting-scheme none
    [*DeviceA-aaa-domain-isp2] commit
    [~DeviceA-aaa-domain-isp2] quit
    [~DeviceA-aaa] quit

  3. Configure a web authentication server and Device A's interface directly connecting to the web authentication server.

    [~DeviceA] web-auth-server 192.168.8.251 port 50100 key cipher Huawei
    [*DeviceA] commit
    [~DeviceA] interface gigabitethernet 1/0/2
    [*DeviceA-GigabitEthernet1/0/2] ip address 192.168.8.250 24
    [*DeviceA-GigabitEthernet1/0/2] commit

  4. Configure UCLs and UCL rules.

    # Configure UCL rules.

    [~DeviceA] acl ipv6 6200
    [*DeviceA-acl6-ucl-6200] rule 5 permit tcp source user-group any destination ipv6-address 2000::1/64
    [*DeviceA-acl6-ucl-6200] commit
    [~DeviceA-acl6-ucl-6200] quit
    [~DeviceA] acl ipv6 6300
    [~DeviceA-acl6-ucl-6300] rule 5 permit tcp source user-group web-before destination-port eq www
    [*DeviceA-acl6-ucl-6300] commit
    [~DeviceA-acl6-ucl-6300] quit

    # Configure a traffic policy.

    [~DeviceA] traffic classifier web_permit
    [~DeviceA-classifier-web_permit] if-match ipv6 acl 6200
    [*DeviceA-classifier-web_permit] commit
    [~DeviceA-classifier-web_permit] quit
    [~DeviceA] traffic behavior web_permit
    [~DeviceA-behavior-web_permit] permit
    [*DeviceA-behavior-web_permit] commit
    [~DeviceA-behavior-web_permit] quit
    [~DeviceA] traffic classifier web_http-redirect
    [~DeviceA-classifier-web_http-redirect] if-match ipv6 acl 6300
    [*DeviceA-classifier-web_http-redirect] commit
    [~DeviceA-classifier-web_http-redirect] quit
    [~DeviceA] traffic behavior web_http-redirect
    [~DeviceA-behavior-web_http-redirect] http-redirect
    [*DeviceA-behavior-web_http-redirect] commit
    [~DeviceA-behavior-web_http-redirect] quit
    [~DeviceA] traffic policy web
    [~DeviceA-policy-web] classifier web_permit behavior web_permit
    [*DeviceA-policy-web] classifier web_http-redirect behavior web_http-redirect
    [*DeviceA-policy-web] commit
    [~DeviceA-policy-web] quit

    # Apply the inbound traffic policy globally.

    [*DeviceA] traffic-policy web inbound
    [*DeviceA] commit

  5. Configure a BAS interface.

    [~DeviceA] interface GigabitEthernet 1/0/2.1
    [~DeviceA-GigabitEthernet1/0/2.1] user-vlan 1 
    [*DeviceA-GigabitEthernet1/0/2.1] ipv6 enable
    [*DeviceA-GigabitEthernet1/0/2.1] ipv6 address auto link-local
    [*DeviceA-GigabitEthernet1/0/2.1] ipv6 nd autoconfig managed-address-flag
    [*DeviceA-GigabitEthernet1/0/2.1] commit
    [~Devicea-GigabitEthernet1/0/2.1] bas
    [~DeviceA-GigabitEthernet1/0/2.1-bas] access-type layer2-subscriber default-domain pre-authentication default0 authentication isp2
    [*DeviceA-GigabitEthernet1/0/2.1-bas] authentication-method-ipv6 web
    [*DeviceA-GigabitEthernet1/0/2.1-bas] commit
    [~DeviceA-GigabitEthernet1/0/2.1-bas] quit
    [~DeviceA-GigabitEthernet1/0/2.1] quit

Configuration Files

  • Device A configuration file

    #
     sysname DeviceA
    #
    user-group web-before
    #
    ipv6 prefix prefix1
     prefix 2000:2021::/64 
    #
    ipv6 pool pool_local bas local
     prefix prefix1
    #
    acl ipv6 number 6200
    rule 5 permit tcp source user-group any destination ipv6-address 2000::1/64
    #
    acl ipv6 number 6300
    rule 5 permit tcp source user-group web-before destination-port eq www
    #
    traffic classifier web_permit 
    if-match ipv6 acl 6200
    traffic classifier web_http-redirect
    if-match ipv6 acl 6300
    #
    traffic behavior web_permit
    permit
    traffic behavior web_http-redirect
    http-redirect
    #
    traffic policy web 
    share-mode
    classifier web_permit behavior web_permit
    classifier web_http-redirect behavior web_http-redirect
    #
    aaa  
     #
     domain default0
      user-group web-before
      web-server url http://[2000::1]/portal/default.portal
      web-server identical-url
      ipv6-pool pool_local
      authentication-scheme none
      accounting-scheme none
     domain isp2
      authentication-scheme none
      accounting-scheme none
    #
    interface GigabitEthernet1/0/2
     undo shutdown
     ip address 192.168.8.250 24
    #
    interface GigabitEthernet1/0/2.1
     user-vlan 1
     ipv6 enable
     ipv6 address auto link-local
     ipv6 nd autoconfig managed-address-flag
     bas
     #
      access-type layer2-subscriber default-domain  pre-authentication  default0 authentication isp2
      authentication-method-ipv6 web
    #
     traffic-policy web inbound
    #
     web-auth-server 192.168.8.251 port 50100 key cipher Huawei
    #
    return
Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055031

Views: 19383

Downloads: 87

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next