No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - User Access 01

This is NE40E V800R010C10SPC500 Configuration Guide - User Access
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring L2TP Two-Node Hot Backup

Example for Configuring L2TP Two-Node Hot Backup

This section provides an example for configuring L2TP two-node hot backup, including networking requirements, configuration roadmap, configuration procedure, and configuration files.

Networking Requirements

L2TP tunnels can be used to provide enterprise user access services and wholesale services. As these services are the major services that operators provide and have high user experience requirements, L2TP tunnels must support high reliability. L2TP two-node hot backup, in addition to BRAS user information backup, is required on the master and slave routers.

On the network as shown in Figure 11-6, users access LAC1 and LAC2 through a LAN switch (LSW). The two LACs run VRRP to determine the master and backup status. Both LACs are configured so that users get online through the master LAC. Each of LACs sets up an L2TP tunnel with the LNS. L2TP two-node hot backup is configured on LAC1 and LAC2 so that users rapidly can restore services without re-dialing up if a fault occurs on the access or network side.

Figure 11-6 L2TP two-node hot backup
NOTE:

Interface 1 and interface 2 in this example are GE 1/0/0, GE 2/0/0, respectively.



Device Name Interface Name IP Address
LAC1 GE1/0/0.2 10.0.1.1/24 (IP address of the interface running VRRP)
GE2/0/0 10.0.2.1/24
Loopback1 7.7.7.7/32 (source IP address for LAC1 to establish a tunnel)
Loopback2 8.8.8.8/32 (source IP address for LAC2 to establish a tunnel)
Loopback3 10.0.0.1/32 (IP address of the data backup channel between LACs)
LAC2 GE1/0/0.2 10.0.1.2/24 (IP address of the interface running VRRP)
GE2/0/0 10.0.3.1/24
Loopback1 7.7.7.7/32 (source IP address for LAC1 to establish a tunnel)
Loopback2 8.8.8.8/32 (source IP address for LAC2 to establish a tunnel)
Loopback3 10.0.0.2/32 (IP address of the data backup channel between LACs)

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure routes to ensure IP connectivity between devices, then configure the route policy on LAC1 and LAC2. For details, see HUAWEI NetEngine40E Universal Service Router Configuration Guide - IP Routing.

  2. Configure basic user access functions and ensure that the two LACs have the same configuration. For details, see HUAWEI NetEngine40E Universal Service Router Configuration Guide - User Access.

  3. Each of LACs sets up an L2TP tunnel with the LNS.

  4. Establish a multi-node backup platform. Configure an RBS on the network side of the master and backup routers (LAC1 and LAC2). LAC1 is the master and LAC2 is the backup.

  5. Configure a VRRP backup group on the access side of two routers (LAC1 and LAC2) to determine the master and backup status. Create a BFD session, and configure the VRRP backup group to track the BFD session.
  6. Configure an RBP for backing up BRAS user information and L2TP services, and enable remote backup service for BRAS user information and L2TP services.

  7. Bind an RBP to an interface from which users get online.

NOTE:

The configuration on LAC2 is similar to the configuration on LAC1. The configuration procedure on LAC1 is used in this example. For details about configurations on LAC2, see the configuration file of LAC2.

Data Preparation

To complete the configuration, you need the following data:

  • VRRP parameters such as a VRID and a preemption delay

  • BFD parameters such as the local and remote discriminators and expected minimum interval at which BFD Control packets are sent and received

  • IP address of each interface on LAC1 and LAC2

  • Backup ID, which works together with an RBS to identify an RBP to which users belong

  • User access parameters

  • L2TP group parameters such as an authentication password and an interval at which Hello packets are sent

Procedure

  1. Assign an IP address to each loopback interface and configure a VT interface and a BAS interface.

    <Device> system-view
    [Device] sysname LAC1

    # Assign an IP address to a loopback interface directly connecting LAC1 to the LNS so that the route to the loopback interface can be advertised.

    [LAC1] interface loopback1
    [LAC1-loopback1] ip address 7.7.7.7 32
    [LAC1-loopback1] quit

    # Assign an IP address to a loopback interface directly connecting LAC1 to the LAC2 so that the route to the loopback interface can be advertised.

    [LAC1] interface loopback2
    [LAC1-loopback2] ip address 8.8.8.8 32
    [LAC1-loopback2] quit

    # Configure VT interface 1.

    [LAC1] interface virtual-template 1
    [LAC1-Virtual-Template1] ppp authentication-mode chap
    [LAC1-Virtual-Template1] quit

    # Bind VT interface 1 to GE 1/0/0.1 and configure a user VLAN.

    [LAC1] interface gigabitethernet 1/0/0.1
    [LAC1-GigabitEthernet1/0/0.1] pppoe-server bind virtual-template 1
    [LAC1-GigabitEthernet1/0/0.1] user-vlan 1 100
    [LAC1-GigabitEthernet1/0/0.1-vlan-1-100] quit

    # Configure a BAS interface.

    [LAC1-GigabitEthernet1/0/0.1] bas
    [LAC1-GigabitEthernet1/0/0.1-bas] access-type layer2-subscriber
    [LAC1-GigabitEthernet1/0/0.1-bas] authentication-method ppp
    [LAC1-GigabitEthernet1/0/0.1-bas] access-delay 500 even-mac
    [LAC1-GigabitEthernet1/0/0.1-bas] quit
    [LAC1-GigabitEthernet1/0/0.1] quit

  2. Set up an L2TP tunnel between LAC1 and the LNS.

    NOTE:

    In the two-node hot backup scenario, run the set l2tp tunnel base-id base-id command on either of LACs to set a base value used by the LAC to allocate L2TP tunnel IDs. The other LAC uses the default base value of 0. The settings ensure to a certain extent that each tunnel ID is unique on a single router.

    # Assign an IP address to a loopback interface directly connecting LAC1 to the LNS so that the route to the loopback interface can be advertised.

    [LAC1] interface gigabitethernet 2/0/0
    [LAC1-GigabitEthernet2/0/0] ip address 10.0.2.1 255.255.255.0
    [LAC1-GigabitEthernet2/0/0] quit

    # Configure an L2TP group and its attributes.

    [LAC1] l2tp enable
    [LAC1] l2tp-group lac1
    [LAC1-l2tp-lac1] tunnel name lac1
    [LAC1-l2tp-lac1] start l2tp ip 3.3.3.3
    [LAC1-l2tp-lac1] tunnel authentication
    [LAC1-l2tp-lac1] tunnel password simple Huawei-123
    [LAC1-l2tp-lac1] tunnel source loopback1 rui
    [LAC1-l2tp-lac1] tunnel timer hello 200
    [LAC1-l2tp-lac1] quit

    # Configure a RADIUS server.

    [LAC1] radius-server group radius1
    [LAC1-radius-radius1] radius-server authentication 20.20.20.1 1812
    [LAC1-radius-radius1] radius-server accounting 20.20.20.1 1813
    [LAC1-radius-radius1] radius-server shared-key itellin
    [LAC1-radius-radius1] quit

    # Configure a domain to which users belong.

    [LAC1] aaa
    [LAC1-aaa] domain domain1
    [LAC1-aaa-domain-domain1] l2tp-group lac1
    [LAC1-aaa-domain-domain1] radius-server group radius1
    [LAC1-aaa-domain-domain1] authentication-scheme default1
    [LAC1-aaa-domain-domain1] accounting-scheme default1
    [LAC1-aaa-domain-domain1] quit
    [LAC1-aaa] quit

  3. Configure a VRRP backup group on the access side of two routers (LAC1 and LAC2) to determine the master and backup status. Create a BFD session, and configure the VRRP backup group to track the BFD session.

    # Configure a VRRP link BFD session to rapidly detect faults in interfaces or links and trigger a master/backup VRRP switchover.

    [LAC1] bfd bfd-acc bind peer-ip 10.0.1.2
    [LAC1-bfd-session-bfd-acc] discriminator local 1
    [LAC1-bfd-session-bfd-acc] discriminator remote 1
    [LAC1-bfd-session-bfd-acc] commit
    [LAC1-bfd-session-bfd-acc] quit

    # Configure a VRRP peer BFD session to rapidly detect network-side faults.

    [LAC1] bfd bfd-net bind peer-ip 10.0.0.2 
    [LAC1-bfd-session-bfd-net] discriminator local 3 
    [LAC1-bfd-session-bfd-net] discriminator remote 3 
    [LAC1-bfd-session-bfd-net] commit 
    [LAC1-bfd-session-bfd-net] quit
    

    # Configure a VRRP backup group on GE 1/0/0.2, and configure the VRRP backup group to track the BFD session and a network-side interface. Enable the original master VRRP device to preempt the Master state after 30 minutes.

    [LAC1] interface gigabitethernet 1/0/0.2
    [LAC1-GigabitEthernet1/0/0.2] vlan-type dot1q 200
    [LAC1-GigabitEthernet1/0/0.2] ip address 10.0.1.1 255.255.255.0
    [LAC1-GigabitEthernet1/0/0.2] vrrp vrid 1 virtual-ip 10.0.1.100
    [LAC1-GigabitEthernet1/0/0.2] admin-vrrp vrid 1
    [LAC1-GigabitEthernet1/0/0.2] vrrp vrid 1 priority 120
    [LAC1-GigabitEthernet1/0/0.2] vrrp vrid 1 preempt-mode timer delay 1800
    [LAC1-GigabitEthernet1/0/0.2] vrrp vrid 1 track bfd-session 1 link
    [LAC1-GigabitEthernet1/0/0.2] vrrp vrid 1 track bfd-session 1 peer
    [LAC1-GigabitEthernet1/0/0.2] vrrp vrid 1 track interface gigabitethernet 2/0/0 reduced 50
    [LAC1-GigabitEthernet1/0/0.2] quit

  4. Configure an RBS and an RBP.

    # Configure an IP address for an RBS.

    [LAC1] interface loopback3
    [LAC1-loopback3] ip address 10.0.0.1 32
    [LAC1-loopback3] quit

    # Configure an RBS.

    [LAC1] remote-backup-service s1
    [LAC1-rm-backup-srv-s1] peer 10.0.0.2 source 10.0.0.1 port 4500
    [LAC1-rm-backup-srv-s1] quit

    # Configure an RBP for backing up BRAS user information and L2TP services.

    [LAC1] remote-backup-profile p1
    [LAC1-rm-backup-prf-p1] peer-backup hot
    [LAC1-rm-backup-prf-p1] vrrp-id 1 interface gigabitethernet 1/0/0.2
    [LAC1-rm-backup-prf-p1] backup-id 10 remote-backup-service s1
    [LAC1-rm-backup-prf-p1] service-type bras
    [LAC1-rm-backup-prf-p1] service-type l2tp
    [LAC1-rm-backup-prf-p1] quit

    # Bind the RBP to the interface from which users get online.

    [LAC1] interface gigabitethernet 1/0/0.1
    [LAC1-GigabitEthernet1/0/0.1] remote-backup-profile p1
    [LAC1-GigabitEthernet1/0/0.1] quit

  5. Configure a policy to filter OSPF routes to be advertised.

    # Configure a policy to filter OSPF routes to be advertised on Device LAC1.

    [LAC1] system view
    [LAC1-ospf-1] ospf 1
    [LAC1-ospf-1] preference 100
    [LAC1-ospf-1] default cost inherit-metric
    [LAC1-ospf-1] import-route direct
    [LAC1-ospf-1] area 0.0.0.0
    [LAC1-ospf-1-area-0.0.0.0] network 10.0.0.0 0.0.0.255
    [LAC1-ospf-1-area-0.0.0.0] network 10.0.2.0 0.0.0.255
    [LAC1-ospf-1-area-0.0.0.0] network 10.0.3.0 0.0.0.255

    # Configure a policy to filter OSPF routes to be advertised on Device LAC2.

    [LAC2] system view
    [LAC2-ospf-1] ospf 1
    [LAC2-ospf-1] default cost inherit-metric
    [LAC2-ospf-1] import-route direct
    [LAC2-ospf-1] preference 100
    [LAC2-ospf-1] area 0.0.0.0
    [LAC2-ospf-1-area-0.0.0.0] network 10.0.0.0 0.0.0.255
    [LAC2-ospf-1-area-0.0.0.0] network 10.0.2.0 0.0.0.255
    [LAC2-ospf-1-area-0.0.0.0] network 10.0.3.0 0.0.0.255

  6. Verify the configuration.

    After completing the configurations, run the display vrrp command on each LAC to view the master and backup VRRP status. LAC1 is in the Master state; its BFD session is UP; the preemption delay is 300. LAC2 is in the Backup state.

    <lac1> display vrrp
      Eth-Trunk1.2 | Virtual Router 1
        State : Master
        Virtual IP : 10.0.1.100
        Master IP : 10.0.1.1
        PriorityRun : 120
        PriorityConfig : 120
        MasterPriority : 120
        Preempt : YES   Delay Time : 1800
        TimerRun : 5 s
        TimerConfig : 5 s
        Auth Type : NONE
        Virtual Mac : 0000-5e00-0101
        Check TTL : YES
        Config type : admin-vrrp
        Track IF : GigabitEthernet2/0/0   Priority reduced : 100
        IF State : UP
        Config track link-bfd down-number : 0
        Track BFD : 1  type: link
        BFD-session state : UP
        Track BFD : 3  type: peer
        BFD-session state : UP
        Create time : 2000-05-11 17:38:16
        Last change time : 2000-05-13 12:58:20    
    <lac2> display vrrp
      Eth-Trunk1.2 | Virtual Router 1
        State : Backup
        Virtual IP : 10.0.1.100
        Master IP : 10.0.1.1
        PriorityRun : 100
        PriorityConfig : 100
        MasterPriority : 120
        Preempt : YES   Delay Time : 0
        TimerRun : 5 s
        TimerConfig : 5 s
        Auth Type : NONE
        Virtual Mac : 0000-5e00-0101
        Check TTL : YES
        Config type : admin-vrrp
        Config track link-bfd down-number : 0
        Track BFD : 1  type: link
        BFD-session state : UP
        Track BFD : 3  type: peer
        BFD-session state : UP
        Create time : 2011-08-02 16:13:43
        Last change time : 2011-08-04 12:01:58
    

    After successfully configuring L2TP two-node hot backup, run the display remote-backup-profile command on each LAC. The RBS type is bras l2tp; LAC1 is in the Master state; LAC2 is in the Slave state.

    <lac1> display remote-backup-profile p1
     -----------------------------------------------
     Profile-Index         : 0x800
     Profile-Name         : p1
     Service              : bras l2tp
     Remote-backup-service : s1
     Backup-ID            : 10
     track protocol         : VRRP
     VRRP-ID              : 1
     VRRP-Interface         : Gigabitethernet 1/0/0.2
     Interface            :
                         Gigabitethernet 1/0/0.1
     State                : Master
     Peer State            : Slave
     Backup mode         : hot
     Slot-Number          : --
     Card-Number          : --
     Port-Number          : --
     Traffic threshold       : --
     Traffic interval         : 1(minutes)  
    <lac2> display remote-backup-profile p1
     -----------------------------------------------
     Profile-Index        : 0x800
     Profile-Name         : p1
     Service              : bras l2tp
     Remote-backup-service: s1
     Backup-ID            : 10
     track protocol       : VRRP
     VRRP-ID              : 1
     VRRP-Interface       : Gigabitethernet 1/0/0.2
     Interface            :
                            Gigabitethernet 1/0/0.1
     State                : Slave
     Peer State           : Master
     Backup mode          : hot
     Slot-Number          : --
     Card-Number          : --
     Port-Number          : --
     Traffic threshold    : --
     Traffic interval     : 1(minutes)

Configuration Files

  • Configuration file of LAC1

    #
    sysname LAC1
    #
    radius-server group radius1
     radius-server authentication 20.20.20.1 1812
     radius-server accounting 20.20.20.1 1813
     radius-server shared-key itellin
    #    
     peer-backup route-cost auto-advertising
    #
    aaa 
     local-user a password cipher 1qaz@WSX   
     local-user a service-type ftp    
     local-user a ftp-directory cfcard: 
     local-user b password cipher abcd@EFG   
     local-user b service-type ftp    
     local-user c password simple Huawei-123   
     local-user c service-type ftp 
     authentication-scheme default1   
      authentication-mode radius local   
     #
     domain domain1    
      l2tp-group lac1
      radius-server group radius1
      authentication-scheme default1
      accounting-scheme default1
     # 
    remote-backup-service s1
     peer 10.0.0.2 source 10.0.0.1 port 4500
    #
    remote-backup-profile p1
     service-type bras
     service-type l2tp
     peer-backup hot
     vrrp-id 1 interface gigabitethernet 1/0/0.2
     backup-id 10 remote-backup-service s1
    #
    interface virtual-template 1
     ppp authentication-mode chap 
    #   
    interface GigabitEthernet1/0/0    
     speed auto 
     duplex auto
     undo shutdown     
     ip address 128.3.150.242 255.255.0.0     
    #   
    interface GigabitEthernet 1/0/0.1
     pppoe-server bind virtual-template 1
     user-vlan 1 100
     remote-backup-profile p1
     #
     bas
      access-type layer2-subscriber
      authentication-method ppp
     #
    #
    interface gigabitethernet 1/0/0.2
     vlan-type dot1q 200
     ip address 10.0.1.1 255.255.255.0
     vrrp vrid 1 virtual-ip 10.0.1.100
     admin-vrrp vrid 1
     vrrp vrid 1 priority 120
     vrrp vrid 1 preempt-mode timer delay 1800
     vrrp vrid 1 track bfd-session 1 link
     vrrp vrid 1 track bfd-session 3 peer
     vrrp vrid 1 track interface gigabitethernet 2/0/0 reduced 50
    #  
    interface gigabitethernet 2/0/0
     ip address 10.0.2.1 255.255.255.0
     quit
    #
    interface LoopBack1
     ip address 7.7.7.7 255.255.255.255 
    #     
    interface LoopBack2 
     ip address 8.8.8.8 255.255.255.255 
    #
    interface LoopBack3
     ip address 10.0.0.1 255.255.255.255
    # 
    l2tp enable
    l2tp-group lac1
     tunnel name lac1
     start l2tp ip 3.3.3.3
     tunnel authentication
     tunnel password simple Huawei-123
     tunnel source loopback1 rui
     tunnel timer hello 200
    #
    bfd bfd-net bind peer-ip 10.0.0.2
     discriminator local 3
     discriminator remote 3
     commit  
    #   
    ospf 1
     preference 100    
     default cost inherit-metric
     import-route direct
     area 0.0.0.0
      network 10.0.0.0 0.0.0.255  
      network 10.0.2.0 0.0.0.255 
      network 10.0.3.0 0.0.0.255    
    #   
    
  • Configuration file of LAC2

    #
    sysname LAC2
    #
    radius-server group radius1
     radius-server authentication 20.20.20.1 1812
     radius-server accounting 20.20.20.1 1813
     radius-server shared-key itellin
    #    
     peer-backup route-cost auto-advertising
    #
    aaa 
     local-user a password cipher rere@ERS   
     local-user a service-type ftp    
     local-user a ftp-directory cfcard: 
     local-user b password cipher oipo@TRT   
     local-user b service-type ftp    
     local-user c password simple Huawei-123   
     local-user c service-type ftp 
     authentication-scheme default1   
      authentication-mode radius local   
     #
     domain domain1    
      l2tp-group lac1
      radius-server group radius1
      authentication-scheme default1
      accounting-scheme default1
     # 
    remote-backup-service s1
     peer 10.0.0.1 source 10.0.0.2 port 4500
    #
    remote-backup-profile p1
     service-type bras
     service-type l2tp
     peer-backup hot
     vrrp-id 1 interface gigabitethernet 1/0/0.2
     backup-id 10 remote-backup-service s1
    #
    interface virtual-template 1
     ppp authentication-mode chap 
    #   
    interface GigabitEthernet 1/0/0    
     speed auto 
     duplex auto
     undo shutdown     
     ip address 128.3.150.241 255.255.0.0     
    #   
    interface GigabitEthernet 1/0/0.1
     pppoe-server bind virtual-template 1
     user-vlan 1 100
     remote-backup-profile p1
     #
     bas
      access-type layer2-subscriber
      authentication-method ppp
     #
    #
    interface gigabitethernet 1/0/0.2
     vlan-type dot1q 200
     ip address 10.0.1.2 255.255.255.0
     vrrp vrid 1 virtual-ip 10.0.1.100
     admin-vrrp vrid 1
     vrrp vrid 1 preempt-mode timer delay 300
     vrrp vrid 1 track bfd-session 1 peer
    #  
    interface gigabitethernet 2/0/0
     ip address 10.0.2.2 255.255.255.0
     quit
    #
    interface LoopBack1
     ip address 7.7.7.7 255.255.255.255 
    #     
    interface LoopBack2 
     ip address 8.8.8.8 255.255.255.255 
    #
    interface LoopBack3
     ip address 10.0.0.2 255.255.255.255
    # 
    l2tp enable
    l2tp-group lac1
     tunnel name lac1
     start l2tp ip 3.3.3.3
     tunnel authentication
     tunnel password simple Huawei-123
     tunnel source loopback2 rui
     tunnel timer hello 200
    #
    bfd bfd-net bind peer-ip 10.0.0.1
     discriminator local 3
     discriminator remote 3
     commit  
    #   
    ospf 1
      default cost inherit-metric
      import-route direct
     preference 100    
     area 0.0.0.0
      network 10.0.0.0 0.0.0.255  
      network 10.0.2.0 0.0.0.255 
      network 10.0.3.0 0.0.0.255    
    #   
    
Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055031

Views: 17293

Downloads: 70

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next