No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - User Access 01

This is NE40E V800R010C10SPC500 Configuration Guide - User Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring a Remote Address Pool for DHCPv6 Users' IPv6 Address Assignment

Example for Configuring a Remote Address Pool for DHCPv6 Users' IPv6 Address Assignment

This section provides an example for configuring a user-side remote address pool that is used to assign IPv6 addresses to DHCPv6 users, including the networking requirements, configuration roadmap, configuration procedure, and configuration files.

Networking Requirements

When a DHCPv6 server and clients reside on different links, the Device can function as a Layer 2 access device to relay user requests for IPv6 addresses or prefixes to the DHCPv6 server.

On the network in Figure 5-12, the requirements are as follows:

  • The user accesses the Device in IPoE mode, and the user belongs to the domain isp1.
  • The user is assigned an address on the network segment 2660:2321::/64.
  • RADIUS authentication and accounting are used.
  • The IP address of the RADIUS server is 10.6.55.55. The authentication port number is 1550, and the accounting port number is 1551. The standard RADIUS protocol is used, with the password it-is-my-secret1.
  • The IP address of the DHCPv6 server is 3002:3101::2:2.
Figure 5-12 Configuring a remote address pool to assign IPv6 addresses
NOTE:

Interfaces 1 through 2 in this example are 1/0/1.1, 1/0/2, respectively.



Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure AAA schemes.
  2. Configure a RADIUS server group.
  3. Configure a DHCPv6 server group.
  4. Configure a remote IPv6 prefix pool.
  5. Configure a user-side remote address pool and bind the DHCPv6 server group and IPv6 prefix pool to the address pool.
  6. Configure an AAA domain to be used as the default authentication domain.

  7. Configure a BAS interface.

Data Preparation

To complete the configuration, you need the following data:

  • Remote IPv6 prefix pool name
  • Remote address pool name
  • Assignable IPv6 prefixes and prefix lengths

Procedure

  1. Configure AAA schemes on the Device.

    # Configure an authentication scheme.

    [*Device] aaa
    [*Device-aaa] authentication-scheme auth1
    [*Device-aaa-authen-auth1] authentication-mode radius
    [*Device-aaa-authen-auth1] commit
    [~Device-aaa-authen-auth1] quit

    # Configure an accounting scheme.

    [*Device-aaa] accounting-scheme acct1
    [*Device-aaa-accounting-acct1] accounting-mode radius
    [*Device-aaa-accounting-acct1] commit
    [*Device-aaa-accounting-acct1] quit
    [~Device-aaa] quit

  2. Configure a RADIUS server group on the Device.

    [*Device] radius-server group rd1
    [*Device-radius-rd1] radius-server authentication 10.6.55.55 1550
    [*Device-radius-rd1] radius-server accounting 10.6.55.55 1551
    [*Device-radius-rd1] radius-server type standard
    [*Device-radius-rd1] radius-server shared-key-cipher it-is-my-secret1
    [*Device-radius-rd1] commit
    [~Device-radius-rd1] quit

  3. Configure a DHCPv6 server group named server1 on the Device.

    [*Device] dhcpv6-server group server1
     Info: It's successful to create a DHCPV6 server group
    [*Device-dhcpv6-server-group-server1] dhcpv6-server destination 3002:3101::2:2
    [*Device- dhcpv6-server-group-server1] commit
    [~Device- dhcpv6-server-group-server1] quit

  4. Configure a remote IPv6 prefix pool named pre1 on the Device.

    [*Device] ipv6 prefix pre1 remote
      Info:Create a prefix pool
    [*Device-ipv6-prefix-pre1] link-address 2660:2321::1/64
    [*Device-ipv6-prefix-pre1] dhcpv6-only
    [*Device-ipv6-prefix-pre1] commit
    [~Device-ipv6-prefix-pre1] quit
    NOTE:

    The dhcpv6-only command allows the IPv6 prefix pool to be used for IPv6 address or prefix assignment only for DHCPv6 users. If the dhcpv6-only command is not run, the IPv6 prefix pool can be used for both ND and DHCPv6 users.

  5. Configure a user-side remote address pool named pool1 on the Device.

    [*Device] ipv6 pool pool1 bas remote
    [*Device-ipv6-pool-pool1] prefix pre1
    [*Device-ipv6-pool-pool1] dhcpv6-server group server1
    [*Device-ipv6-pool-pool1] commit
    [~Device-ipv6-pool-pool1] quit

  6. Configure a domain named isp1 on the Device.

    [*Device] aaa
    [*Device-aaa] domain isp1
    [*Device-aaa-domain-isp1] authentication-scheme auth1
    [*Device-aaa-domain-isp1] accounting-scheme acct1
    [*Device-aaa-domain-isp1] radius-server group rd1
    [*Device-aaa-domain-isp1] ipv6-pool pool1
    [*Device-aaa-domain-isp1] commit
    [~Device-aaa-domain-isp1] quit
    [~Device-aaa] quit

  7. Configure a BAS interface.

    # Enable IPv6 and configure M and O flags on a user access interface on the Device.

    [*Device-GigabitEthernet 1/0/1.1] ipv6 enable
    [*Device-GigabitEthernet 1/0/1.1] ipv6 address auto link-local
    [*Device-GigabitEthernet 1/0/1.1] ipv6 nd autoconfig managed-address-flag
    [*Device-GigabitEthernet 1/0/1.1] ipv6 nd autoconfig other-flag
    [*Device-GigabitEthernet 1/0/1.1] commit
    [~Device-GigabitEthernet 1/0/1.1] quit

    # Configure the interface as a BAS interface.

    [*Device] interface GigabitEthernet 1/0/1.1
    [HUAWEI-GigabitEthernet 1/0/1.1] user-vlan 1 20
    [HUAWEI-GigabitEthernet 1/0/1.1-vlan-1-20] quit
    [*Device-GigabitEthernet 1/0/1.1] bas
    [*Device-GigabitEthernet 1/0/1.1-bas] access-type layer2-subscriber default-domain authentication isp1
    [*Device-GigabitEthernet 1/0/1.1-bas] authentication-method-ipv6 bind
    [*Device-GigabitEthernet 1/0/1.1-bas] commit
    [~Device-GigabitEthernet 1/0/1.1-bas] quit
    NOTE:
    • In bind authentication, the user name is automatically generated based on the NE40E's location and domain name. Therefore, configure a user name based on the generation rule and configure the password vlan on the RADIUS server.

    • For details on the user name generation rule used in bind authentication, see vlanpvc-to-username in HUAWEI NetEngine40E Universal Service Router Command Reference.

  8. Verify the configuration.

    # Display information about the prefix pool named pre1. The command output shows that the prefix pool is a remote prefix pool with the prefix address of 2660:2321::/64.

    <Device> display ipv6 prefix pre1
    -------------------------------------------------------------
    Prefix Name        : pre1
     Prefix Index       : 5
     Prefix constant index: -
     Prefix Type        : REMOTE
     Link-Address       : 2660:2321::1
     Prefix Length      : 64
     Reserved Type      : NONE
     IfLocked           : Unlocked
     Vpn instance       : -
     Lease manage       : false
     Reserved Prefix Count: 0
     Excluded Prefix Count: 0     
    ------------------------------------------------------------- 

    # Display information about the address pool named pool1. The command output shows that the address pool is a user-side remote address pool and the address pool is bound to the remote prefix pool named pre1.

    <Device> display ipv6 pool pool1
    ---------------------------------------------------------------
     Pool name          : pool1
     Pool No            : 3
     Pool constant index: -
     Pool type          : BAS REMOTE
     RUI-Flag           : -
     Preference         : 255
     Renew time         : 50
     Rebind time        : 80
     Status             : UNLOCKED
     Refresh interval   : infinite
     Used by domain     : 1
     Dhcpv6 Unicast     : disable
     Dhcpv6 rapid-commit: disable
     Dns list           : -
     Dns server master  : -
     Dns server slave   : -
     AFTR name          : -
     State              : UP
     Server down times  : 0
     ----------------------------------------------------------------------
     Prefix-Name                      Prefix-Type
     ----------------------------------------------------------------------
     pre1                             REMOTE
     --------------------------------------------------------------- 

  9. Run commit

    The configuration is committed.

Configuration Files

#
ipv6
#
radius-server group rd1
 radius-server authentication 10.6.55.55 1550 weight 0
radius-server accounting 10.6.55.55 1551 weight 0
radius-server shared-key-cipher %^%#vS%796FO7%C~pB%CR=q;j}gSCqR-X6+P!.DYI@)%^%
#
dhcpv6-server group server1
 dhcpv6-server destination 3002:3101::2:2
#
ipv6 prefix pre1 remote
link-address 2660:2321::1/64
#
ipv6 pool pool1 bas remote
prefix pre1
dhcpv6-server group server1
#
aaa
authentication-scheme default0
 authentication-scheme default1
authentication-scheme auth1
authentication-mode radius
#
accounting-scheme default0
 accounting-scheme default1
accounting-scheme acct1
accounting-mode radius
#
domain isp1
  authentication-scheme auth1
  accounting-scheme acct1
  radius-server group rd1
  ipv6-pool pool1    
#
interface GigabitEthernet1/0/1.1
 user-vlan 1 20
 ipv6 enable
 ipv6 address auto link-local
 ipv6 nd autoconfig managed-address-flag
 ipv6 nd autoconfig other-flag
 bas
 #
  access-type layer2-subscriber default-domain authentication isp1
  authentication-method-ipv6 bind
#
return
Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055031

Views: 17424

Downloads: 70

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next