No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - User Access 01

This is NE40E V800R010C10SPC500 Configuration Guide - User Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring L2TP Session-based QoS Scheduling for User Access

Example for Configuring L2TP Session-based QoS Scheduling for User Access

This section provides an example for configuring L2TP session-based QoS scheduling for user access, including the networking requirements, configuration roadmap, configuration procedure, and configuration files.

Networking Requirement

As shown in Figure 10-12, the NE40E functions as the LNS of the L2TP tunnel. The process of a VPN user accessing the company headquarters is as follows:

  • The user dials up to access the Internet.

  • The NAS authenticates the user and initiates a request for setting up a tunnel to the LNS if it finds that the user is a VPN user.

  • After a tunnel is set up between the NAS and the LNS, the NAS sends packets carrying the contents negotiated between the NAS and the VPN user to the LNS.

  • The LNS determines whether to accept the connection according to the negotiation.

  • The user communicates with the company headquarters through the tunnel between the NAS and the LNS.

  • The user accesses the network using the domain doma1 and obtains its IP address from the address pool pool1.

L2TP QoS scheduling by session needs to be configured for the LNS, ensuring the following:

  • Each user in the domain uses the CIR of 10 Mbit/s and the PIR of 20 Mbit/s.

  • All users on the L2TP tunnel share the PIR of 100 Mbit/s.

Figure 10-12 Networking for configuring L2TP session-based QoS scheduling for user access

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure the LAC.

  2. Configure the LNS, with the NE40E functioning as the LNS.

  3. Configure the scheduling profile and QoS profile.

  4. Apply the QoS profile to the domain.

  5. Configure L2TP QoS scheduling by session for the L2TP group.

Data Preparation

To complete the configuration, you need the following data:

  • Loopback address

  • Name, network segment, and gateway of the address pool

  • Name of the domain to which users belong

  • Names of the scheduling profile and QoS profile

Procedure

  1. Configure the user side.

    Enter vpdnuser@doma1 as the VPN user name, 1qaz@WSX as the password, and 170 as the dial-in number in the dial-up window to dial in. In the displayed dial-up dialog box, enter username as the user name and Userpass0 as the password for RADIUS authentication.

  2. Configure the NAS.

    The configuration procedure is not provided here. For details, see the relevant manual.

    Use the NAS as the LAC.

    # Configure 170 as the dial-in number on the NAS.

    # Create a VPN user on the RADIUS server with user name username and password Userpass0, and configure the IP address for the LNS (In this case, the IP address of the LNS is 192.168.0.1).

    # Set the local device name to lac and perform tunnel authentication with the tunnel authentication password being 1qaz#EDC.

  3. Configure the NE40E (LNS).

    # Create a virtual template and configure it.

    <Device> system-view
    [~Device] interface virtual-template 1
    [*Device-Virtual-Template1] ppp authentication-mode chap
    [*Device-Virtual-Template1] commit
    [~Device-Virtual-Template1] quit

    # Enable the L2TP service and create a L2TP group.

    [~Device] l2tp enable
    [~Device] l2tp-group lns1

    # Configure the name of the LNS and the name of the peer end of the tunnel.

    [*Device-l2tp-lns1] tunnel name LNS
    [*Device-l2tp-lns1] allow l2tp virtual-template 1 remote lac

    # Configure tunnel authentication and set the password for tunnel authentication.

    [*Device-l2tp-lns1] tunnel authentication
    [*Device-l2tp-lns1] tunnel password simple 1qaz#EDC
    [*Device-l2tp-lns1] commit
    [~Device-l2tp-lns1] quit

    # Define an address pool and allocate IP addresses to dial-in users.

    [~Device] ip pool pool1 bas local
    [*Device-ip-pool-pool1] gateway 10.10.10.1 255.255.255.0
    [*Device-ip-pool-pool1] section 0 10.10.10.2 10.10.10.100
    [*Device-ip-pool-pool1] commit
    [~Device-ip-pool-pool1] quit

    # Configure the RADIUS server.

    [~Device] radius-server group radius1
    [*Device-radius-radius1] radius-server authentication 20.20.20.1 1812
    [*Device-radius-radius1] radius-server accounting 20.20.20.1 1813
    [*Device-radius-radius1] radius-server shared-key itellin
    [*Device-radius-radius1] commit
    [~Device-radius-radius1] quit

    # Configure the domain named doma1.

    [~Device] aaa
    [*Device-aaa] domain doma1
    [*Device-aaa-domain-domain1] radius-server group radius1
    [*Device-aaa-domain-doma1] authentication-scheme default1
    [*Device-aaa-domain-doma1] accounting-scheme default1
    [*Device-aaa-domain-doma1] ip-pool pool1
    [*Device-aaa-domain-doma1] commit
    [~Device-aaa-domain-doma1] quit
    [~Device-aaa] quit

    # Configure loopback 0.

    [~Device] interface loopback 0
    [*Device-LoopBack0] ip address 192.168.0.1 255.255.255.255
    [*Device-LoopBack0] commit
    [~Device-LoopBack0] quit

    # Create an LNS group named group1.

    [~Device] lns-group group1

    # Bind loopback 0 to the LNS group.

    [*Device-lns-group-group1] bind slot 1 

    # Specify the tunnel board in slot 1 for the LNS group.

    [*Device-lns-group-group1] bind source loopback 0
    [*Device-lns-group-group1] commit
    [~Device-lns-group-group1] quit

  4. Configure the scheduling profile and QoS profile.

    # Configure the QoS profile.

    [~Device] qos-profile pro1
    [*Device-qos-pro1] user-queue cir 10000 pir 20000 inbound
    [*Device-qos-pro1] user-queue cir 10000 pir 20000 outbound
    [*Device-qos-pro1] commit
    [~Device-qos-pro1] quit
    [~Device] user-group-queue pro2 slot 1 
    [*Device-user-group-queue-pro2-slot-1] shaping 100000 inbound
    [*Device-user-group-queue-pro2-slot-1] commit
    [~Device-user-group-queue-pro2-slot-1] quit

  5. Apply the QoS profile to the domain.

    [~Device] aaa
    [*Device-aaa] domain doma1
    [*Device-aaa-domain-doma1] qos-profile pro1 inbound lns-gts
    [*Device-aaa-domain-doma1] commit
    [~Device-aaa-domain-doma1] quit
    [~Device-aaa] quit

  6. Set QoS scheduling by session for the L2TP group, and apply user-group-queue pro2 to the L2TP group.

    [~Device] l2tp-group lns1
    [*Device-l2tp-lns1] qos scheduling-mode session
    [*Device-l2tp-lns1] user-group-queue pro2 inbound
    [*Device-l2tp-lns1] commit
    [~Device-l2tp-lns1] quit

  7. Verify the configuration.

    Run the display l2tp-group command to check the scheduling mode configured for the L2TP group.

    <HUAWEI> display l2tp-group lns1                                                
     -----------------------------------------------                                
     L2tp-index      : 3                                                            
     Group-Name      : lns1                                                            
     .........
     QOS-mode        : session                                                      
    .........
     -----------------------------------------------                                

    Run the display domain command to check the QoS profile configured for the L2TP group.

    <HUAWEI> display domain doma1                                                
     ------------------------------------------------------------------------------
      Domain-name                     : doma1                                       
      Domain-state                    : Active                                      
    ...............
      L2TP-QosProfile-inbound         : pro1                                        
    ...............
      ------------------------------------------------------------------------------

Configuration Files

#
 sysname HUAWEI
#
 l2tp enable
#
radius-server group radius1
 radius-server authentication 20.20.20.1 1812 
 radius-server accounting 20.20.20.1 1813 
 radius-server shared-key itellin
#
qos-profile pro1
 user-queue cir 10000 pir 20000 inbound
 user-queue cir 10000 pir 20000 outbound
#
user-group-queue pro2
 shaping 100000 inbound
#
interface Virtual-Template1
 ppp authentication-mode chap 
#
interface GigabitEthernet1/0/0
 undo shutdown 
#
interface GigabitEthernet1/0/0.2
 pppoe-server bind Virtual-Template 1
 user-vlan 270 277
 undo shutdown 
 bas
  access-type layer2-subscriber
#
interface LoopBack0
 ip address 192.168.0.1 255.255.255.255
#
l2tp-group lns1
 allow l2tp virtual-template 1 remote lac
 tunnel password simple 1qaz#EDC
 tunnel name LNS
 qos scheduling-mode session
 user-group-queue pro2 inbound
#
lns-group group1
 bind slot 1 
 bind source LoopBack0
#
ip pool pool1 bas local
 gateway 10.10.10.1 255.255.255.0
 section 0 10.10.10.2 10.10.10.100
#
aaa
 domain  doma1 
  radius-server group  radius1
  authentication-scheme   default1
  accounting-scheme   default1
  ip-pool   pool1
  qos-profile pro1 inbound lns-gts
#
return
Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055031

Views: 17475

Downloads: 70

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next