No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - User Access 01

This is NE40E V800R010C10SPC500 Configuration Guide - User Access
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring the Ethernet Layer 3 Leased Line Access

Example for Configuring the Ethernet Layer 3 Leased Line Access

This section provides an example for configuring Ethernet Layer 3 leased line access services based on a networking diagram, including the networking requirements, configuration roadmap, configuration procedure, and configuration files.

Networking Requirements

The networking is shown in Figure 6-17. The requirements are as follows:

  • The user accesses the Internet by using GE 1/0/6.1 on the router in the Ethernet Layer 3 leased line mode.

  • The user name is layer3lease1@isp1 for the leased line.

  • The network segment for the Layer 3 leased line user is 11.11.11.0/24.

  • RADIUS authentication and RADIUS accounting are used. The IP address of the RADIUS server is 192.168.8.249. The authentication port number is 1812 and the accounting port number is 1813. The RADIUS+1.1 protocol is adopted. The shared key is itellin.

  • The network-side interface is GE 1/0/1.

Figure 6-17 Networking for configuring the Ethernet Layer 3 leased line access service

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure authentication and accounting schemes.

  2. Configure a RADIUS server group.

  3. Configure an authentication domain.

  4. Configure a VLAN and an IP address for a sub-interface.

  5. Configure a BAS interface and an upstream interface.

  6. Configure a static route.

Data Preparation

To complete the configuration, you need the following data:

  • Authentication template name and authentication mode

  • Accounting template name and accounting mode

  • RADIUS server group name, and IP addresses and port numbers of the RADIUS authentication server and accounting server

  • Gateway and DNS server addresses

  • Domain name

  • VLAN ID and IP address of the sub-interface

  • BAS interface parameters

  • Static route

Procedure

  1. Configure an authentication scheme.

    <HUAWEI> system-view
    [~HUAWEI] aaa
    [~HUAWEI-aaa] authentication-scheme auth1
    [*HUAWEI-aaa-authen-auth1] authentication-mode radius
    [*HUAWEI-aaa-authen-auth1] commit
    [~HUAWEI-aaa-authen-auth1] quit

  2. Configure an accounting scheme.

    [~HUAWEI-aaa] accounting-scheme acct1
    [*HUAWEI-aaa-accounting-acct1] accounting-mode radius
    [*HUAWEI-aaa-accounting-acct1] commit
    [~HUAWEI-aaa-accounting-acct1] quit
    [~HUAWEI-aaa] quit

  3. Configure a RADIUS server group.

    [~HUAWEI] radius-server group rd1
    [*HUAWEI-radius-rd1] radius-server authentication 192.168.8.249 1812
    [*HUAWEI-radius-rd1] radius-server accounting 192.168.8.249 1813
    [*HUAWEI-radius-rd1] radius-server type plus11
    [*HUAWEI-radius-rd1] radius-server shared-key itellin
    [~HUAWEI-radius-rd1] commit
    [~HUAWEI-radius-rd1] quit

  4. Configure a domain.

    [~HUAWEI] aaa
    [~HUAWEI-aaa] domain isp1
    [*HUAWEI-aaa-domain-isp1] authentication-scheme auth1
    [*HUAWEI-aaa-domain-isp1] accounting-scheme acct1
    [*HUAWEI-aaa-domain-isp1] radius-server group rd1
    [*HUAWEI-aaa-domain-isp1] commit
    [~HUAWEI-aaa-domain-isp1] quit
    [~HUAWEI-aaa]quit

  5. Configure a VLAN.

    [~HUAWEI] license
    [~HUAWEI-license] active bas slot 1
    [*HUAWEI-license] commit
    [~HUAWEI-slot-1] quit

    # Configure a VLAN.

    • If the access interface is an Ethernet sub-interface, you must configure a VLAN. If the access interface is an Ethernet main interface, no VLAN is required.
    • You can configure only one VLAN for interfaces used for Layer 3 leased line access.
    [~HUAWEI] interface GigabitEthernet 1/0/6
    [*HUAWEI-GigabitEthernet1/0/6] mode user-termination
    [*HUAWEI-GigabitEthernet1/0/6] interface GigabitEthernet 1/0/6.1
    [*HUAWEI-GigabitEthernet1/0/6.1] control-vid 1 dot1q-termination
    [*HUAWEI-GigabitEthernet1/0/6.1] dot1q termination vid 3

  6. Configure an IP address.

    [*HUAWEI-GigabitEthernet1/0/6.1] ip address 192.168.1.1 255.255.255.0

  7. Configure a BAS interface.

    [*HUAWEI-GigabitEthernet1/0/6.1] bas
    [*HUAWEI-GigabitEthernet1/0/6.1-bas] access-type layer3-leased-line user-name layer3lease1 password simple Root@123 default-domain authentication isp1
    [*HUAWEI-GigabitEthernet1/0/6.1-bas] commit
    [~HUAWEI-GigabitEthernet1/0/6.1-bas] quit
    [~HUAWEI-GigabitEthernet1/0/6.1] quit

  8. Configure a static route.

    [~HUAWEI] ip route-static 11.11.11.0 255.255.255.0 192.168.1.2

Configuration Files

#
 sysname HUAWEI
#
license
active bas slot 1
#
radius-server group rd1
 radius-server authentication 192.168.8.249 1812 weight 0
 radius-server accounting 192.168.8.249 1813 weight 0
 radius-server shared-key itellin
 radius-server type plus11
#
interface GigabitEthernet1/0/6
 mode user-termination
#
interface GigabitEthernet1/0/6.1
 control-vid 1 dot1q-termination
 dot1q termination vid 3
 ip address 192.168.1.1 255.255.255.0
 bas
 access-type layer3-leased-line user-name layer3lease1 password simple Root@123 default-domain authentication isp1
#
interface GigabitEthernet1/0/1
 ip address 192.168.7.1 255.255.255.0
#
aaa
authentication-scheme  auth1
accounting-scheme  acct1
domain  default0
domain  default1
domain  default_admin
domain  isp1
 authentication-scheme   auth1
 accounting-scheme   acct1
 radius-server group  rd1
#
ip route-static 11.11.11.0 255.255.255.0 192.168.1.2
#
return
Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055031

Views: 17251

Downloads: 70

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next