No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - User Access 01

This is NE40E V800R010C10SPC500 Configuration Guide - User Access
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring RADIUS Attributes

(Optional) Configuring RADIUS Attributes

The attributes delivered by the RADIUS server take effect only when there are corresponding configurations on the NE40E.

Context

  • Access service template

    After an access service template is configured, the RADIUS server can send the service template name and control user traffic by time segment.

    When the authentication response message sent by the RADIUS server includes the HW-Access-Service attribute, the traffic bandwidth restriction is based on the QoS profile rule bound to the service template. When the QoS profile not containing a time segment and the QoS profile containing a time segment in an access service template exist at the same time, the QoS profile containing a time segment has a higher priority than the QoS profile not containing a time segment.

    If an in-use QoS profile in an access service template is modified, the modification takes effect in real time. If all QoS profiles in an access service template are removed, the QoS profile that is previously bound with the user takes effect.

  • Static route synchronization from the RADIUS server to the NE40E

    This function enables the NE40E to periodically or immediately synchronize static routes with those delivered by the RADIUS server. Static route synchronization requests, if not acknowledged, will be retransmitted before the maximum allowable number of times is reached.

  • Update of user names and domains based on CoA messages

    In the web authentication scenario where a portal server cannot exchange authentication messages with a BRAS, you can configure the portal server to exchange authentication messages with a RADIUS server. To enable a BRAS to update user names based on those delivered in CoA messages and switch users to the domains carried in the RADIUS-delivered user names, run the radius-server coa update username command.

Perform the following steps on the NE40E:

Procedure

  • Create an access service template.
    1. Run system-view

      The system view is displayed.

    2. Run access-service service-name

      The access service template view is displayed.

    3. Run qos-profile profile-name

      The default QoS profile bound to the access service template is configured.

      Each access service template can be bound only with one QoS profile not containing a time segment.

    4. Run qos-profile profile-name time-range time-range-name

      The QoS profile (containing a time segment) bound to the access service template is configured.

      Each access service template can be bound with up to 16 different time segments.

  • Enable static route synchronization from the RADIUS server to the NE40E.
    1. Run system-view

      The system view is displayed.

    2. Run aaa route-download server-group group-name base-user-name user-name password { simple | cipher } password [ download-interval interval-value | retry-interval retry-interval-value | retry-max-count retry-count | tag tag-value | cost cost-value | synchronization synchronization ]

      The NE40E is enabled to periodically synchronize static routes with those delivered by the RADIUS server.

    3. (Optional) Run aaa route-download recover-delay delay-time

      Delayed advertisement is configured for static routes downloaded from a RADIUS server after the NE40E is restarted and configurations are restored.

      In BRAS multi-device backup scenarios, after the aaa route-download command is run to enable the NE40E to download static routes from a RADIUS server at an interval, you must also run the aaa route-download recover-delay command to configure delayed advertisement of static routes downloaded from a RADIUS server.

      In BRAS multi-device backup scenarios, after the aaa route-download command is run to enable the NE40E to download static routes from a RADIUS server at an interval, the master and backup devices download static routes from the RADIUS server, but the cost value of the static routes downloaded to the master device is less than that of the static routes downloaded to the backup device. If the master device is restarted and immediately downloads static routes from the RADIUS server and advertises them to the network side, network-side traffic will be transmitted to the master device. However, batch backup of user information has not yet completed, and the master device cannot process traffic. Therefore, the traffic is transmitted to the backup device through the link between the master and backup devices. If the network traffic volume is greater than the bandwidth of the link between the master and backup devices, the downstream traffic may be interrupted.

      To prevent this problem, run the aaa route-download recover-delay command to configure delayed advertisement of static routes downloaded from a RADIUS server after the NE40E is restarted and configurations are restored so that the NE40E can advertise the static routes after user information is backed up. When the master device is restarted, the network-side traffic is switched to the new master device, preventing a traffic detour.

    4. Run clear ip routes aaa-download [ [ vpn-instance vpn-name ] [ ip-address mask-len | ipv6-address prefix-length ] | all ]

      Static routes delivered by the RADIUS server are cleared from the NE40E.

    5. Run aaa route-download now force

      The NE40E is configured to immediately synchronize static routes with those delivered by the RADIUS server.

  • Update user names based on CoA messages and switch users to new domains.
    1. Run system-view

      The system view is displayed.

    2. Run radius-server coa update username

      The device is enabled to update user names based on those delivered in CoA messages and switch users to the domains carried in the RADIUS-delivered user names.

Result

  • Run the display access-service command in any view to check information about the access service template.

  • Run the display aaa route-download config command in any view to check configurations about static route synchronization from the RADIUS server to the NE40E.

  • Run the display aaa route command in any view to check whether static routes are successfully delivered by the RADIUS server.

Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055031

Views: 17183

Downloads: 69

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next