No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - User Access 01

This is NE40E V800R010C10SPC500 Configuration Guide - User Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring User Information Backup with Automatic Route Advertisement

Example for Configuring User Information Backup with Automatic Route Advertisement

This section describes an example for configuring RUI backup with automatic route advertisement. The example includes the networking requirements, configuration roadmap, configuration procedure, and configuration files.

Networking Requirements

In Figure 11-3, users connect to Device A and Device B through a LAN switch. The two devices run VRRP to determine the master and backup status. The basic user access functions are configured on Device A and Device B, allowing users to go online through the master device.

Automatic route advertisement is easier to configure than manual route advertisement. Automatic route advertisement prevents the problem that if a fault in a BRAS occurs after a master/slave BRAS switchover is implemented, UNRs cannot be automatically advertised after the BRAS recovers. The default route cost can be used to control route preference. If dual-system hot backup is configured on BRASs, a routing protocol imports UNRs and trusts UNR preference values. This allows the network segment route of the primary address pool to have higher route precedence than that of the secondary address pool.

To improve link usage, allow a VRRP backup group to transmit user packets with odd MAC addresses and another VRRP backup group to transmit user packets with even MAC addresses to load-balance user packets between Device A and Device B.

Figure 11-3 User information backup with automatic route advertisement
NOTE:

Interfaces 1 through 4 in this example are GE 1/0/0, GE 2/0/0, GE 3/0/0, GE 1/0/1, respectively.



Device Interface IP Address
DeviceA GE1/0/0 10.0.1.1/24
GE2/0/0 10.0.0.1/24
GE3/0/0 10.1.1.6/24
Loopback0 1.1.1.1/32
Loopback1 22.22.22.22/32
DeviceB GE1/0/0 10.0.1.2/24
GE2/0/0 10.0.2.1/24
GE3/0/0 10.1.1.7/24
Loopback0 2.2.2.2/32
Loopback1 88.88.88.88/32

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure basic user access functions and ensure that the two routers have the same configuration. For details, see HUAWEI NetEngine40E Universal Service Router Guide - User Access.

  2. Establish a multi-system backup platform.

  3. Set NAS parameters, the interval for backing up traffic, or the traffic threshold.

  4. Configure a protection path for returned network-side traffic.

  5. Bind an RBP to an interface from which users get online.

  6. Enable a routing protocol to trust UNR cost values.

Data Preparation

To complete the configuration, you need the following data:

  • VRRP ID

  • the routers that back up each other

  • Backup ID, which is used together with the RBS to determine the RBP that the user belongs to

Procedure

  1. Configure a multi-system backup platform. Device A is used as an example. The configuration ofDevice B is similar to that of Device A.

    NOTE:

    The example describes only the configurations related to user information backup.

    # Configure BFD sessions named bfd and bfd2 at the access side to rapidly detect faults in interfaces or links of two VRRP backup groups and trigger a master/backup VRRP switchover if a fault occurs. Set the peer IP addresses for BFD sessions to 10.0.1.2 (IP address of Device B's GE 1/0/0.2) and 101.0.0.2 (IP address of Device B's GE 1/0/0.3).

    [~DeviceA] bfd 
    [*DeviceA-bfd] quit 
    [*DeviceA] bfd bfd bind peer-ip 10.0.1.2 
    [*DeviceA-bfd-session-bfd] discriminator local 1 
    [*DeviceA-bfd-session-bfd] discriminator remote 2 
    [*DeviceA-bfd-session-bfd] commit 
    [~DeviceA-bfd-session-bfd] quit 
    [~DeviceA] bfd bfd2 bind peer-ip 101.0.0.2 
    [*DeviceA-bfd-session-bfd2] discriminator local 3 
    [*DeviceA-bfd-session-bfd2] discriminator remote 4 
    [*DeviceA-bfd-session-bfd2] commit 
    [~DeviceA-bfd-session-bfd2] quit 

    # Configure a VRRP backup group on GE 1/0/0.2 and another one on GE 1/0/0.3, and enable each VRRP backup group to track a specific BFD session and the network-side interface status.

    [~DeviceA] interface gigabitethernet 1/0/0.2
    [*DeviceA-GigabitEthernet1/0/0.2] vlan-type dot1q 200
    [*DeviceA-GigabitEthernet1/0/0.2] ip address 10.0.1.1 255.255.255.0
    [*DeviceA-GigabitEthernet1/0/0.2] vrrp vrid 1 virtual-ip 10.0.1.100
    [*DeviceA-GigabitEthernet1/0/0.2] admin-vrrp vrid 1 
    [*DeviceA-GigabitEthernet1/0/0.2] vrrp vrid 1 priority 120
    [*DeviceA-GigabitEthernet1/0/0.2] vrrp vrid 1 track bfd-session 1 peer
    [*DeviceA-GigabitEthernet1/0/0.2] vrrp vrid 1 track interface gigabitethernet 2/0/0 reduced 50
    [*DeviceA-GigabitEthernet1/0/0.2] commit 
    [~DeviceA-GigabitEthernet1/0/0.2] quit
    [~DeviceA] interface gigabitethernet 1/0/0.3 
    [*DeviceA-GigabitEthernet1/0/0.3] vlan-type dot1q 201
    [*DeviceA-GigabitEthernet1/0/0.3] ip address 101.0.0.1 255.255.255.0
    [*DeviceA-GigabitEthernet1/0/0.3] vrrp vrid 2 virtual-ip 101.0.0.100
    [*DeviceA-GigabitEthernet1/0/0.3] admin-vrrp vrid 2
    [*DeviceA-GigabitEthernet1/0/0.3] vrrp vrid 2 priority 100
    [*DeviceA-GigabitEthernet1/0/0.3] vrrp vrid 2 preempt-mode timer delay 600
    [*DeviceA-GigabitEthernet1/0/0.3] vrrp vrid 2 track bfd-session 3 peer
    [*DeviceA-GigabitEthernet1/0/0.3] vrrp vrid 2 track interface gigabitethernet 2/0/0 reduced 50
    [*DeviceA-GigabitEthernet1/0/0.3] commit 
    [~DeviceA-GigabitEthernet1/0/0.3] quit
    NOTE:

    VRRP priorities should be configured on both devices to determine the master and backup status. A device with the higher priority functions as the master device.

    # Configure a RBS.

    [~DeviceA] remote-backup-service service1 
    [*DeviceA-rm-backup-srv-service1] peer 88.88.88.88 source 22.22.22.22 port 2046 
    [*DeviceA-rm-backup-srv-service1] track interface gigabitethernet 2/0/0 
    [*DeviceA-rm-backup-srv-service1] commit 
    NOTE:

    To monitor the network-side peer BFD sessions that are established on the two Routers, run the track bfd-session command in the RBS view, which helps rapidly monitor the peer status. The configuration details are not provided. For details, see the command reference.

    # Configure a RBP.

    [~DeviceA] remote-backup-profile profile1 
    [*DeviceA-rm-backup-prf-profile1] peer-backup hot
    [*DeviceA-rm-backup-prf-profile1] vrrp-id 1 interface gigabitethernet 1/0/0.2 even-mac
    [*DeviceA-rm-backup-prf-profile1] vrrp-id 2 interface gigabitethernet 1/0/0.3 odd-mac
    [*DeviceA-rm-backup-prf-profile1] backup-id 10 remote-backup-service service1 
    [*DeviceA-rm-backup-prf-profile1] service-type bras
    [*DeviceA-rm-backup-prf-profile1] quit 
    [*DeviceA] remote-backup-profile profile2 
    [*DeviceA-rm-backup-prf-profile2] peer-backup hot
    [*DeviceA-rm-backup-prf-profile2] vrrp-id 1 interface gigabitethernet 1/0/0.2
    [*DeviceA-rm-backup-prf-profile2] backup-id 10 remote-backup-service service1 
    [*DeviceA-rm-backup-prf-profile2] service-type bras
    [*DeviceA-rm-backup-prf-profile2] commit 
    [~DeviceA-rm-backup-prf-profile2] quit 

  2. Set NAS parameters and the interval for backing up traffic. The Device A is used as an example. The configuration of Device B is similar to that of Device A.

    # Set NAS parameters.

    [~DeviceA] remote-backup-profile profile1 
    [*DeviceA-rm-backup-prf-profile1] nas logic-ip 1.2.3.4 
    [*DeviceA-rm-backup-prf-profile1] nas logic-port gigabitethernet 1/0/0
    [*DeviceA-rm-backup-prf-profile1] nas logic-sysname huawei
    [*DeviceA-rm-backup-prf-profile1] commit 

    # Set an interval for backing up traffic.

    [~DeviceA] remote-backup-profile profile1 
    [*DeviceA-rm-backup-prf-profile1] traffic backup interval 10 
    [*DeviceA-rm-backup-prf-profile1] commit 

  3. Bind pool1 configured in the AAA domain to the RBS and configure a protection path for returned network-side traffic. The Device A is used as an example. The configuration of Device B is similar to that of Device A.

    [~DeviceA] remote-backup-service service1 
    [*DeviceA-rm-backup-srv-service1] ip-pool pool1
    [*DeviceA-rm-backup-srv-service1] protect redirect ip-nexthop 10.1.1.7 interface gigabitethernet 3/0/0
    [*DeviceA-rm-backup-srv-profile1] commit 

  4. Bind the RBP to GE 1/0/0.1 through which users get online. The Device A is used as an example. The configuration of Device B is similar to that of Device A.

    [~DeviceA] interface gigabitethernet 1/0/0.1 
    [*DeviceA-GigabitEthernet1/0/0.1] remote-backup-profile profile1
    [*DeviceA-GigabitEthernet1/0/0.1] commit 
    [~DeviceA-GigabitEthernet1/0/0.1] quit 
    [~DeviceA] interface gigabitethernet 1/0/1.1 
    [*DeviceA-GigabitEthernet1/0/1.1] remote-backup-profile profile2
    [*DeviceA-GigabitEthernet1/0/1.1] commit 
    [~DeviceA-GigabitEthernet1/0/1.1] quit 

  5. Enable each router to use the default cost values of imported routes to control address pool route priorities.

    [DeviceA] peer-backup route-cost auto-advertising
    NOTE:
    Perform one of the following steps based on the type of routing protocol:
    • Run the import-route unr inherit-cost command in the IS-IS view.
    • In the OSPF view, run the following commands:
      1. default cost inherit-metric
      2. import-route unr
    • Run the import-route unr command in the BGP view.

  6. Verify the configuration.

    When the RBP is successfully configured, you can view that the backup service type is bras, RBP profile1 is bound to user access interface GigabitEthernet1/0/0.1, and the status of Device A is Master.

    <DeviceA> display remote-backup-profile profile1 
    -----------------------------------------------
     Profile-Index        : 0x802
     Profile-Name         : profile1
     Service              : bras
     Remote-backup-service: service1
     Backup-ID            : 10
     track protocol       : VRRP
     VRRP-ID              : 1
     VRRP-Interface       : GigabitEthernet1/0/0.2
     Access-Control       : Even-Mac
     State                : Master
     Peer-state           : Slave
     VRRP-ID              : 2
     VRRP-Interface       : GigabitEthernet1/0/0.3
     Access-Control       : Odd-Mac
     State                : Slave
     Peer-state           : Master
     Interface            :
                            GigabitEthernet1/0/0.1
     Backup mode          : hot
     Slot-Number          : 1
     Card-Number          : 0
     Port-Number          : 0
     Nas logic-port       : Gigabitethernet 1/0/0
     Nas logic-ip         : 1.2.3.4                        
     Nas logic-sysname    : huawei
     Traffic interval     : 10(minutes)
    

    When the RBS is configured successfully, you can view that the TCP connection status is Connected.

    <DeviceA> display remote-backup-service service1 
    ----------------------------------------------------------
     Service-Index    : 0
     Service-Name     : service1
     TCP-State        : Connected
     Peer-ip          : 88.88.88.88
     Source-ip        : 22.22.22.22
     TCP-Port         : 2046
     Track-BFD        : --
     Track-interface0 : GigabitEthernet2/0/0
     Track-interface1 : --
    ----------------------------------------------------------
    
     IP Pool:
             pool1
    ip pool:
             poolv4_yyz metric 10
             r3 metric 10
             r4 metric 20
             remotev4 metric 10
    ipv6 pool:  
             1234 metric 10
             iana_yyz metric 10
             iapd_yyz metric 10
             lo metric 10
             loc_vpn metric 10
             nd metric 10
             pd metric 10
             remote_del_yyz metric 10
             remotev6_yyz metric 10
     Failure ratio    : 100%
     Failure duration : 0 min
    NAT instance : nat1
     ----------------------------------------------------------
     Rbs-ID         : 0
     Protect-type   : ip-redirect
     Next-hop       : 10.1.1.7
     Vlanid         : 0
     Peer-ip        : 10.1.1.7
     Vrfid          : 0
     Tunnel-index   : 0x0
     Tunnel-state   : UP
     Tunnel-OperFlag: NORMAL
     Spec-interface : GigabitEthernet3/0/0
     Out-interface  : GigabitEthernet3/0/0
     User-number    : 0
    

    After users go online, you can view the information about backup users. The information includes the number of locally logged-in users and the number of remotely logged-in users whose information is backed up.

    <HUAWEI> display backup-user
      Remote-backup-service: service1
      Total Users Numer: 10
    ------------------------------------------------------------------------
     100     101     102     103     104     105     106     107     108     109
    ------------------------------------------------------------------------
      Local Users Number	:10
      Remote Users Number	:0
    

    The information about online users on a specific interface can be displayed. The information includes the number of non-RUI users, the number of local RUI users, the number of remote RUI users, and the total number of users

    <HUAWEI> display access-user interface GigabitEthernet 1/0/0.1
      ------------------------------------------------------------------------------
      UserID  Username                Interface      IP address       MAC
              Vlan          IPv6 address             Access type
      ------------------------------------------------------------------------------
      120     user@lsh                GE1/0/0.1      2.2.2.10         0002-0101-0101
              50/-            -                       IPoE
      101      user@lsh                GE1/0/0.1      2.2.2.9         0002-0101-0102          -
              50/-            -                       IPoE
      102      user@lsh                GE1/0/0.1      2.2.2.8         0002-0101-0103          -
              50/-            -                       IPoE
      103      user@lsh                GE1/0/0.1      2.2.2.7         0002-0101-0104          -
              50/-            -                       IPoE
      104      user@lsh                GE1/0/0.1      2.2.2.6         0002-0101-0105          -
              50/-            -                       IPoE
      105      user@lsh                GE1/0/0.1      2.2.2.5         0002-0101-0106          -
              50/-            -                       IPoE
      106      user@lsh                GE1/0/0.1      2.2.2.4         0002-0101-0107          -
              50/-            -                       IPoE
      107      user@lsh                GE1/0/0.1      2.2.2.3         0002-0101-0108          -
              50/-            -                       IPoE
      108      user@lsh                GE1/0/0.1      2.2.2.2         0002-0101-0109          -
              50/-            -                       IPoE
      109      user@lsh                GE1/0/0.1      2.2.2.11        0002-0101-0110          -
              50/-            -                       IPoE
      --------------------------------------------------------------------------
      Normal users                       : 0
      RUI Local users                    : 10
      RUI Remote users                   : 0
      Total users                        : 10

Configuration Files

  • Configuration file of Device A

    #
     sysname DeviceA
    #
    ip pool pool1 bas local 
     gateway 16.0.0.1 255.255.255.0 
     section 0 16.0.0.2 16.0.0.100 
    #
    aaa
     domain userdomain1 
     authentication-scheme default0 
     accounting-scheme default0 
     ip-pool pool1 
    #
    bfd bfd bind peer-ip 10.0.1.2 
     discriminator local 1 
     discriminator remote 2 
     commit 
    #
    bfd bfd2 bind peer-ip 101.0.0.2 
     discriminator local 3 
     discriminator remote 4 
     commit 
    #
    interface gigabitethernet 1/0/0.2 
     vlan-type dot1q 200 
     ip address 10.0.1.1 255.255.255.0 
     vrrp vrid 1 virtual-ip 10.0.1.100 
     admin-vrrp vrid 1 
     vrrp vrid 1 priority 120 
     vrrp vrid 1 track bfd-session session-name bfd peer
     vrrp vrid 1 track interface gigabitethernet 2/0/0 reduced 50
    #
    interface gigabitethernet 1/0/0.3 
     vlan-type dot1q 201 
     ip address 101.0.0.1 255.255.255.0 
     vrrp vrid 1 virtual-ip 101.0.0.100 
     admin-vrrp vrid 2 
     vrrp vrid 2 priority 100 
     vrrp vrid 2 preempt-mode timer delay 600
     vrrp vrid 2 track bfd-session session-name bfd2 peer
     vrrp vrid 2 track interface gigabitethernet 2/0/0 reduced 50
    #
    remote-backup-service service1 
     peer 88.88.88.88 source 22.22.22.22 port 2046 
     track interface gigabitethernet 2/0/0
     ip-pool pool1
     protect redirect ip-nexthop 10.1.1.7 interface gigabitethernet 3/0/0
    #
    remote-backup-profile profile1 
     service-type bras
     backup-id 10 remote-backup-service service1 
     peer-backup hot 
     vrrp-id 1 interface gigabitethernet 1/0/0.2 even-mac
     vrrp-id 2 interface gigabitethernet 1/0/0.3 odd-mac
     nas logic-ip 1.2.3.4 
     nas logic-port gigabitethernet1/0/0
     nas logic-sysname huawei 
     traffic backup interval 10 
    #
    remote-backup-profile profile2 
     service-type bras
     backup-id 10 remote-backup-service service1 
     peer-backup hot 
     vrrp-id 1 interface gigabitethernet 1/0/0.2
    #
    interface gigabitethernet 1/0/0.1
     user-vlan 50 
     remote-backup-profile profile1 
     bas 
     access-type layer2-subscriber 
     authentication-method  web 
    #
    interface gigabitethernet 1/0/1.1
     user-vlan 70 
     remote-backup-profile profile2 
     bas 
     access-type layer2-subscriber 
     authentication-method  web 
    #
    interface gigabitethernet 3/0/0
     undo shutdown 
     ip address 10.1.1.6 255.255.255.0 
    #
    peer-backup route-cost auto-advertising
     return 
  • Configuration file of Device B

    #
     sysname DeviceB
    #
    ip pool pool1 bas local rui-slave
     gateway 16.0.0.1 255.255.255.0 
     section 0 16.0.0.2 16.0.0.100 
    #
    aaa
     domain userdomain1 
     authentication-scheme default0 
     accounting-scheme default0 
    #
    bfd bfd bind peer-ip 10.0.1.1 
     discriminator local 2 
     discriminator remote 1 
     commit 
    #
    bfd bfd2 bind peer-ip 101.0.0.1 
     discriminator local 4 
     discriminator remote 3 
     commit 
    #
    interface gigabitethernet 1/0/0.2 
     vlan-type dot1q 200 
     ip address 10.0.1.2 255.255.255.0 
     vrrp vrid 1 virtual-ip 10.0.1.100 
     admin-vrrp vrid 1 
     vrrp vrid 1 priority 100 
     vrrp vrid 1 preempt-mode timer delay 600
     vrrp vrid 1 track bfd-session session-name bfd peer
     vrrp vrid 1 track interface gigabitethernet 2/0/0 reduced 50
    #
    interface gigabitethernet 1/0/0.3
     vlan-type dot1q 201 
     ip address 101.0.0.2 255.255.255.0 
     vrrp vrid 2 virtual-ip 101.0.0.100 
     admin-vrrp vrid 2 
     vrrp vrid 2 priority 120 
     vrrp vrid 2 track bfd-session session-name bfd2 peer
     vrrp vrid 2 track interface gigabitethernet 2/0/0 reduced 50
    #
    remote-backup-service service1 
     peer 22.22.22.22 source 88.88.88.88 port 2046 
     track interface gigabitethernet 2/0/0  
     protect redirect ip-nexthop 10.1.1.6 interface gigabitethernet 3/0/0
    #
    remote-backup-profile profile1 
     service-type bras
     backup-id 10 remote-backup-service service1 
     peer-backup hot 
     vrrp-id 1 interface gigabitethernet 1/0/0.2 even-mac
     vrrp-id 2 interface gigabitethernet 1/0/0.3 odd-mac
     nas logic-ip 1.2.3.4 
     nas logic-port gigabitethernet1/0/0
     nas logic-sysname huawei 
     traffic backup interval 10 
    #
    interface gigabitethernet 1/0/0.1
     user-vlan 50 
     remote-backup-profile profile1 
     bas 
     access-type layer2-subscriber 
     authentication-method  web 
    #
    interface gigabitethernet 3/0/0
     undo shutdown 
     ip address 10.1.1.7 255.255.255.0 
    #
    peer-backup route-cost auto-advertising
     return 
Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055031

Views: 17483

Downloads: 70

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next