No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - User Access 01

This is NE40E V800R010C10SPC500 Configuration Guide - User Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring Flexible Access to VPNs

(Optional) Configuring Flexible Access to VPNs

Service priorities can be identified based on 802.1p values of service packets and then transmitted to corresponding VPNs.

Context

On the network shown in Figure 7-4, service packets carry 802.1p values to identify their priorities. The BRAS can identify service priorities based on the 802.1p values of received Layer 2 service packets and transmit the service packets to corresponding VPNs. To allow this, enable a BAS interface to transmit packets to different VPNs based on 802.1p priorities of the packets and also bind VPN instances to different 802.1p priorities.

Figure 7-4 Flexible access to VPNs

Procedure

  1. Create a VPN instance. (Both user and service VPN instances must be configured.)
    1. Run system-view

      The system view is displayed.

    2. Run ip vpn-instance vpn-instance-name

      A VPN instance is created, and the VPN instance view is displayed.

    3. Run ipv4-family

      The IPv4 address family is enabled for the VPN instance, and the VPN instance IPv4 address family view is displayed.

    4. Run route-distinguisher route-distinguisher

      An RD is configured for the VPN instance IPv4 address family.

    5. Run vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ]

      VPN targets are configured for the VPN instance IPv4 address family.

    6. Run quit

      Return to the VPN instance view.

    7. Run quit

      Return to the system view.

  2. Create a local address pool.
    1. Run ip pool pool-name [ bas { local [ rui-slave ] | remote [ overlap | rui-slave ] | dynamic } ]

      An address pool is created.

    2. Run vpn-instance vpn-instance-name

      A VPN instance is specified for the address pool.

      The VPN instance specified for the address pool must be the user VPN instance configured in Step 1.

    3. Run gateway ip-address { mask | mask-length }

      The gateway IP address and subnet mask are configured for the address pool.

    4. Run section section-num start-ip-address [ end-ip-address ]

      An address segment is configured for the address pool.

    5. Run import vpn-instance vpn-instance-name

      A VPN instance is imported to the address pool.

      The VPN instance imported to the address pool must be the service VPN instance created in Step 1.

    6. Run quit

      Return to the system view.

  3. Configure a user domain.
    1. Run aaa

      The AAA view is displayed.

    2. Run domain domain-name

      A domain is created, and the domain view is displayed.

    3. Run authentication-scheme authentication-scheme-name

      An authentication domain is configured for the domain.

    4. Run accounting-scheme accounting-scheme-name

      An accounting scheme is configured for the domain.

    5. Run ip-pool pool-name

      An address pool is bound to the domain.

    6. Run quit

      Return to the AAA view.

    7. Run quit

      Return to the system view.

  4. Configure a user access interface.
    1. Run interface interface-type interface-number

      A sub-interface is created.

    2. Run user-vlan { { start-vlan-id [ end-vlan-id ] [ qinq start-pe-vlan [ end-pe-vlan ] ] } }

      A user-VLAN sub-interface is configured.

    3. Run 802.1p 802.1p-prioirty binding vpn-instance vpn-instance-name

      A VPN instance is bound to an 802.1p priority.

      The VPN instance bound to the 802.1p priority must be the service VPN instance created in Step 1.

      NOTE:

      The binding between VPN instances and 802.1p priorities cannot be modified or deleted if the BAS interface has online users.

    4. Run quit

      Return to the sub-interface view.

    5. Run bas

      The sub-interface is configured as a BAS interface, and the BAS interface view is displayed.

    6. Run access-type layer2-subscriber [ default-domain { authentication [ force | replace ] dname | pre-authentication predname } * | bas-interface-name bname | accounting-copy radius-server rd-name ] *

      The access type of the BAS interface is configured as Layer 2 subscriber access.

    7. Run authentication-method { bind | { fast | web } }

      An authentication method is configured for the BAS interface.

    8. Run 802.1p-to-vpn

      The BAS interface is enabled to transmit packets to different VPNs based on the 802.1p priorities of the packets.

    9. Run quit

      Return to the sub-interface view.

    10. Run quit

      Return to the system view.

  5. Configure a network-side ACL and define redirection for the ACL.
    1. Run acl { name basic-acl-name { basic | [ basic ] number basic-acl-number } | [ number ] basic-acl-number } [ match-order { config | auto } ]

      A basic ACL is created.

    2. Run rule [ rule-id ] { deny | permit } [ fragment-type { fragment | non-fragment | non-subseq | fragment-subseq | fragment-spe-first } | source { source-ip-address { source-wildcard | 0 | src-netmask } | any } | time-range time-name | [ vpn-instance vpn-instance-name | vpn-instance-any ] ] *

      A rule is created for the ACL.

    3. Run quit

      Return to the system view.

    4. Run vpn-group vpn-group-name [ vpn-instance vpn-name [ vpn-name ] &<1-8> ]

      A VPN group is created, and a VPN instance is added to the VPN group.

      The VPN instance added to the VPN group must be the user VPN instance created in Step 1.

    5. Run traffic behavior behavior-name

      A traffic behavior is configured, and the traffic behavior view is displayed.

    6. Run redirect vpn-group vpn-group-name

      Packet redirection to a specified VPN group is configured.

      The VPN group to which packets are redirected must be the one created in Step d.

    7. Run quit

      Return to the system view.

    8. Run traffic classifier classifier-name [ operator { and | or } ]

      A traffic classifier is configured, and the traffic classifier view is displayed.

    9. Run if-match acl acl { acl-number | name acl-name }

      An IPv4 ACL is specified for MF classification.

    10. Run quit

      Return to the system view.

    11. Run traffic-policy policy-name

      A traffic policy is configured.

    12. Run share-mode

      The shared mode is specified for the traffic policy.

    13. Run classifier classifier-name behavior behavior-name [ precedence precedence-value ]

      A traffic behavior is specified for a traffic classifier in the traffic policy.

    14. Run quit

      Return to the system view.

  6. Configure a network-side interface.
    1. Run interface interface-type interface-number

      A sub-interface is created.

    2. Run vlan-type dot1q vlanid { 8021p { 8021p-value1 [ to 8021p-value2 ] } &<1-8> | dscp { dscp-value1 [ to dscp-value2 ] } &<1-10> | default | eth-type pppoe }

      The dot1q VLAN type is configured for the sub-interface.

    3. Run ip binding vpn-instance vpn-instance-name

      A VPN instance is bound to the sub-interface.

      The VPN instance bound to the sub-interface must be the service VPN instance created in Step 1.

    4. Run ip address ip-address { mask | mask-length }

      An IP address is configured for the sub-interface.

    5. Run traffic-policy policy-name { inbound | outbound }

      The traffic policy is applied to the sub-interface.

Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055031

Views: 17598

Downloads: 70

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next