No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - User Access 01

This is NE40E V800R010C10SPC500 Configuration Guide - User Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Connecting BRAS Users to the Internet Through VLL

Example for Connecting BRAS Users to the Internet Through VLL

Networking Requirements

As shown in Figure 7-9, PE1, P, and PE2 form a VLL in Martini mode. The router functions as PE2, which is the BRAS. Users of the BRAS connect to the Internet through the VLL. Two virtual interfaces VE5/0/0 and VE5/0/1 are created on the router. VE5/0/0 terminates the VLL label, and VE5/0/1 functions as the BAS interface to authenticate users. The requirements are as follows:

  • The user belongs to domain isp1 and connects to the Internet through VE5/0/1.1 in PPPoEoVoQ mode.

  • The user obtains an IP address from address pool pool1. The address segment in the address pool is 172.82.1.2-172.82.1.200.

  • RADIUS authentication and RADIUS accounting are adopted. The IP address of the RADIUS server is 192.168.7.249 and the ports for authentication and accounting are 1812 and 1813 respectively. The protocol is RADIUS+1.1 and the key is itellin.

  • The IP address of the DNS server is 192.168.7.252.

  • The accounting scheme is actt1 and the authentication scheme is auth1.

Figure 7-9 Networking for connecting BRAS users to the Internet through VLL

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure the VE interface for terminating the VLL packets and the VE interface for accessing the Internet on the router. Bind the two VE interfaces to a VE-Group.

  2. Configure the VLL.

  3. Enable VLL access.

  4. Configure the BRAS access service and configure VE5/0/1 as the BAS interface.

Data Preparation

To complete the configuration, you need the following data:

  • VE-Group number

  • MPLS LSR IDs of the PE and P routers, namely, the IP addresses of their Loopback1 interfaces

Configuration Procedure

  1. Create two VE interfaces on the PE2 and bind the two interfaces to a VE-Group.

    # Create interface VE5/0/0 to terminate the MPLS L2VPN packets.

    <HUAWEI> system-view
    [~HUAWEI] sysname PE2
    [*PE2] commit
    [~PE2] interface virtual-ethernet5/0/0
    [*PE2-Virtual-Ethernet5/0/0] ve-group 1 l2-terminate
    [*PE2-Virtual-Ethernet5/0/0] quit
    [*PE2] commit

    # Create interface VE5/0/1 to access the Internet.

    [~PE2] interface virtual-ethernet5/0/1
    [*PE2-Virtual-Ethernet5/0/1] ve-group 1 l3-access
    [*PE2-Virtual-Ethernet5/0/1] quit
    [*PE2] commit
  2. Configure the VLL.

    # Configure the IGP protocol on the VLL backbone. The OSPF protocol is used in this example.

    Configure OSPF on the interfaces of the PE and the P. The 32-bit loopback addresses of PE1, P, and PE2 should be advertised.

    For configuration details, see "Configuration Files" in this section.

    # Configure the basic MPLS capability and LDP on the MPLS backbone.

    • Configure PE1.

    <HUAWEI> system-view
    [~HUAWEI] sysname PE1
    [*PE2] commit
    [~PE1] mpls lsr-id 1.1.1.9
    [*PE1] mpls
    [*PE1-mpls] quit
    [*PE1] mpls ldp
    [*PE1-mpls-ldp] quit
    [*PE1] commit
    [~PE1] interface gigabitethernet1/0/0
    [*PE1-GigabitEthernet1/0/0] mpls
    [*PE1-GigabitEthernet1/0/0] mpls ldp
    [*PE1-GigabitEthernet1/0/0] undo shutdown
    [*PE1-GigabitEthernet1/0/0] quit
    [*PE1] commit
    [~PE1] quit
    • Configure P.

    <HUAWEI> system-view
    [~HUAWEI] sysname P
    [*P] commit
    [~P] mpls lsr-id 2.2.2.9
    [*P] mpls
    [*P-mpls] quit
    [*P] commit
    [~P] mpls ldp
    [*P-mpls-ldp] quit
    [*P] interface gigabitethernet1/0/0
    [*P-GigabitEthernet1/0/0] mpls
    [*P-GigabitEthernet1/0/0] mpls ldp
    [*P-GigabitEthernet1/0/0] undo shutdown
    [*P-GigabitEthernet1/0/0] quit
    [*P] commit
    [~P] interface gigabitethernet2/0/0
    [*P-GigabitEthernet2/0/0] mpls
    [*P-GigabitEthernet2/0/0] mpls ldp
    [*P-GigabitEthernet2/0/0] undo shutdown
    [*P-GigabitEthernet2/0/0] quit
    [*P] commit
    [~P] quit
    • Configure PE2.

    [~PE2] mpls lsr-id 3.3.3.9
    [*PE2] mpls
    [*PE2-mpls] quit
    [*PE2] commit
    [~PE2] mpls ldp
    [*PE2-mpls-ldp] quit
    [*PE2] commit
    [~PE2] interface gigabitethernet5/0/0
    [*PE2-GigabitEthernet5/0/0] mpls
    [*PE2-GigabitEthernet5/0/0] mpls ldp
    [*PE2-GigabitEthernet5/0/0] undo shutdown
    [*PE2-GigabitEthernet5/0/0] quit
    [*PE2] commit
    [~PE2] quit

    # Set up a remote LDP session between the PE routers.

    • Configure PE1.

    [~PE1] mpls ldp remote-peer pe2
    [*PE1-mpls-ldp-remote-1] remote-ip 3.3.3.9
    [*PE1-mpls-ldp-remote-1] quit
    [*PE1] commit
    [~PE1] quit
    • Configure PE2.

    [~PE2] mpls ldp remote-peer pe1
    [*PE2-mpls-ldp-remote-1] remote-ip 1.1.1.9
    [*PE2-mpls-ldp-remote-1] quit
    [*PE2] commit
    [~PE2] quit

    # Enable VLL on the PE and create a static VC connection.

    • On PE1, create an L2VC on GigabitEthernet1/0/0, which is connected to the CE.

    [~PE1] mpls l2vpn
    [*PE1-l2vpn] quit
    [*PE1] commit
    [~PE1] interface gigabitethernet 5/0/0.1
    [*PE1-GigabitEthernet5/0/0.1] vlan-type dot1q 1
    [*PE1-GigabitEthernet5/0/0.1] mpls l2vc 3.3.3.9 101
    [*PE1-GigabitEthernet5/0/0.1] undo shutdown
    [*PE1-GigabitEthernet5/0/0.1] quit
    [*PE1] commit
    [~PE1] quit
    • On PE2, create an L2VC on VE2/0/0.

    [~PE2] mpls l2vpn
    [*PE2-l2vpn] quit
    [*PE2] commit
    [~PE2] interface virtual-ethernet5/0/0.1
    [*PE2-Virtual-Ethernet5/0/0.1] vlan-type dot1q 1
    [*PE2-Virtual-Ethernet5/0/0.1] mpls l2vc 1.1.1.9 101
    [*PE2-Virtual-Ethernet5/0/0.1] quit
    [*PE2] commit
    [~PE2] quit

    # Verify the configuration.

    View the L2VPN connection information on the PE routers, and you can see that an L2VC is set up and is in Up state.

    Take PE2 for example.

    [~PE2] display mpls l2vc
    Total ldp vc : 1     1 up       0 down
     *Client Interface     : Virtual-Ethernet5/0/0
      Session State        : up
      AC Status            : up
      VC State             : up
      VC ID                : 101
      VC Type              : ethernet
      Destination          : 1.1.1.9
      Local VC Label       : 1025
      Remote VC Label      : 1024
      Control Word         : Disable
      Local VC MTU         : 1500
      Romete VC MTU        : 1500
      Tunnel Policy Name   : --
      Traffic Behavior Name: --
      PW Template Name     : --
      Create time          : 0 days, 0 hours, 3 minutes, 14 seconds
      UP time              : 0 days, 0 hours, 1 minutes, 48 seconds
      Last change time     : 0 days, 0 hours, 1 minutes, 48 seconds
  3. Configure the BRAS access service. Configure VE5/0/1 as the BAS interface so that users connect to the Internet through VE5/0/1.

    # Configure a virtual template interface.

    [~PE2] interface virtual-template 1
    [*PE2-Virtual-Template1] ppp authentication-mode chap
    [*PE2-Virtual-Template1] quit
    [*PE2] commit

    # Configure the authentication scheme.

    [~PE2] aaa
    [*PE2-aaa] authentication-scheme auth1
    [*PE2-aaa-authen-auth1] authentication-mode radius
    [*PE2-aaa-authen-auth1] quit
    [*PE2] commit

    # Configure the accounting scheme.

    [~PE2-aaa] accounting-scheme acct1
    [*PE2-aaa-accounting-acct1] accounting-mode radius
    [*PE2-aaa-accounting-acct1] quit
    [*PE2-aaa] quit
    [*PE2] commit

    # Configure the RADIUS server group.

    [~PE2] radius-server group rd1
    [*PE2-radius-rd1] radius-server authentication 192.168.7.249 1812
    [*PE2-radius-rd1] radius-server accounting 192.168.7.249 1813
    [*PE2-radius-rd1] radius-server type plus11
    [*PE2-radius-rd1] radius-server shared-key itellin
    [*PE2-radius-rd1] quit
    [*PE2] commit

    # Configure the address pool.

    [~PE2] ip pool pool1 bas local
    [*PE2-ip-pool-pool1] gateway 172.82.1.1 255.255.255.0
    [*PE2-ip-pool-pool1] section 0 172.82.1.2 172.82.1.200
    [*PE2-ip-pool-pool1] dns-server 192.168.7.252
    [*PE2-ip-pool-pool1] quit
    [*PE2] commit

    # Configure domain isp1.

    [~PE2] aaa
    [*PE2-aaa] domain isp1
    [*PE2-aaa-domain-isp1] authentication-scheme auth1
    [*PE2-aaa-domain-isp1] accounting-scheme acct1
    [*PE2-aaa-domain-isp1] radius-server group rd1
    [*PE2-aaa-domain-isp1] quit
    [*PE2] commit

    # Specify the VT interface for VE2.

    [~PE2] interface virtual-ethernet5/0/1
    [*PE2-Virtual-Ethernet5/0/1] pppoe-server bind virtual-template 1
    [*PE2-Virtual-Ethernet5/0/1] quit
    [*PE2] commit

    # Configure the BAS interface.

    [~PE2] interface virtual-ethernet5/0/1.1
    [*PE2-Virtual-Ethernet5/0/1.1] user-vlan 1 2 qinq 100
    [*PE2-Virtual-Ethernet5/0/1.1.1-vlan-1-2-QinQ-100] quit
    [*PE2-Virtual-Ethernet5/0/1.1] commit
    [~PE2-Virtual-Ethernet5/0/1.1] bas
    [*PE2-Virtual-Ethernet5/0/1.1-bas] access-type layer2-subscriber
    [*PE2-Virtual-Ethernet5/0/1.1-bas] authentication-method ppp
    [*PE2-Virtual-Ethernet5/0/1.1-bas] quit
    [*PE2-Virtual-Ethernet5/0/1.1] commit
    [~PE2-Virtual-Ethernet5/0/1.1] quit

    # Configure the uplink interface.

    [~PE2] interface GigabitEthernet 1/0/0
    [*PE2-GigabitEthernet1/0/0] ip address 2.1.1.2 255.255.255.0
    [*PE2-GigabitEthernet1/0/0] undo shutdown
    [*PE2-GigabitEthernet1/0/0] quit
    [*PE2] commit

Configuration Files

The following are the configuration files of the routers.

  • Configuration file of PE1

    #
     sysname PE1
    #
     mpls lsr-id 1.1.1.9
     mpls
    #
     mpls l2vpn
    #
    mpls ldp
    #
    interface GigabitEthernet1/0/0
     undo shutdown
     ip address 10.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
     mpls ldp remote-peer pe2
     remote-ip 3.3.3.9
    #
    interface GigabitEthernet5/0/0.1
     vlan-type dot1q 1
     mpls l2vc 3.3.3.9 101
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 10.1.1.0 0.0.0.255
      network 1.1.1.9 0.0.0.0
    #
    return
  • Configuration file of P

    #
     sysname P
    #
     mpls lsr-id 2.2.2.9
     mpls
    #
    mpls ldp
    #
    interface GigabitEthernet1/0/0
     undo shutdown
     ip address 10.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface GigabitEthernet2/0/0
     undo shutdown
     ip address 10.2.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
    #
    ospf 1
     area 0.0.0.0
      network 10.1.1.0 0.0.0.255
      network 10.2.1.0 0.0.0.255
      network 2.2.2.9 0.0.0.0
    #
    return
  • Configuration file of PE2

    #
     sysname PE2
    #
    radius-server group rd1
     radius-server authentication 192.168.7.249 1645 weight 0
     radius-server accounting 192.168.7.249 1646 weight 0
     radius-server shared-key itellin
     radius-server type plus11
     radius-server traffic-unit kbyte
    #
    mpls lsr-id 3.3.3.9
     mpls
    #
     mpls l2vpn
    #
    mpls ldp
    #
     mpls ldp remote-peer pe1
      remote-ip 1.1.1.9
    #
    interface Virtual-Template1
     ppp authentication-mode chap
    #
    interface GigabitEthernet1/0/0
     undo shutdown
     ip address 2.1.1.2 255.255.255.0
    #  
    interface GigabitEthernet5/0/0
     undo shutdown
     ip address 10.2.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Virtual-Ethernet5/0/0
     undo shutdown
     ve-group 1 l2-terminate
    #
    interface Virtual-Ethernet5/0/0.1
     vlan-type dot1q 1
     mpls l2vc 1.1.1.9 101
    #
    interface Virtual-Ethernet5/0/1
     undo shutdown
     ve-group 1 l3-access
    #
    interface Virtual-Ethernet5/0/1.1
     undo shutdown
     user-vlan 1 2 qinq 100
     bas
      access-type layer2-subscriber
      authentication-method ppp
    #
    interface LoopBack1
     ip address 3.3.3.9 255.255.255.255
    #  
    ip pool pool1 bas local
     gateway 172.82.1.1 255.255.255.0
     section 0 172.82.1.2 172.82.1.200
     dns-server  192.168.7.252
    #
    aaa
    authentication-scheme  auth1
    accounting-scheme  acct1
    domain  isp1
     authentication-scheme auth1
     accounting-scheme acct1
     radius-server group rd1
     ip-pool pool1
    #
    ospf 1
     area 0.0.0.0
      network 10.2.1.0 0.0.0.255
      network 3.3.3.9 0.0.0.0  
    #
    return
Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055031

Views: 17494

Downloads: 70

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next