No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - User Access 01

This is NE40E V800R010C10SPC500 Configuration Guide - User Access
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Adjusting DHCPv6 Service Parameters

(Optional) Adjusting DHCPv6 Service Parameters

Configure transparent transmission of DHCPv6 packets, unicast mode, and two-message exchange between a DHCPv6 client and a DHCPv6 server based on actual network conditions.

(Optional)Configuring Global DHCPv6 Parameters

Configure transparent transmission of DHCPv6 packets, unicast mode, and two-message exchange between a DHCPv6 client and a DHCPv6 server based on actual network conditions.

Context

  • Transparent transmission of DHCPv6 packets and the speed threshold at which solicit packets are sent

    When receiving the DHCPv6 Solicit packet that the online user terminal, the NE40E forces the user to go offline and waits until the user sends a DHCPv6 Solicit packet to obtain the address through DHCPv6.

    If a user terminal that does not support retransmission of DHCP Solicit packets is restarted immediately after a user logout, the NE40E is unable to detect the logout event. In this case, run the dhcpv6 through-packet command to enable transparent transmission of DHCPv6 packets so that the user can normally log in to the NE40E.

    The dhcpv6 solicit-speed-threshold command is used when the speed at which users go online needs to be limited.

  • DHCPv6 server unicast mode and two-message exchange between a DHCPv6 client and a DHCPv6 server

    The dhcpv6 unicast-option command must be run if the DHCPv6 server needs to communicate with DHCPv6 clients in unicast mode.

    In certain situations, for example, when a DHCPv6 client retains the last IP address it was allocated, the client can obtain an IP address through a rapid two-message exchange if the Solicit packet sent from the client contains the Rapid Commit option and the server also supports this option.

Perform the following steps on the NE40E.

Procedure

  • Configure transparent transmission of DHCPv6 packets.
    1. Run system-view

      The system view is displayed.

    2. Run dhcpv6 through-packet

      The function for transparently transmitting DHCPv6 packets is configured.

    3. Run dhcpv6 solicit-speed-threshold packet-number seconds

      The dhcpv6 solicit-speed-threshold command configures the speed threshold at which solicit packets are received.

      The more solicit packets are sent within a specified time period, the faster users go online.

  • Configure DHCPv6 server unicast mode and two-message exchange between a DHCPv6 client and a DHCPv6 server.
    1. Run system-view

      The system view is displayed.

    2. (Optional) Run dhcpv6 rapid-commit

      The DHCPv6 server is configured to support rapid two-message exchange (solicit, reply).

      This command run in the system view allows all DHCPv6 clients with the Rapid Commit option to obtain IP addresses through a rapid two-message exchange. Without this command run in the system view, the dhcpv6 rapid-commit command configured in the view of the IPv6 address pool allocated by the client determines whether to use a rapid two-message exchange.

    3. Run ipv6 pool pool-name { bas { local | delegation | relay } }

      An IPv6 address pool is created, and the IPv6 address pool view is displayed.

    4. (Optional) Run dhcpv6 unicast-option

      Unicast mode is configured on the DHCPv6 server.Then, the DHCPv6 server can receive unicast DHCPv6 messages and instruct the DHCPv6 clients to communicate with the DHCPv6 server in unicast mode.

    5. (Optional) Run dhcpv6 rapid-commit

      The DHCPv6 server is configured to support rapid two-message exchange (solicit, reply).

(Optional) Enabling the Device to Parse Option 37 of Any Format in DHCPv6 Solicit or Request Messages

The device can be enabled to parse Option 37 of any format in DHCPv6 solicit or request messages.

Context

In DHCPv6 scenarios, Layer 2 relay agents insert Option 37 to the relay header of Relay-forward messages. When the NE40E receives the Relay-forward messages, the NE40E can parse Option 37. However, if Layer 2 relay agents insert Option 37 to DHCPv6 Solicit or Request messages instead of the relay header of Relay-forward messages, the NE40E can parse Option 37 only if it is 10 or 16 bytes in length. In this case, configure the NE40E to parse Option 37 of any format in DHCPv6 Solicit or Request messages.

Perform the following steps on the NE40E:

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run dhcpv6 option-37 any-format decode enable

    The NE40E is enabled to parse Option 37 of any format in DHCPv6 Solicit or Request messages.

  3. Run commit

    The configuration is committed.

(Optional) Shortening the User Address Lease Before a DHCPv6 Server Restarts

The user address lease can be shortened before a DHCPv6 server restarts. This change allows DHCP users to get online a short period of time after the DHCPv6 server restarts due to an upgrade without restarting the terminal.

Context

When the NE40E is being upgraded, DHCPv6 users cannot detect that the link goes Down and dial-up again like PPP users. Therefore, these users do not redial to get online. Instead, the terminal must be restarted to trigger a DHCPv6 request so that the users can obtain IP addresses to get online again. In the current upgrade solution, the address pool lease time is shortened at the lease renewal time before the upgrade date. This solution ensures that the terminal can send lease renewal packets in a shorter period of time after the device is upgraded to allow DHCPv6 users to get online again.

This upgrade solution has two disadvantages:
  • Changing the address pool lease takes effect only for users that obtain addresses from local address pools. The address lease delivered by a RADIUS server is not changed. The users that have obtained addresses from the RADIUS server have to wait a comparatively long period of time to get online again.

  • The address pool lease is configured in the address pool view. Manually changing the lease configurations of all the address pools brings a huge workload.

Using the dhcpv6 upgrade command in the system view to change the address lease for all DHCP users attached to the device solves these problems.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run dhcpv6 upgrade preferred-lifetime day [ hour [ minute ] ] valid-lifetime day [ hour [ minute ] ] [ renew-time-percent renew-time-percent ] [ rebind-time-percent rebind-time-percent ]

    The address lease for all DHCPv6 users attached to the device is configured.

    After the dhcpv6 upgrade command is used, the lease configured in the system view takes effect for new users, online users that need to renew the lease, users using addresses/prefixes in local and Delegation address pools, and users using addresses/prefixes delivered by a RADIUS server.

    No configuration file will be generated after the dhcpv6 upgrade command is used. To view the configuration result, run the display dhcpv6 upgrade command. The dhcpv6 upgrade command becomes invalid after the device restarts.

    If a short lease is configured, a large number of users will renew their lease at the same time, causing high CPU usage. Therefore, configuring a short lease is not recommended unless the device needs to be upgraded.

  3. Run commit

    The configuration is committed.

(Optional) Configuring a Constant Index for an IPv6 Address Pool

Context

After the ip-pool constant-index enable command is used, the index of the IPv4 address pool, IPv6 prefix pool, or IPv6 address pool does not change after the device restarts. The constant-index index command is automatically generated in the views of all the IPv4 address pools, IPv6 prefix pools, and IPv6 address pools configured on the device for users to check the constant value. But the constant-index command cannot be used to change the automatically generated constant index for an IPv6 prefix pool or IPv6 address pool.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ip-pool constant-index enable

    The constant index function is enabled for IPv4 address pools, IPv6 prefix pools, and IPv6 address pools.

  3. Run commit

    The configuration is committed.

Changing the DHCPv6 Option Code for Interconnection Between Huawei and Non-Huawei Devices

On the NE40E, the vendor-class attribute is carried in DHCPv6 Option 16. The option code probably differs with that on a non-Huawei device. The DHCPv6 option code can be changed for interconnection between Huawei and non-Huawei devices.

Context

If the mapping between the vendor-class attribute and a DHCPv6 option code is configured in both system and BAS interface views, the configuration in the BAS interface view takes effect.

Procedure

  • Configure a mapping between the vendor-class attribute and a DHCPv6 option code in the system view.
    1. Run system-view

      The system view is displayed.

    2. Run vendor-class dhcpv6 [ option-code option-code | offset offset-length ]*

      The mapping between the vendor-class attribute and a DHCPv6 option code as well as the offset value are configured. After the configuration is complete, the BRAS uses the offset value to obtain the desired contents in the Value field of the DHCPv6 option.

  • Configure a mapping between the vendor-class attribute and a DHCPv6 option code in the BAS interface view.
    1. Run system-view

      The system view is displayed.

    2. Run interface interface-type interface-number [ .subinterface-number ]

      The interface view is displayed.

    3. Run bas

      A BAS interface is created and the BAS interface view is displayed.

      You can configure an interface as the BAS interface by running the bas command in the interface view. You can configure an Ethernet interface or its sub-interface, a VE interface or its sub-interface, an ATM interface or its sub-interface, or an Eth-Trunk interface or its sub-interface as a BAS interface.

    4. Run access-type layer2-subscriber [ default-domain { [ authentication [ force | replace ] dname ] [ pre-authentication predname ] } ]

      The access type is set to Layer 2 subscriber access and the attributes of this access type are configured.

      Or run:access-type layer3-subscriber [ default-domain { [ pre-authentication predname ] authentication [ force | replace ] dname } ]

      The access type is set to Layer 3 subscriber access and the attributes of this access type are configured.

      When setting the access type on the BAS interface, you can set the service attributes of the access users at the same time. You can also set these attributes in later configurations.

      The access type cannot be configured on the Ethernet interface that is added to an Eth-Trunk interface. You can configure the access type of such an Ethernet interface only on the associated Eth-Trunk interface.

    5. Run vendor-class dhcpv6 [ option-code option-code | offset offset-length ]*

      The mapping between the vendor-class attribute and a DHCPv6 option code as well as the offset value are configured. After the configuration is complete, the BRAS uses the offset value to obtain the desired contents in the Value field of the DHCPv6 option.

(Optional) Configuring the NE40E to Log Out an Online User and Deny Access of a New User After Detecting an IPv6 Address Conflict

You can configure the NE40E to log out an online user and deny access of a new user if it detects that the IPv6 address assigned to the new user from a remote address pool or by the RADIUS server is the same as the IPv6 address of the online user.

Context

To implement authentication, authorization, and accounting for users separately, users must use different IPv6 addresses to go online. This requires the NE40E to detect whether the IPv6 address assigned to a new user conflicts with that of an online user. By default, if the NE40E detects that the IPv6 address assigned to a new user is the same as the IPv6 address of an online user, it sends a DHCPv6 Decline message to the DHCPv6 server. Then the new user cannot go online, but the online user is not affected.

In scenarios in which IPv6 addresses are assigned based on the Option 82 field that carries physical location information of users and ARP probe is not configured, the online user is required to go offline to allow the new user to go online. For example, if a CPE is replaced, users attached to the old CPE will switch to the new CPE to go online. As their physical location information remains the same, they will be assigned the same IPv6 addresses as before. However, if the previous IPv6 address lease has not expired, the user information is retained. Therefore, the NE40E considers that the users are already online and discards the user packets sent from the new CPE. Subsequently, the users fail to go online through the new CPE. To allow the users to go online through the new CPE, configure the NE40E to delete the previous user information and deny new user access so that the users can be triggered to go online again.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run dhcpv6 conflict-ip-address offline user [ include framed-ipv6 ]

    The NE40E is configured to log out an online user and deny access of a new user if it detects that the IPv6 address assigned to the new user from a remote address pool or by the RADIUS server is the same as the IPv6 address of the online user.

  3. Run commit

    The configuration is committed.

(Optional) Setting Priorities for the DHCPv6 Option

If the DHCPv6 Option is configured in the domain view and in the address pool view and delivered by the RADIUS server, you can configure priorities for the DHCPv6 Option.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run dhcpv6 option-priority radius domain pool

    The highest, medium, and lowest priorities are configured for the DHCPv6 Option delivered by the RADIUS server, configured in the domain view, and configured in the address pool view, respectively.

  3. Run commit

    The configuration is committed.

Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055031

Views: 17131

Downloads: 69

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next