No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - User Access 01

This is NE40E V800R010C10SPC500 Configuration Guide - User Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring a Remote Address Pool for ND Users' IPv6 Address Assignment

Example for Configuring a Remote Address Pool for ND Users' IPv6 Address Assignment

This section provides an example for configuring a remote address pool that is used to assign IPv6 addresses to ND users, including the networking requirements, configuration roadmap, configuration procedure, and configuration files.

Networking Requirements

On the network in Figure 5-13, the Device is a DHCPv6 relay agent, and the remote DHCPv6 server assigns ND prefixes to users. The requirements are as follows:

  • The user accesses the Device in IPoE mode through GE 1/0/1.1, and the user belongs to the domain isp1 and uses bind authentication.
  • The user is assigned an address on the network segment 2660:2321::/64.
  • RADIUS authentication and accounting are used.
  • The IP address of the RADIUS server is 10.6.55.55. The authentication port number is 1550, and the accounting port number is 1551. The standard RADIUS protocol is used, with the password it-is-my-secret1.
  • The IP address of the DHCPv6 server is 3002:3101::2:2.
Figure 5-13 Configuring a remote address pool for ND users' IPv6 address assignment
NOTE:

Interfaces 1 through 2 in this example are 1/0/1.1, 1/0/2, respectively.



Configuration Roadmap

The configuration roadmap is as follows:

  1. Enable IPv6 packet forwarding on the Device.
  2. Configure AAA schemes.
  3. Configure a RADIUS server group.
  4. Configure a DHCPv6 server group.
  5. Configure a remote IPv6 prefix pool.
  6. Configure a user-side remote address pool and bind the DHCPv6 server group and IPv6 prefix pool to the address pool.
  7. Configure an AAA domain to be used as the default authentication domain.
  8. Configure a BAS interface.

Data Preparation

To complete the configuration, you need the following data:

  • Remote IPv6 prefix pool name
  • Remote address pool name
  • Next-hop relay agent's IPv6 address
  • Link-address in the prefix pool
NOTE:

The remote DHCPv6 server selects an address pool based on the link-address option in packets sent by the relay agent.

Procedure

  1. Configure a DHCPv6 server group.

    <Device> system-view
    [*Device] dhcpv6-server group group1
    [*Device-dhcpv6-server-group-group1] dhcpv6-server destination 3002:3101::2:2
    [*Device-dhcpv6-server-group-group1] commit
    [~Device-dhcpv6-server-group-group1] quit

  2. Configure a remote prefix pool and a remote address pool.

    [*Device] ipv6 prefix pre1 remote
      Info:Create a prefix pool
    [*Device-ipv6-prefix-pre1] link-address 2660:2321::1/64
    [*Device-ipv6-prefix-pre1] commit
    [~Device-ipv6-prefix-pre1] quit
    [*Device] ipv6 pool pool1 bas remote
    [*Device-ipv6-pool-pool1] prefix pre1
    [*Device-ipv6-pool-pool1] dhcpv6-server group group1
    [*Device-ipv6-pool-pool1] commit
    [~Device-ipv6-pool-pool1] quit

  3. Configure a RADIUS server group on the Device.

    [*Device] radius-server group rd1
    [*Device-radius-rd1] radius-server authentication 10.6.55.55 1550
    [*Device-radius-rd1] radius-server accounting 10.6.55.55 1551
    [*Device-radius-rd1] radius-server type standard
    [*Device-radius-rd1] radius-server shared-key-cipher it-is-my-secret1
    [*Device-radius-rd1] commit
    [~Device-radius-rd1] quit

  4. Configure AAA schemes.

    # Configure an authentication scheme.

    [*Device] aaa
    [*Device-aaa] authentication-scheme auth1
    [*Device-aaa-authen-auth1] authentication-mode radius
    [*Device-aaa-authen-auth1] commit
    [~Device-aaa-authen-auth1] quit

    # Configure an accounting scheme.

    [*Device-aaa] accounting-scheme acct1
    [*Device-aaa-accounting-acct1] accounting-mode radius
    [*Device-aaa-accounting-acct1] quit
    [*Device-aaa] commit
    [~Device-aaa] quit

  5. Configure a domain named isp1.

    [*Device] aaa
    [*Device-aaa] domain isp1
    [*Device-aaa-domain-isp1] authentication-scheme auth1
    [*Device-aaa-domain-isp1] accounting-scheme acct1
    [*Device-aaa-domain-isp1] radius-server group rd1
    [*Device-aaa-domain-isp1] ipv6-pool pool1
    [*Device-aaa-domain-isp1] prefix-assign-mode unshared
    [*Device-aaa-domain-isp1] commit
    [~Device-aaa-domain-isp1] quit
    [~Device-aaa] quit

  6. Configure a BAS interface.

    # Configure a BAS interface on the Device.

    [*Device] interface GigabitEthernet 1/0/1.1
    [HUAWEI-GigabitEthernet 1/0/1.1] user-vlan 1 20
    [HUAWEI-GigabitEthernet 1/0/1.1-vlan-1-20] quit
    [*Device-GigabitEthernet 1/0/1.1] ipv6 enable
    [*Device-GigabitEthernet 1/0/1.1] ipv6 address auto link-local
    [*Device-GigabitEthernet 1/0/1.1] bas
    [*Device-GigabitEthernet 1/0/1.1-bas] access-type layer2-subscriber default-domain authentication isp1
    [*Device-GigabitEthernet 1/0/1.1-bas] authentication-method-ipv6 bind
    [*Device-GigabitEthernet 1/0/1.1-bas] commit
    [~Device-GigabitEthernet 1/0/1.1-bas] quit
    NOTE:
    • In bind authentication, the user name is automatically generated based on the NE40E's location and domain name. Therefore, configure a user name based on the generation rule and configure the password vlan on the RADIUS server.

    • For details on the user name generation rule used in bind authentication, see vlanpvc-to-username in HUAWEI NetEngine40E Universal Service Router Command Reference.

    • The interface configurations determine whether IPoE access users use the stateless address autoconfiguration (M=0) or stateful address autoconfiguration (M=1) mode. If the M flag is 0 and the O flag is 1, the client uses the stateless address autoconfiguration mode to obtain an IP address and uses the stateful address autoconfiguration mode to obtain other configuration parameters.

  7. Verify the configuration.

    # Display information about the prefix pool named pre1. The command output shows that the prefix pool is a remote prefix pool.

    <Device> display ipv6 prefix pre1
    -------------------------------------------------------------
    Prefix Name        : pre1
     Prefix Index       : 5
     Prefix constant index: -
     Prefix Type        : REMOTE
     Link-Address       : 2660:2321::1
     Prefix Length      : 64
     Reserved Type      : NONE
     IfLocked           : Unlocked
     Vpn instance       : -
     Lease manage       : false
     Reserved Prefix Count: 0
     Excluded Prefix Count: 0     
    ------------------------------------------------------------- 

    # Display information about the address pool named pool1. The command output shows that the address pool is a user-side remote address pool and the address pool is bound to the remote prefix pool named pre1.

    <Device> display ipv6 pool pool1
    ---------------------------------------------------------------
     Pool name          : pool1
     Pool No            : 3
     Pool constant index: -
     Pool type          : BAS REMOTE
     RUI-Flag           : -
     Preference         : 255
     Renew time         : 50
     Rebind time        : 80
     Status             : UNLOCKED
     Refresh interval   : infinite
     Used by domain     : 1
     Dhcpv6 Unicast     : disable
     Dhcpv6 rapid-commit: disable
     Dns list           : -
     Dns server master  : -
     Dns server slave   : -
     AFTR name          : -
     State              : UP
     Server down times  : 0
     ----------------------------------------------------------------------
     Prefix-Name                      Prefix-Type
     ----------------------------------------------------------------------
     pre1                             REMOTE
     --------------------------------------------------------------- 

  8. Run commit

    The configuration is committed.

Configuration Files

#
ipv6
#
radius-server group rd1
 radius-server authentication 10.6.55.55 1550 weight 0
radius-server accounting 10.6.55.55 1551 weight 0
radius-server shared-key-cipher %^%#vS%796FO7%C~pB%CR=q;j}gSCqR-X6+P!.DYI@)%^%
#
dhcpv6-server group group1
 dhcpv6-server destination 3002:3101::2:2
#
ipv6 prefix pre1 remote
link-address 2660:2321::1/64
#
ipv6 pool pool1 bas remote
prefix pre1
dhcpv6-server group group1
#
aaa
authentication-scheme default0
 authentication-scheme default1
authentication-scheme auth1
authentication-mode radius
#
accounting-scheme default0
 accounting-scheme default1
accounting-scheme acct1
accounting-mode radius
#
domain isp1
  authentication-scheme auth1
  accounting-scheme acct1
  radius-server group rd1
  ipv6-pool pool1    
  prefix-assign-mode unshared
#
interface GigabitEthernet1/0/1.1
 user-vlan 1 20
 ipv6 enable
 ipv6 address auto link-local
 bas
 #
  access-type layer2-subscriber default-domain authentication isp1
  authentication-method-ipv6 bind
#
return
Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055031

Views: 17491

Downloads: 70

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next