No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - User Access 01

This is NE40E V800R010C10SPC500 Configuration Guide - User Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring the IPoE Access Service by Using ND

Example for Configuring the IPoE Access Service by Using ND

This section provides an example for configuring the IPv6 access service by using ND, including the networking requirements, configuration roadmap, configuration procedure, and configuration files.

Networking Requirements

The networking is shown in Figure 6-10. The requirements are as follows:

  • The user belongs to the domain isp6 and accesses the Internet by using GE 1/0/2 on the NE40E in ND mode. Binding authentication is adopted.

  • RADIUS authentication and RADIUS accounting are used.

  • The IP address of the RADIUS server is 10.6.55.55. The authentication port number is 1645 and the accounting port number is 1646. The standard RADIUS protocol is adopted. The shared key is it-is-my-secret1.

  • The IP address of the DNS server is 3001:0410::1:2.

Figure 6-10 Networking for configuring the IPv6 access service in ND mode
NOTE:

Interfaces 1 and 2 in this example are GE 1/0/1, GE 1/0/2, respectively.



Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure AAA schemes.

  2. Configure a RADIUS server group.

  3. Configure a delegation IPv6 prefix pool.

  4. Configure a delegation IPv6 address pool and bind the address pool to the prefix pool.

  5. Configure an AAA domain and bind the domain to the address pool.

  6. Configure interfaces.

Data Preparation

To complete the configuration, you need the following data:

  • Authentication template name and authentication method

  • Accounting template name and accounting mode

  • RADIUS server group name, and IP addresses and port numbers of the RADIUS authentication server and accounting server

  • Local prefix pool name

  • Prefix length and assignable IPv6 prefixes

  • Local address pool name

  • Domain name

Procedure

  1. Configure AAA schemes.

    # Configure an authentication scheme.

    [*HUAWEI] aaa
    [*HUAWEI-aaa] authentication-scheme auth6
    [*HUAWEI-aaa-authen-auth6] authentication-mode radius
    [*HUAWEI-aaa-authen-auth6] commit
    [~HUAWEI-aaa-authen-auth6] quit

    # Configure an accounting scheme.

    [*HUAWEI-aaa] accounting-scheme acct6
    [*HUAWEI-aaa-accounting-acct6] accounting-mode radius
    [*HUAWEI-aaa-accounting-acct6] commit
    [~HUAWEI-aaa-accounting-acct6] quit
    [~HUAWEI-aaa] quit

  2. Configure a RADIUS server group.

    [*HUAWEI] radius-server group rd6
    [*HUAWEI-radius-rd6] radius-server authentication 10.6.55.55 1645
    [*HUAWEI-radius-rd6] radius-server accounting 10.6.55.55 1646
    [*HUAWEI-radius-rd6] radius-server type standard
    [*HUAWEI-radius-rd6] radius-server shared-key-cipher it-is-my-secret1
    [*HUAWEI-radius-rd6] commit
    [~HUAWEI-radius-rd6] quit

  3. Configure a delegation prefix pool.

    [*HUAWEI] ipv6 prefix pre1 delegation
    [*HUAWEI-ipv6-prefix-pre1] prefix 2001:2421::/64
    [*HUAWEI-ipv6-prefix-pre1] slaac-unshare-only
    [*HUAWEI-ipv6-prefix-pre1] commit
    [~HUAWEI-ipv6-prefix-pre1] quit

  4. Configure a user-side delegation address pool.

    [*HUAWEI] ipv6 pool pool1 bas delegation
    [*HUAWEI-ipv6-pool-pool1] prefix pre1
    [*HUAWEI-ipv6-pool-pool1] dns-server 3001:0410::1:2
    [*HUAWEI-ipv6-pool-pool1] commit
    [~HUAWEI-ipv6-pool-pool1] quit

  5. Configure a domain named isp6.

    [*HUAWEI] aaa
    [*HUAWEI-aaa] domain isp6
    [*HUAWEI-aaa-domain-isp6] authentication-scheme auth6
    [*HUAWEI-aaa-domain-isp6] accounting-scheme acct6
    [*HUAWEI-aaa-domain-isp6] radius-server group rd6
    [*HUAWEI-aaa-domain-isp6] ipv6-pool pool1
    [*HUAWEI-aaa-domain-isp6] prefix-assign-mode unshared
    [*HUAWEI-aaa-domain-isp6] commit
    [~HUAWEI-aaa-domain-isp6] quit
    [~HUAWEI-aaa] quit

  6. Configure interfaces.

    # Configure a BAS interface.

    [*HUAWEI] interface GigabitEthernet 1/0/2
    [*HUAWEI-GigabitEthernet1/0/2] bas
    [*HUAWEI-GigabitEthernet1/0/2-bas] access-type layer2-subscriber default-domain authentication isp6
    [*HUAWEI-GigabitEthernet1/0/2-bas] authentication-method-ipv6 bind
    [*HUAWEI-GigabitEthernet1/0/2-bas] commit
    [~HUAWEI-GigabitEthernet1/0/2-bas] quit

    # Enable IPv6 on GE 1/0/2.

    [*HUAWEI-GigabitEthernet1/0/2] ipv6 enable
    [*HUAWEI-GigabitEthernet1/0/2] ipv6 address auto link-local
    [*HUAWEI-GigabitEthernet1/0/2] commit
    [~HUAWEI-GigabitEthernet1/0/2] quit

    # Configure an upstream interface.

    [*HUAWEI] interface GigabitEthernet 1/0/1
    [*HUAWEI-GigabitEthernet1/0/1] ipv6 enable
    [*HUAWEI-GigabitEthernet1/0/1] ipv6 address auto link-local
    [*HUAWEI-GigabitEthernet1/0/1]  ipv6 address 2001::/64 eui-64
    [*HUAWEI-GigabitEthernet1/0/1]  ipv6 address 3001::1/64

  7. Verify the configuration.

    # Check information about the prefix pool named pre1. You can see that the prefix pool is a delegation prefix pool and the prefix address is 2010:2021::/64.

    <HUAWEI> display ipv6 prefix pre1
     -------------------------------------------------------------
     Prefix Name        : pre1
     Prefix Index       : 4
     Prefix constant index: -
     Prefix Type        : Delegation
     Prefix Address     : 2010:2021::
     Prefix Length      : 64
     Reserved Type      : NONE  
     Valid Lifetime     : 3 Days 0 Hours 0 Minutes
     Preferred Lifetime: 2 Days 0 Hours 0 Minutes
     IfLocked            : Unlocked
     Vpn instance       : -       
     Conflict address   : -
     Free Prefix Count  : 262144
     Used Prefix Count  : 0
     Reserved Prefix Count: 0   
     -------------------------------------------------------------
    

    # Check information about the address pool named pool1. You can see that the address pool is a local address pool at the user side and the address pool is bound to the prefix pool named pre1.

    <HUAWEI> display ipv6 pool pool1
     ----------------------------------------------------------------------
     Pool name          : pool1
     Pool No            : 4 
      Pool-constant-index :- 
     Pool type          : BAS DELEGATION
     Preference         : 0
     Renew time         : 50
     Rebind time        : 80
     Status              : UNLOCKED
     Refresh interval   : 0 Days 0 Hours 0 Minutes
     Used by domain     : 1
     Dhcpv6 Unicast     : disable
     Dhcpv6 rapid-commit: disable
     Dns list             : -
     Dns server master  : 3001:0410::1:2
     Dns server slave   : -
     AFTR name          : - 
     ----------------------------------------------------------------------
     Prefix-Name                      Prefix-Type
     ----------------------------------------------------------------------
     pre1                               DELEGATION
    ----------------------------------------------------------------------
    

    # Check information about the domain named isp6. You can see that the domain is bound to the IPv6 address pool named pool1.

    <HUAWEI> display domain isp6
      ------------------------------------------------------------------------------
      Domain-name                     : isp6                                          
      Domain-state                    : Active                                      
      Authentication-scheme-name      : auth6                                    
      Accounting-scheme-name          : acct6                                    
      Authorization-scheme-name       : -                                           
      Primary-DNS-IP-address          : -                                           
      Second-DNS-IP-address           : -                                           
      Primary-DNS-IPV6-address        : -                                           
      Second-DNS-IPV6-address         : -                                           
      Web-server-URL-parameter        : No                                          
      Portal-server-URL-parameter     : No                                          
      Primary-NBNS-IP-address         : -                                           
      Second-NBNS-IP-address          : -                                           
      Time-range                      : Disable                                     
      Idle-cut direction              : Both                                        
      Idle-data-attribute (time,flow) : 0, 60                                       
      User detect interval            : 0s                                          
      User detect retransmit times    : 0                                           
      Install-BOD-Count               : 0                                           
      Report-VSM-User-Count           : 0                                           
      Value-added-service             : DEFAULT                                     
      User-access-limit               : 152576                                      
      Online-number                   : 0                                           
      Web-IP-address                  : -                                           
      Web-URL                         : -                                           
      Web-auth-server                 : -                                           
      Web-auth-state                  : -                                           
      Web-server-mode                 : get                                         
      Slave Web-IP-address            : -                                           
      Slave Web-URL                   : -                                           
      Slave Web-auth-server           : -                                           
      Slave Web-auth-state            : -                                           
      Portal-server-IP                : -                                           
      Portal-URL                      : -                                           
      Portal-force-times              : 2                                           
      Service-policy(Portal)          : -                                           
      PPPoE-user-URL                  : Disable                                     
      AdminUser-priority              : 16                                          
      IPUser-ReAuth-Time              : 300s                                        
      mscg-name-portal-key            : -                                           
      Portal-user-first-url-key       : -                                           
      User-session-limit              : 4294967295                                  
      Ancp auto qos adapt             : Disable                                     
      L2TP-group-name                 : -                                           
      User-lease-time-no-response     : 0s                                          
      RADIUS-server-template          : -                                           
      Two-acct-template               : -                                           
      RADIUS-server-pre-template      : -                                           
                                        -                                           
                                        -                                           
      HWTACACS-server-template        : -                                           
      Bill Flow                       : Disable                                     
      Tunnel-acct-2867                : Disabled                                    
      Qos-profile-name inbound        : -                                           
      Qos-profile-name outbound       : -                                           
                                                                                    
      Flow Statistic:                                                               
      Flow-Statistic-Up               : Yes                                         
      Flow-Statistic-Down             : Yes                                         
      Source-IP-route                 : Disable                                     
      IP-warning-threshold            : -                                           
      IP-warning-threshold(Low)       : -                                           
      IPv6-warning-threshold          : -                                           
      IPv6-warning-threshold(Low)     : -                                           
      Multicast Forwarding            : Yes                                         
      Multicast Virtual               : No                                          
      Max-multilist num               : 4                                           
      Multicast-profile               : -                                           
      Multicast-profile ipv6          : -                                           
      IPv6-Pool-name                  : pool1                                         
      Quota-out                       : Offline                                     
      Service-type                    : -                                           
      User-basic-service-ip-type      : -/-/-                                       
      PPP-ipv6-address-protocol       : Ndra                                        
      IPv6-information-protocol       : Stateless dhcpv6                            
      IPv6-PPP-assign-interfaceid     : Disable                                     
      IPv6-PPP-NDRA-halt              : Disable                                     
      IPv6-PPP-NDRA-unicast           : Disable                                     
      Trigger-packet-wait-delay       : 60s                                         
      Peer-backup                     : enable                                      
      Reallocate-ip-address           : Disable                                     
      Cui  enable                     : Disable                                     
      Igmp enable                     : Enable                                      
      L2tp-user radius-force          : Disable                                     
      Accounting dual-stack           : Separate                                    
      Radius server domain-annex      : -                                           
      Dhcp-option64-service           : disable                                     
      Parse-separator                 : -                                           
      Parse-segment-value             : -                                           
      Dhcp-receive-server-packet      : -                                           
      Http-hostcar                    : Disable                                     
      Public-address assign-first     : Disable                                     
      Public-address nat              : Enable                                      
      Dhcp-user auto-save             : Disable                                     
      IP-pool usage-status threshold  : 255 , 255                                   
      Select-Pool-Rule                : gateway + local priority                    
      AFTR name                       : -                                           
      DAA Direction                   : both                                        
      ------------------------------------------------------------------------------

Configuration Files

  • router Configuration Files.

    #
     sysname HUAWEI
    #
    ipv6
    #
    radius-server group rd6
    radius-server authentication 10.6.55.55 1645 weight 0
    radius-server accounting 10.6.55.55 1646 weight 0
    radius-server shared-key-cipher %^%#vS%796FO7%C~pB%CR=q;j}gSCqR-X6+P!.DYI@)%^%
    #
    interface Virtual-Template6
     ppp authentication-mode pap
    #
    ipv6 prefix pre1 delegation
     prefix 2010:2021::/64
     slaac-unshare-only
    #
    ipv6 pool pool1 bas delegation
    prefix pre1
    dns-server 3001:0410::1:2
    #
    aaa
    authentication-scheme default0
     authentication-scheme default1
    authentication-scheme auth6
    authentication-mode radius
    #
    accounting-scheme default0
     accounting-scheme default1
    accounting-scheme acct6
    accounting-mode radius
    #
    domain  isp6
     authentication-scheme auth6
     accounting-scheme acct6
     radius-server group rd6
     ipv6-pool pool1
     prefix-assign-mode unshared
    #
    interface GigabitEthernet1/0/2
     pppoe-server bind Virtual-Template 6
     ipv6 enable
     ipv6 address auto link-local
     bas
      access-type layer2-subscriber default-domain authentication isp6
      authentication-method  bind
    #
    interface GigabitEthernet1/0/1
     ipv6 enable
     ipv6 address 2001::1/64 eui-64
     ipv6 address 3001::1/64
     ipv6 address auto link-local
    #
    return
    
Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055031

Views: 17401

Downloads: 70

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next