No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - Value-Added-Service 01

This is NE40E V800R010C10SPC500 Configuration Guide - Value-Added-Service
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring the DAA Service

Example for Configuring the DAA Service

This section provides a configuration example of the DAA service. You can learn about the configuration process of the DAA service by referring to the networking diagram of DAA. This example includes networking requirements, configuration roadmap, data preparation, configuration procedure, and configuration files.

Networking Requirements

As shown in Figure 3-1, the requirements are as follows:

  • The user belongs to domain isp1 and restricted with a bandwidth of 20 Mbit/s.

  • The value-added service policy used by users in domain isp1 is as follows: Adopting the RADIUS accounting mode, when accessing network 192.168.199.0/24, users in user group domain isp1 are charged with tariff level 1 and restricted with a bandwidth of 10 Mbit/s; when accessing network 192.168.200.0/24, users in user group domain isp1 are charged with tariff level 5 and restricted with a bandwidth of 5 Mbit/s.

  • The IP address and port number of the RADIUS authentication server are 10.10.10.2 and 1812 respectively. The IP address and port number of the RADIUS accounting server are 10.10.10.2 and 1813 respectively. Other values are default values.

Networking Diagram

Figure 3-1 Networking diagram of DAA

Configuration Roadmap

  1. Configure AAA.
  2. Configure an address pool.
  3. Enable a value-added service.
  4. Configure user group.
  5. Configure value-added service policies.
  6. Configure a QoS template.
  7. Configure a DAA service policy template.
  8. Configure an AAA domain.
  9. Configure interfaces.

Data Preparation

To complete the configuration, you need the following data:

  • Name of the authentication scheme and the authentication mode
  • Name of the accounting scheme and the accounting mode
  • Name of the RADIUS server group and IP addresses and port numbers of the RADIUS authentication server and accounting server
  • Name of the address pool, gateway address, name of the server group, and IP addresses on different network segments
  • ACL rule and DAA traffic policy
  • QoS template and DAA service template
  • Domain name
  • Interface-related parameters

Configuration Procedure

  1. Configure AAA.

    # Configure an authentication scheme.

    <HUAWEI> system-view 
    [~HUAWEI] aaa
    [~HUAWEI-aaa] authentication-scheme auth1
    [*HUAWEI-aaa-authen-auth1] authentication-mode radius
    [*HUAWEI-aaa-authen-auth1] quit

    # Configure an accounting scheme.

    [*HUAWEI-aaa] accounting-scheme acct1
    [*HUAWEI-aaa-accounting-acct1] accounting-mode radius
    [*HUAWEI-aaa-accounting-acct1] quit
    [*HUAWEI-aaa] quit

    # Configure a RADIUS server group.

    [*HUAWEI] radius-server group group1
    [*HUAWEI-radius-group1] radius-server authentication 10.10.10.2 1812
    [*HUAWEI-radius-group1] radius-server accounting 10.10.10.2 1813
    [*HUAWEI-radius-group1] radius-server shared-key huawei
    [*HUAWEI-radius-group1] commit
    [~HUAWEI-radius-group1] quit
  2. Configure the address pool.

    [~HUAWEI] ip pool pool1 bas local
    [~HUAWEI-ip-pool-pool1] gateway 100.100.100.1 24
    [~HUAWEI-ip-pool-pool1] section 0 100.100.100.2 100.100.100.200
    [~HUAWEI-ip-pool-pool1] quit
  3. Enable a value-added service.

    [~HUAWEI] value-added-service enable
  4. Configure user groups.

    [~HUAWEI] user-group isp1
  5. Configure value-added service policies.

    # Configure the DAA ACL policy.

    Configure ACL rule 6000.

    [~HUAWEI] acl 6000
    [*HUAWEI-acl-ucl-6000] rule permit ip source user-group isp1 destination ip-address 192.168.100.0 0.0.0.255
    [*HUAWEI-acl-ucl-6000] rule permit ip source ip-address 192.168.100.0 0.0.0.255 destination user-group isp1
    [*HUAWEI-acl-ucl-6000] quit

    Configure ACL rule 6001.

    [*HUAWEI] acl 6001
    [*HUAWEI-acl-ucl-6000] rule permit ip source user-group isp1 destination ip-address 192.168.200.0 0.0.0.255
    [*HUAWEI-acl-ucl-6000] rule permit ip source ip-address 192.168.200.0 0.0.0.255 destination user-group isp1
    [*HUAWEI-acl-ucl-6000] quit

    # Configure traffic classifier tc1.

    [*HUAWEI] traffic classifier tc1
    [*HUAWEI-classifier-tc1] if-match acl 6000
    [*HUAWEI-classifier-tc1] quit

    # Configure traffic classifier tc2.

    [*HUAWEI] traffic classifier tc2
    [*HUAWEI-classifier-tc1] if-match acl 6001
    [*HUAWEI-classifier-tc1] quit

    # Configure tariff level 1 in DAA traffic behavior tb1.

    [*HUAWEI] traffic behavior tb1
    [*HUAWEI-behavior-tb1] tariff-level 1
    [*HUAWEI-behavior-tb1] car
    [*HUAWEI-behavior-tb1] traffic-statistic
    [*HUAWEI-behavior-tb1] quit

    # Configure tariff level 2 in DAA traffic behavior tb2.

    [*HUAWEI] traffic behavior tb2
    [*HUAWEI-behavior-tb2] tariff-level 5
    [*HUAWEI-behavior-tb2] car
    [*HUAWEI-behavior-tb2] traffic-statistic
    [*HUAWEI-behavior-tb2] quit

    # Bind flow policy traffic_policy_daa 1 to a traffic classifier and a traffic behavior.

    [*HUAWEI] traffic policy traffic_policy_daa1
    [*HUAWEI-trafficpolicy-traffic_policy_daa1] classifier tc1 behavior tb1
    [*HUAWEI-trafficpolicy-traffic_policy_daa1] classifier tc2 behavior tb2
    [*HUAWEI-trafficpolicy-traffic_policy_daa1] quit

    # Apply the DAA traffic policy globally.

    [*HUAWEI] accounting-service-policy traffic_policy_daa1
  6. Configure a QoS template.

    # Configure QoS template qos-prof1.

    [*HUAWEI] qos-profile qos-prof1
    [*HUAWEI-qos-profile-qos-prof1] car cir 5000 inbound
    [*HUAWEI-qos-profile-qos-prof1] car cir 5000 outbound
    [*HUAWEI-qos-profile-qos-prof1] quit

    # Configure QoS template qos-prof2.

    [*HUAWEI] qos-profile qos-prof2
    [*HUAWEI-qos-profile-qos-prof2] car cir 10000 inbound
    [*HUAWEI-qos-profile-qos-prof2] car cir 10000 outbound
    [*HUAWEI-qos-profile-qos-prof2] quit

    # Configure QoS template qos-prof3.

    [*HUAWEI] qos-profile qos-prof3
    [*HUAWEI-qos-profile-qos-prof3] car cir 20000 inbound
    [*HUAWEI-qos-profile-qos-prof3] car cir 20000 outbound
    [*HUAWEI-qos-profile-qos-prof3] commit
    [~HUAWEI-qos-profile-qos-prof3] quit
  7. Configure DAA service policy template vp-daa. The service policy template is bound to the user domain or is included in the authentication response message sent by the RADIUS server.

    [~HUAWEI] value-added-service policy vp-daa daa
    [~HUAWEI-vas-policy-vp-daa] accounting-scheme acct1

    # Configure the traffic level of DAA and the corresponding QoS template.

    [~HUAWEI-vas-policy-vp-daa] tariff-level 1 qos-profile qos-prof2
    [~HUAWEI-vas-policy-vp-daa] tariff-level 5 qos-profile qos-prof1
    [~HUAWEI-vas-policy-vp-daa] quit
    NOTE:

    When priority scheduling based on tariff levels is enabled, the tariff level configured here must be consistent with the tariff level configured in 5.

  8. Configure an AAA domain.

    [~HUAWEI] aaa
    [~HUAWEI-aaa] domain isp1
    [*HUAWEI-aaa-domain-isp1] authentication-scheme auth1
    [*HUAWEI-aaa-domain-isp1] accounting-scheme acct1
    [*HUAWEI-aaa-domain-isp1] radius-server group group1
    [*HUAWEI-aaa-domain-isp1] commit
    [~HUAWEI-aaa-domain-isp1] user-group isp1
    [~HUAWEI-aaa-domain-isp1] value-added-service policy vp-daa
    [~HUAWEI-aaa-domain-isp1] value-added-service account-type radius group1
    [~HUAWEI-aaa-domain-isp1] ip-pool pool1
    [~HUAWEI-aaa-domain-isp1] qos-profile qos-prof3 inbound
    [~HUAWEI-aaa-domain-isp1] qos-profile qos-prof3 outbound
    [~HUAWEI-aaa-domain-isp1] quit
    [~HUAWEI-aaa] quit
    NOTE:

    If the RADIUS server delivers the DAA policy, no DAA policy template needs to be bound to the domain. In this way, the RADIUS server delivers the name of the DAA policy template using HW-Policy-Name(HUAWEI-95) in an authentication response message.

  9. Configure interfaces.

    # Create a virtual template interface.

    [~HUAWEI] interface Virtual-Template 1
    [*HUAWEI-Virtual-Template1] commit
    [~HUAWEI-Virtual-Template1] quit

    # Configure a BAS interface.

    [~HUAWEI] interface GigabitEthernet 1/0/2
    [~HUAWEI-GigabitEthernet1/0/2]  pppoe-server bind virtual-template 1
    [*HUAWEI-Virtual-Template1] commit
    [~HUAWEI-GigabitEthernet1/0/2]  bas
    [~HUAWEI-GigabitEthernet1/0/2-bas] access-type layer2-subscriber default-domain authentication isp1
    [~HUAWEI-GigabitEthernet1/0/2-bas] quit
    [~HUAWEI-GigabitEthernet1/0/2] quit

    # Configure upstream interfaces.

    [~HUAWEI] interface GigabitEthernet 1/0/0.1
    [~HUAWEI-GigabitEthernet1/0/0.1] vlan-type dot1q 1
    [~HUAWEI-GigabitEthernet1/0/0.1] ip address 192.168.100.1 255.255.255.0
    [~HUAWEI-GigabitEthernet1/0/0.1] quit
    [~HUAWEI] interface GigabitEthernet 1/0/0.2
    [~HUAWEI-GigabitEthernet1/0/0.2] vlan-type dot1q 2
    [~HUAWEI-GigabitEthernet1/0/0.2] ip address 192.168.200.1 255.255.255.0
    [~HUAWEI-GigabitEthernet1/0/0.2] quit

    # Configure the interface that is respectively connected to the RADIUS server.

    [~HUAWEI] interface GigabitEthernet 1/0/1
    [~HUAWEI-GigabitEthernet1/0/1] ip address 10.10.10.1 255.255.255.0
  10. Checking the Configurations

    Run the display value-added-service policy command to view information about the value-added service policy.

    <HUAWEI>display value-added-service policy
    ------------------------------------------------------------------
      Index   Service Policy Name               Used Num   Type  User Num
      ------------------------------------------------------------------
      0      vp-daa                                  1      DAA     1
      ------------------------------------------------------------------  
      Total 1,1 printed
    

    Run the display value-added-service user command to view information about the value-added service.

    <HUAWEI> display value-added-service user daa
    ----------------------------------------------------------------
     The used user id table are:
           95      
     ----------------------------------------------------------------
    Total users:1
    

    Run the display value-added-service user user-id command to view statistics about the DAA user using the value-added service.

    <HUAWEI> display value-added-service user user-id 95 daa tariff-level 1
    ------------------------------------------------------------------------- 
    Daa user service table: 
    Service user id                            : 95 
    Service type                               : Default dsg 
    Service IP type                            : IPv4 
    Service policy                             : vp-daa 
    Account method                             : Radius 
    Account start time                         : 2017-04-07 08:14:36 
    Normal-server-group                        : -- 
    Flow up packets(high,low)                  : (0,0) 
    Flow up bytes(high,low)                    : (0,0) 
    Flow down packets(high,low)                : (0,0) 
    Flow down bytes(high,low)                  : (0,0) 
    IPV6 Flow up packets(high,low)             : (0,0) 
    IPV6 Flow up bytes(high,low)               : (0,0) 
    IPV6 Flow down packets(high,low)           : (0,0) 
    IPV6 Flow down bytes(high,low)             : (0,0) 
    Up committed information rate <kbps>       : 10000
    Up Peak information rate <kbps>            : No limit
    Up committed burst size <bytes>            : - 
    Up Peak burst size <bytes>                 : - 
    Down committed information rate <kbps>     : 10000
    Down Peak information rate <kbps>          : No limit
    Down committed burst size <bytes>          : - 
    Down Peak burst size <bytes>               : - 

Configuration Files

#
sysname HUAWEI
#
 user-group isp1
#
 value-added-service enable
#
qos-profile qos-prof3
 car cir 20000 cbs 1870000 green pass red discard inbound
 car cir 20000 cbs 1870000 green pass red discard outbound
qos-profile qos-prof2
 car cir 10000 cbs 1870000 green pass red discard inbound
 car cir 10000 cbs 1870000 green pass red discard outbound
qos-profile qos-prof1
 car cir 5000 cbs 935000 green pass red discard inbound
 car cir 5000 cbs 935000 green pass red discard outbound
#
radius-server group group1
 radius-server authentication 10.10.10.2 1812 weight 0
 radius-server accounting 10.10.10.2 1813 weight 0
#
acl number 6000
 rule 5 permit ip source user-group isp1 destination ip-address 192.168.100.0 0.0.0.255
 rule 10 permit ip source ip-address 192.168.100.0 0.0.0.255 destination user-group isp1
#
acl number 6001
 rule 10 permit ip source user-group isp1 destination ip-address 192.168.200.0 0.0.0.255
 rule 15 permit ip source ip-address 192.168.200.0 0.0.0.255 destination user-group isp1
#
traffic classifier tc2 operator or
 if-match acl 6001
traffic classifier tc1 operator or
 if-match acl 6000
#
traffic behavior tb1
 tariff-level 1
 car
 traffic-statistic
traffic behavior tb2
 tariff-level 5
 car
 traffic-statistic
#
traffic policy traffic_policy_daa1
 share-mode
 classifier tc1 behavior tb1
 classifier tc2 behavior tb2
#
ip pool pool1 bas local
 gateway 100.100.100.1 255.255.255.0
 section 0 100.100.100.2 100.100.100.200
#
dot1x-template 1
#
aaa
 authentication-scheme auth1
 #
 authorization-scheme default
 #
 accounting-scheme acct1
 #
 domain isp1
  authentication-scheme auth1
  accounting-scheme acct1
  ip-pool pool1
  value-added-service policy vp-daa
  radius-server group group1
  user-group isp1
  qos-profile qos-prof3 inbound
  qos-profile qos-prof3 outbound
#
value-added-service policy vp-daa daa
 accounting-scheme acct1
 user-group isp1
 tariff-level 1 qos-profile qos-prof2
 tariff-level 5 qos-profile qos-prof1
#
interface Virtual-Template1
 ppp authentication-mode auto
#
interface GigabitEthernet1/0/0.1
 vlan-type dot1q 1
 ip address 192.168.100.1 255.255.255.0
#
interface GigabitEthernet1/0/0.2
 vlan-type dot1q 2
 ip address 192.168.200.1 255.255.255.0
#
interface GigabitEthernet1/0/1
 undo shutdown
 ip address 10.10.10.1 255.255.255.0

interface GigabitEthernet1/0/2
 pppoe-server bind Virtual-Template 1
 undo shutdown
 bas
 #
  access-type layer2-subscriber default-domain authentication isp1
 #
#
 accounting-service-policy traffic_policy_daa1
#
return
Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055032

Views: 4686

Downloads: 53

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next