No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E-M2 V800R010C10SPC500 Feature Description - User Access 01

This is NE40E-M2 V800R010C10SPC500 Feature Description - User Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
More Information About NAS-Port-Id (87)

More Information About NAS-Port-Id (87)

If the following command is run on a Huawei device, the NAS-Port-Id attribute is encapsulated in the format defined by a specific vendor; namely, rules 1 to 5. If the following command is not run or format encapsulation fails, the NAS-Port-Id attribute is encapsulated according to the device's default configuration; namely, the rules from 6 to 12.

radius-server format-attribute nas-port-id vendor { vendor-id | redback-simple | redback-addition }

The following format examples assume that a user is logged in from GE 2/0/5.4, with the single VLAN ID being 4 in the user packet. For Eth-Trunk interfaces, the value of sub-slot-id is always 2 unless otherwise specified as 0.

Rule 1. vendor-id set to 2636

  • When the user access interface is in the four dimensional format in a non-virtual access scenario, the format of the NAS-Port-Id attribute is as follows:

    {atm|fastEthernet|gigabitEthernet} slot-id/port-id.sub-interface-mumber [:vpi-vci|:ivlan]

    Format example: gigabitEthernet 2/5.4:4

  • When the user access interface is in the four dimensional format in a virtual access scenario (the access four-dimensional mode enable command is run), the format of the NAS-Port-Id attribute has ap-id added and is as follows:

    ap-id: {atm|fastEthernet|gigabitEthernet} ap-id (5 bytes)/slot-id/port-id.sub-interface-mumber

NOTE:

If the logical interface configured on a user access interface is not a Trunk interface, the NAS-Port-Id attribute is encapsulated in the format of the logical interface. If the logical interface is a Trunk interface, the NAS-Port-Id attribute is encapsulated in the format of the user access interface. If the user access interface is theTrunk interface itself, the NAS-Port-Id attribute is encapsulated in the format of the first member interface of the Trunk interface.

The logical interface is specified using the nas logic-port command.

If the radius-server format-attribute nas-port-id vendor 2636 version1 command is run:

  • When the user access interface is in the four dimensional format in a non-virtual access scenario, the format of the NAS-Port-Id attribute is as follows:

    {Atm|FastEthernet|GigabitEthernet} slot-id/sub-slot-id/port-id.sub-interface-mumber[:vpi-vci|:ivlan]

    Format example: GigabitEthernet 2/1/5.4:4

  • When the user access interface is in the four dimensional format in a virtual access scenario (the access four-dimensional mode enable command is run), the format of the NAS-Port-Id attribute has ap-id added and is as follows:

    {atm|fastEthernet|gigabitEthernet} ap-id (5 Bytes)/slot-id/port-id.sub-interface-mumber[:vpi-vci|:ivlan]

NOTE:

If the logical interface configured on a user access interface is not a Trunk interface, the NAS-Port-Id attribute is encapsulated in the format of the logical interface. If the logical interface is a Trunk interface, the NAS-Port-Id attribute is encapsulated in the format of the user access interface. If the user access interface is the Trunk interface itself, the NAS-Port-Id attribute is encapsulated in the format of the first member interface of the Trunk interface. The sub-slot number of the Trunk interface is always 2.

Rule 2. vendor-id set to 9

  • When the user access interface is in the four dimensional format in a non-virtual access scenario, the format of the NAS-Port-Id attribute is as follows:

    {ethernet|trunk|atm|PW} slot-id/sub-slot-id/port-id

    Format example: ethernet 2/0/5

    NOTE:

    If a logical interface is configured on a user access interface, the NAS-Port-Id attribute is encapsulated in the format of the logical interface. If no logical interface is configured on a user access interface, the NAS-Port-Id attribute is encapsulated in the format of the user access interface. The sub-slot number is always 0 for Trunk and PW interfaces.

  • When the user access interface is in the four dimensional format in a virtual access scenario (the access four-dimensional mode enable command is run), the format has ap-id added and is as follows:

    ap-id: {ethernet|trunk|atm|PW} ap-id (5 Bytes)/slot-id/sub-card-id/port-id

Rule 3. vendor-id set to 2352

  • When the user access interface is in the four dimensional format in a non-virtual access scenario, the format of the NAS-Port-Id attribute is as follows:

    [vpi-vci vpi vci | vlan-id [ivlan:]evlan] [pppoe sess-id | clips sess-id]

    Format example: 2/5 vlan-id 4 pppoe 8

  • When the user access interface is in the four dimensional format in a virtual access scenario (the access four-dimensional mode enable command is run), the format of the NAS-Port-Id attribute has ap-id added and is as follows:

    ap-id (5 bytes)/slot-id/port-id[vpi-vci vpi vci | vlan-id [ivlan:]evlan] [pppoe sess-id | clips sess-id]

NOTE:

If a logical interface is configured on a user access interface, the NAS-Port-Id attribute is encapsulated in the format of the logical interface. If no logical interface is configured on a user access interface, the NAS-Port-Id attribute is encapsulated in the format of the user access interface. For a PPP user, sess-id specifies the ID of the user's PPPoE session. For a DHCP user, sess-id specifies the CID of the user on the device. Untagged packets of Ethernet access users do not carry VLAN information. For a QinQ interface, evlan and ivlan specify the outer and inner VLAN IDs, respectively.

Rule 4. Redback-simple Format

  • When the user access interface is in the four dimensional format in a non-virtual access scenario, the format of the NAS-Port-Id attribute is as follows:

    slot-id/port-id[vpivci vpi vci | vlanid [ivlan:]evlan] [pppoe sess-id | clips sess-id]

    Format example: 2/5 vlanid 4 pppoe 8

  • When the user access interface is in the four dimensional format in a virtual access scenario (the access four-dimensional mode enable command is run), the format of the NAS-Port-Id attribute has ap-id added for Ethernet and Trunk interfaces and is as follows:

    ap-id(5 bytes)/slot-id/port-id[ vlanid [ivlan:]evlan] [pppoe sess-id | clips sess-id]

NOTE:

This format differs from that defined when vendor-id is set to 2352 in that both vpivci and vlanid have a hyphen (-) deleted.

Rule 5. Redback-addition Format

atm slot-id/combination of a sub-slot-id and port-number:vpi.vci

Format example: atm 3/12:20.32 (logs in from Atm3/3/0)

NOTE:

This format applies only to the scenarios where users log from ATM interfaces, the device does not trust users' option information, and version10 or version20 is specified using the vlanpvc-to-username command run in the AAA view. The combination of a sub-slot number and port number means that the ((sub-slot-id&0x03)<<2)|(port-number&0x03)

Rule 6. Default Formats

The default format is under the Control of the vlanpvc-to-username { standard | turkey | version10 | version20 } command in the AAA view and the vbas command and the client-option82 [ basinfo-insert ] command in the BAS interface view

  • Client option information is untrusted (default status).

    If the following conditions are true, client option information is not trusted:
    1. The vbas command is not run in the BAS interface view.
    2. For DHCPv4 users, the vlanpvc-to-username standard trust command is not run, so the device does not trust Option82 information.
    3. For PPPoE users, DHCPv6 users, ND users, dual-stack users, leased line users, and static users, the client-option18 command or either of the client-option82 and client-access-line-id commands is not run, so the device does not trust Option18 or Option82 information.
    • The vlanpvc-to-username command is run to set the Nas-Port-Id attribute to use the version20 (default type) format.

      When the user access interface is in the four dimensional format in a non-virtual access scenario, the format of the NAS-Port-Id attribute is as follows:

      slot=slot-id;subslot=sub-slot-id;port=port-id;{VPI=vpi;VCI=vci;|vlanid=VLAN-id;|vlanid=inner-VLAN-id;vlanid2=outer-VLAN-id;}

      Example: slot=2;subslot=0;port=5;vlanid=4;

      When the user access interface is in the four dimensional format in a virtual access scenario (the access four-dimensional mode enable command is run), the format of the NAS-Port-Id attribute has ap-id added and is as follows:

      ap-id=chassis-id (5 bytes);slot=slot-id;subslot=sub-slot-id;port=port-id;{VPI=vpi;VCI=vci;|vlanid=VLAN-ID;|vlanid=inner-VLAN-ID;vlanid2=outer-VLAN-ID;}

      Note that the slot-id, sub-slot-id, port-id, vpi, vci, VLAN-ID,outer-VLAN-ID, and inner-VLAN-ID vary according to the actual situations.

    • The vlanpvc-to-username command is run to set the Nas-Port-Id attribute to use the version10 format.

      When the user access interface is in the four dimensional format in a non-virtual access scenario, the format of the NAS-Port-Id attribute is as follows:

      slot=slot-id;subslot=sub-slot-id;port=port-id;{VPI=vpi;VCI=vci;|vlanid=VLAN-ID;}

      Example: slot=2;subslot=0;port=5;vlanid=4;

      When the user access interface is in the four dimensional format in a virtual access scenario (the access four-dimensional mode enable command is run), the format of the NAS-Port-Id attribute has ap-id added and is as follows:

      ap-id=ap-id (5 bytes);slot=slot-id;subslot=sub-slot-id;port=port-id;{VPI=vpi;VCI=vci;|vlanid=VLAN-ID;}

      Note that the slot-id, sub-slot-id, port-id, vpi, vci, and VLAN-ID vary according to the actual situations. For users logging in from a QinQ interface, the VLAN-ID is the inner VLAN ID.

    • The vlanpvc-to-username command is run to set the Nas-Port-Id attribute to use the Turkey format (newly added for Turkey Telecom).

      When the user access interface is in the four dimensional format in a non-virtual access scenario, the format of the NAS-Port-Id attribute is as follows:

      slot-id/port-id vlan-id inner-VLAN-ID:outer-VLAN-ID

      Example: 2/5 vlan-id 4096:4

      When the user access interface is in the four dimensional format in a virtual access scenario (the access four-dimensional mode enable command is run), the format of the NAS-Port-Id attribute has ap-id added and is as follows:

      ap-id (5 bytes)/slot-id/port-id vlan-id inner-VLAN-ID:outer-VLAN-ID

      NOTE:

      If access users' packets do not carry any VLAN tags, both the inner and outer VLAN IDs are 4096. If the packets carry only one VLAN tag, the inner VLAN ID is 4096.

    • The vlanpvc-to-username command is run to set the Nas-Port-Id attribute to use the standard format.

      When the user access interface is in the four dimensional format in a non-virtual access scenario, the format of the NAS-Port-Id attribute is as follows:

      {atm|eth|trunk|PW} slot-id/sub-slot-id/port-id:{vpi.vci|inner-VLAN-ID.outer-VLAN-ID} 0/0/0/0/0/0

      Example: eth 2/0/5:4096.4 0/0/0/0/0/0

      When the user access interface is in the four dimensional format in a virtual access scenario (the access four-dimensional mode enable command is run), the format of the NAS-Port-Id attribute has ap-id added for Ethernet or Trunk interfaces and is as follows:

      { eth|trunk } ap-id (5 bytes)/slot-id/sub-slot-id/port-id:{vpi.vci|outer-VLAN-ID.inner-VLAN-ID} 0/0/0/0/0/0

      Note that the slot-id, sub-slot-id, port-id, vpi, vci, outer-VLAN-ID, and inner-VLAN-ID vary according to the actual situations. For Trunk interfaces, the sub-slot-id is always 0. If access users' packets do not carry any VLAN tags, both the inner and outer VLAN IDs are 4096. If the packets carry only one VLAN tag, the inner-VLAN-ID is 4096. For PW interfaces, the sub-slot-id is always 0. In the AAA view, you can specify pevlan or cevlan in the vlanpvc-to-username standard trust { pevlan | cevlan } command. By default, both parameters are specified in the command. If only pevlan is specified, set the inner-VLAN-ID to 4096. If only cevlan is specified, set the outer-VLAN-ID to 4096.

  • Client Option information is trusted.

    If any of following conditions is true, client option information is trusted:

    1. The vbas command is run in the BAS interface view.

    2. For DHCPv4 users, the option82 command is run to allow the device to trust Option82 information.

      For PPPoE users, DHCPv6 users, ND users, dual-stack users, leased line users, and static users, the client-option18 command or either of the client-option82 and client-access-line-id commands is run to allow the device to trust Option18 or Option82 information.

    • The vlanpvc-to-username command is run to set the Nas-Port-Id attribute to use the version20 (default type) or version10 format, and the client-option82 basinfo-insert cn-telecom command is not run.

      • User packets carry Option82.

        If the vbas command is run, content carried in user packets is directly returned.

        Format example: mse-108 eth 0/2/0/5:4

        If the option82-relay-mode command is not run in the BAS interface view, the value of the first TLV carried in user packets is returned.

        Format example: If abc is carried in user packets, c is returned.

        If the option82-relay-mode command is run in the BAS interface view, content is returned in the configured format:

        1. If include allvalue is specified, all content carried in user packets is returned.

        Format example: If abc is carried in user packets, abc is returned.

        2. If include agent-circuit-id is specified, the circuit ID carried in user packets is returned.

        Format example: If abc de is carried in user packets, abc is returned.

        3. If include agent-remote-id is specified, the remote ID carried in user packets is returned.

        Format example: If abc de is carried in user packets, de is returned.

        4. If include agent-circuit-id agent-remote-id is specified, both the circuit ID and remote agent ID carried in user packets is returned.

        Format example: If abc de is carried in user packets, abcde is returned.

        NOTE:

        After any of the preceding parameters is specified in the option82-relay-mode include command, you can run the option82-relay-mode subopt command to configure a format (either in hexadecimal notation or a string) for the circuit ID or remote agent ID to be transmitted. If the second, third, or fourth parameter stated above is specified in the option82-relay-mode command but sub-attribute parsing fails, information is returned in the format specified for the situation where user packets do not carry Option82 information.

        Format example: When the option82-relay-mode include agent-circuit-id and option82-relay-mode subopt agent-circuit-id hex commands are run, if user packets carry abc de, 616263 is returned; if user packets carry abc, MSE-108 eth 0/2/0/5:4 is returned.

      • User packets do not carry Option82.

        When the user access interface is in the four dimensional format in a non-virtual access scenario, the format of the NAS-Port-Id attribute is as follows:

        host-name {atm|eth} 0/slot-id/sub-slot-id/port-id:{vpi.vci|vlan|outer-VLAN-ID.inner-VLAN-ID}

        Format example: MSE-108 eth 0/2/0/5:4

        When the user access interface is in the four dimensional format in a virtual access scenario (the access four-dimensional mode enable command is run), the format of the NAS-Port-Id attribute is as follows:

        host-name {atm|eth} ap-id (5 bytes)/slot-id/sub-slot-id/port-id:{vpi.vci|vlan|outer-VLAN-ID.inner-VLAN-ID}

        NOTE:

        The host name configured in the BAS interface view using the nas logic-sysname host-name command is preferentially used. If no host name is configured in the BAS interface view, the default host name configured by the system is used. If access users' packets do not carry any VLAN tags, both the inner and outer VLAN IDs are 0. If the packets carry only one VLAN tag, the inner VLAN ID is 0, which is not displayed.

    • The vlanpvc-to-username command is run to set the Nas-Port-Id attribute to use the turkey format, and the client-option82 basinfo-insert cn-telecom command is not run.

      When the user access interface is in the four dimensional format in a non-virtual access scenario, the format of the NAS-Port-Id attribute is as follows:

      slot-id/port-id vlan-id inner-VLAN-ID:outer-VLAN-ID

      Example: 2/5 vlan-id 4096:4

      When the user access interface is in the four dimensional format in a virtual access scenario (the access four-dimensional mode enable command is run), the format of the NAS-Port-Id attribute has ap-id added and is as follows:

      ap-id (5 bytes)/slot-id/port-id vlan-id inner-VLAN-ID:outer-VLAN-ID

      NOTE:

      If access users' packets do not carry any VLAN tags, both the inner and outer VLAN IDs are 4096. If the packets carry only one VLAN tag, the inner VLAN ID is 4096.

    • The vlanpvc-to-username command is run to set the Nas-Port-Id attribute to use the standard format, and the client-option82 basinfo-insert cn-telecom command is run.

      When the user access interface is in the four dimensional format in a non-virtual access scenario, the format of the NAS-Port-Id attribute is as follows:

      {atm|eth|trunk|PW} slot-id/sub-slot-id/port-id:{vpi.vci|outer-VLAN-ID.inner-VLAN-ID} client carried information

      When the user access interface is in the four dimensional format in a virtual access scenario (the access four-dimensional mode enable command is run), the format of the NAS-Port-Id attribute has ap-id added for Ethernet or Trunk interfaces and is as follows:

      { eth | trunk } ap-id (5 bytes)/slot-id/sub-slot-id/port-id:{vpi.vci|outer-VLAN-ID.inner-VLAN-ID} client carried information

      NOTE:

      The slot-id, sub-slot-id, port-id, vpi, vci, outer-VLAN-ID, and inner-VLAN-ID vary according to the actual situations.

      ForTrunk interfaces, the sub-slot number is always 0. If access users' packets do not carry VLAN any tags, both the inner and outer VLAN IDs are 4096. If the packets carry only one VLAN tag, the inner VLAN ID is 4096.

      For PW interfaces, the sub-slot number is always 0.

      In the AAA view, you can specify pevlan or cevlan in the vlanpvc-to-username standard trust { pevlan | cevlan } command. By default, both parameters are specified in the command. If only pevlan is specified, set the inner VLAN ID to 4096. If only cevlan is specified, set the outer VLAN ID to 4096.

      • User packets carry Option82.

        If the vbas command is run, the entire Option82 content carried in user packets is parsed. If the vbas command is not run, the Option 82 information with two offset bytes is parsed.

        Parsing procedure:

        The NE40E checks whether the content in a user packet contains a space.

        If yes, the content carried in the user packet is returned. For example, if the user packet carries abc, eth 2/0/5:4096.4 c is returned.

        If no, NE40E checks whether a slash (/) is prior to the space.

        If yes, the content carried in the user packet is returned. For example, if the user packet carries aaa/b cd, eth 2/0/5:4096.4 a/b cd is returned.

        If no, checks whether the content in the user packet contains another space.

        If yes, the content following the second space is returned. For example, if the user packet carries aaab cd e, eth 2/0/5:4096.4 e is returned.

        If no, 0/0/0/0/0/0 is returned. For example, if the user packet carries aaab cde, eth 2/0/5:4096.4 0/0/0/0/0/0 is returned.

      • User packets do not carry Option82.

        Information carried by the client is filled with 0/0/0/0/0/0.

        Format example: eth 2/0/5:4096.4 0/0/0/0/0/0

Rule 7. Formats of the HW-Own-NAS-Port-Identify-Old Attribute Converted from the NAS-Port-Id Attribute (0s Are Used for Padding, and Excess Bits Are Discarded)

  • ATM interface: slot-id (2 bytes)+sub-slot-id (2 bytes)+ port-id (3 bytes)+ PVC (VPI+VCI 9 bytes)
  • Ethernet interface:

    When the user access interface is in the four dimensional format in a non-virtual access scenario, the format of the NAS-Port-Id attribute is as follows:

    slot-id (2 bytes)+sub-slot-id (2 bytes)+ port-id (3 bytes)+ VLAN (4 bytes outer-VLAN-ID+0+4 bytes inner-VLAN-ID)

    When the user access interface is in the four dimensional format in a virtual access scenario (the access four-dimensional mode enable command is run), the format of the NAS-Port-Id attribute has ap-id added is as follows:ap-id (5 bytes)+slot-id (2 bytes)+sub-slot-id (2 bytes)+ port-id (3 bytes)+ VLAN (4 bytes outer-VLAN-ID+0+ 4 bytes inner-VLAN-ID)

Rule 8. Formats of the HW-Own-Nas-Port-Id-Uppercase Attribute Converted from the NAS-Port-Id Attribute (0s Are Used for Padding, and Excess Bits Are Discarded)

If "vlanidxxxx" is included, "vlanid" is converted to "VLANID". Other situations are the same as those in Rule 6. Default Formats.

Rule 9. A Logical Interface Is Configured in the BAS Mode

Command:

(Interface of BAS mode) nas logic-port ifname

After a logic interface is configured, it generates the following information:
  • User name of DHCP users or binding authentication users
  • User Option 82 information to be generated or replaced
  • NAS-port and NAS-port-ID in RADIUS authentication packets

Rule 10. Impact of the "radius-attribute-format" Command on the NAS-Port-Id Attribute Format

The radius-attribute-format nas-port-id unitary-subslot slot slot-id base-number number command configures a type for the subslot field in the NAS-Port-Id attribute. The keyword unitary-subslot sets the subcard type to unitary.

This command is used in the following situation:

When a board on the device contains no subcard, the port numbers are FE1/0/0-FE1/0/15 (FE1/0/0, FE1/0/1, FE1/0/2, ...., FE1/0/15). If the board is replaced with a board containing subcards, the port numbers on the new board are FE1/0/0–FE1/0/7 and E1/1/0–FE1/1/7. As a result, the RADIUS server fails to perform binding authentication. To resolve this issue, the radius-attribute-format command can be run to convert port interfaces FE1/0/0–FE1/0/7 and FE1/1/0–FE1/1/7 to FE1/0/0–FE1/0/15.

Rule 11. Impact of the "option82-relay-mode" Command on the NAS-Port-Id Attribute Format

  • If option82-relay-mode include allvalue command run in the BAS interface view, all Option82 information is carried.

  • If option82-relay-mode include agent-circuit-id command run in the BAS interface view, only circuit ID information is carried.

  • If option82-relay-mode include agent-remote-id command run in the BAS interface view, only remote agent ID information is carried.

  • If option82-relay-mode include agent-circuit-id agent-remote-id command run in the BAS interface view, both circuit ID information and remote agent ID information are carried.

After any of the preceding command is configured, you can run the option82-relay-mode subopt command to configure a format (either in hexadecimal notation or a string) for the circuit ID or remote agent ID to be transmitted.

Rule 12. Formats of the Nas-Port-Id-QINQ-Reverse Attributed Converted from the NAS-Port-Id Attribute

ATM interface: slot=slot-id; subslot=sub-slot-id; port=port-id; vlanid=0;vlanid2=0;

ETH interface:

  • When the user access interface is in the four dimensional format in a virtual access scenario (the access four-dimensional mode enable command is run), the format of the NAS-Port-Id attribute has ap-id added:

    apid=ap-id (5 bytes);slot=slot-id; subslot=sub-slot-id; port=port-id; vlanid=outer-VLAN-ID;vlanid2=inner-VLAN-ID;

  • When the user access interface is in the four dimensional format in a non-virtual access scenario, the format of the NAS-Port-Id attribute is as follows:

    slot=slot-id; subslot=sub-slot-id; port=port-id; vlanid=outer-VLAN-ID;vlanid2=inner-VLAN-ID;

Download
Updated: 2019-01-02

Document ID: EDOC1100058415

Views: 14579

Downloads: 9

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next