No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

ME60 V800R010C10SPC500 Configuration Guide - Virtual Access 01

This is ME60 V800R010C10SPC500 Configuration Guide - Virtual Access
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Virtual Access in PPPoEv4 Access Scenarios

Example for Configuring Virtual Access in PPPoEv4 Access Scenarios

This section provides an example for deploying the virtual access solution on a MAN and configuring PPPoEv4 user access.

Networking Requirements

The virtual access solution is typically used for MAN virtualization, as shown in Figure 2-27. APs and masters are virtualized as a device. You can operate and configure APs on a master and deploy PPPoEv4 access services.
Figure 2-27 Example for configuring virtual access in PPPoEv4 access scenarios

Configuration Roadmap

The configuration roadmap is as follows:

  1. Establish a virtual access system.

  2. Create a BAS interface on Master 1's virtual access interface, and configure PPPoEv4 access.

Data Preparation

To complete the configuration, you need the following data:

  • Master 1's management IP address: 10.255.255.245; AP's management IP address: 10.255.255.240

  • Internal communication interfaces on Master 1 : GigabitEthernet 1/1/0/2

  • AP ID: 1025; ESN obtained on the AP: 391092269755950; AP's external communication interfaces: GigabitEthernet 1/0/1; name of a user created for the AP on a master: root1234; password: Root@123

  • User name required for a master to login to the AP: root1234; password: Root@123; SFTP directory: cfcard:/; name of a user created for the AP on a master: root1234; password: Root@123

Procedure

  1. Configure basic master functions.

    # Configure Master 1.

    <Master1> system-view
    [~Master1] virtual-access
    [*Master1-virtual-access] role master
    [*Master1-virtual-access] admin 10.255.255.245
    [*Master1-virtual-access] isis authentication-mode hmac-sha256 key-id 2 cipher Huawei-123
    [*Master1-virtual-access] commit
    [~Master1-virtual-access] quit
    [~Master1] interface GigabitEthernet1/1/0/2
    [~Master1-GigabitEthernet1/1/0/2] virtual-access enable
    [*Master1-GigabitEthernet1/1/0/2] commit
    [~Master1-GigabitEthernet1/1/0/2] quit

  2. Configure basic AP functions on Master 1.

    # Configure Master 1.

    [~Master1] ap-id 1025
    [*Master1-ap1025] esn 391092269755950
    [*Master1-ap1025] commit
    [~Master1-ap1025] admin 10.255.255.240
    [~Master1-ap1025] remote-interface GigabitEthernet1/0/1
    [*Master1-ap1025] management priority 10
    [*Master1-ap1025] commit
    [~Master1-ap1025] quit

  3. Configure an authentication scheme for virtual access.

    [~Master1] ap-id 1025
    [~Master1-ap1025] login-user root1234 login-password Root@123
    [*Master1-ap1025] commit
    [~Master1-ap1025] login-user root1234 sftp-directory cfcard:/
    [~Master1-ap1025] authentication-mode local
    [~Master1-ap1025] ap-user
    [~Master1-ap1025-ap-user] local-user root1234 password cipher Root@123
    [~Master1-ap1025-ap-user] quit
    [~Master1-ap1025] quit

  4. Configure user access on Master 1.

    Configure AAA schemes, a RADIUS server group, an address pool, a domain and a VT on Master 1. For configuration details, see Configuration Files in this section.

    # Configure PPPoE access on GigabitEthernet 1025/1/0/1.1.

    [~Master1] interface GigabitEthernet1025/1/0/1.1
    [*Master1-GigabitEthernet1025/1/0/1.1] commit 
    [~Master1-GigabitEthernet1025/1/0/1.1] user-vlan 100 200 
    [~Master1-GigabitEthernet1025/1/0/1.1-vlan-100-200] quit 
    [~Master1-GigabitEthernet1025/1/0/1.1] pppoe-server bind virtual-template 1
    [*Master1-GigabitEthernet1025/1/0/1.1] commit
    [~Master1-GigabitEthernet1025/1/0/1.1] bas
    [~Master1-GigabitEthernet1025/1/0/1.1-bas] access-type layer2-subscriber
    [~Master1-GigabitEthernet1025/1/0/1.1-bas] default-domain authentication isp3
    [*Master1-GigabitEthernet1025/1/0/1.1-bas] commit
    [~Master1-GigabitEthernet1025/1/0/1.1-bas] quit
    [~Master1-GigabitEthernet1025/1/0/1.1] quit

  5. Verify the configuration.

    Run the display virtual-access ap command on Master 1 to view basic information about the AP.

    [~Master1] display virtual-access ap
                                     AP Information
    Total 1 record(s):                                 
    ---------------------------------------------------------------------------------
     AP Esn               : 391092269755950
     AP ID                : 1025               Admin IP           : 10.255.255.240
     Primary Master       : 10.255.255.245            Secondary Master   : 0.0.0.0
     State                : Online                
     Online Time          : 2015-04-29 21:18:57
    --------------------------------------------------------------------------------

    Run the display virtual-access va-pw 1025 command on Master 1 to view vaPW information.

    [~Master1] display virtual-access va-pw 1025
     *client interface       : GigabitEthernet1025/1/0/1 is up
      local AC servicestate  : up
      block state            : unblocked
      PW state               : up
      local VC label         : 32828
      remote VC label        : 17
      control word           : enable
      MTU value              : 1500
      VC tunnel info         : 1 tunnels
        NO.0  TNL type       : va-tunnel   ,  TNL ID : 0x000000003100000001
      create time            : 0 days, 22 hours, 9 minutes, 27 seconds
      up time                : 0 days, 21 hours, 13 minutes, 48 seconds
      last change time       : 0 days, 21 hours, 13 minutes, 48 seconds
      last up time           : 2015/04/29 21:18:59
      total up time          : 0 days, 21 hours, 13 minutes, 48 seconds
      reroute policy         : delay 30 s
      time of last reroute   : -- days, -- hours, -- minutes, -- seconds
      delay residual time    : 0 s
    

Configuration Files

  • AP configuration file

    #
    undo user-security-policy enable
    #
    ip dcn vpn-instance __dcn_vpn__
     ipv4-family 
    #
    bfd
    #
    virtual-access
     role ap
     admin 10.255.255.240
     master admin-ip primary 10.255.255.245
     isis authentication-mode hmac-sha256 key-id 2 cipher %#%#;Z4)W1+&+F\Rax>Jr<"TM'(+Sv.2W)s&QLC:JB*H%#%#
    #                                                                               
    set neid 10002 
    #
    aaa
     local-user root1234 password irreversible-cipher $1a$]X.f&Hixy4$nVid9o&3bKN4;n#oqO$+T/)9H\$KfD3@KI#8<z9$s
     local-user root password irreversible-cipher $1a$6dZgGs\mCV$YO>='scw~!NE!SLguK;BMbMMGw(e/VR:X;Hi&X76$
     local-user root service-type ssh
     local-user root level 15
     local-user root expire 2016-01-01
    #               
    isis 65534      
     description auto-generated for virtual-cluster-access
     is-level level-2
     cost-style wide
     virtual-access enable
     network-entity 00.38ba.50aa.f701.00
    #               
    interface GigabitEthernet1/0/1
     undo shutdown  
     isis enable 65534
     isis circuit-type p2p
     dcn            
     virtual-access enable 
    #
    interface GigabitEthernet1/0/2
     undo shutdown  
     isis enable 65534
     isis circuit-type p2p
     dcn            
     virtual-access enable 
    #
    interface LoopBack2147483646
     description virtual-access loopback interface
     ip binding vpn-instance __dcn_vpn__
     ip address 10.255.255.240 255.255.255.255
    #               
    interface LoopBack2147483647
     description DCN loopback interface
     ip binding vpn-instance __dcn_vpn__
     ip address 172.16.255.254 255.255.0.0
    #               
    interface NULL0 
    #               
    ospf 65534 vpn-instance __dcn_vpn__
     description DCN ospf create by default
     opaque-capability enable
     hostname       
     vpn-instance-capability simple
     area 0.0.0.0   
      network 0.0.0.0 255.255.255.255
    #               
    !The DCN function implements the capability of plug-and-play for this device.
    !A NE IP address based on the unique NE ID is automatically generated in VPN
    !of DCN. It is recommended that the NE IP address be changed to the planned 
    !one by running the ne-ip X.X.X.X <mask> command after the device being online.
    dcn             
     ne-ip 192.168.0.246 255.255.255.0 
     bandwidth ethernet 1024 
     bandwidth pos 1024 
     bandwidth serial 192 
    #
    stelnet server enable
    ssh user root   
    ssh user root authentication-type password
    ssh user root service-type stelnet
    ssh user root1234
    ssh user root1234 authentication-type password
    ssh user root1234 service-type all
    ssh user root1234 sftp-directory cfcard:/
    #               
    user-interface vty 0 4
     authentication-mode aaa
     protocol inbound ssh
    #
    return 
  • Master 1 configuration file

    #
    sysname Master1
    #               
    virtual-access  
     role master    
     admin 10.255.255.245  
     isis authentication-mode hmac-sha256 key-id 2 cipher %#%#;Z4)W1+&+F\Rax>Jr<"TM'(+Sv.2W)s&QLC:JB*H%#%#
    #               
    ap-id 1025      
     esn 391092269755950
     admin 10.255.255.240  
     remote-interface GigabitEthernet1/0/1
     login-user root1234 login-password %^%#r"],=TrM:!##YxNxPZY4_&t"O@'dG;],:x1W0yhS%^%#
     login-user root1234 sftp-directory cfcard:/
     authentication-mode local
     #
     ap-user
      local-user root1234 password cipher %^%#U>aG(7o+,+hOlK>}:TuA(Q+M%meAc,=a$c-LYXMT%^%#
    #                                                                               
    set neid 10004
    #
    rsa peer-public-key 172.16.255.254 encoding-type der
     public-key-code begin
     3082010A
      02820101
        00BD7CED D35139C7 9E91A927 2A33F790 F472055E C799D616 68497A56 4F13FC0E
        A83C791A 9E2006AD 7421E9A9 9C16C6B9 03384B96 8A99AFF6 A03F92E1 197D5118
        6D6FC8BD 187D67D2 D965B6E7 8CC9CEF8 0BAC38F9 76D6D07E EA840564 FEAE1C88
        DFC31D63 C6E09347 F7EC9698 2C85F367 D5488872 2CC28757 B5E27924 A1C9C8D8
        A57D9047 ADB911AB 88B20E92 CED1DDF3 135E9E3D 0D873FD6 23B9612A ABD1270B
        315D97AD D85BB8C6 A8855247 C158CF32 CCB1038D 5C5EDB4E 72AFD15B 0E6C0779
        E2C4E436 14123607 77BE1227 86B71BC0 C62F402E A744940E 611DEB07 D4C96736
        9C5605AE DCE96A5C 2717D4ED AF7FDA27 B597B364 C8E67EF9 D3CB5A34 754AE928
        A3
      0203
        010001
     public-key-code end
     peer-public-key end
    #
    radius-server group rd3
     radius-server authentication 192.168.8.249 1812 weight 0
     radius-server accounting 192.168.8.249 1813 weight 0
     radius-server shared-key-cipher %^%#vS%796FO7%C~pB%CR=q;j}gSCqR-X6+P!.DYI@)%^%
    #
    ip pool pool3 bas local
     gateway 10.82.2.1 255.255.255.0
     section 0 10.82.2.2 10.82.2.200
     dns-server  192.168.8.252
    #
    aaa
    authentication-scheme  auth3
    accounting-scheme  acct3
    #
    domain  isp3
     authentication-scheme   auth3
     accounting-scheme   acct3 
     radius-server group  rd3 
     ip-pool   pool3
    #
    interface Virtual-Template1
    ppp authentication-mode chap
    #
    ip dcn vpn-instance __dcn_vpn__
     ipv4-family    
    #
    interface GigabitEthernet1/1/0/2
     undo shutdown
     isis enable 65534
     isis circuit-type p2p
     dcn            
     virtual-access enable
    #
    interface GigabitEthernet1025/1/0/1
     undo shutdown
    #
    interface GigabitEthernet1025/1/0/1.1
     pppoe-server bind Virtual-Template 1
     user-vlan 100 200
     bas
      access-type layer2-subscriber default-domain  authentication isp3
    #
    interface LoopBack2147483646
     description virtual-access loopback interface
     ip binding vpn-instance __dcn_vpn__
     ip address 10.255.255.245 255.255.255.255
    #               
    interface LoopBack2147483647
     description DCN loopback interface
     ip binding vpn-instance __dcn_vpn__
     ip address 172.16.255.252 255.255.0.0
    #               
    !The DCN function implements the capability of plug-and-play for this device.
    !A NE IP address based on the unique NE ID is automatically generated in VPN
    !of DCN. It is recommended that the NE IP address be changed to the planned 
    !one by running the ne-ip X.X.X.X <mask> command after the device being online.
    dcn             
     ne-ip 192.168.0.248 255.255.255.0 
     bandwidth ethernet 1024 
     bandwidth pos 1024 
     bandwidth serial 192 
    #               
    snmp-agent trap type base-trap
    #               
    ssh client first-time enable
    ssh client 172.16.255.254 assign rsa-key 172.16.255.254#
    # Running configuration for virtual system 1025
    switch virtual-system 1025
    #               
    return 
Translation
Download
Updated: 2019-01-04

Document ID: EDOC1100059451

Views: 3835

Downloads: 18

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next