No relevant resource is found in the selected language.
Enterprise
Worldwide
Huawei Global - English
Support Documentation
NE20E-S V800R011C10 Configuration Guide - IPv6 Transition 02
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring IPoEoVLAN Access Together with NAT

Example for Configuring IPoEoVLAN Access Together with NAT

This section provides an example for configuring IPoEoVLAN access together with NAT so that home users can access the Internet through NAT processing.

Applicable Products and Versions

This example is applicable to NE20E-S series products running V800R010C00 and later versions.

Networking Requirements

In Figure 2-20, home users access a BRAS using IPoE. The BRAS implements user authentication, authorization, and accounting. It also provides the NAT service to convert between the private and public IP addresses of home users, so that the home users can access the Internet.

Home users of user group 1 can access the Internet.

Figure 2-20 Example for configuring IPoEoVLAN access together with NAT

Interface 1 in this example represents Eth-Trunk2.1.


Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure basic NAT functions.
  2. Configure NAT user information.
  3. Configure a NAT diversion policy.
  4. Configure a BAS interface.

Data Preparation

To complete the configuration, you need the following data:

  • Name of a NAT instance
  • NAT address pool's number and start and end IP addresses
  • User group name
  • ACL and UCL numbers
  • NAT traffic diversion policy information

Procedure

  1. Create a NAT instance named nat1.

    <HUAWEI> system-view
    [~HUAWEI] service-location 1
    [*HUAWEI-service-location-1] location follow-forwarding-mode
    [*HUAWEI-service-location-1] commit
    [~HUAWEI-service-location-1] quit
    [~HUAWEI] service-instance-group group1
    [*HUAWEI-service-instance-group-group1] service-location 1
    [*HUAWEI-service-instance-group-group1] commit
    [~HUAWEI-service-instance-group-group1] quit
    [~HUAWEI] nat instance nat1 id 1
    [*HUAWEI-nat-instance-nat1] service-instance-group group1
    [*HUAWEI-nat-instance-nat1] commit
    [~HUAWEI-nat-instance-nat1] quit

  2. Configure a NAT address pool.

    [~HUAWEI] nat instance nat1 id 1
    [~HUAWEI-nat-instance-nat1] nat address-group address-group1 group-id 1 11.1.1.1 mask 26
    [*HUAWEI-nat-instance-nat1] commit
    [~HUAWEI-nat-instance-nat1] quit

  3. Configure NAT user information.
    1. Create a user group named group1.

      [~HUAWEI] user-group group1
      [~HUAWEI] commit

    2. Configure the BRAS service to enable users to go online. For details, see HUAWEI NE20E Configuration Guide - User Access.

      [~HUAWEI] ip pool pool1 bas local
      [*HUAWEI-ip-pool-pool1] gateway 100.64.0.1 255.255.0.0
      [*HUAWEI-ip-pool-pool1] section 0 100.64.0.2 100.64.255.254
      [*HUAWEI-ip-pool-pool1] dns-server 192.168.8.2
      [*HUAWEI-ip-pool-pool1] commit
      [~HUAWEI-ip-pool-pool1] quit
      [~HUAWEI] radius-server group rd1
      [*HUAWEI-radius-rd3] radius-server authentication 192.168.8.9 1812
      [*HUAWEI-radius-rd3] radius-server accounting 192.168.8.9 1813
      [*HUAWEI-radius-rd3] radius-server type standard
      [*HUAWEI-radius-rd3] radius-server shared-key-cipher huawei@123
      [*HUAWEI-radius-rd3] commit
      [~HUAWEI-radius-rd3] quit
      [~HUAWEI] aaa
      [~HUAWEI-aaa] authentication-scheme auth1
      [*HUAWEI-aaa-authen-auth1] authentication-mode radius
      [*HUAWEI-aaa-authen-auth1] commit
      [~HUAWEI-aaa-authen-auth1] quit
      [~HUAWEI-aaa] accounting-scheme acct1
      [*HUAWEI-aaa-accounting-acct1] accounting-mode radius
      [~HUAWEI-aaa-accounting-acct1] commit
      [~HUAWEI-aaa-accounting-acct1] quit
      [~HUAWEI-aaa] domain isp1
      [*HUAWEI-aaa-domain-isp1] authentication-scheme auth1
      [*HUAWEI-aaa-domain-isp1] accounting-scheme acct1
      [*HUAWEI-aaa-domain-isp1] radius-server group rd1
      [*HUAWEI-aaa-domain-isp1] ip-pool pool1
      [*HUAWEI-aaa-domain-isp1] user-group group1
      [*HUAWEI-aaa-domain-isp1] commit
      [~HUAWEI-aaa-domain-isp1] quit
      [~HUAWEI-aaa] quit

  4. Configure a traffic classification rule, a NAT behavior, and a NAT traffic policy and apply the policy.

    Configure UCLs for user traffic. A UCL number ranges from 6000 to 9999.

    1. Configure ACL-based traffic classification rule and set the ACL number to 6001 and ACL rule number to 1.

      [~HUAWEI] acl number 6001
      [*HUAWEI-acl-ucl-6001] rule 1 permit ip source user-group group1
      [*HUAWEI-acl-ucl-6001] commit
      [~HUAWEI-acl-ucl-6001] quit

    2. Configure a traffic classifier.

      [~HUAWEI] traffic classifier c1 operator or
      [*HUAWEI-classifier-c1] if-match acl 6001
      [*HUAWEI-classifier-c1] commit
      [~HUAWEI-classifier-c1] quit

    3. Configure a traffic behavior named b1 and bind the traffic behavior to the NAT instance named nat1.

      [~HUAWEI] traffic behavior b1 
      [*HUAWEI-behavior-b1] nat bind instance nat1
      [*HUAWEI-behavior-b1] commit
      [~HUAWEI-behavior-b1] quit

    4. Configure a NAT diversion policy and associate the ACL rule with the traffic behavior.

      [~HUAWEI] traffic policy p1
      [*HUAWEI-trafficpolicy-p1] share-mode
      [*HUAWEI-trafficpolicy-p1] classifier c1 behavior b1 precedence 1
      [*HUAWEI-trafficpolicy-p1] commit
      [~HUAWEI-trafficpolicy-p1] quit

    5. Apply the NAT diversion policy in the system view.

      [~HUAWEI] traffic-policy p1 inbound
      [*HUAWEI] commit

  5. Configure a BAS interface.

    [~HUAWEI] interface Eth-Trunk 2.1
    [*HUAWEI-Eth-Trunk2.1] user-vlan 1 2
    [*HUAWEI-Eth-Trunk2.1-1-2] quit
    [*HUAWEI-Eth-Trunk2.1] bas
    [*HUAWEI-Eth-Trunk2.1-bas] access-type layer2-subscriber default-domain authentication isp1
    [*HUAWEI-Eth-Trunk2.1-bas] client-option82
    [*HUAWEI-Eth-Trunk2.1-bas] option82-relay-mode include allvalue
    [*HUAWEI-Eth-Trunk2.1-bas] authentication-method bind
    [*HUAWEI-Eth-Trunk2.1-bas] quit
    [*HUAWEI-Eth-Trunk2.1] quit

Configuration Files

  • BRAS configuration file

    service-location 1
 location follow-forwarding-mode
#
service-instance-group group1
 service-location 1
#
nat instance nat1 id 1
 service-instance-group group1
 nat address-group group1 group-id 1 11.1.1.1 mask 26 
#
radius-server group rd1
 radius-server shared-key-cipher huawei@123    
 radius-server authentication 192.168.8.9 1812 weight 0
 radius-server accounting 192.168.8.9 1813 weight 0
 radius-server type standard
#
ip pool pool1 bas local
 gateway 100.64.0.1 255.255.0.0
 section 0 100.64.0.2 100.64.255.254 
 dns-server 192.168.8.2
#
aaa
 authentication-scheme auth1
 #
 accounting-scheme acct1
 #
 domain isp1
  authentication-scheme auth1
  accounting-scheme acct1
  radius-server group rd1
  ip-pool pool1
  user-group group1
 #
 user-group group1
#
acl number 6001
 rule 1 permit ip source user-group group1
#
traffic classifier c1 operator or
 if-match acl 6001
#
traffic behavior b1
 nat bind instance nat1
#
traffic policy p1
 share-mode
 classifier c1 behavior b1 precedence 1
#
traffic-policy p1 inbound
#
interface Eth-Trunk2.1
 user-vlan 1 2
 # 
 bas
  access-type layer2-subscriber default-domain authentication isp1
  client-option82
  option82-relay-mode include allvalue 
  authentication-method bind
 #
#
 return
Download
Updated: 2020-02-07

Document ID: EDOC1100125510

Views: 29313

Downloads: 18

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next
Huawei e+ App Huawei e+

Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :