所选语种没有对应资源,请选择:

本站点使用Cookies,继续浏览表示您同意我们使用Cookies。Cookies和隐私政策>

提示

尊敬的用户,您的IE浏览器版本过低,为获取更好的浏览体验,请升级您的IE浏览器。

升级

NE40E V800R010C00 配置指南 - NAT与IPv6过渡技术 01

评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置集中式备份分布式示例

配置集中式备份分布式示例

介绍集中式备份分布式功能的配置示例,实现集中式设备对分布式设备的备份,结合配置组网图来理解业务的配置过程。

组网需求

图2-22所示,BRAS设备上内嵌一块VSUF-80/VSUF-160,CR设备旁挂NAT设备,对BRAS设备进行备份。正常情况下,用户流量在BRAS设备进行NAT转换;当BRAS设备业务故障,用户流量会迁移到NAT设备上做NAT转换。

通过配置要达到以下要求:
  • 正常情况下,内部网段10.110.10.1/24的计算机可以访问Internet。
图2-22  集中式备份分布式应用组网图
说明:

本例中的interface1、interface2和interface3分别代表GE1/0/0、GE1/0/1和GE2/0/0


配置思路

采用如下思路配置集中式备份分布式:

  1. 对分布式NAT设备采用如下思路配置集中式备份分布式:
    1. 配置NAT基本功能。
    2. 配置NAT用户信息。
    3. 配置NAT引流策略。
    4. 配置NAT转换策略。
  2. 对CR设备采用如下思路配置策略路由,将用户流量重定向到NAT设备:

    1. 配置流策略。
    2. 配置入接口重定向策略。
  3. 对集中式NAT设备采用如下思路配置集中式NAT:

    1. 配置NAT基本功能。
    2. 配置NAT引流策略。

数据准备

为完成此配置例,需要准备如下的数据:
  • VSM HA备份组的索引号1
  • NAT设备业务板上的槽位号(场景需求中已指明为1号槽位号)
  • VSM HA业务实例组的名称group1
  • NAT实例的名称nat1和索引号1
  • NAT设备的NAT转换地址池名称address-group1、地址池编号1、IP地址段从10.34.160.101到10.34.160.105
  • 用户组名称group1
  • 私网地址池名称pool1
  • Domain域名称 isp1
  • ACL的名称6001
  • 流分类的名称c1
  • 流行为的名称b1
  • 流策略的名称p1
  • 应用NAT引流策略的接口号以及接口下的IP地址

操作步骤

  1. 在分布式设备(RBAS)上配置集中式备份分布式功能。
    1. 配置NAT基本功能。

      1. 配置1号业务板的会话表资源为6M。

        <HUAWEI> system-view
        [~HUAWEI] sysname BRAS
        [*HUAWEI] commit
        [~BRAS] license
        [~BRAS-license] active nat session-table size 6 slot 1 engine 0
        [*BRAS-license] commit
        [~BRAS-license] quit
      2. 创建NAT实例nat1,并将业务板绑定到NAT实例。

        [~BRAS] service-location 1
        [*BRAS-service-location-1] location slot 1 engine 0
        [*BRAS-service-location-1] commit
        [~BRAS-service-location-1] quit
        [~BRAS] service-instance-group group1
        [*BRAS-service-instance-group-group1] service-location 1
        [*BRAS-service-instance-group-group1] commit
        [~BRAS-service-instance-group-group1] quit
        [~BRAS] nat instance nat1 id 1
        [*BRAS-nat-instance-nat1] service-instance-group group1
        [*BRAS-nat-instance-nat1] commit
        [~BRAS-nat-instance-nat1] quit
      3. 配置NAT地址池,地址池范围从10.34.160.101到10.34.160.105。

        [~BRAS] nat instance nat1
        [~BRAS-nat-instance-nat1] nat address-group address-group1 group-id 1 10.34.160.101 10.34.160.105
        [*BRAS-nat-instance-nat1] commit
        [~BRAS-nat-instance-nat1] quit

    2. 配置NAT用户信息。

      1. 配置设备的BRAS业务功能,使用户能够上线。配置步骤详见《HUAWEI NE40E路由器 配置指南-用户接入》中的AAA及用户管理配置(接入用户)。

        [~BRAS] ip pool pool1 bas local
        Info: It's successful to create an IP address pool 
        [~BRAS-ip-pool-pool1] gateway 10.110.10.1 255.255.255.0
        [~BRAS-ip-pool-pool1] section 1 10.110.10.1 255.255.255.0
        [*BRAS-ip-pool-pool1] dns-server 192.168.7.252
        [*BRAS-ip-pool-pool1] commit
        [~BRAS-ip-pool-pool1] quit
        [~BRAS] aaa
        [~BRAS-aaa] authentication-scheme auth1
        [*BRAS-aaa-authen-acct1] authentication-mode radius
        [*BRAS-aaa-authen-acct1] quit
        [*BRAS-aaa] accounting-scheme acct1
        [*BRAS-aaa-accounting-acct1] accounting-mode radius
        [*BRAS-aaa-accounting-acct1] quit
        [*BRAS-aaa] commit
        [*BRAS-aaa] domain isp1
        [~BRAS-aaa-domain-isp1] authentication-scheme auth1
        [*BRAS-aaa-domain-isp1] accounting-scheme acct1
        [*BRAS-aaa-domain-isp1] commit
        [~BRAS-aaa-domain-isp1] ip-pool pool1
        [*BRAS-aaa-domain-isp1] commit
        [~BRAS-aaa-domain-isp1] quit
        [~BRAS-aaa] quit
      2. 配置用户组group1。

        [~BRAS] user-group group1
        Info: Create a new user group
        [~BRAS] commit
      3. 指定用户所属的域isp1。

        [~BRAS] aaa
        [~BRAS-aaa] domain isp1
        [*BRAS-aaa-domain-isp1] user-group group1 bind nat instance nat1
        [*BRAS-aaa-domain-isp1] commit
        [~BRAS-aaa-domain-isp1] quit
        [~BRAS-aaa] quit
      4. 配置接入用户的接口。

        [~BRAS] interface GigabitEthernet2/0/0.1
        [*BRAS-GigabitEthernet2/0/0.1] commit
        [~BRAS-GigabitEthernet2/0/0.1] user-vlan 1
        [*BRAS-GigabitEthernet2/0/0.1-user-vlan-1] commit
        [~BRAS-GigabitEthernet2/0/0.1-user-vlan-1] quit
        [~BRAS-GigabitEthernet2/0/0.1] bas
        [~BRAS-GigabitEthernet2/0/0.1-bas] access-type layer2-subscriber default-domain authentication isp1
        [~BRAS-GigabitEthernet2/0/0.1-bas] authentication-method bind
        [*BRAS] commit
        [~BRAS] aaa

    3. 使能集中式备份功能。

      [~BRAS] nat instance nat1
      [~BRAS-nat-instance-nat1] nat centralized-backup enable
      [*BRAS-nat-instance-nat1] commit
      [~BRAS-nat-instance-nat1] quit

    4. 配置NAT的引流策略。

      1. 配置基于ACL流分类规则,地址访问控制列表号分别为6001。

        [~BRAS] acl 6001
        [*BRAS-acl-ucl-6001] rule 1 permit ip source user-group group1
        [*BRAS-acl-ucl-6001] commit
        [~BRAS-acl-ucl-6001] quit
      2. 配置ACL编号为3001,用来给上线用户分配地址。

        [~BRAS] acl 3001
        [*BRAS-acl4-advance-3001] rule 10 permit ip source 10.110.10.0 0.0.0.255
        [*BRAS-acl4-advance-3001] commit
        [~BRAS-acl4-advance-3001] quit
      3. 配置流分类c1。

        [~BRAS] traffic classifier c1
        [*BRAS-classifier-c1] if-match acl 6001
        [*BRAS-classifier-c1] commit
        [~BRAS-classifier-c1] quit
      4. 定义流行为b1,属于b1的流量动作为绑定NAT实例nat1。

        [~BRAS] traffic behavior b1
        [*BRAS-behavior-b1] nat bind instance nat1
        [*BRAS-behavior-b1] commit
        [~BRAS-behavior-b1] quit
      5. 定义NAT策略,将ACL规则和动作进行关联。

        [~BRAS] traffic policy p1
        [*BRAS-trafficpolicy-p1] classifier c1 behavior b1
        [*BRAS-trafficpolicy-p1] commit
        [~BRAS-trafficpolicy-p1] quit
      6. 在系统视图下应用NAT引流策略p1。

        [~BRAS] traffic-policy p1 inbound
        [*BRAS] commit

    5. 配置NAT转换策略。

      [~BRAS] nat instance nat1
      [~BRAS-nat-instance-nat1] nat outbound 3001 address-group address-group1
      [*BRAS-nat-instance-nat1] commit
      [~BRAS-nat-instance-nat1] quit

    6. 检查配置结果。

      # 查看NAT用户的信息。

      [~BRAS] display nat user-information slot 1 verbose
      This operation will take a few minutes. Press 'Ctrl+C' to break ...
      Slot: 1  Engine: 0    
      Total number:  1.
        ---------------------------------------------------------------------------
        User Type                             :  NAT444
        CPE IP                                :  10.110.10.1
        User ID                               :  0
        VPN Instance                          :  -
        Address Group                         :  address-group1
        NoPAT Address Group                   :  -
        NAT Instance                          :  nat1
        Public IP                             :  10.34.160.101
        NoPAT Public IP                       :  -
        Start Port                            :  1024
        Port Range                            :  4086
        Port Total                            :  256
        Extend Port Alloc Times               :  0
        Extend Port Alloc Number              :  0
        First/Second/Third Extend Port Start  :  0/0/0
        Total/TCP/UDP/ICMP Session Limit      :  8192/10240/10240/512
        Total/TCP/UDP/ICMP Session Current    :  0/0/0/0
        Total/TCP/UDP/ICMP Rev Session Limit  :  8192/10240/10240/512
        Total/TCP/UDP/ICMP Rev Session Current:  0/0/0/0
        Total/TCP/UDP/ICMP Port Limit         :  0/0/0/0
        Total/TCP/UDP/ICMP Port Current       :  0/0/0/0
        Nat ALG Enable                        :  NULL
        Token/TB/TP                           :  0/0/0
        Port Forwarding Flag                  :  Non Port Forwarding
        Port Forwarding Ports                 :  0 0 0 0 0
        Aging Time(s)                         :  -
        Left Time(s)                          :  -
        Port Limit Discard Count              :  0
        Session Limit Discard Count           :  0
        Fib Miss Discard Count                :  0
        -->Transmit Packets                   :  0
        -->Transmit Bytes                     :  0
        -->Drop Packets                       :  0
        <--Transmit Packets                   :  0
        <--Transmit Bytes                     :  0
        <--Drop Packets                       :  0
        ---------------------------------------------------------------------------
      

  2. 在CR上配置策略路由,将用户流量重定向到NAT设备。

    1. 配置流策略。

      [~CR] acl 2001
      [*CR-acl4-basic-2001] rule 10 permit source 10.110.10.0 0.0.0.255
      [*CR-acl4-basic-2001] commit
      [~CR-acl4-basic-2001] quit
      [~CR] traffic classifier c1
      [*CR-classifier-c1] if-match acl 2001
      [*CR-classifier-c1] commit
      [~CR-classifier-c1] quit
      [~CR] traffic behavior b1
      [*CR-behavior-b1] redirect ip-nexthop 192.168.11.2
      [*CR-behavior-b1] commit
      [~CR-behavior-b1] quit
      [~CR] traffic policy p1
      [*CR-policy-p1] classifier c1 behavior b1
      [*CR-policy-p1] commit
      [~CR-policy-p1] quit
    2. 配置入接口重定向策略。

      [~CR] interface GigabitEthernet 1/0/1
      [~CR-GigabitEthernet1/0/1] ip address 192.168.10.2 24
      [*CR-GigabitEthernet1/0/1] traffic-policy p1 inbound
      [*CR-GigabitEthernet1/0/1] commit
      [~CR-GigabitEthernet1/0/1] quit

  3. 在NAT设备上配置集中式NAT。

    1. 配置NAT基本功能。

      [~CGN] service-location 1
      [*CGN-service-location-1] location slot 1 engine 0
      [*CGN-service-location-1] commit
      [~CGN-service-location-1] quit
      [~CGN] service-instance-group group1
      [*CGN-service-instance-group-group1] service-location 1
      [*CGN-service-instance-group-group1] commit
      [~CGN-service-instance-group-group1] quit
      [~CGN] nat instance nat1 id 1
      [*CGN-nat-instance-nat1] service-instance-group group1
      [*CGN-nat-instance-nat1] nat address-group address-group1 group-id 1 10.34.161.101 10.34.161.105
      [*CGN-nat-instance-nat1] nat outbound any address-group address-group1
      [*CGN-nat-instance-nat1] commit
      [~CGN-nat-instance-nat1] quit
    2. 配置NAT引流策略。

      [~CGN] acl 2001
      [*CGN-acl4-basic-2001] rule 0 permit source 10.110.10.0 0.0.0.255
      [*CGN-acl4-basic-2001] commit
      [~CGN-acl4-basic-2001] quit
      [~CGN] traffic classifier c1
      [*CGN-classifier-c1] if-match acl 2001
      [*CGN-classifier-c1] commit
      [~CGN-classifier-c1] quit
      [~CGN] traffic behavior b1
      [*CGN-behavior-b1] nat bind instance nat1
      [*CGN-behavior-b1] commit
      [~CGN-behavior-b1] quit
      [~CGN] traffic policy p1
      [*CGN-policy-p1] classifier c1 behavior b1
      [*CGN-policy-p1] commit
      [~CGN-policy-p1] quit
      [~CGN] interface gigabitEthernet 1/0/1
      [*CGN-GigabitEthernet1/0/1] ip address 192.168.11.2 24
      [*CGN-GigabitEthernet1/0/1] traffic-policy p1 inbound
      [*CGN-GigabitEthernet1/0/1] commit
      [~CGN-GigabitEthernet1/0/1] quit

配置文件

  • BRAS的配置文件。

    #
    sysname BRAS
    #
    interface GigabitEthernet2/0/0.1
     user-vlan 1
     bas
      access-type layer2-subscriber default-domain authentication isp1
      authentication-method bind
    #
    ip pool pool1 bas local
     gateway 10.110.10.101 255.255.255.0
     section 1 10.110.10.1 10.110.10.100
     dns-server 192.168.7.252
    #
    license
     active nat session-table size 6 slot 1 engine 0
    #
    service-location 1
     location slot 1 card 0
    #
    service-instance-group group1
     service-location 1
    #
    nat instance nat1 id 1
     service-instance-group group1
     nat address-group group1 group-id 1 10.34.160.101 10.34.160.105
     nat outbound 3001 address-group group1
     nat centralized-backup enable
     port-range 4086
    #
    user-group group1
    #
    acl 3001
     rule 10 permit ip source 10.110.10.0 0.0.0.255
    #
    acl 6001
     rule 1 permit ip source user-group group1
    #
    traffic classifier c1
     if-match acl 6001
    #
    traffic behavior b1
     nat bind instance nat1
    #
    traffic policy p1
     classifier c1 behavior b1
    #
    traffic-policy p1 inbound
    #
    aaa
     authentication-scheme auth1
      authentication-mode radius
    #
     accounting-scheme acct1
      accounting-mode radius
     #
      domain isp1
       authentication-scheme auth1
       accounting-scheme acct1
       ip-pool pool1
       user-group group1 bind nat instance nat1
     #
    #
     return
  • CR的配置文件。

    #
    sysname CR
    #
    acl 2001
     rule 10 permit source 10.110.10.0 0.0.0.255
    #
    traffic classifier c1
     if-match acl 2001
    #
    traffic behavior b1
     redirect ip-nexthop 192.168.11.2
    #
    traffic policy p1
     classifier c1 behavior b1 precedence 1
    #
    interface GigabitEthernet1/0/1
     undo shutdown
     ip address 192.168.10.2 24
     traffic-policy p1 inbound
    #
     return
  • CGN的配置文件。

    #
    sysname CGN
    #
    license
     active nat session-table size 6 slot 1 engine 0
    #
    acl 2001
     rule 0 permit source 10.110.10.0 0.0.0.255
    #
    service-location 1
     location slot 1 engine 0
    #
    service-instance-group group1
     service-location 1
    #
    nat instance nat1 id 1
     service-instance-group group1
     nat address-group address-group1 group-id 1 10.34.161.101 10.34.161.105
     nat outbound any address-group address-group1
     port-range 4086
    #
    traffic classifier c1
     if-match acl 2001
    #
    traffic behavior b1
     nat bind instance nat1
    #
    traffic policy p1
     classifier c1 behavior b1 precedence 1
    #
    interface gigabitEthernet 1/0/1
     undo shutdown
     ip address 192.168.11.2 24
     traffic-policy p1 inbound
    #
     return
下载文档
更新时间:2018-07-12

文档编号:EDOC1100028549

浏览量:20145

下载量:206

平均得分:
本文档适用于这些产品
相关文档
相关版本
Share
上一页 下一页