评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置BOD业务示例
介绍一个BOD业务的配置示例,结合配置组网图来理解业务的配置过程。配置示例包括组网需求、思路准备、操作步骤和配置文件。
组网需求
如图2-1所示,要求:
isp1域的用户使用基本增值业务的业务策略为:计费模式为RADIUS计费,属于isp1域下的用户访问192.168.100.0/24网段。
RADIUS认证服务器的IP地址为10.10.10.2,端口1812;RADIUS计费服务器的IP地址为10.10.10.2,端口1813,其余采用默认值。
- Diameter服务器的IP地址为10.10.10.3,端口3288。
配置思路
- 配置认证方案和计费方案
- 配置RADIUS服务器组
- 配置地址池
- 配置策略服务器
- 配置Radius服务器的计费方式
- 配置QoS模板
- 配置BOD策略
- 配置域
- 配置接口
数据准备
完成此配置举例,需要准备以下数据:
- 认证方案的名称和认证模式
- 计费方案的名称和计费模式
- RADIUS服务器组名称,RADIUS认证服务器和RADIUS计费服务器的IP地址、端口号
- 地址池名称、网关地址、用户组名称、不同网段的IP地址
- BOD流量策略
- QoS模板和BOD业务模板
- 域的名称
- 接口参数
操作步骤
配置AAA。
# 配置认证方案
<HUAWEI> system-view[~HUAWEI] aaa
[~HUAWEI-aaa] authentication-scheme auth1
[*HUAWEI-aaa-authen-auth1] authentication-mode radius
[*HUAWEI-aaa-authen-auth1] commit
[~HUAWEI-aaa-authen-auth1] quit
# 配置计费方案
[~HUAWEI-aaa] accounting-scheme acct1
[*HUAWEI-aaa-accounting-acct1] accounting-mode radius
[*HUAWEI-aaa-accounting-acct1] commit
[~HUAWEI-aaa-accounting-acct1] quit
[~HUAWEI-aaa] quit
# 配置RADIUS服务器组
[~HUAWEI] radius-server group group1
[*HUAWEI-radius-group1] radius-server authentication 10.10.10.2 1812
[*HUAWEI-radius-group1] radius-server accounting 10.10.10.2 1813
[*HUAWEI-radius-group1] radius-server shared-key-cipher huawei
[*HUAWEI-radius-group1] commit
[~HUAWEI-radius-group1] quit
配置地址池。
[~HUAWEI] ip pool pool1 bas local
[*HUAWEI-ip-pool-pool1] gateway 172.16.100.1 24
[*HUAWEI-ip-pool-pool1] commit
[*HUAWEI-ip-pool-pool1] section 0 172.16.100.2 172.16.100.200
[*HUAWEI-ip-pool-pool1] commit
[~HUAWEI-ip-pool-pool1] quit
使能增值业务。
[~HUAWEI] value-added-service enable
[*HUAWEI] commit
配置增值业务策略。
# 配置策略服务器
[~HUAWEI] diameter enable
[~HUAWEI] diameter-local huawei interface GigabitEthernet 0/5/0 host test107 realm huawei.com product NE20E
[~HUAWEI] diameter-peer huawei ip 10.10.10.3 port 3288 host pcrf realm huawei.com
[~HUAWEI] diameter-server group huawei
[~HUAWEI-diameter-group-huawei] diameter-link local huawei peer huawei client-port 4097 weight 5
[*HUAWEI-diameter-group-huawei] commit
[~HUAWEI-diameter-group-huawei] quit
配置Radius服务器的计费方式。
[~HUAWEI] aaa
[~HUAWEI-aaa] domain isp1
[*HUAWEI-aaa-domain-isp1] radius-server group group1
[*HUAWEI-aaa-domain-isp1] value-added-service account-type radius group1
[*HUAWEI-aaa-domain-isp1] commit
[~HUAWEI-aaa-domain-isp1] quit
[~HUAWEI-aaa] quit
配置QoS模板。
配置QoS模板qos-prof1。
[~HUAWEI] qos-profile qos-prof1
[*HUAWEI-qos-profile-qos-prof1] car cir 5000 inbound
[*HUAWEI-qos-profile-qos-prof1] car cir 5000 outbound
[*HUAWEI-qos-profile-qos-prof1] commit
[~HUAWEI-qos-profile-qos-prof1] quit
配置BOD业务策略bod1。
[~HUAWEI] value-added-service policy bod1 bod
[~HUAWEI-bod1] accounting-scheme acct1
[~HUAWEI-bod1] qos-profile qos-prof1
[*HUAWEI-qos-profile-qos-prof1] commit
[~HUAWEI-qos-profile-qos-prof1] quit
[~HUAWEI-bod1] quit
配置域isp1。
# 配置域isp1
[~HUAWEI] aaa
[~HUAWEI-aaa] domain isp1
# 在域isp1下配置认证方案
[~HUAWEI-aaa-domain-isp1] authentication-scheme auth1
# 在域isp1下配置计费方案方案
[~HUAWEI-aaa-domain-isp1] accounting-scheme acct1
# 在域isp1下配置Radius服务器组 group1
[~HUAWEI-aaa-domain-isp1] radius-server group group1
# 在域isp1下配置计费类型
[~HUAWEI-aaa-domain-isp1] value-added-service account-type radius group1
# 在域isp1下配置Diameter服务器组 huawei
[~HUAWEI-aaa-domain-isp1] diameter-server group huawei
# 在域isp1下配置地址池
[~HUAWEI-aaa-domain-isp1] ip-pool pool1
[*HUAWEI-aaa-domain-isp1] commit
[~HUAWEI-aaa-domain-isp1] quit
[~HUAWEI-aaa] quit
配置接口。
# 创建虚模板接口
[~HUAWEI] interface Virtual-Template 1
[*HUAWEI-Virtual-Template1] commit
[~HUAWEI-Virtual-Template1] quit
# 配置BAS接口
[~HUAWEI] interface GigabitEthernet 0/4/2
[~HUAWEI-GigabitEthernet0/4/2] pppoe-server bind virtual-template 1
[*HUAWEI-GigabitEthernet0/4/2] commit
[~HUAWEI-GigabitEthernet0/4/2] bas
[~HUAWEI-GigabitEthernet0/4/2-bas] access-type layer2-subscriber
[*HUAWEI-GigabitEthernet0/4/2-bas] commit
[~HUAWEI-GigabitEthernet0/4/2] quit
# 配置上行接口
[~HUAWEI] interface GigabitEthernet 0/4/4.1
[~HUAWEI-GigabitEthernet0/4/4.1] vlan-type dot1q 1
[*HUAWEI-GigabitEthernet0/4/4.1] commit
[~HUAWEI-GigabitEthernet0/4/4.1] ip address 192.168.100.1 255.255.255.0
[*HUAWEI-GigabitEthernet0/4/4.1] commit
[~HUAWEI-GigabitEthernet0/4/4.1] quit
# 配置连接Radius、Diameter服务器接口
[~HUAWEI] interface GigabitEthernet 0/5/0
[~HUAWEI-GigabitEthernet0/5/0] ip address 10.10.10.1 255.255.255.0
[*HUAWEI-GigabitEthernet0/5/0] commit
验证配置结果
执行命令display value-added-service policy查看业务策略信息。
<HUAWEI> display value-added-service policy------------------------------------------------------------------ Index Service Policy Name Used Num Type User Num ------------------------------------------------------------------ 1 bod1 1 BOD 1 ------------------------------------------------------------------ Total 2,2 printed
执行命令display value-added-service user查看用户增值业务相关的信息。
<HUAWEI> display value-added-service user user-id 168 bod------------------------------------------------------------------------- Bod user service table: Service user id : 168 Service type : Diameter user bod Service policy : bod1 Account method : Radius Account start time : 2016-11-22 13:10:32 Normal-server-group : -- Flow up packets(high,low) : (0,0) Flow up bytes(high,low) : (0,0) Flow down packets(high,low) : (0,0) Flow down bytes(high,low) : (0,0) IPV6 Flow up packets(high,low) : (0,0) IPV6 Flow up bytes(high,low) : (0,0) IPV6 Flow down packets(high,low) : (0,0) IPV6 Flow down bytes(high,low) : (0,0) Up committed information rate <kbps> : 5000 Up Peak information rate <kbps> : No limit Up committed burst size <bytes> : - Up Peak burst size <bytes> : - Down committed information rate <kbps> : 5000 Down Peak information rate <kbps> : No limit Down committed burst size <bytes> : - Down Peak burst size <bytes> : -
执行命令display diameter-group bind-info查看AAA域与Diameter服务器组的绑定关系。
<HUAWEI> display diameter-group bind-info----------------------------------------------------------------------------- | Domain Name | Diameter Group Name | ----------------------------------------------------------------------------- | isp1 | huawei | -----------------------------------------------------------------------------
执行命令display diameter configuration查看Diameter的相关配置
<HUAWEI> display diameter-group bind-info-- Diameter Configuration --------------------------------------------------- Diameter function is Enabled Diameter Gx use XML data dictionary Diameter predefined-rule support-type edsg is Disabled Diameter GX application version is R940 ----------------------------------------------------------------------------- -- Diameter local information ----------------------------------------------- Diameter local number : 1 ----------------------------------------------------------------------------- | Local index : 0 | Local name : abc | Local interface name : GigabitEthernet0/1/0 | Local IP Address : 10.137.83.222 | Local IPv6 Address : 2000::3 | Local host name : nanjing222 | Local realm name : huawei | Local product name : testa ----------------------------------------------------------------------------- -- Diameter peer information ----------------------------------------------- Diameter peer number : 1 ----------------------------------------------------------------------------- | Peer index : 0 | Peer name : peer | Peer IPv4 address : 10.137.83.56 | Peer port : 3868 | Peer host name : pcrf.huawei.com | Peer realm name : huawei.com ----------------------------------------------------------------------------- -- Diameter server group Configuration -------------------------------------- Diameter server group number : 1 ----------------------------------------------------------------------------- | Group index : 0 | Group name : test | Group active state : Active | Group Reference number : 1 ----------------------------------------------------------------------------- | Connection group number : 1 ----------------------------------------------------------------------------- || Connection group index : 0 || Local index : 0 || Local name : abc || Local interface name : GigabitEthernet0/1/0 || Local IP Address : 10.137.83.222 || Local host name : nanjing222 || Local realm name : huawei || Local product name : testa || Peer index : 0 || Peer name : peer || Peer IPv4 address : 10.137.83.56 || Peer port : 3868 || Peer host name : pcrf.huawei.com || Peer realm name : huawei.com ----------------------------------------------------------------------------- || Connection number : 1 ----------------------------------------------------------------------------- |||Connection index : 0 |||Client port : 3896 |||Link State : Up ----------------------------------------------------------------------------- | Total connection number : 1 -----------------------------------------------------------------------------
配置文件
# sysname HUAWEI # value-added-service enable # diameter enable # diameter-local huawei interface GigabitEthernet0/5/0 host test107 realm huawei.com product NE20E # diameter-peer huawei ip 10.10.10.3 port 3288 host pcrf realm huawei.com # radius-server group group1 radius-server shared-key-cipher huawei radius-server authentication 10.10.10.2 1812 weight 0 radius-server accounting 10.10.10.2 1813 weight 0 # diameter-server group huawei diameter-link local huawei peer huawei client-port 4097 weight 5 # ip pool pool1 bas local gateway 172.16.100.1 255.255.255.0 section 0 172.16.100.2 172.16.100.200 # dot1x-template 1 # aaa authentication-scheme auth1 # authorization-scheme default # accounting-scheme acct1 # domain isp1 authentication-scheme auth1 accounting-scheme acct1 ip-pool pool1 diameter-server group huawei value-added-service account-type radius group1 radius-server group group1 # value-added-service policy bod1 bod accounting-scheme acct1 qos-profile qos-prof1 car cir 5000 cbs 935000 green pass red discard inbound car cir 5000 cbs 935000 green pass red discard outbound # interface Virtual-Template1 ppp authentication-mode auto # interface GigabitEthernet0/4/4.1 vlan-type dot1q 1 ip address 192.168.100.1 255.255.255.0 # interface GigabitEthernet0/5/0 undo shutdown ip address 10.10.10.1 255.255.255.0 # interface GigabitEthernet0/4/2 pppoe-server bind Virtual-Template 1 undo shutdown bas # access-type layer2-subscriber # # return
