03-H3C vBRAS转控分离场景支持L2TP业务典型配置举例
本章节下载: 03-H3C vBRAS转控分离场景支持L2TP业务典型配置举例 (238.85 KB)
资料版本:5W100-20190625
产品版本:E1218 and later
Copyright © 2019 新华三技术有限公司 版权所有,保留一切权利。
非经本公司书面许可,任何单位和个人不得擅自摘抄、复制本文档内容的部分或全部,并不得以任何形式传播。
除新华三技术有限公司的商标外,本手册中出现的其它公司的商标、产品标识及商品名称,由各自权利人拥有。
本文档中的信息可能变动,恕不另行通知。
本文档介绍了vBRAS(Virtual Broadband Remote Access Server,虚拟宽带远程接入服务器)转控分离场景下支持L2TP的典型配置举例。
本文档不严格与具体软、硬件版本对应,如果使用过程中与产品实际情况有差异,请参考相关产品手册,或以设备实际情况为准。
本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。
本文档假设您已了解PPPoE、L2TP等特性。
· Host经由二层网络PoP交换机以PPPoE方式接入到vBRAS.。
· vBRAS设备(CP和DP)作为LAC(L2TP Access Concentrator,L2TP访问集中器)角色与vLNS(L2TP Network Server,L2TP网络服务器)建立L2TP隧道。
· vLNS设备承载DHCP服务器角色为Host动态分配IP地址。
· RADIUS作为认证、授权和计费服务器。
· CP和DP设备分别使用IRF方式,CP设备使用冗余口,DP设备使用聚合口,vLNS使用XGE接口。
图1 L2TP典型配置举例组网图
设备 |
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
vBRAS(CP) |
Reth2 |
1.1.1.1/24 |
vLNS |
XGE1/6/0 |
4.4.4.1/24 |
|
Loop1 |
7.7.7.7/32 |
|
XGE1/5/0 |
22.0.0.1/24 |
vBRAS(DP) |
RAGG1 |
50.0.0.2/24 |
PoP |
Vlan203 |
50.0.0.1/24 |
|
Loop0 |
3.3.3.1/32 |
|
Loop100 |
30.0.0.1/32 |
|
Loop1 |
31.0.0.1/32 |
|
|
|
· vBRAS设备作为LAC接入设备,PPP用户通过LAC接入vLNS,在LAC和vLNS之间建立L2TP隧道,LAC CP负责PPPoE用户的协商认证、L2TP隧道和会话的协商建立,LAC DP负责数据报文的转发和流量控制。RADIUS Server作为认证、授权和计费服务器。6800 Switch作为PoP、汇聚以及透传设备。
· PoP交换机上配置AC口,绑定VSI实例,配置VXLAN隧道。
· CP上配置VSI实例,创建VXLAN隧道(Virtual eXtensible LAN,可扩展虚拟局域网络)。
· CP上配置PPPoE、AAA认证,并创建L2TP隧道,并指定某个DP上线的L2TP用户均使用某个地址作为L2TP隧道的源端IP地址。
· DP上配置VXLAN隧道和VXLAN-DCI隧道(VXLAN Data Center Interconnect,VXLAN数据中心互联)。
· DP上配置OpenflowSoftware Defined Network,软件定义网络)实例,CP上配置OpenFlow控制器。
· vLNS上配置DHCP、PPPoE、AAA认证、L2TP隧道。
· RADIUS Server上配置AAA服务,添加认证的主机和用户。
· 缺省情况下,CP、DP设备和LNS设备有默认license文件。
· 设备需要先配置基础业务包括:接口IP地址、堆叠、聚合接口、动态路由(本文档以ISIS为例)。
(1) 配置动态的二层聚合口。
# 创建二层聚合组。
<6800> system-view
[6800] interface bridge-aggregation 1
[6800-Bridge-Aggregation1] link-aggregation mode dynamic
# 配置接口加入二层聚合组。
[6800] interface ten-gigabitethernet 1/0/6
[6800-Ten-GigabitEthernet1/0/6] port link-mode bridge
[6800-Ten-GigabitEthernet1/0/6] port link-aggregation group 1
[6800] interface ten-gigabitethernet 1/0/7
[6800-Ten-GigabitEthernet1/0/7] port link-mode bridge
[6800-Ten-GigabitEthernet1/0/7] port link-aggregation group 1
[6800] interface ten-gigabitethernet 1/0/8
[6800-Ten-GigabitEthernet1/0/8] port link-mode bridge
[6800-Ten-GigabitEthernet1/0/8] port link-aggregation group 1
[6800] interface ten-gigabitethernet 1/0/11
[6800-Ten-GigabitEthernet1/0/11] port link-mode bridge
[6800-Ten-GigabitEthernet1/0/11] port link-aggregation group 1
# 二层聚合加入vlan,配置会同时下发到成员口下,并配置动态聚合方式。
[6800] vlan 203
[6800] interface bridge-aggregation 1
[6800-Bridge-Aggregation1] port access vlan 203
[6800-Bridge-Aggregation1] link-aggregation mode dynamic
(2) 配置动态路由协议,这里以ISIS为例,并且配置NSR
[6800] isis 1
[6800-isis-1] network-entity 00.0000.0000.0000.0002.00
# 使能NSR。
[6800-isis-1] non-stop-routing
(3) 配置loopback接口以及VXLAN 隧道源IP地址
[6800] interface loopback 100
[6800-LoopBack100] ip address 30.0.0.1 255.255.255.255
[6800-LoopBack100] isis enable 1
(4) 配置与CP互通
[6800] vlan 200
[6800] interface ten-gigabitethernet 1/0/3
[6800-Ten-GigabitEthernet1/0/3] port link-mode bridge
[6800-Ten-GigabitEthernet1/0/3] port access vlan 200
[6800] interface ten-gigabitethernet 1/0/5
[6800-Ten-GigabitEthernet1/0/5] port link-mode bridge
[6800-Ten-GigabitEthernet1/0/5] port access vlan 200
[6800] interface vlan-interface200
[6800-Vlan-interface200] ip address 1.1.1.2 255.255.255.0
[6800-Vlan-interface200] isis enable 1
(5) 配置与DP互通
[6800] interface vlan-interface 203
[6800-Vlan-interface203] ip address 50.0.0.1 255.255.255.0
[6800-Vlan-interface203] isis enable 1
(6) 配置与LNS互通
[6800] interface ten-gigabitethernet 1/0/14
[6800-Ten-GigabitEthernet1/0/14] port link-mode route
[6800-Ten-GigabitEthernet1/0/14] ip address 4.4.4.2 255.255.255.0
[6800-Ten-GigabitEthernet1/0/14] isis enable 1
(7) 配置vxlan隧道tunnel0
[6800] interface tunnel 11 mode vxlan
[6800-Tunnel11] source 30.0.0.1
[6800-Tunnel11] destination 31.0.0.1
(8) 创建VSI实例,关联vxlan隧道tunnel0
[6800] vsi yly
[6800-vsi-yly] vxlan 11
[6800-vsi-yly-vxlan-11] tunnel 11
[6800] interface ten-gigabitethernet 1/0/1
[6800-Ten-GigabitEthernet1/0/1] port link-mode bridge
[6800-Ten-GigabitEthernet1/0/1] port link-type trunk
[6800-Ten-GigabitEthernet1/0/1] undo port trunk permit vlan 1
[6800-Ten-GigabitEthernet1/0/1] port trunk permit vlan 1300 to 2300
[6800-Ten-GigabitEthernet1/0/1] service-instance 1
[6800-Ten-GigabitEthernet1/0/1-srv1] encapsulation s-vid 1300 to 2300
[6800-Ten-GigabitEthernet1/0/1-srv1] xconnect vsi yly access-mode ethernet
(1) 配置冗余口、冗余组、track
# 配置管理冗余口。
[CP-Reth1] ip address 172.16.58.102 255.255.255.0
[CP-Reth1] member interface ten-gigabitethernet1/1/0 priority 255
[CP-Reth1] member interface ten-gigabitethernet2/1/0 priority 200
[CP-Reth1] quit
[CP] interface reth 2
[CP-Reth2] member interface ten-gigabitethernet1/2/0 priority 250
[CP-Reth2] member interface ten-gigabitethernet2/3/0 priority 200
[CP-Reth2] ip address 1.1.1.1 255.255.255.0
# 配置冗余组。
[CP] redundancy group 1
[CP-redundancy-group-1] node 1
[CP-redundancy-group-1-node-1] bind slot 1
[CP-redundancy-group-1-node-1] track 1 interface ten-gigabitethernet1/1/0
[CP-redundancy-group-1-node-1] track 2 interface ten-gigabitethernet1/2/0
[CP-redundancy-group-1-node-1] track 3 interface ten-gigabitethernet1/3/0
[CP-redundancy-group-1-node-1] quit
[CP-redundancy-group-1-node-1] node 2
[CP-redundancy-group-1-node-2] bind slot 2
[CP-redundancy-group-1-node-2] track 4 interface ten-gigabitethernet2/1/0
[CP-redundancy-group-1-node-2] track 5 interface ten-gigabitethernet2/2/0
[CP-redundancy-group-1-node-2] track 6 interface ten-gigabitethernet2/3/0
# 配置track。
<CP> system-view
[CP] track 1 interface ten-gigabitethernet1/1/0
[CP] track 2 interface ten-gigabitethernet1/2/0
[CP] track 3 interface ten-gigabitethernet1/3/0
[CP] track 4 interface ten-gigabitethernet2/1/0
[CP] track 5 interface ten-gigabitethernet2/2/0
(2) 配置RADIUS方案,并配置主认证和主计费服务器,以及通信密钥。
<CP> system-view
System View: return to User View with Ctrl+Z.
[CP] radius scheme pppoe
[CP-radius-pppoe] primary authentication 172.16.59.197
[CP-radius-pppoe] primary accounting 172.16.59.197
[CP-radius-pppoe] key authentication simple 123456
[CP-radius-pppoe] key accounting simple 123456
# 配置发送给RADIUS服务器的用户名不携带ISP域名。
[CP-radius-pppoe] user-name-format without-domain
(3) 配置认证域
# 创建ISP域pppoe,并配置该域使用RADIUS方案pppoe。
[CP] domain name pppoe
[CP-isp-pppoe] authentication ppp radius-scheme pppoe
[CP-isp-pppoe] authorization ppp radius-scheme pppe
[CP-isp-pppoe] accounting ppp radius-scheme pppoe
[CP-isp-pppoe] quit
(4) 配置虚拟模板接口。
# 创建虚拟模板接口1,并配置该虚拟模板接口采用PAP或CHAP认证对端,默认使用的ISP域是pppoe。
[CP] interface virtual-template 1
[CP-Virtual-Template1] ppp authentication-mode pap chap domain default enable pppoe [CP-Virtual-Template1] ppp account-statistics enable
[CP-Virtual-Template1] quit
(5) 使能L2TP,配置L2TP隧道,包括LNS IP地址、用户所属的ISP域、隧道名称、隧道密码
[CP] l2tp enable
[CP-l2tp1] lns-ip 4.4.4.1
[CP-l2tp1] user domain pppoe
# 隧道hello报文的时间间隔,如下120s发送一次hello报文 (可选),默认不配置时间间隔为60s。
[CP-l2tp1] tunnel timer hello 120
[CP-l2tp1] tunnel name lac
[CP-l2tp1] tunnel password simple 123456
(6) 配置动态路由协议,这里以ISIS为例,并且配置NSR
[CP] isis 1
[CP-isis-1] network-entity 00.0000.0000.0000.0003.00
# 使能NSR。
[CP-isis-1] non-stop-routing
[CP-isis-1] address-family ipv4
# 配置VXLAN隧道的源地址,在loopback接口下,通过动态路由协议这个地址发布给DP。
[CP] interface loopback 1
[CP-LoopBack1] ip address 7.7.7.7 255.255.255.0
[CP-LoopBack1] isis enable 1
(7) 配置VXLAN隧道
[CP] nterface tunnel 0 mode vxlan
[CP] interface tunnel 0 mode vxlan
[CP-Tunnel0] source 7.7.7.7
[CP-Tunnel0] destination 3.3.3.1
(8) 使能l2vpn,配置vsi接口,接口下绑定pppoe的VT模板
[CP] l2vpn enable
[CP-vsi-pppoe-vxlan-13] tunnel 0
# 创建VSI虚接口VSI-interface1,并指定该VSI虚接口为分布式本地网关接口。
[CP] interface Vsi-interface 1
[CP-Vsi-interface1]distributed-gateway local
# 为CP和DP的VSI虚接口配置相同的MAC地址(统一配置成CP或 DP上接口VSI-interface1的MAC地址)。
[CP-Vsi-interface1] mac-address 7425-8ae3-a1d0
# 接口上启用PPPoE Server协议,将vsi接口与虚拟模板接口1绑定。
[CP-Vsi-interface1] pppoe-server bind virtual-template 1
# VSI虚接口启用会话表项控制模式。
[CP-Vsi-interface1] pppoe-server control-plane-mode session
# 配置当vsi接口down时,pppoe用户不下线,建议配置。
[CP-Vsi-interface1] pppoe-server user-policy interface-down online
创建VSI pppoe,关联vxlan隧道tunnel0。
[CP] vsi pppoe
[CP-vsi-pppoe] gateway vsi-interface 1
[CP-vsi-pppoe] vxlan 11
[CP-vsi-pppoe-vxlan-13] tunnel 0
(9) 在冗余接口2下使能ISIS,通过冗余口建立isis peer把路由发布出去
[CP] interface Reth 2
[CP-Reth2] ip address 1.1.1.1 255.255.255.0
[CP-Reth2] isis enable 1
(10) 配置建立L2TP隧道的LAC地址为13.1.1.1,管理DP的VXLAN隧道地址为3.3.3.1,配置生效后,会在DP上下发13.1.1.1的路由
[CP] l2tp lac control-plane-mode source-ip 13.1.1.1 bind dp-ip 3.3.3.1
(11) 配置pppoe上线用户名pppoe及密码
[CP] local-user pppoe class network
[CP-luser-network-pppoe] service-type ppp
[CP-luser-network-pppoe] password simple 123456
(1) 配置冗余口、冗余组、track
# 配置管理冗余口。
[CP-Reth1] ip address 172.16.59.183 255.255.255.0
[CP-Reth1] member interface ten-gigabitethernet1/1/0 priority 255
[CP-Reth1] member interface ten-gigabitethernet2/1/0 priority 100
[CP-Reth1] quit
# 配置冗余组。
[CP] redundancy group 1
[CP-redundancy-group-1] node 1
[CP-redundancy-group-1-node-1] bind slot 1
[CP-redundancy-group-1-node-1] track 1 interface ten-gigabitethernet1/1/0
[CP-redundancy-group-1-node-1] track 3 interface ten-gigabitethernet1/2/0
[CP-redundancy-group-1-node-1] track 5 interface ten-gigabitethernet1/6/0
[CP-redundancy-group-1-node-1] quit
[CP-redundancy-group-1-node-1] node 2
[CP-redundancy-group-1-node-2] bind slot 2
[CP-redundancy-group-1-node-2] track 2 interface ten-gigabitethernet2/1/0
[CP-redundancy-group-1-node-2] track 4 interface ten-gigabitethernet2/3/0 [CP-redundancy-group-1-node-2] track 6 interface ten-gigabitethernet2/4/0
# 配置track。
<CP> system-view
[CP] track 1 interface ten-gigabitethernet1/1/0
[CP] track 2 interface ten-gigabitethernet1/2/0
[CP] track 3 interface ten-gigabitethernet1/3/0
[CP] track 4 interface ten-gigabitethernet2/1/0
[CP] track 5 interface ten-gigabitethernet2/2/0
(2) DP的成员口加入聚合口。
[DP] interface ten-gigabitethernet 1/2/0
[DP-Ten-GigabitEthernet1/2/0] port link-aggregation group 1
[DP-Ten-GigabitEthernet1/2/0] quit
[DP] interface ten-gigabitethernet 1/6/0
[DP-Ten-GigabitEthernet1/6/0] port link-aggregation group 1
[DP-Ten-GigabitEthernet1/6/0] quit
[DP] interface ten-gigabitethernet 2/3/0
[DP-Ten-GigabitEthernet2/3/0] port link-aggregation group 1
[DP-Ten-GigabitEthernet2/3/0] quit
[DP] interface ten-gigabitethernet 2/4/0
[DP-Ten-GigabitEthernet2/4/0] port link-aggregation group 1
[DP-Ten-GigabitEthernet2/4/0] quit
(3) 聚合口配置动态聚合模式
[DP] interface route-aggregation 1
[DP-Route-Aggregation1] link-aggregation mode dynamic
[DP-Route-Aggregation1] quit
(4) 配置各接口IP地址。
[DP] interface route-aggregation 1
[DP-Route-Aggregation1] ip address 50.0.0.2 24
# 配置vxlan-dci隧道的源地址。
[DP] interface loopback 0
[DP-LoopBack0] ip address 3.3.3.1 24
# 配置vxlan隧道的源地址。
[DP] interface loopback 1
[DP-LoopBack1] interface loopback1
[DP-LoopBack1] ip address 31.0.0.1 24
(5) 配置认证域,pppoe
[DP] domain name ppppoe
[DP-isp-ppppoe] quit
(6) 配置虚拟模板接口。
# 创建虚拟模板接口1。
[DP] interface Virtual-Template 1
# 配置接口并启用PPPoE Server协议。
# 进入接口GigabitEthernet1/2/0视图。
[vBRAS] interface ten-gigabitethernet 1/2/0
# 给接口配置IP地址9.1.1.254/24。
[vBRAS-Ten-GigabitEthernet1/2/0] ip address 9.1.1.254 24
# 在GigabitEthernet1/2/0接口上启用PPPoE Server协议,将该以太网接口与虚拟模板接口1绑定。
(7) 配置VXLAN和VXLAN-DCI隧道
# 创建与CP建立的VXLAN隧道。
[DP] interface tunnel 0 mode vxlan
[DP-Tunnel0] source 3.3.3.1
[DP-Tunnel0] destination 7.7.7.7
# 创建与PoP交换机建立的VXLAN-DCI隧道。
[DP] interface tunnel 1 mode vxlan-dci
[DP-Tunnel1] source 31.0.0.1
[DP-Tunnel1] destination 30.0.0.1
(8) 使能l2vpn,配置vsi接口,接口下绑定pppoe的VT模板
[CP] l2vpn enable
# 创建VSI接口。
[DP] interface Vsi-interface 1
[DP] vsi yly
[DP-vsi-yly] gateway vsi-interface 1
[DP-vsi-yly] vxlan 11
[DP-vsi-yly-vxlan-11] tunnel 0
[DP-vsi-yly-vxlan-11] tunnel 1
[DP] interface Vsi-interface 1
# 接口下配置与CP上vsi接口下相同的mac地址。
[DP-Vsi-interface1] mac-address 7425-8ae3-a1d0
# 接口上启用PPPoE Server协议,将vsi接口与虚拟模板接口1绑定。
[DP-Vsi-interface1] pppoe-server bind virtual-template 1
(9) 配置openflow实例。
[vBRAS-Ten-GigabitEthernet1/2/0] pppoe-server bind virtual-template 1
[DP] openflow instance 1
[DP-of-inst-1] openflow instance 1
# 配置Table Miss流表项的缺省动作为正常转发。
[DP-of-inst-1] default table-miss permit
# 关闭OpenFlow连接备份功能。
[DP-of-inst-1] undo tcp-connection backup
# 配置流表类型为mac-ip,通过MAC地址表和FIB表实现。只能匹配目的MAC地址、VLAN以及目的IP地址,动作也仅支持修改目的MAC地址、源MAC地址、VLAN、TUNNEL ID以及指定出接口。
[DP-of-inst-1] flow-table mac-ip 1
# 配置openflow实例,7.7.7.7(对端CP设备vxlan的地址)。
[DP-of-inst-1] classification global
[DP-of-inst-1] controller 1 address ip 7.7.7.7 local address ip 3.3.3.1
# 激活OpenFlow实例。
[DP-of-inst-1] active instance
(10) 配置动态路由协议,这里以ISIS为例,并且使能NSR
[CP] isis 1
[CP-isis-1] network-entity 00.0000.0000.0000.0001.00
# 使能NSR
[CP-isis-1] non-stop-routing
(11) 配置前缀列表,在路由策略中应用此前缀置
[DP] ip prefix-list 1 index 10 permit 13.1.1.1 32
[DP] route-policy 1 permit node 1
[DP-route-policy-1-1] if-match ip address prefix-list 1
[DP-route-policy-1-1]
(12) ISIS路由引入路由策略1,通过ISIS将LAC地址13.1.1.1发布给LNS端
[DP] isis 1
[DP-isis-1] address-family ipv4 unicast
[DP-isis-1-ipv4] import-route static level-1-2 route-policy 1
(13) 配置pppoe工作在转发模式下
[DP] pppoe-server work-mode data-plane
(14) 开启L2TP功能
[DP] l2tp enable
(1) 配置DHCP地址池pppoe。
<vLNS1000> system-view
System View: return to User View with Ctrl+Z.
[vLNS1000] dhcp enable
[vLNS1000] dhcp server ip-pool pppoe
[vLNS1000-dhcp-pool-pppoe] gateway-list 53.0.0.1 export-route
[vLNS1000-dhcp-pool-pppoe] address range 53.0.0.0 53.254.254.254
[vLNS1000-dhcp-pool-pppoe] forbidden-ip 53.0.0.1
(2) 配置RADIUS方案,并配置主认证和主计费服务器,以及通信密钥。
<vLNS1000> system-view
System View: return to User View with Ctrl+Z.
[vLNS1000] radius scheme pppoe
[vLNS1000-radius-pppoe] primary authentication 172.16.59.197
[vLNS1000-radius-pppoe] primary accounting 172.16.59.197
[vLNS1000-radius-pppoe] key authentication simple 123456
[vLNS1000-radius-pppoe] key accounting simple 123456
# 配置发送给RADIUS服务器的用户名不携带ISP域名。
[vLNS1000-radius-pppoe] user-name-format without-domain
(3) 配置AAA认证域
# 创建ISP域pppoe,并配置该域使用RADIUS方案pppoe。
[vLNS1000] domain name pppoe
# ISP域内授权地址池pppoe
[vLNS1000-isp-pppoe] authentication ppp radius-scheme pppoe
[vLNS1000-isp-pppoe] authorization ppp radius-scheme pppe
[vLNS1000-isp-pppoe] authorization-attribute ip-pool pppoe
[vLNS1000-isp-pppoe] accounting ppp radius-scheme pppoe
[vLNS1000-isp-pppoe] quit
(4) 配置虚拟模板接口。
# 创建虚拟模板接口1,并配置该虚拟模板接口采用PAP或CHAP认证对端,默认使用的ISP域是pppoe。
[vLNS1000] interface virtual-template 1
[vLNS1000-Virtual-Template1] ppp authentication-mode pap chap domain default enable pppoe
[vLNS1000-Virtual-Template1] ppp account-statistics enable
[vLNS1000-Virtual-Template1] quit
(5) 配置动态路由协议,这里以ISIS为例,并且使能NSR
[vLNS1000] isis 1
[vLNS1000-isis-1] network-entity 00.0000.0000.0000.0004.00
[vLNS1000-isis-1] non-stop-routing
(6) 配置接口IP地址,并使能ISIS,通过ISIS把路由发布给CP设备
[vLNS1000] interface ten-gigabitethernet 1/6/0
[vLNS1000-Ten-GigabitEthernet1/6/0] ip address 4.4.4.1 255.255.255.0
[vLNS1000-Ten-GigabitEthernet1/6/0] isis enable 1
(7) 使能L2TP,配置L2TP隧道,包括隧道名称、隧道密码
[vLNS1000] l2tp-group 1
[vLNS1000-l2tp1] l2tp-group 1 group-name lns mode lns
# 与LAC端配置tunnel name要一致。
[vLNS1000-l2tp1] allow l2tp virtual-template 1 remote lac
# L2TP隧道hello报文的时间间隔,如下120s发送一次hello报文 (可选),默认不配置时间间隔为60s。
[vLNS1000-l2tp1] tunnel timer hello 120
# L2TP隧道名称,LNS侧无实际作用,只是个名称。可选择配置。
[vLNS1000-l2tp1] tunnel name lns
# L2TP隧道密码,一定要与LAC端L2TP隧道的密码一致。
[vLNS1000-l2tp1] tunnel password cipher $c$3$/a7hp84ZBjOGuoehDJrPIwYnRDYIJazcPQ==
(8) 配置pppoe上线用户名pppoe及密码
[vLNS1000] local-user pppoe class network
[vLNS1000-luser-network-pppoe] service-type ppp
[vLNS1000-luser-network-pppoe] password simple 123456
(9) 配置开启PPP接入用户日志信息功能,打印pppoe下线失败原因(可选)
[vLNS1000] ppp access-user log enable successful-login failed-login normal-logout abnormal-logout
(1) 配置RADIUS客户端信息,即在clients.conf文件中增加如下信息。
client 172.16.58.102{
ipaddr = 172.16.58.102
secret = 123456
shortname = pppoe
client 172.16.38.98/32{
ipaddr = 172.16.38.98
secret = 123456
shortname = pppoe
}
以上信息表示:RADIUS客户端的IP地址为172.16.58.102(CP设备地址)、172.16.38.98(vlns设备地址),共享密钥为字符串123456。
(2) 配置合法用户信息,即在users文件中增加如下信息。
pppoe Cleartext-Password := "123456"
以上信息表示:用户名为pppoe,用户密码为字符串123456。
(1) 查看动态路由协议ISIS peer状态正常
[CP] display isis peer
Peer information for IS-IS(1)
-----------------------------
System ID: 0000.0000.0002
Interface: Reth2 Circuit Id: 0000.0000.0002.01
State: Up HoldTime: 85s Type: L1(L1L2) PRI: 64
System ID: 0000.0000.0002
Interface: Reth2 Circuit Id: 0000.0000.0002.01
State: Up HoldTime: 85s Type: L2(L1L2) PRI: 64
(2) 查看vsi接口状态up
[CP] display interface Vsi-interface 1
Vsi-interface1
Current state: UP
Line protocol state: UP
Description: Vsi-interface1 Interface
Bandwidth: 1000000 kbps
Maximum transmission unit: 1500
Internet protocol processing: Enabled
IP packet frame type: Ethernet II, hardware address: 7425-8ae3-a1d0
IPv6 packet frame type: Ethernet II, hardware address: 7425-8ae3-a1d0
Physical: Unknown, baudrate: 1000000 kbps
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
(3) 拨号连接成功后,L2TP隧道建立成功
[CP] display l2tp tunnel
LocalTID RemoteTID State Sessions RemoteAddress RemotePort RemoteName
64239 46508 Established 1 4.4.4.1 1701 lns
[CP] disp l2tp tunnel verbose
Group number : 1
Group mode : LAC
Tunnel state : Established
Tunnel type : Group
Local tunnel ID : 64239
Remote tunnel ID : 46508
Local IP address : 13.1.1.1
Remote IP address : 4.4.4.1
Sessions : 1
Send window size : 1024
Send win lower-limit : 4
Send win upper-limit : 3
Recv window size : 1024
Control message Nr : 2
Latest hello packet Ns: 0
Recv same hello times : 0
Ack timeout times : 0
Remote bearer cap : Both
Remote protocol ver : 1
Remote port : 1701
Remote tunnel name : lns
Remote vendor name : N/A
Tunnel auth : Disabled
Assignment ID : N/A
(1) 查看openflow状态正常
[DP] display openflow instance 1 controller
Instance 1 controller information:
Reconnect interval: 60 (s)
Echo interval : 5 (s)
Controller ID : 1
Controller IP address : 7.7.7.7
Controller port : 6633
Local IP address : 3.3.3.1
Controller role : Equal
Connect type : TCP
Connect state : Established
Packets sent : 39048
Packets received : 40925
SSL policy : --
VRF name : --
(2) 查看动态路由协议ISIS peer状态正常
[DP] display isis peer
Peer information for IS-IS(1)
-----------------------------
System ID: 0000.0000.0002
Interface: RAGG1 Circuit Id: 0000.0000.0002.02
State: Up HoldTime: 70s Type: L1(L1L2) PRI: 64
System ID: 0000.0000.0002
Interface: RAGG1 Circuit Id: 0000.0000.0002.02
State: Up HoldTime: 70s Type: L2(L1L2) PRI: 64
(3) DP上可查看到LAC地址的路由
[DP] display fib 13.1.1.1
FIB entry count: 1
Flag:
U:Usable G:Gateway H:Host B:Blackhole D:Dynamic S:Static
R:Relay F:FRR
Destination/Mask Nexthop Flag OutInterface/Token Label
13.1.1.1/32 0.0.0.0 USH InLoop0 Null
(1) 查看动态路由协议ISIS peer状态正常
[vlns1000] display isis peer
Peer information for IS-IS(1)
-----------------------------
System ID: 0000.0000.0002
Interface: XGE1/3/0 Circuit Id: 0000.0000.0002.05
State: Up HoldTime: 183s Type: L1(L1L2) PRI: 64
System ID: 0000.0000.0002
Interface: XGE1/3/0 Circuit Id: 0000.0000.0002.05
State: Up HoldTime: 197s Type: L2(L1L2) PRI: 64
(2) 查看L2TP隧道状态正常
[vlns1000] display l2tp tunnel
LocalTID RemoteTID State Sessions RemoteAddress RemotePort RemoteName
46508 64239 Established 1 13.1.1.1 1701 lac
[vlns1000] display l2tp session
LocalSID RemoteSID LocalTID State Username
22945 16371 46508 Established pppoe
(3) 通过命令display l2tp session可查看建立的L2TP会话
[vlns1000] display ppp access-user interface Virtual-Template 1
Interface MAC address IP address Username
S/C-VLAN IPv6 PDPrefix IPv6 address
BAS0 - 53.0.129.246 pppoe
-/- - -
[6800] display link-aggregation verbose
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected, I -- Individual
Port: A -- Auto port, M -- Management port, R -- Reference port
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregate Interface: Bridge-Aggregation1
Aggregation Mode: Dynamic
Loadsharing Type: Shar
Management VLANs: None
System ID: 0x8000, 74ea-cb56-ff50
Local:
Port Status Priority Index Oper-Key Flag
XGE1/0/6 S 32768 1 1 {ABCDEF}
XGE1/0/7 S 32768 3 1 {ABCDEF}
XGE1/0/8 S 32768 4 1 {ABCDEF}
XGE1/0/11 S 32768 2 1 {ABCDEF}
Remote:
Actor Priority Index Oper-Key SystemID Flag
XGE1/0/6 32768 3 1 0x8000, 7425-8ae4-42e9 {ACDEF}
XGE1/0/7(R) 32768 1 1 0x8000, 7425-8ae4-42e9 {ACDEF}
XGE1/0/8 32768 2 1 0x8000, 7425-8ae4-42e9 {ACDEF}
XGE1/0/11 32768 4 1 0x8000, 7425-8ae4-42e9 {ACDEF}
[6800] display link-aggregation verbose
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected, I -- Individual
Port: A -- Auto port, M -- Management port, R -- Reference port
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregate Interface: Bridge-Aggregation1
Aggregation Mode: Dynamic
Loadsharing Type: Shar
Management VLANs: None
System ID: 0x8000, 74ea-cb56-ff50
Local:
Port Status Priority Index Oper-Key Flag
XGE1/0/6 S 32768 1 1 {ABCDEF}
XGE1/0/7 S 32768 3 1 {ABCDEF}
XGE1/0/8 S 32768 4 1 {ABCDEF}
XGE1/0/11 S 32768 2 1 {ABCDEF}
Remote:
Actor Priority Index Oper-Key SystemID Flag
XGE1/0/6 32768 3 1 0x8000, 7425-8ae4-42e9 {ACDEF}
XGE1/0/7(R) 32768 1 1 0x8000, 7425-8ae4-42e9 {ACDEF}
XGE1/0/8 32768 2 1 0x8000, 7425-8ae4-42e9 {ACDEF}
XGE1/0/11 32768 4 1 0x8000, 7425-8ae4-42e9 {ACDEF}
· PoP交换机(6800)
#
sysname 6800
#
irf mac-address persistent timer
irf auto-update enable
undo irf link-delay
irf member 1 priority 1
#
isis 1
non-stop-routing
network-entity 00.0000.0000.0000.0002.00
#
vlan 222 to 225
#
vlan 332 to 333
#
vlan 1300 to 2000
#
l2vpn enable
#
vsi yly
description yaoliyuan
vxlan 11
tunnel 11
#
interface Bridge-Aggregation1
port access vlan 203
link-aggregation mode dynamic
#
interface LoopBack100
ip address 30.0.0.1 255.255.255.255
isis enable 1
#
interface Vlan-interface203
ip address 50.0.0.1 255.255.255.0
isis enable 1
#
interface Vlan-interface204
ip address 6.6.6.1 255.255.255.0
ip address 6.5.5.1 255.255.255.0 sub
isis enable 1
#
interface Vlan-interface205
ip address 21.0.0.2 255.255.255.0
isis enable 1
#
interface Ten-GigabitEthernet1/0/14
port link-mode route
ip address 4.4.4.2 255.255.255.0
isis enable 1
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 1300 to 2300
#
service-instance 1
encapsulation s-vid 1300 to 2300
xconnect vsi yly access-mode ethernet
#
interface Ten-GigabitEthernet1/0/4
port link-mode bridge
port access vlan 202
#
interface Ten-GigabitEthernet1/0/5
port link-mode bridge
port access vlan 200
#
interface Ten-GigabitEthernet1/0/6
port link-mode bridge
port access vlan 203
flow-interval 5
lacp period short
port link-aggregation group 1
#
interface Ten-GigabitEthernet1/0/7
port link-mode bridge
port access vlan 203
lacp period short
port link-aggregation group 1
#
interface Ten-GigabitEthernet1/0/8
port link-mode bridge
port access vlan 203
lacp period short
port link-aggregation group 1
#
interface Ten-GigabitEthernet1/0/9
port link-mode bridge
description to 10/1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2400 to 3400
#
service-instance 2
encapsulation s-vid 2400 to 3400
xconnect vsi yao access-mode ethernet
#
interface Ten-GigabitEthernet1/0/10
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/11
port link-mode bridge
port access vlan 203
lacp period short
port link-aggregation group 1
#
interface Ten-GigabitEthernet1/0/13
port link-mode bridge
port access vlan 200
flow-interval 5
#
interface Ten-GigabitEthernet1/0/15
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/16
port link-mode bridge
port access vlan 201
#
interface Ten-GigabitEthernet1/0/17
port link-mode bridge
port access vlan 204
port link-aggregation group 3
#
interface Ten-GigabitEthernet1/0/18
port link-mode bridge
port access vlan 204
port link-aggregation group 3
#
interface Ten-GigabitEthernet1/0/19
port link-mode bridge
description 10/2
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 3401 to 3600
#
service-instance 3
encapsulation s-vid 3401 to 3600
xconnect vsi yly1 access-mode ethernet
#
interface Ten-GigabitEthernet1/0/20
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/21
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/22
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/23
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/24
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/25
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/26
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/27
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/28
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/29
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/30
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/31
port link-mode bridge
port access vlan 224
port link-aggregation group 22
#
interface Ten-GigabitEthernet1/0/32
port link-mode bridge
port access vlan 224
port link-aggregation group 22
#
interface Ten-GigabitEthernet1/0/33
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/34
port link-mode bridge
port access vlan 225
#
interface Ten-GigabitEthernet1/0/35
port link-mode bridge
port access vlan 225
#
interface Ten-GigabitEthernet1/0/36
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/37
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 333
port trunk pvid vlan 222
#
interface Ten-GigabitEthernet1/0/38
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 333
#
interface Ten-GigabitEthernet1/0/39
port link-mode bridge
port access vlan 110
#
interface Ten-GigabitEthernet1/0/40
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/41
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/42
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/43
port link-mode bridge
port access vlan 110
#
interface Ten-GigabitEthernet1/0/44
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/45
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/46
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/47
port link-mode bridge
port access vlan 224
#
interface Ten-GigabitEthernet1/0/48
port link-mode bridge
port access vlan 225
#
interface Tunnel1 mode vxlan
#
interface Tunnel11 mode vxlan
description yaoliyuan
source 30.0.0.1
destination 31.0.0.1
#
interface Tunnel12 mode vxlan
description yaoliyuan
source 30.0.0.1
destination 32.0.0.1
#
interface Tunnel22 mode vxlan
description zz
source 88.1.1.2
destination 88.1.1.1
#
interface Tunnel33 mode vxlan
source 6.5.5.2
destination 6.5.5.1
#
interface Tunnel110 mode vxlan-dci
source 11.0.0.1
destination 11.0.0.100
#
interface Tunnel202 mode vxlan
source 4.4.4.1
destination 4.4.4.2
#
interface Tunnel666 mode vxlan
description zz_test
source 2.2.2.2
destination 1.1.1.1
#
interface Tunnel777 mode vxlan
source 4.4.4.4
destination 3.3.3.3
#
interface Tunnel999 mode vxlan
source 3.3.3.3
destination 2.2.2.2
#
interface Tunnel1501 mode vxlan
source 22.22.22.22
destination 33.33.33.34
#
scheduler logfile size 16
#
line class aux
user-role network-admin
#
line class vty
user-role network-operator
#
line aux 0
user-role network-admin
#
line vty 0 63
authentication-mode none
user-role network-admin
user-role network-operator
idle-timeout 0 0
#
ip route-static 172.16.0.0 16 172.16.58.1
ip route-static 192.168.0.0 16 172.16.58.1
#
acl basic 2000
#
acl advanced 3000
rule 0 permit udp source 100.0.0.10 0 destination 100.0.0.1 0 source-port eq 17
01 destination-port eq 1701
#
acl advanced 3001
rule 0 permit ip source 100.0.0.10 0 destination 100.0.0.1 0
#
acl advanced 3200
rule 0 permit ip source 3.3.3.2 0
#
acl advanced 3500
rule 0 permit ip source 3.3.3.0 0.0.0.255
#
radius scheme system
user-name-format without-domain
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user admin class manage
password hash $h$6$Iyg+x3mSnE9ZjPKZ$AV1UWVCIGMvsy99+9+ZxFCtxYDyRSeVS6HGtsi5mibs
Tf+bVJFrTK9feHK6hrSGxT3f4TkcUxVpMEado8sVEhg==
service-type telnet http https
authorization-attribute user-role network-operator
#
local-user yly class manage
password hash $h$6$ucu4ARnVNE5Eyex+$ss+5g0ewlo4zr0JDj0pZEWLwPV/+OQtTwDf+0Y90C5k
emx7TAxzRIgOX7ASQcTcW4Ubp3W45+f1yWIf0Q5aWVg==
service-type ftp
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
local-user zz class manage
password hash $h$6$05FkQTym297m6rA/$0DBpQMxvwzgPtqDUx0ZPWmocWuHWtdyBBOhCWNjDfrr
eFtxssauRqBsATwTeHobJKcvq4QF8ersEzIVNFLIL0w==
service-type telnet http https ssh
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
ftp server enable
#
netconf soap http enable
netconf soap https enable
#
return
[6800]
· LAC CP
#
sysname CP
#
irf mac-address persistent always
irf auto-update enable
irf auto-merge enable
irf domain 32
irf member 1 priority 32
irf member 2 priority 10
#
track 1 interface Ten-GigabitEthernet1/1/0
#
track 2 interface Ten-GigabitEthernet1/2/0
#
track 3 interface Ten-GigabitEthernet1/3/0
#
isis 1
non-stop-routing
network-entity 00.0000.0000.0000.0003.00
#
address-family ipv4 unicast
#
ppp access-user log enable successful-login failed-login normal-logout abnormal-logout
ppp authentication chasten 10 60 120
#
dhcp enable
#
ip subscriber access-user log enable failed-login
#
password-recovery enable
#
irf-port 1
port group interface Ten-GigabitEthernet1/4/0
#
irf-port 2
port group interface Ten-GigabitEthernet2/2/0
#
traffic classifier yly operator and
if-match acl 3000
#
traffic behavior yly
car cir 100000 cbs 6250000 ebs 0 green pass red discard yellow pass
#
qos policy yly
classifier yly behavior yly
#
openflow instance 1
#
openflow controller enable
#
l2vpn enable
#
vsi yly
gateway vsi-interface 1
vxlan 11
tunnel 0
#
interface Reth1
ip address 172.16.58.102 255.255.255.0
member interface Ten-GigabitEthernet1/1/0 priority 255
member interface Ten-GigabitEthernet2/1/0 priority 200
#
interface Reth2
ip address 1.1.1.1 255.255.255.0
isis enable 1
member interface Ten-GigabitEthernet1/2/0 priority 250
member interface Ten-GigabitEthernet2/3/0 priority 200
#
interface Route-Aggregation1
link-aggregation mode dynamic
#
interface Virtual-Template1
mtu 800
timer-hold 0
ppp authentication-mode pap chap domain default enable none
remote address pool pppoe
ppp account-statistics enable
ip address 52.0.0.1 255.255.0.0
ipv6 dhcp select server
ipv6 address auto link-local
undo ipv6 nd ra halt
#
interface Virtual-Template2
timer-hold 0
ppp authentication-mode pap chap domain default enable none
remote address pool pppoe
ppp account-statistics enable
ipv6 dhcp select server
ipv6 address auto link-local
undo ipv6 nd ra halt
#
interface NULL0
#
interface LoopBack1
description vxlan-tunnel
ip address 7.7.7.7 255.255.255.0
isis enable 1
#
interface Ten-GigabitEthernet1/1/0
port link-mode route
#
interface Ten-GigabitEthernet2/1/0
port link-mode route
#
interface Ten-GigabitEthernet1/2/0
port link-mode route
#
interface Ten-GigabitEthernet1/3/0
port link-mode route
#
interface Ten-GigabitEthernet1/4/0
port link-mode route
#
interface Ten-GigabitEthernet2/2/0
port link-mode route
#
interface Ten-GigabitEthernet2/3/0
port link-mode route
#
interface Ten-GigabitEthernet2/4/0
port link-mode route
#
interface Vsi-interface1
mac-address 7425-8ae3-a1d0
distributed-gateway local
pppoe-server bind virtual-template 1
pppoe-server control-plane-mode session
pppoe-server user-policy interface-down online
#
interface Tunnel0 mode vxlan
source 7.7.7.7
destination 3.3.3.1
#
scheduler logfile size 16
#
line class aux
user-role network-operator
#
line class console
user-role network-admin
#
line class vty
user-role network-operator
#
line aux 0 1
user-role network-operator
#
line con 0 1
user-role network-admin
#
line vty 0 63
authentication-mode none
user-role network-admin
user-role network-operator
idle-timeout 0 0
#
ip route-static 172.16.0.0 16 172.16.58.1
#
snmp-agent
snmp-agent local-engineid 800063A2805254004D69B500000001
snmp-agent community write private
snmp-agent community read public
snmp-agent community read read
snmp-agent sys-info version all
snmp-agent target-host trap address udp-domain 172.16.59.197 udp-port 163 params securityname public v2c
snmp-agent trap enable arp
snmp-agent trap enable l2vpn
snmp-agent trap enable radius
snmp-agent trap enable syslog
snmp-agent trap source Reth1
#
license server ipv4 172.16.58.240 port 5555
license client username yly password cipher $c$3$fGC8TU1r7HkPwAn/a4igFic6Bv6iMNoDCAhe
license client enable
#
license client install standard cp-advance
#
redundancy group 1
node 1
bind slot 1
track 1 interface Ten-GigabitEthernet1/1/0
track 2 interface Ten-GigabitEthernet1/2/0
track 3 interface Ten-GigabitEthernet1/3/0
node 2
bind slot 2
track 4 interface Ten-GigabitEthernet2/1/0
track 5 interface Ten-GigabitEthernet2/2/0
track 6 interface Ten-GigabitEthernet2/3/0
#
acl advanced 3001
rule 10 permit ip source 4.4.4.0 0.0.0.255 destination 7.7.7.7 0
#
user-profile yly
#
radius scheme linux
primary authentication 172.16.58.180 key cipher $c$3$OcvD839NmHvYjudUN6n//kkFQGvArmGS2Q==
primary accounting 172.16.58.180 key cipher $c$3$htb5Ji7eg71QlmUm5nRSZc1p2/eFq7KPDw==
user-name-format keep-original
#
radius scheme ppp
#
radius scheme pppoe
primary authentication 172.16.59.197
primary accounting 172.16.59.197
key authentication cipher $c$3$L3JG3HNzMDkDJufQgGx6bD0bYB7bXl63HA==
key accounting cipher $c$3$TteKIaAu5ODuzqKoNipq8pQuy5QKc3v/Cw==
user-name-format without-domain
#
domain name pppoe
authorization-attribute ip-pool pppoe
authentication ppp radius-scheme yly
authorization ppp radius-scheme yly
accounting ppp radius-scheme yly
#
domain name system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user ad class manage
authorization-attribute user-role network-operator
#
local-user admin class manage
password hash $h$6$ggbcg9z9gURxcwnd$b23qg5upng/RvIyjWR1gDkjq+tmPUY/laP27G8S5NwV40u33V/cjqjPqOu/pkLYB2Ktbwyqr33YSMeCtbi1ktA==
service-type http https
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
local-user eagle class manage
password hash $h$6$GoAXumlUvX7e19q+$lK3DDy3BYVlHoNqG/xuaht9w4Tg0cauye/KlkvqPHCx4xI/rMTu5aSowt/ck2Nrbn7i+NU+fixEc53cMtzUrcQ==
service-type ftp
authorization-attribute work-directory flash:/Eagle
authorization-attribute user-role level-15
authorization-attribute user-role network-operator
#
local-user pppoe class manage
authorization-attribute user-role network-operator
#
local-user admin class network
authorization-attribute user-role network-operator
#
local-user pppoe class network
password cipher $c$3$Z+sFL3GTmDmoXXzmxL4N5+GKEeu45LZpnw==
service-type ppp
authorization-attribute user-role network-operator
#
local-user yly class network
password cipher $c$3$n6GGjM5mtiVIrl/ydwljXYAACXW5T6z2nA==
service-type ppp
authorization-attribute user-role network-operator
#
ftp server enable
#
l2tp-group 1 mode lac
lns-ip 4.4.4.1
tunnel-per-user
user fullusername pppoe
tunnel timer hello 1000
undo tunnel authentication
tunnel name lac
tunnel password cipher $c$3$Jdxh8iqtnygHUXfL9fNVmCCR6zfM3PrETQ==
#
l2tp enable
l2tp lac control-plane-mode source-ip 13.1.1.1 bind dp-ip 3.3.3.1
#
netconf soap http enable
netconf soap https enable
#
undo pppoe-server connection chasten
#
returnLAC DP
· LAC DP
#
sysname DP
#
irf mac-address persistent always
irf auto-update enable
irf auto-merge enable
irf domain 183
irf member 1 priority 32
irf member 2 priority 10
#
isis 1
non-stop-routing
network-entity 00.0000.0000.0000.0001.00
#
address-family ipv4 unicast
import-route static level-1-2 route-policy 1
#
pppoe-server work-mode data-plane
#
ip subscriber work-mode data-plane
#
flow-interval 5
#
password-recovery enable
#
irf-port 1
port group interface Ten-GigabitEthernet1/3/0
#
irf-port 2
port group interface Ten-GigabitEthernet2/5/0
#
openflow instance 1
default table-miss permit
undo tcp-connection backup
flow-table mac-ip 1
classification global
controller 1 address ip 7.7.7.7 local address ip 3.3.3.1
active instance
#
dhcp server ip-pool pppoe
#
l2vpn enable
#
vsi 1
#
vsi yly
gateway vsi-interface 1
vxlan 11
tunnel 0
tunnel 1
#
interface Reth1
ip address 172.16.59.183 255.255.255.0
member interface Ten-GigabitEthernet1/1/0 priority 255
member interface Ten-GigabitEthernet2/1/0 priority 100
#
interface Reth2
#
interface Reth3
#
interface Reth4
#
interface Route-Aggregation1
ip address 50.0.0.2 255.255.255.0
isis enable 1
link-aggregation mode dynamic
#
interface Virtual-Template1
ipv6 address auto link-local
#
interface NULL0
#
interface LoopBack0
ip address 3.3.3.1 255.255.255.0
isis enable 1
#
interface LoopBack1
ip address 31.0.0.1 255.255.255.255
isis enable 1
#
interface Ten-GigabitEthernet1/1/0
port link-mode route
#
interface Ten-GigabitEthernet2/1/0
port link-mode route
#
interface Ten-GigabitEthernet1/2/0
port link-mode route
description sw-1/0/7
ip address 5.1.1.1 255.255.255.0
isis enable 1
port link-aggregation group 1
#
interface Ten-GigabitEthernet1/3/0
port link-mode route
description to 2/5/0
#
interface Ten-GigabitEthernet1/4/0
port link-mode route
#
interface Ten-GigabitEthernet1/5/0
port link-mode route
#
interface Ten-GigabitEthernet1/6/0
port link-mode route
description sw-1/0/8
ip address 21.0.0.1 255.255.255.0
isis enable 1
port link-aggregation group 1
#
interface Ten-GigabitEthernet1/7/0
port link-mode route
description to-sw1/0/6
#
interface Ten-GigabitEthernet2/2/0
port link-mode route
description to-sw1/0/8
#
interface Ten-GigabitEthernet2/3/0
port link-mode route
description to sw-1/0/6
port link-aggregation group 1
#
interface Ten-GigabitEthernet2/4/0
port link-mode route
description to-sw1/0/11
port link-aggregation group 1
#
interface Ten-GigabitEthernet2/5/0
port link-mode route
#
interface Vsi-interface1
mac-address 7425-8ae3-a1d0
distributed-gateway local
pppoe-server bind virtual-template 1
#
interface Tunnel0 mode vxlan
source 3.3.3.1
destination 7.7.7.7
#
interface Tunnel1 mode vxlan-dci
source 31.0.0.1
destination 30.0.0.1
#
route-policy 1 permit node 1
if-match ip address prefix-list 1
#
ip prefix-list 1 index 10 permit 13.1.1.1 32
#
xconnect-group vsi
#
scheduler logfile size 16
#
line class aux
user-role network-operator
#
line class console
user-role network-admin
#
line class vty
user-role network-operator
#
line aux 0 1
user-role network-operator
#
line con 0 1
user-role network-admin
#
line vty 0 63
authentication-mode none
user-role network-admin
user-role network-operator
idle-timeout 0 0
#
ip route-static 3.3.3.0 24 5.1.1.2
ip route-static 172.16.0.0 16 172.16.59.1
#
license server ipv4 172.16.58.240 port 5555
license client username yly password cipher $c$3$WmiLBjLootaaQWJus+rsWWK6pExin8
6WQgtm
license client enable
#
license client install standard advance
#
redundancy group 1
node 1
bind slot 1
track 1 interface Ten-GigabitEthernet1/1/0
track 3 interface Ten-GigabitEthernet1/2/0
track 5 interface Ten-GigabitEthernet1/6/0
node 2
bind slot 2
track 2 interface Ten-GigabitEthernet2/1/0
track 4 interface Ten-GigabitEthernet2/3/0
track 6 interface Ten-GigabitEthernet2/4/0
#
acl basic 2000
rule 5 permit
#
acl advanced 3000
#
domain name ipoe
#
domain name pppoe
#
domain name ppppoe
#
domain name system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user admin class manage
password hash $h$6$H+dlCeIsPQDCOfSW$xukaAIZZTOhIONQcd5+c583kd3VQc4IV28sDql5PPYl
B6QjmcTxepOpAG6EX3Aw0limD0Go6aCG51bDy/Rbb+Q==
service-type http https
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
l2tp enable
l2tp session-threshold upper-limit 5
#
netconf soap http enable
netconf soap https enable
#
· vLNS
#
sysname vlns1000
#
irf mac-address persistent always
irf auto-update enable
irf auto-merge enable
irf member 1 priority 1
#
isis 1
non-stop-routing
network-entity 00.0000.0000.0000.0015.00
#
ip fast-forwarding aging-time 300
#
dhcp enable
dhcp authorized-ip-conflict ignore
#
ipv6 dhcp prefix-pool 1 prefix 30::/64 assign-len 80
#
password-recovery enable
#
irf-port 1
l2vpn enable
#
interface Virtual-Template1
timer-hold 0
ppp authentication-mode pap chap domain default enable pppoe
ppp account-statistics enable
#
interface NULL0
#
interface Ten-GigabitEthernet1/1/0
port link-mode route
ip address 172.16.38.98 255.255.255.0
#
interface Ten-GigabitEthernet1/2/0
port link-mode route
ip address 22.0.0.1 255.255.255.0
#
interface Ten-GigabitEthernet1/3/0
port link-mode route
ip address 4.4.4.1 255.255.255.0
isis enable 1
#
scheduler logfile size 16
#
line class aux
user-role network-operator
#
line class console
user-role network-admin
#
line class vty
user-role network-operator
#
line aux 0
user-role network-operator
#
line con 0
user-role network-admin
#
line vty 0 63
authentication-mode none
user-role network-admin
user-role network-operator
idle-timeout 0 0
#
ip route-static 172.16.0.0 16 172.16.38.1
#
license server ipv4 172.16.58.240 port 5555
license client username yly password cipher $c$3$N7H6haemrhczERymjH5xjLWineCPG9
PJ7aP/
license client enable
#
license client install l2tp lns 8vcpu-32k count 3
license client install l2tp lns 8vcpu-32k-3year count 3
#
radius scheme pppoe
primary authentication 172.16.59.197
primary accounting 172.16.59.197
key authentication cipher $c$3$33l++TBGFSbzz80wy2UTz5NH1KSEtkfvqA==
key accounting cipher $c$3$BkO580soxyN75idsqgAE+zIL7lo+W0Lp+Q==
user-name-format without-domain
#
radius dynamic-author server
client ip 172.16.58.180 key cipher $c$3$q0rD8OYRaqP22/C7WXyduFpnb6bAO4c5mQ==
client ip 172.16.59.197 key cipher $c$3$szk+1+cXVGfqtZLHu9yh1MjYfT0vtSsy1g==
#
domain name local
#
domain name pppoe
authorization-attribute ip-pool pppoe
authentication ppp radius-scheme pppoe
authorization ppp radius-scheme pppoe
accounting ppp radius-scheme pppoe
#
domain name system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user admin class manage
service-type http https
authorization-attribute user-role network-operator
#
local-user pppoe class network
password cipher $c$3$fAlWB1WV8PebjjXdu7Z0aiAGpujFRl4e5w==
service-type ppp
authorization-attribute user-profile netadmi
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
l2tp-group 1 group-name lns mode lns
allow l2tp virtual-template 1 remote lac
tunnel timer hello 1000
undo tunnel authentication
tunnel name lns
tunnel password cipher $c$3$/a7hp84ZBjOGuoehDJrPIwYnRDYIJazcPQ==
#
l2tp enable
#
netconf soap http enable
netconf soap https enable
#
return
· H3C vBRAS系列虚拟宽带远程接入服务器 配置指导-E1218
· H3C vBRAS系列虚拟宽带远程接入服务器 命令参考-E1218
不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!