Login
- Table of Contents
-
- 16-BRAS Services Configuration Guide
- 00-Preface
- 01-AAA configuration
- 02-ANCP configuration
- 03-PPP configuration
- 04-Value-added services configuration
- 05-DHCP configuration
- 06-DHCPv6 configuration
- 07-User profile configuration
- 08-Connection limit configuration
- 09-L2TP configuration
- 10-PPPoE configuration
- 11-IPoE configuration
- 12-802.1X configuration
- 13-UCM configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 07-User profile configuration | 158.80 KB |
About session group profiles and user group profiles
Restrictions and guidelines: User profile configuration
Prerequisites for user profile
Configuring a session group profile
Configuring a user group profile
Applying a user profile to an interface
Display and maintenance commands for user profiles
User profile configuration examples
Example: Configuring a user profile group for multiple users of the same home
Configuring user profiles
About user profiles
A user profile defines a set of parameters, such as a QoS policy, for a single user or interface. A user profile can be reused when a user connected to the network on a different interface.
The user profile application allows flexible traffic policing on a per-user basis. Each time a user passes authentication, the server sends the device the name of the user profile specified for the user. The device applies the parameters in the user profile to the user. You can also apply a user profile to an interface to process specific traffic on the interface.
User profiles are typically used in the following scenarios:
· Resource allocation per user—Interface-based traffic policing limits the total amount of bandwidth available to all users that are connected through one interface. However, user-profile-based traffic policing can limit the amount of bandwidth available to a single user.
· User access control—When a user passes authentication but the account is overdue, only the resources defined by the ACL permit rules in the free rules are accessible for this user.
About session group profiles and user group profiles
Concepts
Session group profiles and user group profiles are a particular type of user profile for a group of users. It implements QoS traffic control on a per-group basis. A user group can include multiple users and multiple services. For example, you can configure a session group profile or user group profile to limit the total bandwidth for the user group in addition to configuring a user profile for each user.
A session group profile and a user group profile implement the same function. However, the ways they associate user profiles differ.
· A session group profile is associated with a user profile when they are authorized to the same online user. The online user is subject to both the user profile and session group profile.
· A user group profile is associated with a user profile by using CLI command. The authentication server authorizes only the user profile to the online user. The online user is subject to both the user profile and the user group profile associated with the user profile.
How they work
A user profile limits traffic of a single online user. A session group profile or user group profile limits the total traffic of multiple online users. The following queue types are available for hierarchical scheduling:
· Traffic queue—Caches packets of different priorities of a user.
· User queue—Schedules packets of traffic queues by using a queue scheduling profile applied to the user profile, and rate limits the packets of the user queue by using traffic policing settings.
User group queue—Schedules packets of user queues by using a queue scheduling profile applied to the user group profile or session group profile, and rate limits the packets of the user group queue by using traffic policing and traffic shaping settings.
Traffic queues are physical queues and have cache units. User queues and user group queues are virtual queues that participate in hierarchical scheduling and do not have cache units.
Figure 1 Hierarchical scheduling
Restrictions and guidelines: User profile configuration
In SDN-WAN system operating mode, the system does not support authorizing user profiles.
For more information about system operating modes, see device management in Fundamentals Configuration Guide.
In standard system operating mode, only the following cards support authorizing user profiles:
|
Card category |
Cards |
|
CSPEX |
CSPEX-1304S, CSPEX-1404S, CSPEX-1504S |
Only the following cards support applying a user profile to an interface:
|
Card category |
Cards |
|
CSPC |
CSPC-GE16XP4L-E, CSPC-GE24L-E, CSPC-GP24GE8XP2L-E |
|
CSPEX |
CSPEX-1304S, CSPEX-1404S, CSPEX-1504S, CSPEX-1104-E |
Because a session group profile and a user group profile implement the same function, a user profile cannot be associated with both a session group profile and a user group profile.
You can configure traffic regulation, traffic scheduling, connection limits, and auth-free rule for a user profile as required.
Prerequisites for user profile
If a user profile is applied to an interface, no authentication settings are required.
If a user profile works with authentication, you must configure authentication settings for a user profile. For information about supported authentication methods, see the configuration guides for the related authentication modules.
Configuring a user profile
About this task
For information about CAR policies, GTS, and queue scheduling profiles, see ACL and QoS Configuration Guide.
For information about connection limits, see "Configuring connection limits."
The system supports authorizing users profiles to users and supports the following settings in the user profile:
· Traffic regulation.
· Traffic scheduling.
· Queue scheduling profile for user queues.
· Connection limits.
· Auth-free rule.
The system supports applying user profiles to interfaces and supports only rate regulation and queue scheduling profile settings in the user profile.
Procedure
1. Enter system view.
system-view
2. Create a user profile and enter user profile view.
user-profile profile-name
3. Configure traffic regulation. Choose the options to configure as needed:
If the qos user-queue qmprofile command is used for traffic scheduling, to ensure successful traffic scheduling, you can only use the qos user-queue command to configure traffic regulation.
¡ Configure a CAR policy for the user profile.
qos car { inbound | outbound } any cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ]
qos car { inbound | outbound } any cir committed-information-rate [ cbs committed-burst-size ] pir peak-information-rate [ ebs excess-burst-size ]
By default, no CAR policy is configured for a user profile.
This command is available only for the following cards:
|
Card category |
Cards |
|
CSPEX |
CSPEX-1304S, CSPEX-1404S, CSPEX-1504S |
¡ Configure rate limiting for the user profile.
qos user-queue { cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ queue-length queue-length ] } * outbound
qos user-queue { cir committed-information-rate [ cbs committed-burst-size ] pir peak-information-rate [ ebs excess-burst-size ] [ queue-length queue-length ] } * outbound
qos user-queue { cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] } inbound
qos user-queue { cir committed-information-rate [ cbs committed-burst-size ] pir peak-information-rate [ ebs excess-burst-size ] } inbound
By default, rate limiting is not configured for a user profile.
The queue-length queue-length option is supported only in standard system operating mode.
When AAA authorizes a user profile, this command takes effect only on the following cards:
|
Card category |
Cards |
|
CSPEX |
CSPEX-1304S, CSPEX-1404S, CSPEX-1504S |
If a user profile is applied to the inbound direction of an interface, this command takes effect only on the following cards:
|
Card category |
Cards |
|
CSPEX |
CSPEX-1304S, CSPEX-1404S, CSPEX-1504S |
If a user profile is applied to the outbound direction of an interface, this command takes effect only on the following cards:
|
Card category |
Cards |
|
CSPC |
CSPC-GE16XP4L-E, CSPC-GE24L-E, CSPC-GP24GE8XP2L-E |
|
CSPEX |
CSPEX-1304S, CSPEX-1404S, CSPEX-1504S, CSPEX-1104-E |
4. Configure queue scheduling for user queues.
¡ Specify a queue for session packets that use the user profile.
qos queue { queue-id | queue-name }
By default, no queue for session packets is specified for a user profile.
Session packets are scheduled based on the scheduling priority of the specified queue, implementing session-based congestion management.
This command is not available in SDN-WAN system operating mode.
In standard system operating mode, this command is available only for the following cards:
|
Card category |
Cards |
|
CSPEX |
CSPEX-1304S, CSPEX-1404S, CSPEX-1504S |
¡ Set the outbound weight value for the user profile.
qos weight weight-value outbound
By default, no outbound weight value is set for a user profile.
Bandwidth resources are allocated based on the weight value.
This command is not available in SDN-WAN system operating mode.
In standard system operating mode, this command is available only for the following cards:
|
Card category |
Cards |
|
CSPEX |
CSPEX-1304S, CSPEX-1404S, CSPEX-1504S |
5. Specify an existing queue scheduling profile for the user profile.
qos user-queue qmprofile qmprofile-name { inbound | outbound }
By default, no queue scheduling profile is specified for a user profile.
When AAA authorizes a user profile, this command takes effect only on the following cards:
Table 1 Card information
|
Card category |
Cards |
|
CSPEX |
CSPEX-1304S, CSPEX-1404S, CSPEX-1504S |
For a user profile applied to an interface:
¡ In a user profile applied to the inbound direction of an interface, this command takes effect only on the following cards:
|
Card category |
Cards |
|
CSPEX |
CSPEX-1304S, CSPEX-1404S, CSPEX-1504S |
¡ In a user profile applied to the outbound direction of an interface, this command takes effect only on the following cards:
|
Card category |
Cards |
|
CSPC |
CSPC-GE16XP4L-E, CSPC-GE24L-E, CSPC-GP24GE8XP2L-E |
|
CSPEX |
CSPEX-1304S, CSPEX-1404S, CSPEX-1504S, CSPEX-1104-E |
6. Configure connection limits.
¡ Set the maximum number of user connections.
connection-limit amount amount
By default, the number of user connections is not limited for a user profile.
¡ Set the maximum connection establishment rate.
connection-limit rate rate
By default, the connection establishment rate is not limited for a user profile.
The commands are not available in SDN-WAN system operating mode.
In standard system operating mode, the commands are available only for the following cards:
|
Card category |
Cards |
|
CSPEX |
CSPEX-1304S, CSPEX-1404S, CSPEX-1504S |
7. Create a user profile free rule.
free-rule acl [ ipv6 ] { acl-number | name acl-name }
By default, no user profile free rule is configured for a user profile.
This command is supported only in standard system operating mode.
Configuring a session group profile
Restrictions and guidelines
This feature is not available in SDN-WAN system operating mode.
In standard system operating mode, this feature is available only for the following cards:
|
Card category |
Cards |
|
CSPEX |
CSPEX-1304S, CSPEX-1404S, CSPEX-1504S |
Procedure
1. Enter system view.
system-view
2. Enter interface view.
interface interface-type interface-number
3. Identify a session group on the interface.
qos session-group identify { customer-vlan | service-vlan | customer-service-vlan | subscriber-id }
By default, no session group is identified on the interface.
The interface identifies packets according to the specified method and classifies packets with the same characteristics to the same user group.
4. Return to system view.
quit
5. Create a session group profile and enter session group profile view.
user-profile profile-name type session-group
You can use the command to enter the view of an existing session group profile.
6. Configure traffic regulation.
¡ Configure GTS for the session group profile.
qos gts { any | queue queue-id } cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ queue-length queue-length ]
qos gts { any | queue queue-id } cir committed-information-rate [ cbs committed-burst-size ] pir peak-information-rate [ ebs excess-burst-size ] [ queue-length queue-length ]
By default, no GTS is configured for a session group profile.
7. Apply an existing queue scheduling profile to the session group profile.
qos apply qmprofile profile-name
By default, no queue scheduling profile is applied to a session group profile.
For information about GTS and queue scheduling profiles, see ACL and QoS Configuration Guide.
Configuring a user group profile
Restrictions and guidelines
This feature is not available in SDN-WAN system operating mode.
In standard system operating mode, this feature is available only for the following cards:
|
Card category |
Cards |
|
CSPEX |
CSPEX-1304S, CSPEX-1404S, CSPEX-1504S |
Procedure
1. Enter system view.
system-view
2. Enter interface view.
interface interface-type interface-number
3. Identify a session group on the interface.
qos session-group identify { customer-vlan | service-vlan | customer-service-vlan | subscriber-id }
By default, no session group is identified on the interface.
The interface identifies packets according to the specified method and classifies packets with the same characteristics to the same user group.
4. Return to system view.
quit
5. Create a user group profile and enter user group profile view.
user-group-profile profile-name
6. Configure traffic regulation.
¡ Configure GTS for the user group profile.
qos gts [ inbound ] any cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ queue-length queue-length ]
qos gts [ inbound ] any cir committed-information-rate [ cbs committed-burst-size ] pir peak-information-rate [ ebs excess-burst-size ] [ queue-length queue-length ]
By default, no GTS is configured for a user group profile.
If you have configured rate limiting by using the qos user-queue command for a user profile and associated the user profile with a user group profile, the queue-length queue-length option in GTS cannot take effect for the user group profile.
7. Apply an existing queue scheduling profile to the user group profile.
qos apply qmprofile profile-name
By default, no queue scheduling profile is applied to a user group profile.
8. Set the outbound weight value for the user group profile.
qos weight weight-value outbound
By default, no outbound weight value is set for a user group profile.
Bandwidth resources are allocated among user group profiles based on the weight value.
9. Return to system view.
quit
10. Enter user profile view.
user-profile profile-name
11. Associate the user profile with the user group profile.
qos user-queue user-group-profile user-group-profile-name outbound
By default, a user profile is not associated with any user group profile.
For information about GTS and queue scheduling profiles, see ACL and QoS Configuration Guide.
Applying a user profile to an interface
Restrictions and guidelines
A user profile applied to an interface supports only traffic policing, rate limiting, and queue scheduling profiles.
The following rules apply if you specify a direction when applying a user profile to an interface:
· The settings in the user profile take effect only if the direction of the settings is the same as the application direction.
· Only one user profile can be applied to the same direction.
The following rules apply if you do not specify a direction when applying a user profile to an interface:
· The settings in the user profile take effect in the direction as they are configured.
· No other user profile can be applied to the interface, regardless of whether it is applied with a direction.
This feature is mutually exclusive with any of the following configurations:
· Bind the interface to a VSI by using the xconnect vsi command.
· Bind the interface to a cross-connect by using the ac interface command.
· (In standard system operating mode.) Enable IPoE on the interface and configure an IPoE access mode for users by using the ip subscriber enable command. For more information about system operating modes, see device management in Fundamentals Configuration Guide.
If a user profile containing a CAR policy is applied to an interface:
· The CAR policy is mutually exclusive with traffic policing configured on an interface by using the qos car command.
· The CAR policy on a main interface does not take effect on its subinterfaces.
· The CAR policy does not take effect on member ports of an aggregation group.
· The CAR policy supports only the single rate two color algorithm. If you configure the pir peak-information-rate option, tokens are put into the token bucket at the PIR.
If a user profile containing a queue scheduling profile is applied to an interface, the maximum bandwidth in the queue scheduling profile can take effect on the CSPEX-1104-E, CSPC-GE16XP4L-E, CSPC-GE24L-E, and CSPC-GP24GE8XP2L-E cards in addition to the cards in Table 2 and Table 3.
Procedure
1. Enter system view.
system-view
2. Enter interface view.
interface interface-type interface-number
3. Apply a user profile to the interface.
qos apply user-profile profile-name [ inbound | outbound ]
By default, no user profile is applied to an interface.
Display and maintenance commands for user profiles
Execute display commands in any view and reset commands in user view.
|
Task |
Command |
|
Display the configuration and traffic policing statistics for a user profile applied to an interface. |
In standalone mode: display user-profile interface [ interface-type interface-number ] [ slot slot-number ] [ inbound | outbound ] In IRF mode: display user-profile interface [ interface-type interface-number ] [ chassis chassis-number slot slot-number ] [ inbound | outbound ] |
|
Display configuration and online user information for the specified user group profile or all user group profiles. |
In standalone mode: display user-group-profile [ name profile-name ] [ slot slot-number ] In IRF mode: display user-group-profile [ name profile-name ] [ chassis chassis-number slot slot-number ] This command is supported only in standard system operating mode. |
|
Display configuration and online user information for the specified user profile or all user profiles. |
In standalone mode: display user-profile [ session-group ] [ name profile-name ] [ slot slot-number ] In IRF mode: display user-profile [ session-group ] [ name profile-name ] [ chassis chassis-number slot slot-number ] |
|
Clear the traffic policing statistics for a user profile applied to an interface. |
reset user-profile interface [ interface-type interface-number ] [ inbound | outbound ] |
User profile configuration examples
Example: Configuring a user profile group for multiple users of the same home
Network configuration
As shown in Figure 2, the RADIUS server performs authentication, authorization, and accounting for multiple users (User A, User B, and User C) of the same home.
Configure common user profiles and a user group profile to meet the following requirements:
· Limit the traffic rate to 40000 kbps for User A.
· Limit the traffic rate to 80000 kbps for User B.
· Limit the traffic rate to 20000 kbps for User C.
· Limit the total bandwidth of the user group to 100 Mbps.
Procedure
|
|
NOTE: You can configure a user group profile or session group profile to meet the requirements. This example uses a session group profile. |
4. Configure the authentication server:
a. Configure user accounts for User A, User B, and User C. (Details not shown.)
b. Specify user profile a for the User A user account, user profile b for the User B user account, and user profile c for the User C user account. (Details not shown.)
c. Specify user group profile ugp for each user account. (Details not shown.)
5. Configure the device:
# Create a queue scheduling profile named qm.
<Device> system-view
[Device] qos qmprofile qm
[Device-qmprofile-qm] quit
# Identify a session group by SVLAN.
[Device] interface ten-gigabitethernet 3/1/1
[Device-Ten-GigabitEthernet3/1/1] qos session-group identify service-vlan
This operation will affect online users from now on. Continue? [Y/N]:y
[Device-Ten-GigabitEthernet3/1/1] quit
# Create a user group profile named ugp.
[Device] user-group-profile ugp
# Apply queue scheduling profile qm to user group profile named ugp.
[Device-user-group-profile-ugp] qos apply qmprofile four-queue qm
# Configure GTS to set the CIR to 100000 kbps for all traffic of user group profile ugp.
[Device-user-group-profile-ugp] qos gts any cir 100000
[Device-user-group-profile-ugp] qos gts inbound any cir 100000
[Device-user-group-profile-ugp] quit
# Create a user group for User A, set the CIR to 40000 kbps, and associate it with user group profile ugp.
[Device] user-profile a
[Device-user-profile-a] qos car inbound any cir 40000
[Device-user-profile-a] qos car outbound any cir 40000
[Device-user-profile-a] qos user-queue user-group-profile ugp inbound
[Device-user-profile-a] qos user-queue user-group-profile ugp outbound
[Device-user-profile-a] quit
# Create a user group for User B, set the CIR to 80000 kbps, and associate it with user group profile ugp.
[Device] user-profile b
[Device-user-profile-b] qos car inbound any cir 80000
[Device-user-profile-b] qos car outbound any cir 80000
[Device-user-profile-b] qos user-queue user-group-profile ugp inbound
[Device-user-profile-b] qos user-queue user-group-profile ugp outbound
[Device-user-profile-b] quit
# Create a user group for User C, set the CIR to 20000 kbps, and associate it with user group profile ugp.
[Device] user-profile c
[Device-user-profile-c] qos car inbound any cir 20000
[Device-user-profile-c] qos car outbound any cir 20000
[Device-user-profile-c] qos user-queue user-group-profile ugp inbound
[Device-user-profile-c] qos user-queue user-group-profile ugp outbound
[Device-user-profile-c] quit
Verifying the configuration
# Verify that the user profiles are correctly configured and are effective on online users.
<Device> display user-profile
User Profile: a
Direction: Inbound
Committed Access Rate:
CIR 40000 (kbps), CBS 2500000 (Bytes), EBS 0 (Bytes)
User queue:
User group profile: ugp
Direction: Outbound
Committed Access Rate:
CIR 40000 (kbps), CBS 2500000 (Bytes), EBS 0 (Bytes)
User queue:
User group profile: ugp
User Profile: b
Direction: Inbound
Committed Access Rate:
CIR 80000 (kbps), CBS 5000000 (Bytes), EBS 0 (Bytes)
User queue:
User group profile: ugp
Direction: Outbound
Committed Access Rate:
CIR 80000 (kbps), CBS 5000000 (Bytes), EBS 0 (Bytes)
User queue:
User group profile: ugp
User Profile: c
Direction: Inbound
Committed Access Rate:
CIR 20000 (kbps), CBS 1250000 (Bytes), EBS 0 (Bytes)
User queue:
User group profile: ugp
Direction: Outbound
Committed Access Rate:
CIR 20000 (kbps), CBS 1250000 (Bytes), EBS 0 (Bytes)
User queue:
# Verify that the user group profile is correctly configured.
<Device> display user-group-profile name ugp
User Group Profile: ugp
Direction: Inbound
General Traffic Shaping:
If-match any:
CIR 100000 (kbps), CBS 6250000 (Bytes), EBS 0 (Bytes)
Direction: Outbound
General Traffic Shaping:
If-match any:
CIR 100000 (kbps), CBS 6250000 (Bytes), EBS 0 (Bytes)
QMProfile: qm
