廣西電信E320業(yè)務(wù)配置介紹

8.廣西電信E320現(xiàn)有業(yè)務(wù)配置介紹

廣西電信E320業(yè)務(wù)配置介紹共24頁，您現(xiàn)在瀏覽的是第1頁!

廣西電信E320現(xiàn)有業(yè)務(wù)配置介紹

廣西電信E320上業(yè)務(wù)應(yīng)用，比四川電信、重慶電信E320的業(yè)務(wù)應(yīng)用要多，業(yè)務(wù)配置類型也比較新，比如采用了lag端口聚合、動態(tài)vlan分配、DSI方式生成DHCP子接口、不同業(yè)務(wù)不同VR等應(yīng)用方式，所以熟悉業(yè)務(wù)配置、了解配置特點就很重要。1、普通pppoe用戶

1.1、pppoe原理圖DSL

Modemtim@ISP2ISP1ISP2MAC=XMAC=AEtherType=0x8864DAMAC=XSAMAC=APhysicalPPPoEHeaderSessionID=0x123PPPHeaderDAIP=SAIP=RFC2516:GeneralframeformatPCrequirementsPPPoE兩個階段:DiscoverystagePPPsessionstage廣西電信E320業(yè)務(wù)配置介紹共24頁，您現(xiàn)在瀏覽的是第2頁!

廣西電信E320現(xiàn)有業(yè)務(wù)配置介紹PADIPADOPADRPADSLCPrequestLCPack期間LCPIdentiticationPppPAPPppPAPIPIPCPrequestIPIPCPrejectIPIPCPNAKIPIPCPACK該階段分配ip地址IPV6請求被拒絕Pppoe過程LCP階段1.2、完整pppoe用戶撥號過程圖廣西電信E320業(yè)務(wù)配置介紹共24頁，您現(xiàn)在瀏覽的是第3頁!

廣西電信E320現(xiàn)有業(yè)務(wù)配置介紹profile"pppoe-auto"ipunnumberedloopback0ipsa-validateIppolicysecondary-input"User_Local_Input"pppauthenticationpapchappppoesessions5！profile"atm-auto"atmatm1483auto-configurepppoelockout-timenoneatmpvcaal5snapatmatm1483profilepppoe"pppoe-auto"!●ATM撥號的profile定義interfaceatm4/0/4atmsonetstm-1atmclockinternalchassis

atmoamflushatmbulk-config"ATM-DSLAM"atmbulk-config"ATM-DSLAM"vc-range6632896atmbulk-config"ATM-DSLAM"vc-range7732799profileatm1483bulk-config-name"ATM-DSLAM""atm-auto"

auto-configureatm1483●flush為discard掉接收到oam、其他cell●自動感應(yīng)vc、vp廣西電信E320業(yè)務(wù)配置介紹共24頁，您現(xiàn)在瀏覽的是第4頁!廣西電信E320現(xiàn)有業(yè)務(wù)配置介紹3、L2TP業(yè)務(wù)配置介紹

3.1、L2TP拓?fù)鋱DRADIUSModemtyler

@home1

@ISP2RADIUSDSL

RouterISP1PPPIPPPPIPL2TPTunnelsLACLNSLNSRADIUS●LAC▲物理鏈路連接▲啟動l2tp的tunnel和session●LNS▲位于L2TPtunnel的終端▲終結(jié)ppp的session▲管理用戶的ip接口廣西電信E320業(yè)務(wù)配置介紹共24頁，您現(xiàn)在瀏覽的是第5頁!廣西電信E320現(xiàn)有業(yè)務(wù)配置介紹ISP2RADIUSRADIUSControlConnectionLACerx3lo0=L2TPTunnelLNSerx1lo0=Session(dave@)dave@isp2.IncomingCallRequest(ICRQ)IncomingCallReply(ICRP)IncomingCallConnected(ICCN)Zero-LengthBodyACK(ZLB)UserAuthenticationCompletesNCPIPCPCompletes廣西電信E320業(yè)務(wù)配置介紹共24頁，您現(xiàn)在瀏覽的是第6頁!廣西電信E320現(xiàn)有業(yè)務(wù)配置介紹routerbgp64646neighborremote-as64646neighborupdate-sourceloopback0neighborremote-as64646neighborupdate-sourceloopback0!address-familyvpnv4unicastneighboractivateneighborsend-munityneighborsend-munityextendedneighboractivateneighborsend-munityneighborsend-munityextendedexit-address-family!address-familyipv4unicastvrfCTVPN52476-GX_LAODONGTINGnosynchronizationnoauto-summaryredistributestaticredistributeconnectedexit-address-family!address-familyipv4unicastvrfCTVPN53031-GX_LIQUANnosynchronizationnoauto-summaryredistributestaticredistributeconnectedexit-address-familyrouterospf99router-id4!passive-interfaceloopback0address8area0address2area0!redistributestaticredistributeconnectedipvrfCTVPN52476-GX_LAODONGTINGrd4809:52476route-targetimport4809:5247606route-targetexport4809:5247616!ipvrfCTVPN53031-GX_LIQUANrd4809:53031route-targetimport4809:5303106route-targetexport4809:5303116!廣西電信E320業(yè)務(wù)配置介紹共24頁，您現(xiàn)在瀏覽的是第7頁!廣西電信E320現(xiàn)有業(yè)務(wù)配置介紹5、限速策略的配置和應(yīng)用介紹以目前廣西在用的策略ADSL_E8_4M_egress為列，知道如何查看和配置E320#shpolicy-listADSL_E8_4M_egressPolicyTable-----------IPPolicyADSL_E8_4M_egressAdministrativestate:enableReferencecount:139Classifiercontrollist:multicast,precedence80

filterClassifiercontrollist:broadcast,precedence90filterClassifiercontrollist:*,precedence100

rate-limit-profileADSL_E8_4M_egressReferencedbyinterface(s):

lagEth-Trunk2.18460289.1outputpolicy,statisticsdisabled,virtual-routerdefault●過濾了組播報文和廣播報文●注意pre優(yōu)先級的定義●調(diào)用4M的限速定義●應(yīng)用到端口的output方向E320#shclassifier-listmulticastIPmulticast.1ipany55！E320#shclassifier-listbroadcastIPbroadcast.1ipanyhost55！廣西電信E320業(yè)務(wù)配置介紹共24頁，您現(xiàn)在瀏覽的是第8頁!廣西電信E320現(xiàn)有業(yè)務(wù)配置介紹6、radius服務(wù)器配置介紹●radius基本配置E320#showconfcategoryaaa|beginradiusradiusauthenticationserver04

max-sessions2000deadtime10

key"hua----wei"!radiusauthenticationserver05max-sessions2000deadtime10key"hua----wei"!radiusaccountingserver04max-sessions2000deadtime10key"hua----wei"!radiusaccountingserver05max-sessions2000deadtime10key"hua----wei"!radiusupdate-source-addr0radiusnas-port-format0ssssppp●需要配置認(rèn)證和計費二部分●配置并發(fā)向radius發(fā)請求數(shù)為2000，默認(rèn)為255，最大32000.●認(rèn)證時的key為”hua----wei“●配置與radius通信的源地址●不配置通信端口，則采用默認(rèn)的1812/1813廣西電信E320業(yè)務(wù)配置介紹共24頁，您現(xiàn)在瀏覽的是第9頁!廣西電信E320現(xiàn)有業(yè)務(wù)配置介紹7、以太網(wǎng)管業(yè)務(wù)配置模式介紹

●查看在線以太網(wǎng)管

E320:static-user#sharpallAddressAgeHardwareAddrInterface251230018.82ed.3699GigabitEthernet0/0/5.20100210930018.82ed.ba50GigabitEthernet0/0/5.20100234140018.82ed.3743GigabitEthernet0/0/5.20100234120018.82ed.3697GigabitEthernet0/0/5.20100!●查看接口配置

E320:static-user#shconfintGigabitEthernet0/0/5.20100interfacegigabitEthernet0/0/5.20100!svlanid2100svlanethertype8100ipunnumberedloopback24!E320:static-user#showconfintloopback24interfaceloopback24ipaddress54ipaddresssecondaryipaddresssecondaryipaddresssecondary!●查看路由配置

E320:static-user#shconfcategoryip-protocolsvirtual-routerstatic-useriproute55GigabitEthernet0/0/5.20100iproute55GigabitEthernet0/0/5.20100●age老化時間時間可以配置●多網(wǎng)段的共同網(wǎng)關(guān)廣西電信E320業(yè)務(wù)配置介紹共24頁，您現(xiàn)在瀏覽的是第10頁!廣西電信E320現(xiàn)有業(yè)務(wù)配置介紹9、廣西電信E320路由協(xié)議配置方式介紹●目前廣西電信E320采用ospf發(fā)布路由，其中南寧采用了Nssa域方式。E320#shconfcategoryip-protocolsvirtual-routerdefaultvirtual-routerdefaultiproutenull0iproutenull0iproutenull0!routerospf100router-id6!address8areaaddress4areaaddress6area!redistributestatic！interfacelag1.50!vlanid50ipdescriptionTO-XXXipaddress.152ipospfmessage-digest-key1md58xxxipospfauthenticationmessage-digestipospfcost1000★設(shè)置VR中需要發(fā)布的路由段到null0★重發(fā)布到ospf中，發(fā)布到E320外★可以使用router-map的方式選擇需要發(fā)布的路由。★上行口對ospf進(jìn)程加密廣西電信E320業(yè)務(wù)配置介紹共24頁，您現(xiàn)在瀏覽的是第11頁!廣西電信E320現(xiàn)有業(yè)務(wù)配置介紹●SRC/SDX主系統(tǒng)：在核心（南寧二樞紐21樓）放置SRC(雙機冗余)服務(wù)全區(qū)ERX1440/E320，并可視業(yè)務(wù)發(fā)展增加●HTTP重定向器(Redirector)：強制Portal功能要求在BRAS和Portal服務(wù)器之間為單跳(single-hop)，為了實現(xiàn)這個目的，在SRC設(shè)備前面放置二臺華為E200防火墻（雙機冗余），通過ERX與防火墻之間建立GRETunnel隧道，防火墻終結(jié)GRETunnel，從而實現(xiàn)ERX與SRC設(shè)備上的Redirector服務(wù)器二層的連接●Portal服務(wù)器：提供Portal功能?！馬adius系統(tǒng)：提供接入認(rèn)證和計費數(shù)據(jù)采集功能10.2、WLAN普通非撥號用戶訪問網(wǎng)絡(luò)的流程

●用戶開機發(fā)出DHCP請求●ERX在收到DHCP請求后，為用戶分配IP地址，并將用戶的相關(guān)信息送往SRC/SAE注冊●SRC/SAE為該用戶下發(fā)缺省策略，對其實施訪問控制★可以使用DNS服務(wù)解析域名★可以使用DHCP更新地址★將所有的HTTP請求策略路由到Rediretor★丟棄所有其它流量●用戶打開瀏覽器，輸入任意URL或者地址●ERX將用戶的HTTP請求next-hop到Redirector●Redirector將用戶請求重定向到Portal服務(wù)器●Portal根據(jù)用戶接入位置，呈現(xiàn)相應(yīng)的登錄頁面，該頁面還包含根據(jù)用戶接入位置定制的免費訪問內(nèi)容●用戶在登錄頁面輸入用戶名和密碼●SRC/SAE向后臺BIMS系統(tǒng)發(fā)送RADIUS認(rèn)證請求●RADIUS返回驗證結(jié)果●如果認(rèn)證通過，SRC/SAE下發(fā)新的用戶策略給ERX，解除訪問控制，用戶可以上網(wǎng)廣西電信E320業(yè)務(wù)配置介紹共24頁，您現(xiàn)在瀏覽的是第12頁!廣西電信E320現(xiàn)有業(yè)務(wù)配置介紹使用GRETunnel方式與SDX/SEA服務(wù)器相連

tunnel-server13/2/0max-interfacesall-available!interfacetunnelgre:Toredirector1transport-virtual-routerWLAN

tunnelsource0tunneldestinationtunnelmtu1480tunnelchecksumipdescriptionTunnelTo_HuaWei_Firewall-1ipaddress52?。ㄓ?條）Rtr配置rtr100typeechoprotocolipIcmpEchosourceTUNNELgre:Toredirector1receive-interfaceTUNNELgre:Toredirector1frequency1rtr200typeechoprotocolipIcmpEchosourceTUNNELgre:Toredirector2receive-interfaceTUNNELgre:Toredirector2frequency1!rtrreaction-configuration100action-typetrapOnlyrtrreaction-configuration200action-typetrapOnlyrtrreaction-configuration100test-failure3rtrreaction-configuration200test-failure3rtrreaction-configuration100test-pletionrtrreaction-configuration200test-pletionrtrschedule100life3rtrschedule200life3rtrschedule100start-timenowrtrschedule200start-timenowrtrschedule100restart-time1rtrschedule200restart-time1！配置dhcp地址池servicedhcp-localequal-accessipdhcp-localunique-client-idsipdhcp-localpoolWLANnetwork116.252.**.**dns-server88default-router116.252.**.**lease002！

ipdhcp-localexcluded-address116.252.**.**！配置SNMP，和后臺SDX系統(tǒng)通信access-listsnmpaclpermitiphostanyaccess-listsnmpaclpermitiphost0any！snmp-servermunity"gx_wlan"viewuserrosnmpaclsnmp-server!接口配置●接口一定要加描述，比如ipdescriptionWLAN-liuzhou。廣西電信E320業(yè)務(wù)配置介紹共24頁，您現(xiàn)在瀏覽的是第13頁!

廣西電信E320現(xiàn)有業(yè)務(wù)配置介紹1.3、廣西電信普通pppoe配置介紹首先，定義file"pppoe-svlan"vlanauto-configurepppoelockout-timenonesvlanethertype8100vlanprofilepppoe"pppoe-svlan-base"!profile"pppoe-svlan-base"ipunnumberedloopback0ipsa-validatepppauthenticationpappppoesessions250pppoemtu1434!●單vlan用戶，不需要配置svlanethertype8100，新建profile●ipsa配置防止用戶端的偽地址攻擊●子接口最大session數(shù)設(shè)置為250，不設(shè)置，則采用限制最大session數(shù)端口配置interfacelagT64G-1-EthTrunk1member-interfaceGigabitEthernet0/0/2ethernetdescriptionWangGuanVlan16-TO-SCL-T64Gencapsulationvlanauto-configurevlanprofilevlanbulk-configsvlan"pppoe-svlan"vlanbulk-configsvlansvlan-range50503040vlanbulk-configsvlansvlan-range180019481002022vlanbulk-configsvlansvlan-range195119601002022vlanbulk-configsvlansvlan-range2600289927002799●端口為lag聚合端口●auto-configurevlan設(shè)置vlan的自動感應(yīng)●調(diào)用了名稱為pppoe-svlan的profile廣西電信E320業(yè)務(wù)配置介紹共24頁，您現(xiàn)在瀏覽的是第14頁!

廣西電信E320現(xiàn)有業(yè)務(wù)配置介紹2、校園網(wǎng)業(yè)務(wù)配置模式2.1、新建一個校園網(wǎng)VRE320#conftE320(config）#vircampus2.2、定義profileprofile"campus-pppoe"ipunnumberedloopback0

pppauthenticationvirtual-router"campus"pappppkeepalive40pppoesessions250pppoemtu1460profile"campus"vlanauto-configurepppoelockout-timenonevlanprofilepppoe"campus-pppoe"!●定義到VR”campus”認(rèn)證●loopback0配置VR“campus”里面2.3、端口定義interfacelag3member-interfaceGigabitEthernet0/0/2member-interfaceGigabitEthernet0/1/2encapsulationvlanauto-configurevlanvlanbulk-configpppoe-vlanprofilevlanbulk-configpppoe-vlan"campus"vlanbulk-configpppoe-vlanvlan-range10002467vlanbulk-configpppoe-vlanvlan-range24692510廣西電信E320業(yè)務(wù)配置介紹共24頁，您現(xiàn)在瀏覽的是第15頁!

廣西電信E320現(xiàn)有業(yè)務(wù)配置介紹3.2、L2TP用戶撥號過程ISP2RADIUSdave@isp2.RADIUSLACerx3lo0=LNSerx1lo0=LCPConfReqLCPConfReqLCPConfAckLCPConfAckInitialAuthenticationUser發(fā)起到LAC的PPP連接LAC作初始的認(rèn)證，并確定:本地終結(jié)PPP會話或者將PPP會話導(dǎo)入到LNS的隧道隧道屬性可以通過以下途徑獲得:AAAdomainmapRADIUS使用UDP端口1701作為目的端口源端口可以為任意J固定使用1701使用router-id作為LAC源IPStartControlConnectionRequest(SCCRQ)StartControlConnectionReply(SCCRP)StartControlConnectionConnected(SCCCN)Zero-LengthBody(ZLBACK)HelloHelloL2TPTunnelControlConnection廣西電信E320業(yè)務(wù)配置介紹共24頁，您現(xiàn)在瀏覽的是第16頁!廣西電信E320現(xiàn)有業(yè)務(wù)配置介紹3.3、L2TP在E320上實現(xiàn)方式

●廣西電信目前E320做為L2TP的LAC?！馤NS不集中，不同VPDN建有不同LNS●有二種實現(xiàn)方式★采用AAAdomain-map方式，在E320配置LNS的tunnel信息

aaadomain-map"fca1.gx"auth-router-namedefaultip-router-namedefaultipv6-router-namedefaulttunnel3address"46"identificationgxfcadslclient-nameadslpasswordgxfcadsl

★采用radius方式，E320不做任何配置，radius返回LNS各種信息。●identification表明tunnel的名稱●LNS的ip地址、密碼等。4、MPLS下各VRF業(yè)務(wù)配置介紹●廣西電信采用BGP+OSPF協(xié)議實現(xiàn)MPLS業(yè)務(wù)E320#shconfcategoryip-protocolsvirtual-routerMPLS-VPNvirtual-routerMPLS-VPNiprouter-id4noipsource-route!access-listMyRIDpermitiphost4any!廣西電信E320業(yè)務(wù)配置介紹共24頁，您現(xiàn)在瀏覽的是第17頁!廣西電信E320現(xiàn)有業(yè)務(wù)配置介紹●用戶如何落到各VRF里面？★DSI方式生成DHCP子端口，落到VRF:GXNN-ITMS-MGMT里面

profile"E8-RG-dhcp"ipvirtual-router"MPLS-VPN:GXNN-ITMS-MGMT"ipunnumberedloopback0ipinactivity-timer20ipauto-configureip-subscriberexclude-primary!★采用AAAdomain-map的方式落到VRF里面

aaadomain-map"gxldt.gx"auth-router-namedefaultip-router-name"MPLS-VPN:CTVPN52476-GX_LAODONGTING"local-interfaceloopback0

address-pool-name"gxldt-1"ipv6-router-namedefault！●指定了VRF●DHCP子接口在20m內(nèi)部不活動，將被釋放。●生成ip子接口●在defaultVR里面進(jìn)行認(rèn)證●指定VRF●指定ip地址池廣西電信E320業(yè)務(wù)配置介紹共24頁，您現(xiàn)在瀏覽的是第18頁!廣西電信E320現(xiàn)有業(yè)務(wù)配置介紹E320#shrate-limit-profileADSL_E8_4M_egressRateLimitProfileTable---------------------IPRate-Limit-Profile:ADSL_E8_4M_egressProfileType:two-rateReferencecount:1Committedrate:4544000Committedburst:568000

Peakrate:4998400Peakburst:16384Mask:255Committedrateaction:transmitConformedrateaction:transmitExceededrateaction:drop●rate正常情況下容許通過的流量大小●burst為突發(fā)流量●peak為流量能達(dá)到的最高峰值定義●transmit表示容許通過●drop表示過濾掉廣西電信E320業(yè)務(wù)配置介紹共24頁，您現(xiàn)在瀏覽的是第19頁!廣西電信E320現(xiàn)有業(yè)務(wù)配置介紹●查看aaa配置★認(rèn)證E320#shconfcategoryaaaauthenticationvirtual-routerdefaulthostname“E320”virtual-routerdefaultaaaauthenticationatm1483defaultradiusaaaauthenticationipdefaultradiusaaaauthenticationpppdefaultradiusaaaauthenticationradius-relaydefaultradiusaaaauthenticationtunneldefaultradius!★計費E320#shconfcategoryaaaaccountingvirtual-routerdefaultvirtual-routerdefaultaaaaccountingatm1483defaultradiusaaaaccountingipdefaultradiusaaaaccountingpppdefaultradiusaaaaccountingradius-relaydefaultradiusaaaaccountingtunneldefaultradius●pppoe用戶在radius上進(jìn)行認(rèn)證●可以設(shè)置為none，即偽認(rèn)證，不進(jìn)行認(rèn)證和計費廣西電信E320業(yè)務(wù)配置介紹共24頁，您現(xiàn)在瀏覽的是第20頁!廣西電信E320現(xiàn)有業(yè)務(wù)配置介紹8、ATM網(wǎng)管業(yè)務(wù)配置模式介紹

●IPOA方式的網(wǎng)管一種在ATM網(wǎng)絡(luò)基礎(chǔ)上實現(xiàn)IP數(shù)據(jù)傳輸?shù)囊环N技術(shù)。它對應(yīng)于RFC1577標(biāo)準(zhǔn)，是在ATM網(wǎng)絡(luò)上承載IP協(xié)議的標(biāo)準(zhǔn)規(guī)范。

E320:static-user#shconfinta4/0/1.10100interfaceatm4/0/1.10100atmpvc101000100aal5snap000ipunnumberedloopback1003！E320:static-user#shconfintloopback1003interfaceloopback1003ipaddress2955!E320:static-user#shconfcategoryip-protocolsvirtual-routerstatic-user|in65iproute6555atm4/0/1.10100●atm1483模式的ATM專線和網(wǎng)管

EthernetOverATM(RFC1483RouterMode)模式

E320:static-user#shconfintATM4/0/5.10070062interfaceatm4/0/5.10070062atmpvc10070062762aal5snap000encapsulationbridge1483ipunnumberedloopback1ipp