ISSUEISSUE
Fixed Network Curriculum
Development Section
Fixed Network Curriculum
Development Section
ODN000202 SmartAX MA5200FBroadband IP access Equipment
Operation and Maintenance
ODN000202 SmartAX MA5200FBroadband IP access Equipment
Operation and Maintenance1.01.0
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
2
ObjectivesObjectives
Grasp system basic configuration commands.
Perform basic maintenance operations.
Perform VLAN service configuration
Perform PPPoE service configuration
Perform leased line service configuration
On completion of this course, you will be able to:
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
3
Preparation for Configuration
System Basic Configuration
VLAN Service Configuration
PPPoE Service Configuration
Leased Line Service Configuration
ContentsContents
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
4
Configuration Environment EstablishmentConfiguration Environment Establishment
MA5200F control console provides two configuration modes:
Establish configuration environment via the Console
Local
maintenance
Establish configuration environment via Telnet
Local and remote
maintenance
In-band Telnet: Occupying service channels
Out-band Telnet: Occupying dedicated channel
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
5
Configuration Environment EstablishmentConfiguration Environment Establishment
MA5200E/F
PC
RS232串口线
Console configuration mode
Connect the minicomputer serial port with the MA5200F Console
via a standard RS232 serial port cable, and perform the
configuration via using hyper terminal tools under Windows or
other operation systems
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
6
Open the hyper terminal
Open-Program-Accessories-
Communications-Hyper terminal: Double click
Setting the HyperTerminal parameters
Enter the name: MA5200F ( The name can be defined by
the user) Connection use: Directly connect to Serial port 1
(depending on actual conditions)
Port setting: 9600bit/s, 8 data bits, no parity check
1 suspension bit, no flow control
Terminal type: VT100 or automatic test
Hypertrm. exe
Configuration Environment EstablishmentConfiguration Environment Establishment
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
7
Configuration Environment EstablishmentConfiguration Environment Establishment
Server Telnet TerminalWS
LAN
WSMA5200E/F
Telnet configuration mode (Local)
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
8
Configuration Environment EstablishmentConfiguration Environment Establishment
WAN
LAN
Remote Router
Local Router
MA5200E/F
Telnet Terminal
LAN
WS
WS
Telnet configuration mode (Remote)
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
9
Views of Command LineViews of Command Line
User view
<MA5200F>
Login
System view
[MA5200F]
Ethernet interface view
[MA5200F -Ethernet1]
Gigabit Ethernet interface view
[MA5200F -GigabitEthernet25]
Virtual-Template interface view
[MA5200F- Virtual-Template1]
Loopback Interface view
[MA5200F-LoopBack2]
system-view
return
interface ethernet 1
interface GigabitEthernet25
loopback 2
quit
quit
User-interface view
[MA5200F-ui0]
interface Virtual-Template1
User-interface 0
MA5200F Command Line
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
10
Command Line BasisCommand Line Basis
Command line help You can obtain a brief description of the help system by entering “help” under any command mode.
Chinese/English language switching
<MA5200F>switch language-mode chinese
Access history commands
Access the previous history command: The upper cursor key
or "Ctrl +P"
Access the next history command: The lower cursor key or
"Ctrl +N"
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
11
Preparation for Configuration
System Basic Configuration
VLAN Service Configuration
PPPoE Service Configuration
Leased Line Service Configuration
ContentsContents
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
12
System Basic ConfigurationSystem Basic Configuration
Operation Terminal Introduction
User-interface: AUX (Console) VTY (telnet)
Numbering of user-interface
Absolute numbering
Ui 0 ->Con Ui1 -> VTY 0 Ui2 -> VTY 1 ….
Relative numbering
Numbering of console : con 0;
Numbering of VTY : first, VTY 0 , second, VTY 1, and so on.
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
13
System Basic ConfigurationSystem Basic Configuration
Operation terminal management
Password authentication
[MA5200F-ui-vty0] authentication-mode password
[MA5200F-ui-vty0] set authentication password simple huawei
AAA authentication
[MA5200F] login authentication-scheme default local
[MA5200F] login local-user root password simple admin
[MA5200F-ui-vty0] authentication-mode scheme default
None authentication
[MA5200F-ui-vty0] authentication-mode none
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
14
System Basic ConfigurationSystem Basic Configuration
NM management
<MA5200F>system-view
Setting community name and grant access rights
[MA5200F] snmp-agent community read public
[MA5200F] snmp-agent community write private
Setting the manager ID, contact and location of the equipment
[MA5200F] snmp-agent sys-info contact Mr.Wang-Tel:3306
[MA5200F] snmp-agent sys-info location telephone-
closet,3rd-floor
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
15
System Basic ConfigurationSystem Basic Configuration
……
Permit the MA5200F to send Trap packets to an NM
workstation (129.102.149.23). The used community name is
"public".
[MA5200F] snmp-agent trap enable
[MA5200F] snmp-agent target-host trap address udp-domain
129.102.149.23 udp-port 5000 params securityname public
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
16
System Basic ConfigurationSystem Basic Configuration
TFTP Configuration
Get file from the operation terminal
<MA5200F>tftp get //10.77.212.102/abc.doc aaa.doc
<MA5200F>dir
Directory of flash:/
0 drw- - Oct 17 2003 15:46:43 system
1 drw- - Oct 17 2003 15:57:41 billfile
2 -rw- 107520 Oct 20 2003 20:55:13 aaa.doc
put file to the operation terminal
<MA5200F>tftp put aaa.doc //10.77.212.102/ccc.doc
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
17
System Basic ConfigurationSystem Basic Configuration
FTP Configuration
[MA5200F]ftp ser enable
Setting authentication mode of FTP user.
[MA5200F]ftp authentication-mode scheme default
[MA5200F]login authentication-scheme default local
Setting authentication and authorization of the FTP user.
[MA5200F]login local-user ma5200 password simple huawei
[MA5200F]login local-user ma5200 service-type ftp
[MA5200F]login local-user ma5200 ftp-directory flash:
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
18
System Basic ConfigurationSystem Basic Configuration
Setting IP address of the NM_interface
[MA5200F]interface Nm-Ethernet 0
[MA5200F-Nm-Ethernet0]ip address 10.77.212.100
255.255.255.0
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
19
System Basic ConfigurationSystem Basic Configuration
Device Management configuration
Reset system [MA5200F] reboot
Reset port [MA5200F] reset port
Query system information [MA5200F] display device
Query system environment [MA5200F]display
environment
Query port information [MA5200F] display interface
Query clock information <MA5200F>display clock
Query system version <MA5200F>display version
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
20
System Basic ConfigurationSystem Basic Configuration
Display system operation log information
<MA5200F>display operation-log
Display system running log information <MA5200F>display
running-log
Display system trap information
<MA5200F>display trap
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
21
System Basic ConfigurationSystem Basic Configuration
Display the configuration data in the flash
[MA5200F]display saved-configuration
Display current running configuration data.
[MA5200F]display current-configuration
Save the current configuration
<MA5200F>save
Delete the flash configuration data.
<MA5200F>reset saved-configuration
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
22
Preparation for Configuration
System Basic Configuration
VLAN Service Configuration
PPPoE Service Configuration
Leased Line Service Configuration
ContentsContents
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
23
VLAN Service ConfigurationVLAN Service ConfigurationVLAN Service ConfigurationVLAN Service Configuration
VLAN Service Type
Common VLAN services:•VLAN Bind Local authentication , built-in DHCP server•VLAN WEB RADIUS authentication , built-in DHCP Server
External DHCPExternal DHCP
Built-in DHCPBuilt-in DHCP
VLAN Bind VLAN Bind
VLAN WEB VLAN WEB
VLAN FAST VLAN FAST
RADIUS RADIUS AuthenticationAuthentication
Local Local AuthenticationAuthentication
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
24
VLAN Service ConfigurationVLAN Service ConfigurationVLAN Service ConfigurationVLAN Service Configuration
Service Service
TypeType
Users OperationUsers Operation Access ModeAccess Mode Main ApplicationMain Application
VLAN BindVLAN Bind No username and
password
Obtaining IP
after passing
authentication
Enterprise
VLAN WEBVLAN WEB Input username and
password on WEB
page
Obtaining IP
after passing
authentication
Residential area,
Hotel, Campus
VLAN FASTVLAN FAST No username and
password, need to
run WEB page
Obtaining IP
after passing
authentication
Enterprise
Features of VLAN Service
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
25
VLAN Service ConfigurationVLAN Service ConfigurationVLAN Service ConfigurationVLAN Service Configuration
Typical networking
MA5200F/F
2403F
DHCP Server
RADIUS Server
VOD Server
WEB Server
L3/RouterMAN/BACK BONE
2403F
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
26
VLAN Service Configuration ProcedureVLAN Service Configuration ProcedureVLAN Service Configuration ProcedureVLAN Service Configuration Procedure
Port Attribute ConfigurationPort Attribute Configuration
Domain ConfigurationDomain Configuration (( adopts IP local pool, Authentication adopts IP local pool, Authentication policypolicy 、、 Accounting policyAccounting policy 、、 RADIUS policyRADIUS policy ))
User ConfigurationUser Configuration
Routing ConfigurationRouting Configuration
Authentication Authentication SchemeScheme
IP POOL IP POOL ConfigurationConfiguration
AccountingAccountingSchemeScheme
RADIUSRADIUSConfigurationConfiguration
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
27
VLAN Bind Service ConfigurationVLAN Bind Service ConfigurationVLAN Bind Service ConfigurationVLAN Bind Service Configuration
IP Address Pool Configuration
If built-in DHCP server is used.
Create a new IP local pool named huawei
[MA5200F] ip pool huawei local
Set gateway and subnet mask of the IP pool.
[MA5200F-ip-pool-huawei]gateway 10.10.1.1 255.255.0.0
Set the IP pool.
[MA5200F-ip-pool-huawei]section 0 10.10.1.2 10.10.4.100
Set DNS server IP address
[MA5200F-ip-pool-huawei]dns-server 126.1.1.1
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
28
VLAN Bind Service ConfigurationVLAN Bind Service ConfigurationVLAN Bind Service ConfigurationVLAN Bind Service Configuration
If external DHCP server is used.
Create a new external DHCP server group named abc
[MA5200F]dhcp-server group abc
Set the IP address of the external DHCP server connected with
the DHCP server group.
[MA5200F-dhcp-server-group-abc]dhcp-server 192.168.0.1
[MA5200F-dhcp-server-group-abc]dhcp-server 192.168.0.2
secondary
Create a remote IP address pool.
[MA5200F]ip pool huawei remote
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
29
VLAN Bind Service ConfigurationVLAN Bind Service ConfigurationVLAN Bind Service ConfigurationVLAN Bind Service Configuration
Set the gateway of the IP pool and bind the IP pool with the
DHCP server.
[MA5200F-ip-pool-huawei]gateway 10.10.1.1 255.255.0.0
[MA5200F-ip-pool-huawei]dhcp-server group abc
Config authentication policy
[MA5200F]aaa
Create a new authentication policy Auth1
[MA5200F-aaa]authentication-scheme auth1
Set the authentication policy as local authentication
[MA5200F-aaa-authen-auth1]authentication-mode local
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
30
VLAN Bind Service ConfigurationVLAN Bind Service ConfigurationVLAN Bind Service ConfigurationVLAN Bind Service Configuration
Config accounting policy
[MA5200F]aaa
Acct1 Create a new accounting policy acct1
[MA5200F-aaa]accounting-scheme acct1
Set the accounting policy as local charging.
[MA5200F-aaa-accounting-acct1]accounting-mode local
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
31
VLAN Bind Service ConfigurationVLAN Bind Service ConfigurationVLAN Bind Service ConfigurationVLAN Bind Service Configuration
Domain Configuration
[MA5200F]aaa
Create a new domain isp
[MA5200F-aaa]domain isp
Set IP pool for the domain
[MA5200F-aaa-domain-isp]ip-pool first huawei
Set the authentication and accounting policies for this domain.
[MA5200F-aaa-domain-isp]authentication-scheme auth1
[MA5200F-aaa-domain-isp]accounting-scheme acct1
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
32
VLAN Bind Service ConfigurationVLAN Bind Service ConfigurationVLAN Bind Service ConfigurationVLAN Bind Service Configuration
User configuration
Enter the local-aaa-server view.
[MA5200F]local-aaa-server
Create new accounts in batch.
[MA5200F-local-aaa-server]batch-user ethernet 1 2 1 domain
isp
As binding users concerned, after the configuration, the
system automatically generates the account like,
ma5200f-vlan-01-0002@isp.
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
33
VLAN Bind Service ConfigurationVLAN Bind Service ConfigurationVLAN Bind Service ConfigurationVLAN Bind Service Configuration
Port VLAN configuration
Enter port VLAN configuration view
[MA5200F]portvlan ethernet 1 vlan 2
Set the access type of the port VLAN as layer2-subscriber
[MA5200F-ethernet-1-vlan2-2]access-type layer2-subscriber
Configure the default domain
[MA5200F-ethernet-1-vlan2-2]default-domain authentication isp
Set the authentication mode of the port
[MA5200F-ethernet-1-vlan2-2]authentication-method bind
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
34
VLAN Bind Service ConfigurationVLAN Bind Service ConfigurationVLAN Bind Service ConfigurationVLAN Bind Service Configuration
Routing configuration
Enter port VLAN configuration view
[MA5200F]portvlan ethernet 24 vlan 0
Set the access type of the port VLAN as interface.
[MA5200F-ethernet-24-vlan0-0]access-type interface
There are several types for the option, interface refers to non-
managed port, connecting with the upper layer switch.
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
35
VLAN Bind Service ConfigurationVLAN Bind Service ConfigurationVLAN Bind Service ConfigurationVLAN Bind Service Configuration
……
Create a VLAN sub interface
[MA5200F]interface Ethernet 24.0
Multi logic VLAN sub interfaces can be configured in the same
physical interface, each sub interface with a IP address.
Set IP address for the sub interface
[MA5200F-Ethernet24.0]ip address 10.10.1.1 255.255.255.0
Configure default IP route.
[MA5200F]ip route-static 0.0.0.0 0 10.10.1.2
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
36
VLAN Service Static Service ConfigurationVLAN Service Static Service ConfigurationVLAN Service Static Service ConfigurationVLAN Service Static Service Configuration
If it is a static user, there are two additional steps.
1 、 Add the static user in the port VLAN mode.
[MA5200F-ethernet-1-vlan2-2]static-user 10.10.10.3 detect
2 、 Set the IP address of the static user in the IP pool.
[MA5200F-ip-pool-huawei]excluded-ip-address 10.10.10.3
The IP address of the static user should be excluded from the
IP pool, to avoid being assigned to the dynamic user.
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
37
VLAN Force WEB Service ConfigurationVLAN Force WEB Service ConfigurationVLAN Force WEB Service ConfigurationVLAN Force WEB Service Configuration
IP Address Pool Configuration
If built-in DHCP server is used.
[MA5200F] ip pool huawei local
[MA5200F-ip-pool-huawei]gateway 10.10.1.1 255.255.0.0
[MA5200F-ip-pool-huawei]section 0 10.10.1.2 10.10.4.100
[MA5200F-ip-pool-huawei]dns-server 126.1.1.1
[MA5200F-ip-pool-huawei]dns-server 128.1.1.1 secondary
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
38
VLAN Force WEB Service ConfigurationVLAN Force WEB Service ConfigurationVLAN Force WEB Service ConfigurationVLAN Force WEB Service Configuration
If external DHCP server is used.
[MA5200F]dhcp-server group abc
[MA5200F-dhcp-server-group-abc]dhcp-server 192.168.0.1
[MA5200F-dhcp-server-group-abc]dhcp-server 192.168.0.2
secondary
[MA5200F]ip pool huawei remote
[MA5200F-ip-pool-huawei]gateway 10.10.1.1 255.255.0.0
[MA5200F-ip-pool-huawei]dhcp-server group abc
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
39
VLAN Force WEB Service ConfigurationVLAN Force WEB Service ConfigurationVLAN Force WEB Service ConfigurationVLAN Force WEB Service Configuration
Configure authentication policy
[MA5200F]aaa
[MA5200F-aaa]authentication-scheme auth1
[MA5200F-aaa-authen-auth1]authentication-mode radius
Configure accounting policy
[MA5200F-aaa]accounting-scheme acct1
[MA5200F-aaa-accounting-acct1]accounting-mode radius
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
40
VLAN Force WEB Service ConfigurationVLAN Force WEB Service ConfigurationVLAN Force WEB Service ConfigurationVLAN Force WEB Service Configuration
RAIDUS Authentication
[MA5200F]radius-server group radius1
[MA5200F-radius-radius1]radius-server authentication
10.11.113.109 1812
[MA5200F-radius-radius1]radius-server accounting
10.11.113.111 1813
[MA5200F-radius-huawei]radius-server key hello
[MA5200F-radius-huawei]radius-server type standard
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
41
VLAN Force WEB Service ConfigurationVLAN Force WEB Service ConfigurationVLAN Force WEB Service ConfigurationVLAN Force WEB Service Configuration
Set the IP address and key of the WEB authentication server.
[MA5200F] web-auth-server 202.11.1.2 key huawei
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
42
VLAN Force WEB Service ConfigurationVLAN Force WEB Service ConfigurationVLAN Force WEB Service ConfigurationVLAN Force WEB Service Configuration
Configure pre-authentication
Configure the IP pool for the domain
[MA5200F-aaa-domain-default0]ip-pool first huawei
Configure UCL group for the users in the domain.
[MA5200F-aaa-domain-default0]ucl-group 1
Set IP address of the force WEB authentication server.
[MA5200F-aaa-domain-default0]web-authentication-server
202.11.1.2
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
43
VLAN Force WEB Service ConfigurationVLAN Force WEB Service ConfigurationVLAN Force WEB Service ConfigurationVLAN Force WEB Service Configuration
Configure the ACL policy.
Enter ACL configuration view, using default configuration mode.
[MA5200F]acl number 101 match-order auto
Configure the WEB server reachable by the users who haven’t
pass the authentication yet.
[MA5200F-acl-adv-101]rule user-net permit ip source 1
destination 202.11.1.2 0
[MA5200F-acl-adv-101]rule user-net permit ip source 202.11.1.2
0 destination 1
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
44
VLAN Force WEB Service ConfigurationVLAN Force WEB Service ConfigurationVLAN Force WEB Service ConfigurationVLAN Force WEB Service Configuration
Configure the users in the UCL group1 cannot visit any other
IP address
[MA5200F-acl-adv-101]rule user-net deny ip source 1
Adopts ACL 101 globally.
[MA5200F]access-group 101
Configure authentication domain
[MA5200F-aaa]domain isp
[MA5200F-aaa-domain-isp]authentication-scheme auth1
[MA5200F-aaa-domain-isp]accounting-scheme acct1
[MA5200F-aaa-domain-isp]radius-server group radius1
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
45
VLAN Force WEB Service ConfigurationVLAN Force WEB Service ConfigurationVLAN Force WEB Service ConfigurationVLAN Force WEB Service Configuration
Configure port VLAN
[MA5200F]portvlan ethernet 1 vlan 1
[MA5200F-ethernet-1-vlan1-1]access-type layer2-subscriber
[MA5200F-ethernet-1-vlan1-1]default-domain authentication isp
[MA5200F-ethernet-1-vlan1-1]default-domain pre-authentication
default0 ( domain default0 by default , no need to configure i
t)
[MA5200F-ethernet-1-vlan1-1]authentication-method web
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
46
VLAN Force WEB Service ConfigurationVLAN Force WEB Service ConfigurationVLAN Force WEB Service ConfigurationVLAN Force WEB Service Configuration
Routing configuration
[MA5200F]portvlan Ethernet 24 vlan 0
[MA5200F-ethernet-24-vlan0-0]access-type interface
[MA5200F]interface Ethernet 24.0
[MA5200F-Ethernet24.0]ip address 11.11.11.1 255.255.255.0
[MA5200F]ip route-static 0.0.0.0 0.0.0.0 11.11.11.2
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
47
Preparation for Configuration
System Basic Configuration
VLAN Service Configuration
PPPoE Service Configuration
Leased Line Service Configuration
ContentsContents
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
48
PPPoE Service ConfigurationPPPoE Service ConfigurationPPPoE Service ConfigurationPPPoE Service Configuration
PPPoE Service Type:
Common Service
PPPoE RADIUS Authentication and accounting, built-in
DHCP
PPPoE Local Authentication and no charging, built-in DHCP
Features of PPPoE serviceService Service
TypeType
Users OperationUsers Operation Access ModeAccess Mode Main Main
ApplicationApplication
PPPoEPPPoE Username, password Authentication
first, then
password
Residential
Area, Campus
External DHCPExternal DHCP
Built-in DHCPBuilt-in DHCP
PPPoE PPPoE
RADIUS RADIUS AuthenticationAuthentication
Local Local AuthenticationAuthentication
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
49
PPPoE Service ConfigurationPPPoE Service ConfigurationPPPoE Service ConfigurationPPPoE Service Configuration
Typical networking
MA5200F/F
2403F
DHCP Server
RADIUS Server
VOD Server
WEB Server
L3/RouterMAN/Bachbone
2403F
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
50
PPPoE Service Configuration ProcedurePPPoE Service Configuration ProcedurePPPoE Service Configuration ProcedurePPPoE Service Configuration Procedure
Port Attribute ConfigurationPort Attribute Configuration
Domain ConfigurationDomain Configuration (( adopts IP local pool, Authentication adopts IP local pool, Authentication policypolicy 、、 Accounting policyAccounting policy 、、 RADIUS policyRADIUS policy ))
User ConfigurationUser Configuration
Routing ConfigurationRouting Configuration
Authentication Authentication SchemeScheme
IP POOL IP POOL ConfigurationConfiguration
AccountingAccountingSchemeScheme
RADIUSRADIUSConfigurationConfiguration
PPPoE Virtual Template ConfigurationPPPoE Virtual Template Configuration
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
51
PPPoE Service ConfigurationPPPoE Service ConfigurationPPPoE Service ConfigurationPPPoE Service Configuration
PPPoE Virtual Template Configuration
Create a new virtual template, set the authentication mode.
[MA5200F]interface Virtual-Template 1
[MA5200F-Virtual-Template1]ppp authentication-mode chap
Bind the port with the virtual template.
[MA5200F]interface Ethernet 2
[MA5200F-Ethernet2]pppoe-server bind virtual-template 1
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
52
PPPoE Service ConfigurationPPPoE Service ConfigurationPPPoE Service ConfigurationPPPoE Service Configuration
IP Pool Configuration
If built-in DHCP server is used.
[MA5200F] ip pool huawei local
[MA5200F-ip-pool-huawei]section 0 10.10.1.2 10.10.4.100
[MA5200F-ip-pool-huawei]gateway 10.10.1.1 255.255.0.0
[MA5200F-ip-pool-huawei]lease 0 12 10
[MA5200F-ip-pool-huawei]dns-server 126.1.1.1
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
53
PPPoE Service ConfigurationPPPoE Service ConfigurationPPPoE Service ConfigurationPPPoE Service Configuration
If external DHCP server is used.
[MA5200F]undo dhcp-server group abc
[MA5200F-dhcp-server-group-abc]dhcp-server 192.168.0.1
[MA5200F-dhcp-server-group-abc]dhcp-server 192.168.0.2
secondary
[MA5200F]ip pool huawei remote
[MA5200F-ip-pool-huawei]gateway 10.10.1.1 255.255.0.0
[MA5200F-ip-pool-huawei]dhcp-server group abc
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
54
PPPoE Service ConfigurationPPPoE Service ConfigurationPPPoE Service ConfigurationPPPoE Service Configuration
Configure authentication policy
[MA5200F]aaa
[MA5200F-aaa]authentication-scheme auth1
[MA5200F-aaa-authen-auth1]authentication-mode radius
Configure accounting policy
[MA5200F-aaa]accounting-scheme acct1
[MA5200F-aaa-accounting-acct1]accounting-mode radius
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
55
PPPoE Service ConfigurationPPPoE Service ConfigurationPPPoE Service ConfigurationPPPoE Service Configuration
RAIDUS configuration
[MA5200F]radius-server group radius1
[MA5200F-radius- radius1]radius-server authentication
10.11.113.109 1812
[MA5200F-radius- radius1]radius-server authentication
10.11.113.110 1645 secondary
[MA5200F-radius- radius1]radius-server accounting
10.11.113.111 1813
[MA5200F-radius- radius1]radius-server accounting
10.11.113.112 1646 secondary
[MA5200F-radius-radius1]radius-server key hello
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
56
PPPoE Service ConfigurationPPPoE Service ConfigurationPPPoE Service ConfigurationPPPoE Service Configuration
Domain configuration
[MA5200F-aaa]domain isp
[MA5200F-aaa-domain-isp]ip-pool first huawei
[MA5200F-aaa-domain-isp]authentication-scheme auth1
[MA5200F-aaa-domain-isp]accounting-scheme acct1
[MA5200F-aaa-domain-isp]radius-server group radius1
Configure PPPoE URL in the domain
[MA5200F-aaa-domain-isp]pppoe-url www.huawei.com
Configure portal server in the domain.
[MA5200F-aaa-domain-isp] portal-server url www.huawei.com
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
57
PPPoE Service ConfigurationPPPoE Service ConfigurationPPPoE Service ConfigurationPPPoE Service Configuration
Local user configuration
( If radius authentication is used, no need to configure local user
s.)
[MA5200F]local-aaa-server
Create a new user.
[MA5200F-local-aaa-server]user user@isp password 123
Query the attribute of a user.
[MA5200F]display user
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
58
PPPoE Service ConfigurationPPPoE Service ConfigurationPPPoE Service ConfigurationPPPoE Service Configuration
VLAN PORT configuration
[MA5200F]portvlan ethernet 1 2
[MA5200F-ethernet-1-vlan2-2]access-type layer2-subscriber
[MA5200F-ethernet-1-vlan2-2]default-domain authentication isp
[MA5200F-ethernet-1-vlan2-2]authentication-method pppoe
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
59
PPPoE Service ConfigurationPPPoE Service ConfigurationPPPoE Service ConfigurationPPPoE Service Configuration
Routing configuration
[MA5200F]portvlan ethernet 24 0
[MA5200F-ethernet-24-vlan0-0]access-type interface
[MA5200F]interface Ethernet 24.0
[MA5200F-Ethernet24.0]ip address 11.11.11.1 255.255.255.0
[MA5200F]ip route-static 0.0.0.0 0 11.11.11.2 preference 100
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
60
Preparation for Configuration
System Basic Configuration
VLAN Service Configuration
PPPoE Service Configuration
Leased Line Service Configuration
ContentsContents
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
61
Leased Line Service Configuration ProcedureLeased Line Service Configuration ProcedureLeased Line Service Configuration ProcedureLeased Line Service Configuration Procedure
Port Attribute ConfigurationPort Attribute Configuration
Domain ConfigurationDomain Configuration (( adopts IP local pool, Authentication adopts IP local pool, Authentication policypolicy 、、 Accounting policyAccounting policy 、、 RADIUS policyRADIUS policy ))
User ConfigurationUser Configuration
Routing ConfigurationRouting Configuration
Authentication Authentication SchemeScheme
IP POOL IP POOL ConfigurationConfiguration
AccountingAccountingSchemeScheme
RADIUSRADIUSConfigurationConfiguration
Interface ConfigurationInterface Configuration
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
62
Layer 2 Leased Line Service ConfigurationLayer 2 Leased Line Service ConfigurationLayer 2 Leased Line Service ConfigurationLayer 2 Leased Line Service Configuration
Typical networking
MA5200F/F
2403F
L3/Router
MAN/Backbone
2403F
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
63
Layer 2 Leased Line Service ConfigurationLayer 2 Leased Line Service ConfigurationLayer 2 Leased Line Service ConfigurationLayer 2 Leased Line Service Configuration
Based on the VLAN bind service configuration (local
authentication), configure as follow:
Configure access port for the leased line user.
[MA5200F]interface Ethernet 2.1
[MA5200F-Ethernet2.1]ip address 61.10.1.1 255.255.255.0
The IP address here is the gateway of the leased line users.
Set the access type of the VLAN port as vlan-leased –line
[MA5200F]portvlan ethernet 2 1 1
[MA5200F-ethernet-2-vlan1-1]access-type vlan-leased-line
default-domain pre-authentication isp
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
64
Layer 3 Leased Line Service ConfigurationLayer 3 Leased Line Service ConfigurationLayer 3 Leased Line Service ConfigurationLayer 3 Leased Line Service Configuration
MA5200F/F
Router
L3/Router
Router
MAN/Backbone
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
65
Layer 3 Leased Line Service ConfigurationLayer 3 Leased Line Service ConfigurationLayer 3 Leased Line Service ConfigurationLayer 3 Leased Line Service Configuration
Configure authentication policy
[MA5200F]aaa
[MA5200F-aaa]authentication-scheme auth1
[MA5200F-aaa-authen-auth1]authentication-mode radius
Configure accounting policy
[MA5200F-aaa]accounting-scheme acct1
[MA5200F-aaa-accounting-acct1]accounting-mode radius
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
66
Layer 3 Leased Line Service ConfigurationLayer 3 Leased Line Service ConfigurationLayer 3 Leased Line Service ConfigurationLayer 3 Leased Line Service Configuration
Configure domain
[MA5200F-aaa]domain isp
[MA5200F-aaa-domain-isp]ip-pool first huawei
[MA5200F-aaa-domain-isp]authentication-scheme auth1
[MA5200F-aaa-domain-isp]accounting-scheme acct1
Configure IP address of the interface which is
connected with the router.
[MA5200F]interface Ethernet 2.0 ( sub interface 0 indicates no
VLAN)
[MA5200F-Ethernet2.0]ip address 60.11.1.2 255.255.255.252
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
67
Layer 3 Leased Line Service ConfigurationLayer 3 Leased Line Service ConfigurationLayer 3 Leased Line Service ConfigurationLayer 3 Leased Line Service Configuration
Configure route for the users
[MA5200F]ip route-static 61.10.1.2 255.255.255.0 60.11.1.1
Configure Port VLAN
Set access type of the port VLAN as vlan-leased-line
[MA5200F]portvlan ethernet 2 0 1 (vlan 0 indicates no VLAN)
[MA5200F-ethernet-2-vlan0-0]access-type vlan-leased-line
default-domain pre-authentication isp
Set authentication mode for the port.
[MA5200F-ethernet-2-vlan0-0]authentication-method bind
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
68
Layer 3 Leased Line Service ConfigurationLayer 3 Leased Line Service ConfigurationLayer 3 Leased Line Service ConfigurationLayer 3 Leased Line Service Configuration
Routing Configuration
[MA5200F]portvlan ethernet 24 0
[MA5200F-ethernet-24-vlan0-0]access-type interface
[MA5200F]interface Ethernet 24.0
[MA5200F-Ethernet24.0]ip address 11.11.11.1 255.255.255.0
[MA5200F]ip route-static 0.0.0.0 0 11.11.11.2 preference 100
Confidential Information of Huawei. No Spreading without Permission.
Security Level: Internal
69