====== BRAS (PPPoE) Huawei Exemplo ======

Configurar o máximo de PPPoEs sobre o mesmo MAC.
  pppoe-server max-sessions remote-mac 10

Se tiver IPv6, configurar o DUID do DHCPV6.
  dhcpv6 duid llt

Criar os pools de IPv4, tanto públicos como privados.
  ip pool pool-cgn01 bas local
    gateway 100.64.0.1 255.255.224.0
    section 0 100.64.0.50 100.64.31.255
    dns-server <DNS_V4_02> <DNS_V4_01>
  ip pool pool-valido01 bas local
    gateway X.X.X.1 255.255.255.0
    section 0 X.X.X.2 X.X.X.255
    dns-server <DNS_V4_01> <DNS_V4_02>
  ip pool pool_debito bas local
    gateway 192.168.96.1 255.255.254.0
    section 0 192.168.96.2 192.168.97.254
    dns-server <DNS_V4_01> <DNS_V4_02>

Vincular os pools a um grupo para facilitar a gerência.
  ip pool-group pool_ftth bas
    ip-pool pool-valido01
    ip-pool pool-cgn01

Criar os prefixos e o pool de IPv6.
  ipv6 prefix prefix-ipv6 delegation
    prefix FD00:2D24::/45 delegating-prefix-length 60
  ipv6 pool pool-pppoe-v6 bas delegation
    dns-server <DNS_V6_01> <DNS_V6_02>
    prefix prefix-ipv6

Configurar a autorização para o radius desconectar os usuário PPPoE.
  radius-server authorization <IP_RADIUS_01> destination-port 3799 shared-key-cipher <SECRET_COM_RADIUS>
  radius-server authorization <IP_RADIUS_02> destination-port 3799 shared-key-cipher <SECRET_COM_RADIUS>

Configurar o radius-group para vincular mais de um servidor radius sob as mesmas configurações.
  radius-server group radius-pppoe-100
    radius-server shared-key-cipher <SECRET_COM_RADIUS>
    radius-server authentication <IP_RADIUS_02> source ip-address <IP_COMUNICA_COM_RADIUS> 1812 weight 0
    radius-server authentication <IP_RADIUS_01> source ip-address <IP_COMUNICA_COM_RADIUS> 1812 weight 0
    radius-server accounting <IP_RADIUS_02> source ip-address <IP_COMUNICA_COM_RADIUS> 1813 weight 0
    radius-server accounting <IP_RADIUS_01> source ip-address <IP_COMUNICA_COM_RADIUS> 1813 weight 0
    radius-server class-as-car enable-pir
    radius-server user-name original
    radius-server accounting-stop-packet send force
    radius-server format-attribute nas-port-id vendor 2352
    radius-attribute case-sensitive qos-profile-name

Configurar os profiles de QOS, conforme as velocidades vendidas.
  qos-profile 10MBPS
    user-queue cir 11264 pir 12288 inbound
    user-queue cir 11264 pir 12288 outbound
  qos-profile 20MBPS
    user-queue cir 21504 pir 22528 inbound
    user-queue cir 21504 pir 22528 outbound
  qos-profile DEBITO
    user-queue cir 51 pir 61 inbound
    user-queue cir 51 pir 61 outbound

Configurar os alarmes de uso de cpu e vcpu para o monitoramento.
  forward alarm cpu-usage multi-core threshold 95
  forward alarm vcpu-usage multi-core threshold 95

Definir o POOL padrão da caixa.
  ip pool pool_ftth bas local

Criar a ACL e as regras necessárias para o PBR do CGNAT.
  acl name from-cgnat number 3000
    rule 10 permit ip source 100.64.0.0 0.0.255.255
  traffic classifier CGNAT operator or
    if-match acl name from-cgnat
  traffic behavior CGNAT
    permit
    redirect ip-nexthop 10.0.0.213
  traffic policy PBR-CGNAT
    share-mode
    classifier CGNAT behavior CGNAT precedence 6

Aplicar a PBR à caixa.
  traffic-policy PBR-CGNAT inbound global-acl

Configurar os perfis e modos de autenticação do Radius.
  aaa
    authentication-scheme auth-pppoe-100
    accounting-scheme acct-pppoe-100
      accounting interim interval 15
      accounting send-update
      accounting start-fail online

Ainda dentro do AAA devemos configurar o domínio de autenticação.
  domain bras-domain
    authentication-scheme auth-pppoe-100
    accounting-scheme acct-pppoe-100
    radius-server group radius-pppoe-100
    ip-pool-group pool_ftth
    ipv6-pool pool-pppoe-v6
    dns primary-ip <DNS_V4_01>
    dns second-ip <DNS_V4_02>
    dns primary-ipv6 <DNS_V6_01>
    dns second-ipv6 <DNS_V6_02>
    qos rate-limit-mode car inbound
    qos rate-limit-mode car outbound

Configurar as interfaces WAN, se necessário.
  interface Eth-Trunk0
    description WAN
    mode lacp-static
  #Colocar IPv4 apenas para a interface não ficar como "down" no monitoramento.
  # Isso somente se quiser separar a interface com tráfego IPv4 e IPv6.
  interface Eth-Trunk0.1200
    vlan-type dot1q 1200
    description WAN IPv6 com Borda
    ipv6 enable
    ip address 10.1.22.230 255.255.255.252 
    ipv6 address FD00:2D24:FFFE:FFFE::1/127
    statistic enable
  #
  interface Eth-Trunk0.1300
    vlan-type dot1q 1300
    description WAN com Thunder
    ip address 10.0.0.214 255.255.255.252
    statistic enable
  #
  interface Eth-Trunk0.1400
    vlan-type dot1q 1400
    description WAN com Borda
    ip address 10.0.0.210 255.255.255.252
    statistic enable

Configurar as interfaces LAN, para autenticar os clientes. 
  interface Eth-Trunk1
    description LAN
    mode lacp-static
  #
  interface Eth-Trunk1.190
    description FTTH VLAN XXX
    statistic enable
    user-vlan 190
    pppoe-server bind Virtual-Template 100
    commit
    bas
    #
      commit
      access-type layer2-subscriber default-domain authentication bras-domain
    #
  #
  interface Eth-Trunk1.191
    description FTTH VLAN XXX
    statistic enable
    user-vlan 191
    pppoe-server bind Virtual-Template 100
    commit
    bas
    #
      commit
      access-type layer2-subscriber default-domain authentication bras-domain
    #
  #
 interface Eth-Trunk1.192
    description FTTH VLAN XXX
    statistic enable
    user-vlan 192
    pppoe-server bind Virtual-Template 100
    commit
    bas
    #
      commit
      access-type layer2-subscriber default-domain authentication bras-domain
    #
  #

Configurar o template que será usado para o PPPoE client.
  interface Virtual-Template100
    ppp authentication-mode chap pap mschapv1 mschapv2
    ppp keepalive interval 20 retransmit 1 response-timeout 1
    ip urpf strict enable check subnet
    ipv6 urpf strict enable check subnet

Vincular as interfaces ao LACP da WAN, caso necessário.
  interface GigabitEthernet0/3/0
    description WAN
    undo shutdown
    eth-trunk 0
    undo dcn
  #
  interface GigabitEthernet0/3/2
    description WAN
    undo shutdown
    eth-trunk 0
    undo dcn
  #
    interface GigabitEthernet0/3/4
    description WAN
    undo shutdown
    eth-trunk 0
    undo dcn
  #
Vincular as interfaces ao LACP da LAN, caso necessário.
  interface GigabitEthernet0/3/1
    description LAN
    undo shutdown
    eth-trunk 1
    undo dcn
  #
  interface GigabitEthernet0/3/3
    description LAN
    undo shutdown
    eth-trunk 1
    undo dcn
  #
  interface GigabitEthernet0/3/5
    description LAN
    undo shutdown
    eth-trunk 1
    undo dcn

Configurar a LoopBack da caixa para os serviços, OSPF, IP de origem para comunicação com o Radius, se preferir.
  interface LoopBack0
    ipv6 enable
    ip address 10.1.22.249 255.255.255.255
    ipv6 address FD00:2D24:1:FFFF:FFFF:FFFF:FFFF:FFFF/128

Configurar as rotas estáticas para anúncio nos protocolos de roteamento.
  ip route-static 100.64.0.0 255.255.224.0 NULL0
  ip route-static 100.64.0.0 255.255.240.0 NULL0
  ip route-static 192.168.96.0 255.255.254.0 NULL0
  #
  ipv6 route-static :: 0 FD00:2D24:FFFE:FFFE:: description Rota_Padrao
  ipv6 route-static 100:: 64 NULL0
  ipv6 route-static 2001:DB8:: 32 NULL0 description Faixa_Documentacao
  ipv6 route-static FD00:2D24:: 45 NULL0 description Faixa_Concentrador
  ipv6 route-static FD00:2D24:8:: 50 NULL0 description PPPoE-IPv6-Fixo-Cidade

Configurar os DNS resolvers (opcional).
  dns resolve
  dns server <DNS_V4_01>
  dns server <DNS_V4_02>
  dns server ipv6 <DNS_V6_01>
  dns server ipv6 <DNS_V6_02>