Bernardi Wiki

Ferramentas de Usuário

Ferramentas de Site

Está em: pppoe-huawei
public:tutoriais:huawei:pppoe-huawei

BRAS (PPPoE) Huawei Exemplo

Configurar o máximo de PPPoEs sobre o mesmo MAC. 

pppoe-server max-sessions remote-mac 10

Se tiver IPv6, configurar o DUID do DHCPV6. 

dhcpv6 duid llt

Criar os pools de IPv4, tanto públicos como privados. 

ip pool pool-cgn01 bas local
  gateway 100.64.0.1 255.255.224.0
  section 0 100.64.0.50 100.64.31.255
  dns-server <DNS_V4_02> <DNS_V4_01>
ip pool pool-valido01 bas local
  gateway X.X.X.1 255.255.255.0
  section 0 X.X.X.2 X.X.X.255
  dns-server <DNS_V4_01> <DNS_V4_02>
ip pool pool_debito bas local
  gateway 192.168.96.1 255.255.254.0
  section 0 192.168.96.2 192.168.97.254
  dns-server <DNS_V4_01> <DNS_V4_02>

Vincular os pools a um grupo para facilitar a gerência. 

ip pool-group pool_ftth bas
  ip-pool pool-valido01
  ip-pool pool-cgn01

Criar os prefixos e o pool de IPv6. 

ipv6 prefix prefix-ipv6 delegation
  prefix FD00:2D24::/45 delegating-prefix-length 60
ipv6 pool pool-pppoe-v6 bas delegation
  dns-server <DNS_V6_01> <DNS_V6_02>
  prefix prefix-ipv6

Configurar a autorização para o radius desconectar os usuário PPPoE. 

radius-server authorization <IP_RADIUS_01> destination-port 3799 shared-key-cipher <SECRET_COM_RADIUS>
radius-server authorization <IP_RADIUS_02> destination-port 3799 shared-key-cipher <SECRET_COM_RADIUS>

Configurar o radius-group para vincular mais de um servidor radius sob as mesmas configurações. 

radius-server group radius-pppoe-100
  radius-server shared-key-cipher <SECRET_COM_RADIUS>
  radius-server authentication <IP_RADIUS_02> source ip-address <IP_COMUNICA_COM_RADIUS> 1812 weight 0
  radius-server authentication <IP_RADIUS_01> source ip-address <IP_COMUNICA_COM_RADIUS> 1812 weight 0
  radius-server accounting <IP_RADIUS_02> source ip-address <IP_COMUNICA_COM_RADIUS> 1813 weight 0
  radius-server accounting <IP_RADIUS_01> source ip-address <IP_COMUNICA_COM_RADIUS> 1813 weight 0
  radius-server class-as-car enable-pir
  radius-server user-name original
  radius-server accounting-stop-packet send force
  radius-server format-attribute nas-port-id vendor 2352
  radius-attribute case-sensitive qos-profile-name

Configurar os profiles de QOS, conforme as velocidades vendidas. 

qos-profile 10MBPS
  user-queue cir 11264 pir 12288 inbound
  user-queue cir 11264 pir 12288 outbound
qos-profile 20MBPS
  user-queue cir 21504 pir 22528 inbound
  user-queue cir 21504 pir 22528 outbound
qos-profile DEBITO
  user-queue cir 51 pir 61 inbound
  user-queue cir 51 pir 61 outbound

Configurar os alarmes de uso de cpu e vcpu para o monitoramento. 

forward alarm cpu-usage multi-core threshold 95
forward alarm vcpu-usage multi-core threshold 95

Definir o POOL padrão da caixa. 

ip pool pool_ftth bas local

Criar a ACL e as regras necessárias para o PBR do CGNAT. 

acl name from-cgnat number 3000
  rule 10 permit ip source 100.64.0.0 0.0.255.255
traffic classifier CGNAT operator or
  if-match acl name from-cgnat
traffic behavior CGNAT
  permit
  redirect ip-nexthop 10.0.0.213
traffic policy PBR-CGNAT
  share-mode
  classifier CGNAT behavior CGNAT precedence 6

Aplicar a PBR à caixa. 

traffic-policy PBR-CGNAT inbound global-acl

Configurar os perfis e modos de autenticação do Radius. 

aaa
  authentication-scheme auth-pppoe-100
  accounting-scheme acct-pppoe-100
    accounting interim interval 15
    accounting send-update
    accounting start-fail online

Ainda dentro do AAA devemos configurar o domínio de autenticação. 

domain bras-domain
  authentication-scheme auth-pppoe-100
  accounting-scheme acct-pppoe-100
  radius-server group radius-pppoe-100
  ip-pool-group pool_ftth
  ipv6-pool pool-pppoe-v6
  dns primary-ip <DNS_V4_01>
  dns second-ip <DNS_V4_02>
  dns primary-ipv6 <DNS_V6_01>
  dns second-ipv6 <DNS_V6_02>
  qos rate-limit-mode car inbound
  qos rate-limit-mode car outbound

Configurar as interfaces WAN, se necessário. 

interface Eth-Trunk0
  description WAN
  mode lacp-static
#Colocar IPv4 apenas para a interface não ficar como "down" no monitoramento.
# Isso somente se quiser separar a interface com tráfego IPv4 e IPv6.
interface Eth-Trunk0.1200
  vlan-type dot1q 1200
  description WAN IPv6 com Borda
  ipv6 enable
  ip address 10.1.22.230 255.255.255.252 
  ipv6 address FD00:2D24:FFFE:FFFE::1/127
  statistic enable
#
interface Eth-Trunk0.1300
  vlan-type dot1q 1300
  description WAN com Thunder
  ip address 10.0.0.214 255.255.255.252
  statistic enable
#
interface Eth-Trunk0.1400
  vlan-type dot1q 1400
  description WAN com Borda
  ip address 10.0.0.210 255.255.255.252
  statistic enable

Configurar as interfaces LAN, para autenticar os clientes. 

interface Eth-Trunk1
  description LAN
  mode lacp-static
#
interface Eth-Trunk1.190
  description FTTH VLAN XXX
  statistic enable
  user-vlan 190
  pppoe-server bind Virtual-Template 100
  commit
  bas
  #
    commit
    access-type layer2-subscriber default-domain authentication bras-domain
  #
#
interface Eth-Trunk1.191
  description FTTH VLAN XXX
  statistic enable
  user-vlan 191
  pppoe-server bind Virtual-Template 100
  commit
  bas
  #
    commit
    access-type layer2-subscriber default-domain authentication bras-domain
  #
#

interface Eth-Trunk1.192 

  description FTTH VLAN XXX
  statistic enable
  user-vlan 192
  pppoe-server bind Virtual-Template 100
  commit
  bas
  #
    commit
    access-type layer2-subscriber default-domain authentication bras-domain
  #
#

Configurar o template que será usado para o PPPoE client. 

interface Virtual-Template100
  ppp authentication-mode chap pap mschapv1 mschapv2
  ppp keepalive interval 20 retransmit 1 response-timeout 1
  ip urpf strict enable check subnet
  ipv6 urpf strict enable check subnet

Vincular as interfaces ao LACP da WAN, caso necessário. 

interface GigabitEthernet0/3/0
  description WAN
  undo shutdown
  eth-trunk 0
  undo dcn
#
interface GigabitEthernet0/3/2
  description WAN
  undo shutdown
  eth-trunk 0
  undo dcn
#
  interface GigabitEthernet0/3/4
  description WAN
  undo shutdown
  eth-trunk 0
  undo dcn
#

Vincular as interfaces ao LACP da LAN, caso necessário. 

interface GigabitEthernet0/3/1
  description LAN
  undo shutdown
  eth-trunk 1
  undo dcn
#
interface GigabitEthernet0/3/3
  description LAN
  undo shutdown
  eth-trunk 1
  undo dcn
#
interface GigabitEthernet0/3/5
  description LAN
  undo shutdown
  eth-trunk 1
  undo dcn

Configurar a LoopBack da caixa para os serviços, OSPF, IP de origem para comunicação com o Radius, se preferir. 

interface LoopBack0
  ipv6 enable
  ip address 10.1.22.249 255.255.255.255
  ipv6 address FD00:2D24:1:FFFF:FFFF:FFFF:FFFF:FFFF/128

Configurar as rotas estáticas para anúncio nos protocolos de roteamento. 

ip route-static 100.64.0.0 255.255.224.0 NULL0
ip route-static 100.64.0.0 255.255.240.0 NULL0
ip route-static 192.168.96.0 255.255.254.0 NULL0
#
ipv6 route-static :: 0 FD00:2D24:FFFE:FFFE:: description Rota_Padrao
ipv6 route-static 100:: 64 NULL0
ipv6 route-static 2001:DB8:: 32 NULL0 description Faixa_Documentacao
ipv6 route-static FD00:2D24:: 45 NULL0 description Faixa_Concentrador
ipv6 route-static FD00:2D24:8:: 50 NULL0 description PPPoE-IPv6-Fixo-Cidade

Configurar os DNS resolvers (opcional). 

dns resolve
dns server <DNS_V4_01>
dns server <DNS_V4_02>
dns server ipv6 <DNS_V6_01>
dns server ipv6 <DNS_V6_02>
public/tutoriais/huawei/pppoe-huawei.txt · Última modificação em: 2024/08/25 18:39 por 127.0.0.1

Ferramentas de Página

Excepto menção em contrário, o conteúdo neste wiki está sob a seguinte licença: CC Attribution-Noncommercial 4.0 International
CC Attribution-Noncommercial 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki