設備管理華為設備配置規(guī)范

{設備管理}華為設備配置規(guī)范河南網(wǎng)通寬帶城域網(wǎng)建設概況VLANIP地址規(guī)劃原則2、BAS配置規(guī)范設備基本配置設置主機名時區(qū)和時鐘校準配置管理員及其密碼啟用服務對管理員地址范圍進行限定ACL配置范例用戶域基本配置安全基本配置設備配置保存設備接口配置網(wǎng)絡側(cè)接口配置地址池的配置VLAN及QINQ接口配置路由協(xié)議配置OSPF協(xié)議配置RADIUS配置本次項目中RADIUS配置參數(shù)RADIUS配置范例及注釋RADIUSRADIUS故障排除方法QOSQOSME60本機QOS策略配置PPPOE配置概述PPPOE相關(guān)配置用戶認證域選擇反向路由檢測ME60所支持的URPF43IP綜合網(wǎng)管設備配置要求SNMPTELNET用戶名和密碼SNMP配置SYSLOG配置3、ME60承載業(yè)務及配置規(guī)范承載業(yè)務類型PPPOE業(yè)務概述ME60帳號管理規(guī)范業(yè)務概述配置規(guī)范賬號管理說明VPDN業(yè)務業(yè)務概述ME60賬號管理說明VPDN業(yè)務介紹機頂盒業(yè)務配置業(yè)務概述DHCP采用PPPOE方式專線用戶配置通過subscriber方式定義靜態(tài)IP用戶通過leasedline方式定義靜態(tài)IP用戶BGP/MPLSVPN配置范例概述MPLSVPN業(yè)務命名規(guī)范PE（ME60）配置范例VPLS簡介IPSR/BRAS建獨??IPME60-8BRAS123SRVLANQinQVLAN。GEVLANQINQVLAN。除了掛接用戶業(yè)務以外，本期項目中黨建、CDNBRASVLANVLANVLANVLANVLANStackingVLANVLANVLAN。BASVLANStackingVLANVLAN，BANVLAN；BASVLANIPIPPPPOEIPBASBAS4CIPVLAN,BASCIPBASBAS(loopbackBASC2、BAS配置規(guī)范ME60MA-ZZ-.LD-HW5100-0015100MS，ME60配置時鐘命令如下：clockdatetimeHH:MM:SSYYYY-MM-DD配置時區(qū)命令如下：2local-aaa-serverAAA userusername{password{simplesimple-password|ciphercipher-password}|authentication-typetype-mask|block|ftp-directoryftp-directory|levellevel|callback-nocheck|callback-numbercallback-number|idle-cut|qos-profileqos-profile-name}*戶。HUAWEI30-3USER-INTERFACEtelnet5timeoutACLAcl20002999ACL，只能夠定義源地址；3000-3999ACL，能夠依照五元組rule90denyipsourceuser-grouphelpdestinationip-HELPROUTE-MAPtraffic-traffic-policyauthentication-HISPPPOEDNS3、QOSQOSscheduler-2SAVECFCARD1、ME60GSRMTUdescriptionTo-[LY-XiGong-down2TO_PC-ZZ-ZYL-CRS-001(G0/2):GE:1:TO_ZZGONGSHANGJU:10M:FE:1:DesTO_PC-LY-XG-NE80E-Loopback接口的配置在系統(tǒng)模式下進行。按照本期規(guī)劃，每臺設備需要配置2loopbackRR??IPV4BGPRR??VPNV4BGP3.2.31BAS2interfaceinterface-typeinterface-number，進入接口視圖。3basBAS2執(zhí)行命令[bas-interface-namename|default-domainauthenticationdomain-[bas-interface-namename|default-domainauthenticationdomain-Eth-Trunk32interfaceinterface-typeinterface-number，進入接口視圖。3basBASWeb缺省情況下，BASPPP4（可選）配置指南-BRAS5-2003(2008-02-2interfaceinterface-typeinterface-number，進入接口視圖。3basBAS或 執(zhí) 行 命 令access-limituser-number[start-vlanstart-vlan[end-vlanend-vlan][qinqqinq-vlan]]，設置VLAN級用戶數(shù)限制。缺省情況下，BAS5（可選2interfaceinterface-typeinterface-number，進入接口視圖。3basBASname如果用戶認證時未輸入域名，ME60forcereplace參數(shù)。6BAS（可選）2interfaceinterface-typeinterface-number，進入接口視圖。3basBAS4arp-proxyARP或執(zhí)行命令ip-triggerIParp-triggerARPARPARPBASME60BASARPBASARPARPBASARPARPBASVLAN/PVCARPDHCP缺省情況下，BASDHCPRADIUSRADIUS缺省情況下，BASIPIPIP缺省情況下，BASIPARPARPARP缺省情況下，BASARP缺省情況下，BAS802.1XPPPOEPPPPPPOE]PPPOE256-1000805]access-typelayer2-subscriberdefault-[BASPPPOEDIAL的認證方法、QOS址池可以配置多個，ME60DNSVLANQINQ1IPVLANS6503ME60IP2BRASwangguanBINDME60BASIP2PPPOEVLAN3IPQinQVLANtectdomain-4PPPOEQinQVLANaccess-typelayer2-subscriberdefault-DIALBAS（ME60)采用兩個上聯(lián)出口連接至地市核心GSR。在ME60COST100，BGPOSPFBGPOSPFarea371；379。OSPF1ospfarea]loopback2OSPFP-TO-P3OSPFOSPFOSPFP-TO-PFULLOSPF12/30241Inter-20/30241Inter-/30331Inter-/32332Inter-OSPF3.3.2BGPloopback（充當路由反射器）[建??PEERGROUP]VPNV4BGP[建??IPV4import-PPPOEBGPBGPpeerha-peerha-lyroute-VPNV42BGPIPV4BGPEstablishedVPNV4EstablishedBGPBGPIPV4VPNV4RADIUS用戶的身份進行認證。ME60ME60。HWTACACSME60。RADIUSRADIUSHWTACACSHWTACACS不計費：ME60HWTACACSME60HWTACACS，HWTACACSME60ME60本次項目中RADIUSRADIUSRADIUSRADIUSRADIUSLOOPBACK0RADIUSQOSME60CLASSCARRADIUSRADIUS戶域中的用戶使用何種認證方式來認證。缺省情況下，authentication-schemeRADIUS。authentication-schemeAAAauthentication-RADIUS-servergroupauthentication-schemeauthentication-HISPPPOERADIUSDIALip-default0，RADIUS★服務器狀態(tài)查看share-Acct-Stop-PacketResend-★查看用戶狀態(tài)信息1Waitauthorization-Domain-nameCurrent-UserOnline-test-2USER-Multicast-RADIUSnonepppoeME602local，ME60ME60QOS兩類QOS1RADIUSQOSRADIUSME60RADIUSCLASS-AS-CAR2、ME60qosQOSQOS，RADIUSME60本機QOSqos-3QOSPPPOEPPPOEME60??撥號線路；DSLAMADSLDSLAM,DSLAMTRUNK，VLANQinQVLANBASME60IPDNSPPPOERADIUS/HWTACACSIPv4為接口指定虛模板接口（PPPoE、PPPoEoVLAN、PPPoEoQVLAN（PPPoEoVLAN、PPPoEoQBASPPPOE1PPP9024RADIUS5IPV4authentication-HISPPPOE78VLAN9BASaccess-typelayer2-subscriberdefault-12VLANaccess-typelayer2-subscriberdefault-DIALURPFURPF起請求，RouterB回應請求時將向真正的“”發(fā)送報文。這種報文對RouterBRouterCME60URPFURPFME60URPFURPFQoSME60trafficclassifierQoS（可選）URPFME60trafficpolicyURPFURPFURPF2interfaceinterface-typeinterface-number，進入接口視圖。3ipurpf{loose|strictURPFDHCPRELAYME60RelayDHCPserverDHCPIPDHCPrelayME60DHCPrelayDHCPDHCP1DHCPDHCPDHCP2[Quidway-ip-pool-[Quidway-ip-pool-3isp22.10IP綜合網(wǎng)管設備配置要求SNMP匯地址段:-324-全網(wǎng)的互連設備地址段ACLVTYTELNETSNMPsnmp配置示例（IP[Quidway]snmp-2.10.4SYSLOGsyslogsyslog:3級別:warning3、ME60普通上網(wǎng)業(yè)務（PPPOE卡類業(yè)務（PPPOEIPVPDN（PPPOE機頂盒業(yè)務（PPPOEDHCPMPLSVPNMPLSVPNVPLSPPPOEPPPOEME60dialtRADIUS、AAAdialPPPOEME60ip-ip-pooldial1//DIALnetwork4//OSPFDHCPDHCPQinQ，則用戶會綁定到一個區(qū)域（DSLAM，BAN改、帶寬修改、限制用戶數(shù)、代理數(shù)等）97PPPOE2）ME60dialcontext用戶采用加后綴域名（@xyxf）DSLAMPPPOEPPPOE（nasip、port、slot、subslot、svlan）。如果制卡時,網(wǎng)絡結(jié)構(gòu)不能完全明確而導致詳www.163.ha/。系統(tǒng)提供卡用戶清單查詢（僅顯示時長，不VPDNVPDNRADIUS、AAAdialVLANPPPOEME60VPDNdialPPPOEVLANQinQVLANVLAN、QinQVLANVPDNBASLNSIP、隧道口令等。vpdnVPDN（不同于寬窄帶管理員賬號），訪問商務寬帶www.163.ha/，進行密碼修改等功能。VPDNVPDN（VirtualPrivateDialNetwork）是指利用公共網(wǎng)絡（ISDNPSTN）的撥號功ISPVPNVPDN??安全的虛擬專網(wǎng)。企業(yè)L2TPVPDNL2TPL2TP??NAS-InitializedClient-Initialized★NAS-發(fā)起建??LNSLNS★Client-L2TP??L2TPLAC@ME60LACL2TPLAC,LAC??隧道。在本期項目中，ME60RADIUS??模式。L2TPL2TPL2TPL2TPME60L2TPME601000L2TPdefault-lns”和“default-lac”，實際可以創(chuàng)998L2TP3descriptiontextL2TP（可選）LACL2TP8>步驟3執(zhí)行命令tunnelsourceinterface-typeinterface-numberL2TP2aaaAAA步驟3執(zhí)行命令domaindomain-nameRADIUSL2TP2aaaAAA步驟3執(zhí)行命令domaindomain-name4l2tp-userradius-forceRADIUSL2TPL2TPRADIUSL2TPL2TPl2tp-l2tp-userradius-force//MAC回該機頂盒最近邊緣服務器（EMSLVS）IPEMS。但是EMS（CMS）；該節(jié)目將在閑時EMS。radiusPPPOEDHCPDHCP延用DHCPPPPOE2）ME60iptvcontextPPPOEPPPOEME606000rule90denyipsourceuser-grouphelpdestinationip-traffic-RR??IPV4BGPRR??VPNV4BGPgroupha-peerha-authentication-SCHEME，radius，RADIUSospf1router-IP通過subscriber方式定義靜態(tài)IPexcluded-ip-ip-IPVLAN通過leasedline方式定義靜態(tài)IP用戶12BAS[Quidway-BGP/MPLSVPNMPLSVPNME60ME60MPLSVPNME60ME60PEADSLVPN（ADSLVPN）MPLSVPNSR，BASBGPMPLSVPN。BGP/MPLSVPNMPLSVPN全省型MPLSVPN命名規(guī)范（由省級部門實施VPNMPLSVPNMPLSVPNVPNMPLSVPNPE（ME60）VPNCEPE3route-distinguisherroute-distinguisher，VPNRD。4vpn-targetvpn-target&<1-8>{both|export-VPNVPN-targetVPNVPNCEPEVPNCEPE2aaa，AAA3domaindomain-name，BASVPNCEPE3basBAS access-typelayer2-subscriber[bas-interface-namename|default- radius-name|nas-port-typetype]*，5vpn-instancevpn-instance-nameBASVPNPE-PEMP-IBGPCEPE1system-view，進入系統(tǒng)視圖。2bgpas-number，BGP3peerpeer-addressas-numberas-number，PE4peerpeer-addressconnect-interfaceloopbackinterface-number，??TCP5ipv4-familyvpnv4[unic