The MA5600 is interconnected with the RADIUS server through the RADIUS protocol to implement authentication.
Configure the authentication scheme.
Configure authentication scheme newscheme (users are authenticated through RADIUS).
huawei(config)#aaa
huawei(config-aaa)#authentication-scheme newscheme
huawei(config-aaa-authen-newscheme)#authentication-mode radius
huawei(config-aaa-authen-newscheme)#quit
huawei(config-aaa)#quit
Configure the RADIUS protocol.
Create RADIUS server template template1. RADIUS server 10.10.66.66 functions as the primary authentication server, and RADIUS server 10.10.66.67 functions as the secondary authentication.
huawei(config)#radius-server template template1
Note: Create a new server template
huawei(config-radius-template1)#radius-server authentication 10.10.66.66 1812
huawei(config-radius-template1)#radius-server authentication 10.10.66.67 1812 secondary
huawei(config-radius-template1)#quit
Create a domain.
Create domain isp1.
huawei(config)#aaa
huawei(config-aaa)#domain isp1
Info: Create a new domain
Reference the authentication scheme.
You can reference an authentication scheme in a domain only after the authentication scheme is created.
huawei(config-aaa-domain-isp1)#authentication-scheme newscheme
Reference the RADIUS server template.
You can reference a RADIUS server template in a domain only after the RADIUS server template is created.
huawei(config-aaa-domain-isp1)#radius-server template1
huawei(config-aaa-domain-isp1)#quit
User1 in isp1 can be authenticated and can log in to the MA5600.
Configuration Script
aaa
authentication-scheme newscheme
authentication-mode radius
quit
quit
radius-server template radtest
radius-server authentication 10.10.66.66 1812
radius-server authentication 10.10.66.67 1812 secondary
quit
aaa
domain isp1
authentication MA5600T -scheme newscheme
radius-server radtest
quit
2014年2月28日星期五
2014年2月26日星期三
Configuring a Load Balancing Mode
Run:
system-view
The system view is displayed.
Run:
interface eth-trunk trunk-id
The Eth-Trunk interface view is displayed.
Run:
load-balance { dst-ip | dst-mac | src-ip | src-mac | src-dst-ip | src-dst-mac }
The load balancing mode of the Eth-Trunk is set.
NOTE:
The S2350, S5328C-SI and S5300LI use the parameter src-dst-ip in the HASH algorithm for load balance regardless of whether you configure this parameter.
On the S2350, S5300LI, and S5300SI, when the load balancing mode of an Eth-Trunk is modified, the modification takes effect on all Eth-Trunks. The load balancing mode will be set to the default mode when a new Eth-Trunk is created.
Run:
system-view
The system view is displayed.
Run:
load-balance-profile profile-name
A load balancing profile is created and its view is displayed. Only one load balancing profile can be created.
Run:
l2 field [ dmac | l2-protocol | smac | sport | vlan ] *
The load balancing mode of Layer 2 packets is set.
Run:
ipv4 field [ dip | l4-dport | l4-sport | protocol | sip | sport | vlan ] *
The load balancing mode of IPv4 packets is set.
Run:
ipv6 field [ dip | l4-dport | l4-sport | protocol | sip | sport | vlan ] *
The load balancing mode of IPv6 packets is set.
Run:
mpls field [ 2nd-label | dip | sip | sport | top-label | vlan ] *
The load balancing mode of MPLS packets is set.
Run:
quit
Return to the system view.
Run:
interface eth-trunk trunk-id
The Eth-Trunk interface view is displayed.
Run:
load-balance enhanced profile profile-name
The load balancing profile is applied.
NOTE:
The preceding load balancing modes apply only to known unicast traffic. To configure the load balancing mode for unknown unicast traffic, run the unknown-unicast load-balance { dmac | smac | smacxordmac | enhanced }command in the system view. Only the S5300EI, LS-S5328C-EI-24S , and S5300HI support load balancing configuration for unknown unicast traffic.
system-view
The system view is displayed.
Run:
interface eth-trunk trunk-id
The Eth-Trunk interface view is displayed.
Run:
load-balance { dst-ip | dst-mac | src-ip | src-mac | src-dst-ip | src-dst-mac }
The load balancing mode of the Eth-Trunk is set.
NOTE:
The S2350, S5328C-SI and S5300LI use the parameter src-dst-ip in the HASH algorithm for load balance regardless of whether you configure this parameter.
On the S2350, S5300LI, and S5300SI, when the load balancing mode of an Eth-Trunk is modified, the modification takes effect on all Eth-Trunks. The load balancing mode will be set to the default mode when a new Eth-Trunk is created.
Run:
system-view
The system view is displayed.
Run:
load-balance-profile profile-name
A load balancing profile is created and its view is displayed. Only one load balancing profile can be created.
Run:
l2 field [ dmac | l2-protocol | smac | sport | vlan ] *
The load balancing mode of Layer 2 packets is set.
Run:
ipv4 field [ dip | l4-dport | l4-sport | protocol | sip | sport | vlan ] *
The load balancing mode of IPv4 packets is set.
Run:
ipv6 field [ dip | l4-dport | l4-sport | protocol | sip | sport | vlan ] *
The load balancing mode of IPv6 packets is set.
Run:
mpls field [ 2nd-label | dip | sip | sport | top-label | vlan ] *
The load balancing mode of MPLS packets is set.
Run:
quit
Return to the system view.
Run:
interface eth-trunk trunk-id
The Eth-Trunk interface view is displayed.
Run:
load-balance enhanced profile profile-name
The load balancing profile is applied.
NOTE:
The preceding load balancing modes apply only to known unicast traffic. To configure the load balancing mode for unknown unicast traffic, run the unknown-unicast load-balance { dmac | smac | smacxordmac | enhanced }command in the system view. Only the S5300EI, LS-S5328C-EI-24S , and S5300HI support load balancing configuration for unknown unicast traffic.
2014年2月24日星期一
Configuring the Broadcast Mode NTP
MA5600 uses the local clock as the master NTP clock on stratum 2 and works in the broadcast mode NTP, sends broadcast clock synchronization packets periodically through IP address 10.10.10.10/24 of the L3 interface of VLAN 2; MA5600_C functions as the NTP client, listens to the broadcast packets sent from the server through IP address 10.10.10.20/24 of the L3 interface of VLAN 2, and synchronizes with the clock on the broadcast server. To perform these configurations, do as follows:
On MA5600_S:
huawei(config)#ntp-service refclock-master 2
huawei(config)#vlan 2 standard
huawei(config)#port vlan 2 0/7 0
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ip address 10.10.10.10 24
huawei(config-if-vlanif2)#ntp-service broadcast-server
huawei(config-if-vlanif2)#quit
On MA5600_C:
huawei(config)#vlan 2 standard
huawei(config)#port vlan 2 0/7 0
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ip address 10.10.10.20 24
huawei(config-if-vlanif2)#ntp-service broadcast-client
huawei(config-if MA5600T -vlanif2)#quit
On MA5600_S:
huawei(config)#ntp-service refclock-master 2
huawei(config)#vlan 2 standard
huawei(config)#port vlan 2 0/7 0
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ip address 10.10.10.10 24
huawei(config-if-vlanif2)#ntp-service broadcast-server
huawei(config-if-vlanif2)#quit
On MA5600_C:
huawei(config)#vlan 2 standard
huawei(config)#port vlan 2 0/7 0
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ip address 10.10.10.20 24
huawei(config-if-vlanif2)#ntp-service broadcast-client
huawei(config-if MA5600T -vlanif2)#quit
2014年2月19日星期三
Configure the S5300 as an FTP server.
No
FTP server software is installed on the LS-S5352C-EI ; therefore, the customer needs to
buy FTP server software and install it.
Configure
the S5300 as an FTP server.
Start
the FTP server on the S5300, and set the FTP user name to ftpuser and password
to ftppwd.
<Quidway>
system-view
[Quidway]
ftp server enable
[Quidway]
aaa
[Quidway-aaa]
local-user ftpuser password cipher ftppwd
[Quidway-aaa]
local-user ftpuser service-type ftp
[Quidway-aaa]
local-user ftpuser ftp-directory flash:
[Quidway-aaa]
return
Set
an IP address for the S5300.
An
idle service interface is recommended. This example assumes that
GigabitEthernet0/0/1 is used and the IP address is 1.1.1.1/24.
<Quidway>
system-view
[Quidway]interface gigabitethernet0/0/1
[Quidway-GigabitEthernet0/0/1]port
link-type access
[Quidway-GigabitEthernet0/0/1]quit
[Quidway]
vlan 10
[Quidway-vlan10]
port gigabitethernet0/0/1
[Quidway-vlan10]
quit
[Quidway]
interface vlanif 10
[Quidway-Vlanif10]
ip address 1.1.1.1 24
[Quidway-Vlanif10]
quit
[Quidway]
Log
in to the FTP server (the S5300).
Store
the file to be uploaded in the specified directory (for example,
D:\>directory). Choose Start > Run. Enter cmd and press Enter. Enter FTP
1.1.1.1. Enter the user name at the user prompt and the password at the
password prompt, and then press Enter. The following information is displayed:
D:\>ftp
1.1.1.1
Connected
to 1.1.1.1.
220
FTP service ready.
User
(1.1.1.1:(none)): ftpuser
331
Password required for 1.
Password:
S5328C-SI User logged in.
ftp>
2014年2月17日星期一
Configuring a GPON ONT
The MA5680T /MA5603T provides end users with services through the ONT. The MA5600T/MA5603T can manage the ONT and the ONT can work in the normal state only after the channel between the MA5600T/MA5603T and the ONT is available.
To add five ONTs in offline mode with password authentication mode (ONT passwords are 0100000001-0100000005), set the discovery mode of password authentication to always-on, and bind ONT capability profile 10, do as follows:
huawei(config)#interface
gpon 0/2
huawei(config-if-gpon-0/2)#ont
add 0 password-auth 0100000001 always-on profile-id 10 manage-mode omci
huawei(config-if-gpon-0/2)#ont
add 0 password-auth 0100000002 always-on profile-id 10 manage-mode omci
huawei(config-if-gpon-0/2)#ont
add 0 password-auth 0100000003 always-on profile-id 10 manage-mode omci
huawei(config-if-gpon-0/2)#ont
add 0 password-auth 0100000004 always-on profile-id 10 manage-mode omci
huawei(config-if-gpon-0/2)#ont
add 0 password-auth 0100000005 always-on profile-id 10 manage-mode omci
To add an ONT that is managed by the OLT through the OMCI protocol, confirm this ONT according to the SN 3230313185885B41 automatically reported by the system, and bind the ONT with capability profile 3 that match the ONT, do as follows:
huawei(config)#interface
gpon 0/2
huawei(config-if-gpon-0/2)#port
0 ont-auto-find enable
huawei(config-if-gpon-0/2)#ont
confirm 0 sn-auth 3230313185885B41 profile-id 3 manage-mode omci
To add an ONU that is managed as an independent NE and whose SN is known as 3230313185885641, bind the ONU with capability profile 4 that matches the ONU, configure the NMS parameters for the ONU, and set the management VLAN to 100, do as follows:
huawei(config)#snmp-profile
add profile-id 1 v2c public private 10.10.5.53 161 huawei
huawei(config)#interface
gpon 0/2
huawei(config-if-gpon-0/2)#ont
add 0 2 sn-auth 3230313185885641 profile-id 4 manage-mode snmp
huawei(config-if-gpon-0/2)#ont
ipconfig 0 2 static ip-address 10.20.20.20 mask 255.255.255.0 gateway
10.10.20.1 vlan 100
huawei(config-if-gpon-0/2)#ont
snmp-profile 0 2 profile-id 1
huawei(config-if-gpon-0/2)#ont
snmp-route 0 2 ip-address 10.10.20.190 mask 255.255.255.0 next-hop 10.10.20.100
订阅:
博文 (Atom)