Académique Documents
Professionnel Documents
Culture Documents
V100R017
Issue 09
Date 2013-10-30
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Website: http://www.huawei.com
Email: support@huawei.com
Intended Audience
This document describes the configuration procedures of various services supported by the
UA5000 (IPM) in terms of configuration example and function configuration. The description
covers the following topics:
l Purpose
l Networking
l Data plan
l Prerequisite
l Precaution
l Configuration flowchart
l Procedure
l Result
This document helps you to master the configuration procedure for the key services supported
by the UA5000.
The UA5000 supports both the IPMB and IPMD control boards. The control board in this document is the IPMB
board unless otherwise stated.
By default, the upstream port on the IPMB board is used to transmit services in the upstream direction.
The difference between the IPMD and IPMB control boards lies in the upstream port.
l The IPMB control board can provide four FE electrical ports and two GE/FE optical ports.
l The IPMD control board can provide four GE optical ports and two GE electrical ports.
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Command Conventions
Convention Description
GUI Conventions
Convention Description
Convention Description
Update History
Updates between document versions are cumulative. Therefore, the latest document version
contains all updates made to previous versions.
The following information is modified: 2.3 Configuration Example of the BFD Link
Detection
The following information is modified: 4.4 Configuring the Multicast Service in an RSTP
Network
The structure and content of the document are optimized comprehensively so that the document
can better cater to user preferences and guide users.
Issue 01 (2008-03-25)
This is the first release.
Contents
2 Protocol Configuration...............................................................................................................81
2.1 Configuring ARP Proxy...............................................................................................................................................82
2.2 Configuring the Route..................................................................................................................................................85
2.2.1 Configuration Example of the Routing Policy..........................................................................................................85
2.2.2 Configuration Example of the Static Route...............................................................................................................87
2.2.3 Configuration Example of RIP..................................................................................................................................89
2.2.4 Configuration Example of OSPF...............................................................................................................................92
2.3 Configuration Example of the BFD Link Detection....................................................................................................96
2.4 Configuring the RSTP..................................................................................................................................................99
2.5 Configuring RRPP......................................................................................................................................................101
A FAQ.............................................................................................................................................237
A.1 How to Ensure the System and User Security Through the Proper Configuration?..................................................238
A.2 How Many PVCs are Supported by Each xDSL Port?..............................................................................................238
A.3 Does the PVC Have Priority?....................................................................................................................................238
A.4 How to Configure the Static User?............................................................................................................................239
A.5 How to Configure the Network Management VLAN?..............................................................................................239
A.6 How to Change the Network Management VLAN?..................................................................................................239
A.7 How to Change the Service VLAN to Which the xDSL Port Belongs?...................................................................240
A.8 How to Delete the VLAN to Which the Upstream Port Is Bound?...........................................................................240
1 Basic Configurations
Basic configurations mainly include certain common configurations, public configurations, and
pre-configurations in service configurations. There is no logical relationship between basic
configurations. You can perform basic configurations according to actual requirements.
Prerequisites
The license must be enabled.
Application Context
The license platform provides the registration mechanism for the service modules of the
UA5000. During system initialization, the service modules need to register for the controlled
resource entries or the controlled function entries. After the system starts to work, based on the
controlled entries that are registered, the license client management module obtains the
authentication information about the license controlled entries of the UA5000 from the license
server.
When a service module is configured through the CLI or NMS, the UA5000 checks whether the
resource entries of the service module or the function entries of the service module are
overloaded.
l If overload occurs, the system quits the service configuration and displays a prompt of
insufficient license resources.
l If overload does not occur, the system allows the user to continue configuring and using
the service. When the service configuration is deleted, the system automatically releases
the license resources occupied by the service configuration.
Context
l The UA5000 adopts the network license solution, that is, a license server is deployed on
the network. The license server software can be installed on the same device with the NMS.
The license server software can also be installed separately on a license server. Each
UA5000 is a license client and the licenses of all the clients are managed by the license
server in a centralized manner.
l In the management scope of the license server (generally a region or a city), each product
has only one license file that is stored on the license server. The resources of the product
that are controlled by the license are defined by the license file. One license server can
manage multiple products. Therefore, multiple license files can be stored on one license
server.
l With the license platform enabled, the license server performs license control over the
function entries and resource entries supported by the UA5000 and provides customized
services, namely, specified function entries and resource entries, for users according to the
requirements.
The control entries of the license platform include function entries and resource entries.
You can run the display license feature command to query the corresponding control
entries.
– A function entry refers to the entry whose license is controlled based on the function.
The controllable function entries supported by the UA5000 include:
– SELT function
– Port rate fulfillment ratio
– Single-PVC for multiple services function
– Illegal access control function of the broadband MAN
– A resource entry refers to the entry whose license is controlled based on the count. The
controllable resource entries supported by the UA5000 include:
– SHDSL port resources
– SHDSL bound port and SHDSL bis port resources referencing the high-rate profile
– ADSL port resources
– Port resources supporting the AnnexM function
– Port resources supporting the INP function
– Port resources supporting the AnnexL function
– VDSL port resources
– Port resources supporting the ADSL/VDSL auto-adaptation function
– XPoA-to-XPoE converting resources
– License control of the BTV program resources
– License control of the BTV user resources
Precautions
l If you need to use the license platform supported by the UA5000, ensure to consider the
deployment of the license server in network planning.
l It is recommended that you install the license server on the same computer with the NMS
server. If there is no NMS server, you need to separately deploy a license server on the
network.
Procedure
Step 1 Configure the interface that is for communicating between the UA5000 and the license server.
1. Run the vlan command to create a VLAN.
2. Run the port vlan command to add an upstream port to the VLAN.
3. (Optional) Run the native-vlan command to configure the default VLAN of the upstream
port.
Whether the native VLAN needs to be set for the upstream port depends on whether the
upper-layer device connected to the upstream port supports packets carrying a VLAN tag.
The setting on the UA5000 must be the same as that on the upper-layer device.
4. Run the interface vlanif command to enter the VLAN interface mode.
5. Run the ip address command to configure the IP address of the VLAN L3 interface so that
the IP packets in the VLAN are forwarded by using this IP address.
Step 2 Run the license esn command to configure the equipment serial number (ESN) of the device.
Each client of the license server is uniquely identified by the ESN. The ESN needs to be
configured if the user enables the license platform. The ESN can be the NMS IP address of the
device or the IP address of the VLAN L3 interface.
Step 3 Run the license server command to configure the license server.
If the user enables the license platform, configure the IP address and TCP port ID of the license
server so that the license server can communicate with the client.
Step 4 Run the display license info command to query the communication status between the device
and the license server.
----End
Example
To configure the UA5000 to communicate with the server through smart VLAN 10, configure
the IP address of the L3 interface to 10.10.10.10/24, configure the UA5000 to communicate with
the license server (IP address: 10.20.20.2/24) through port 0/3/0, and configure the TCP port ID
to 10010, do as follows:
huawei(config)#vlan 10 smart
huawei(config)#port vlan 10 0/3 0
huawei(config)#interface vlanif 10
huawei(config-if-vlanif10)#ip address 10.10.10.10 24
huawei(config-if-vlanif10)#quit
huawei(config)#ip route-static 10.20.20.1 24 10.10.10.1
huawei(config)#license esn 10.10.10.10
huawei(config)#license server ipaddress 10.20.20.2 tcpport 10010
Context
On a digital network comprising the UA5000 and other devices, the primary problem is clock
synchronization. To ensure that the system uses a unified clock standard, you must specify the
clock signals from a certain port as the system clock source.
Procedure
Step 1 Run the clock source command to configure the system clock source.
Specify the clock signals extracted from a certain port as the system clock source.
Step 2 Run the clock priority command to configure the priority of the clock source.
----End
Example
To obtain two clock sources from ports 0/6/0 and 0/6/1 on the AIUG board as clock source 0
and clock source 2 of the system, configure clock source 2 with the highest priority, and configure
clock source 0 with the second highest priority, do as follows:
huawei(config)#clock source 0 0/6/0
huawei(config)#clock source 2 0/6/1
huawei(config)#clock priority 2/0
Context
Introduction to the NTP Protocol:
l The Network Time Protocol (NTP) is an application layer protocol defined in RFC 1305,
which is used to synchronize the times of the distributed time server and the client. The
RFC defines the structures, arithmetics, entities, and protocols used in the implementation
of NTP.
l NTP is developed from the time protocol and the ICMP timestamp message protocol, with
special design on the aspects of accuracy and robustness.
l NTP runs over UDP with port number as 123.
l Any local system that runs NTP can be time synchronized by other clock sources, and also
act as a clock source to synchronize other clocks. In addition, mutual synchronization can
be done through NTP packets exchanges.
NTP is applied to the following situations where all the clocks of hosts or routers on a network
need to be consistent:
l In the network management, an analysis of log or debugging information collected from
different routers needs time for reference.
l The charging system requires the clocks of all devices to be consistent.
l Completing certain functions, for example, timing restart of all the routers on a network
requires the clocks of all the routers to be consistent.
l When several systems work together on the same complicate event, they have to take the
same clock for reference to ensure correct implementation order.
l Incremental backup between the backup server and clients requires clocks on them to be
synchronized.
When all the devices on a network need to be synchronized, it is almost impossible for an
administrator to manually change the system clock by command line. This is because the work
load is heavy and clock accuracy cannot be ensured. NTP can quickly synchronize the clocks
of network devices and ensure their precision.
There are four NTP modes: unicast server, peer, broadcast, and multicast modes. The UA5000
supports all these modes.
Default Configuration
Table 1-1 provides the default configuration for NTP.
Clock stratum 16
Prerequisites
Before configuring the NTP authentication function, make sure that the network interface of the
UA5000 and the routing protocol are configured so that the server and the client are reachable
to each other at the network layer.
Context
In certain networks that have strict requirements on security, enable NTP authentication when
running the NTP protocol. Configuring NTP authentication is classified into configuring NTP
authentication on the client and configuring NTP authentication on the server.
Precautions
l If NTP authentication is not enabled on the client, the client can synchronize with the server,
regardless of whether NTP authentication is enabled on the server.
l If NTP authentication is enabled, a reliable key needs to be configured.
l The configuration of the server must be the same as that of the client.
l When NTP authentication is enabled on the client, the client can pass the authentication if
the server is configured with the same key as that of the client. In this case, you need not
enable NTP authentication on the server or declare that the key is reliable.
l The client synchronizes with only the server that provides the reliable key. If the key
provided by the server is unreliable, the client does not synchronize with the server.
Procedure
Step 1 Run the ntp-service authentication enable command to enable NTP authentication.
Step 2 Run the ntp-service authentication-keyid command to set an NTP authentication key.
Step 3 Run the ntp-service reliable authentication-keyid command to declare that the key is reliable.
----End
Example
To enable NTP authentication, set the NTP authentication key as aNiceKey with the key number
42, and then define key 42 as a reliable key, do as follows:
huawei(config)#ntp-service authentication enable
huawei(config)#ntp-service authentication-keyid 42 authentication-mode md5
aNiceKey
huawei(config)#ntp-service reliable authentication-keyid 42
Prerequisites
Before configuring the broadcast mode NTP, make sure that the interface and the routing
protocol are configured so that the server and the client are reachable to each other at the network
layer.
Context
In the broadcast mode, the server periodically sends clock synchronization packets to the
broadcast address 255.255.255.255, with the mode field set to 5 (indicating the broadcast mode).
The client listens to the broadcast packets sent from the server. After receiving the first broadcast
packet, the client exchanges NTP packet whose mode fields are set to 3 (client mode) and 4
(server mode) with the server to obtain the network delay between the client and the server. The
client then enters the broadcast client mode, continues to listen to the incoming broadcast
packets, and synchronizes the local clock according to the incoming broadcast packets, as shown
in Figure 1-1.
Precautions
1. In the broadcast mode, you need to configure both the NTP server and the NTP client.
2. The clock stratum of the synchronizing device must be lower than or equal to that of the
synchronized device. Otherwise, the clock synchronization fails.
Procedure
l Configure the NTP broadcast server host.
1. Run the ntp-service refclock-master command to configure the local clock as the
master NTP clock, and specify the stratum of the master NTP clock.
2. (Optional) Configure NTP authentication.
In certain networks that have strict requirements on security, it is recommended that
you enable NTP authentication when running the NTP protocol. The configuration of
the server must be the same as that of the client.
a. Run the ntp-service authentication enable command to enable NTP
authentication.
b. Run the ntp-service authentication-keyid command to set an NTP
authentication key.
c. Run the ntp-service reliable authentication-keyid command to declare that the
key is reliable.
3. Add a VLAN L3 interface.
a. Run the vlan command to create a VLAN.
b. Run the port vlan command to add an upstream port to the VLAN so that the
user packets carrying the VLAN tag are transmitted upstream through the
upstream port.
c. In the global config mode, run the interface vlan command to create a VLAN
interface, and then enter the VLAN interface mode to configure the L3 interface.
d. Run the ip address command to configure the IP address and subnet mask of the
VLAN interface so that the IP packets in the VLAN can participate in the L3
forwarding.
4. Run the ntp-service broadcast-server command to configure the NTP broadcast
server mode of the host, and specify the key ID for the server to send packets to the
client.
l Configure the NTP broadcast client host.
1. (Optional) Configure NTP authentication.
In certain networks that have strict requirements on security, it is recommended that
you enable NTP authentication when running the NTP protocol. The configuration of
the server must be the same as that of the client.
a. Run the ntp-service authentication enable command to enable NTP
authentication.
b. Run the ntp-service authentication-keyid command to set an NTP
authentication key.
c. Run the ntp-service reliable authentication-keyid command to declare that the
key is reliable.
Example
Assume the following configurations: UA5000_S uses the local clock as the master NTP clock
on stratum 2 and works in the broadcast mode NTP, sends broadcast clock synchronization
packets periodically through IP address 10.10.10.10/24 of the L3 interface of VLAN 2;
UA5000_C functions as the NTP client, listens to the broadcast packets sent from the server
through IP address 10.10.10.20/24 of the L3 interface of VLAN 2, and synchronizes with the
clock on the broadcast server. To perform these configurations, do as follows:
1. On UA5000_S:
huawei(config)#ntp-service refclock-master 2
huawei(config)#vlan 2 standard
huawei(config)#port vlan 2 0/3 0
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ip address 10.10.10.10 24
huawei(config-if-vlanif2)#ntp-service broadcast-server
huawei(config-if-vlanif2)#quit
2. On UA5000_C:
huawei(config)#vlan 2 standard
huawei(config)#port vlan 2 0/3 0
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ip address 10.10.10.20 24
huawei(config-if-vlanif2)#ntp-service broadcast-client
huawei(config-if-vlanif2)#quit
Prerequisites
Before configuring the multicast mode NTP, make sure that the interface and the routing protocol
are configured so that the server and the client are reachable to each other at the network layer.
Context
In the multicast mode, the server periodically sends clock synchronization packets to the
multicast address configured by the user. The default NTP multicast address 224.0.1.1 is used
if the multicast address is not configured. The mode field of clock synchronization packet is set
to 5 (multicast mode). The client listens to the multicast packets sent from the server. After
receiving the first multicast packet, the client exchanges NTP packet whose mode fields are set
to 3 (client mode) and 4 (server mode) with the server to estimate the network delay between
the client and the server. The client then enters the multicast client mode, continues to listen to
the incoming multicast packets, and synchronizes the local clock according to the incoming
multicast packets, as shown in Figure 1-2.
Precautions
1. In the multicast mode, you need to configure both the NTP server and the NTP client.
2. The clock stratum of the synchronizing device must be lower than or equal to that of the
synchronized device. Otherwise, the clock synchronization fails.
Procedure
l Configure the NTP multicast server host.
1. Run the ntp-service refclock-master command to configure the local clock as the
master NTP clock, and specify the stratum of the master NTP clock.
2. (Optional) Configure NTP authentication.
In certain networks that have strict requirements on security, it is recommended that
you enable NTP authentication when running the NTP protocol. The configuration of
the server must be the same as that of the client.
b. Run the port vlan command to add an upstream port to the VLAN so that the
user packets carrying the VLAN tag are transmitted upstream through the
upstream port.
c. In the global config mode, run the interface vlan command to create a VLAN
interface, and then enter the VLAN interface mode to configure the L3 interface.
d. Run the ip address command to configure the IP address and subnet mask of the
VLAN interface so that the IP packets in the VLAN can participate in the L3
forwarding.
4. Run the ntp-service multicast-server command to configure the NTP multicast
server mode of the host, and specify the key ID for the server to send packets to the
client.
l Configure the NTP multicast client host.
1. (Optional) Configure NTP authentication.
In certain networks that have strict requirements on security, it is recommended that
you enable NTP authentication when running the NTP protocol. The configuration of
the server must be the same as that of the client.
a. Run the ntp-service authentication enable command to enable NTP
authentication.
b. Run the ntp-service authentication-keyid command to set an NTP
authentication key.
c. Run the ntp-service reliable authentication-keyid command to declare that the
key is reliable.
2. Add a VLAN L3 interface.
a. Run the vlan command to create a VLAN.
b. Run the port vlan command to add an upstream port to the VLAN so that the
user packets carrying the VLAN tag are transmitted upstream through the
upstream port.
c. In the global config mode, run the interface vlan command to create a VLAN
interface, and then enter the VLAN interface mode to configure the L3 interface.
d. Run the ip address command to configure the IP address and subnet mask of the
VLAN interface so that the IP packets in the VLAN can participate in the L3
forwarding.
3. Run the ntp-service multicast-client command to configure a host as the NTP
multicast client.
----End
Example
Assume the following configurations: UA5000_S uses the local clock as the master NTP clock
on stratum 2 and works in the multicast mode NTP, sends multicast clock synchronization
packets periodically through IP address 10.10.10.10/24 of the L3 interface of VLAN 2, and is
enabled with the NTP authentication function (the ID of the MD5 authentication key is set to
10, the key is set to BetterKey, and the authentication key is declared to be reliable);
UA5000_C functions as the NTP client, listens to the multicast packets sent from the server
through IP address 10.10.10.20/24 of the L3 interface of VLAN 2, and synchronizes with the
clock on the multicast server. To perform these configurations, do as follows:
1. On UA5000_S:
huawei(config)#ntp-service authentication enable
huawei(config)#ntp-service authentication-keyid 10 authentication-mode md5
BetterKey
huawei(config)#ntp-service reliable authentication-keyid 10
huawei(config)#ntp-service refclock-master 2
huawei(config)#vlan 2 standard
huawei(config)#port vlan 2 0/3 0
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ip address 10.10.10.10 24
huawei(config-if-vlanif2)#ntp-service multicast-server
huawei(config-if-vlanif2)#quit
2. On UA5000_C:
huawei(config)#vlan 2 standard
huawei(config)#port vlan 2 0/3 0
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ip address 10.10.10.20 24
huawei(config-if-vlanif2)#ntp-service multicast-client
huawei(config-if-vlanif2)#quit
Prerequisites
Before configuring the unicast mode NTP, make sure that the interface and the routing protocol
are configured so that the server and the client are reachable to each other at the network layer.
Context
In the unicast server mode, the client sends a clock synchronization packet to the server, with
the mode field set to 3 (client mode). After receiving the packet, the server automatically enters
the server mode and sends a response packet with the mode field set to 4 (server mode). After
receiving the response from the server, the client filters and selects the clock, and synchronizes
with the preferred server, as shown in Figure 1-3.
Clock synchronization
packets (mode 3) Automatically works in
the server mode and
sends response packets.
Precautions
1. In the unicast server mode, you need to configure only the client and need not configure
the server.
2. The clock stratum of the synchronizing device must be lower than or equal to the clock
stratum of the synchronized device. Otherwise, the clock synchronization fails.
Procedure
Step 1 Configure a VLAN L3 interface.
1. Run the vlan command to create a VLAN.
2. Run the port vlan command to add an upstream port to the VLAN so that the user packets
carrying the VLAN tag are transmitted upstream through the upstream port.
3. Run the interface vlan command to create a VLAN interface in the global config mode
and enter the VLAN interface mode to configure the L3 interface.
4. Run the ip address command to configure the IP address and subnet mask of the VLAN
interface so that the IP packets in the VLAN can be forwarded at layer 3.
Step 2 Run the ntp-service unicast-server command to configure the unicast server mode and specify
the IP address of the remote server that functions as the local timer server and the interface for
transmitting and receiving NTP packets.
NOTE
l In this command, ip-address is a unicast address, which cannot be a broadcast address, a multicast address,
or the IP address of a local clock.
l After the source interface of the NTP packets is specified by source-interface, the source IP address of the
NTP packets is configured as the primary IP address of the specified interface.
l A server can function as a time server to synchronize other devices only after its clock is synchronized.
l When the clock stratum of the server is higher than or equal to the clock stratum of the client, the client does
not synchronize with the server.
l You can run the ntp-service unicast-server command for multiple times to configure multiple servers.
Then, the client selects the optimal server according to clock priorities.
----End
Example
Assume the following configurations: One UA5000 functions as the NTP server (IP address:
10.20.20.20/24), the other UA5000 (IP address of the L3 interface of VLAN 2: 10.10.10.10/24,
gateway IP address: 10.10.10.1) functions as the NTP client, the NTP client sends the clock
synchronization request packet through the L3 interface of VLAN 2 to the NTP server, the NTP
server responds to the request packet, and ACL rules are configured to allow only IP packets
from the clock server to access the L3 interface. To perform these configurations, do as follows:
huawei(config)#vlan 2 standard
huawei(config)#port vlan 2 0/3 0
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ip address 10.10.10.10 24
huawei(config-if-vlanif2)#quit
huawei(config)#ntp-service unicast-server 10.20.20.20 source-interface vlanif 2
huawei(config)#acl 3010
huawei(config-acl-adv-3010)#rule deny ip source any destination 10.10.10.10
0.0.0.0
huawei(config-acl-adv-3010)#rule permit ip source 10.20.20.20 0.0.0.0 destination
10.10.10.10 0.0.0.0
huawei(config-acl-adv-3010)#quit
huawei(config)#packet-filter inbound ip-group 3010 port 0/3/0
Prerequisites
Before configuring the peer mode NTP, make sure that the interface and the routing protocol
are configured so that the server and the client are reachable to each other at the network layer.
Context
In the peer mode, the active peer and the passive peer exchange NTP packets whose mode fields
are set to 3 (client mode) and 4 (server mode). Then, the active peer sends a clock synchronization
packet to the passive peer, with the mode field of the packet set to 1 (active peer). After receiving
the packet, the passive peer automatically works in the passive peer mode and sends a response
packet with the mode field set to 2 (passive peer). Through packet exchange, the peer mode is
set up. The active peer and the passive peer can synchronize with each other. If both the clock
of the active peer and that of the passive peer are synchronized, the clock on a lower stratum is
used, as shown in Figure 1-4.
Precautions
1. In the peer mode, you need to configure the NTP mode on only the active peer.
2. The peers determine clock synchronization according to the clock stratum instead of
according to whether the peer is an active peer.
Procedure
Step 1 Configure the L3 interface of the VLAN.
1. Run the vlan command to create a VLAN.
2. Run the port vlan command to add an upstream port to the VLAN so that the user packets
carrying the VLAN tag are transmitted upstream through the upstream port.
3. In the global config mode, run the interface vlan command to create a VLAN interface,
and then enter the VLAN interface mode to configure the L3 interface.
4. Run the ip address command to configure the IP address and subnet mask of the VLAN
interface so that the IP packets in the VLAN can be forwarded at L3.
l In this command, ip-address is a unicast address, which cannot be a broadcast address, a multicast
address, or the IP address of a reference clock.
l After the source interface of the NTP packets is specified by source-interface, the source IP address
of the NTP packets is configured as the primary IP address of the specified interface.
----End
Example
Assume the following configurations: One UA5000 functions as the NTP active peer (IP address
of the L3 interface of VLAN 2: 10.10.10.10/24) and works on clock stratum 4, the other
UA5000 (IP address: 10.10.10.20/24) functions as the NTP passive peer, the active peer sends
a clock synchronization request packet through the L3 interface of VLAN 2 to the passive peer,
the passive peer responds to the request packet, and the peer with a higher clock stratum is
synchronized by the peer with a lower clock stratum. To perform these configurations, do as
follows:
huawei(config)#vlan 2 standard
huawei(config)#port vlan 2 0/3 0
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ip address 10.10.10.10 24
huawei(config-if-vlanif2)#quit
huawei(config)#ntp-service refclock-master 4
huawei(config)#ntp-service unicast-peer 10.10.10.20 source-interface vlanif 2
Context
An alarm refers to the notification of the system after a fault is detected. After an alarm is
generated, the system broadcasts the alarm to the terminals, mainly including the NMS and CLI
terminals.
Alarms are classified into fault alarm and recovery alarm. After a fault alarm is generated at a
certain time, the fault alarm lasts until the fault is rectified to clear the alarm.
You can modify the alarm settings according to your requirements. The settings are alarm
severity, alarm output mode through the CLI and alarm statistics.
Procedure
l Run the alarm alarmlevel command to configure the alarm severity.
– Alarm severities are critical, major, minor, and warning.
– Parameter default indicates restoring the alarm severity to the default setting.
– You can run the display alarm list command to query the alarm severity.
– The system specifies the default (also recommended) alarm severity for each alarm. Use
the default alarm severity unless otherwise required.
l Run the alarm output/undo alarm output command to set or shield the output of alarms
to the CLI terminal.
– Setting the output mode of alarms does not affect the generating of alarms. The alarms
generated by the system are still recorded. You can run the display alarm history
command to query the alarms that are shielded.
– When the new output mode of an alarm conflicts with the previous mode, the new output
mode takes effect.
– The output mode of the recovery alarm is the same as the output mode of the fault alarm.
When the output mode of the fault alarm is set, the system automatically synchronizes
the output mode of its recovery alarm. The reverse is also applicable. That is, when the
output mode of the recovery alarm is set, the system automatically synchronizes the
output mode of its fault alarm.
l Run the alarm statistics period command to set the alarm statistics collection period.
– The system collects the occurrence times of alarms and events according to the set
period. To save the statistical result, run the alarm statistics save command to save the
statistics to the flash memory.
– You can use the statistical result of alarms and events to locate a problem in the system.
– You can run the display alarm statistics command to query the alarm statistical record.
l Run the display alarm configuration command to query the alarm configuration according
to the alarm ID. The alarm configuration that you can query includes the alarm ID, alarm
name, alarm class, alarm type, alarm severity, default alarm severity, number of parameters,
CLI output flag, conversion flag, and detailed alarm description.
l Run the display alarm statistics command to query the alarm statistical record.
– When you need to know the frequency in which one alarm occurs within a time range,
and to know the working conditions of the device and analyze the fault that may exist,
run this command.
– Currently, you can query the alarm statistics in the current 15 minutes, current 24 hours,
last 15 minutes, and last 24 hours in the system.
----End
Example
Assume the following configurations: The output of all the alarms at level warning are shielded
to the CLI terminal, the statistical period of the alarms and events is set to 72 hours, and all the
alarms at level major are saved to the flash memory so that a problem can be located through
the alarm statistical record. To perform these configurations, do as follows:
huawei(config)#undo alarm output alarmlevel warning
huawei(config)#alarm statistics period 72
huawei(config)#alarm alarmlevel 0x0121a001 critical
huawei(config)#alarm alarmlevel 0x02310000 critical
huawei(config)#alarm statistics save
Context
After the description of a physical port on the board is added, the description has the following
functions:
Procedure
Step 1 In the global config mode, run the port desc command to add port description.
Port description is a character string, used to identify a port on a board in a slot of a shelf.
Step 2 Run the display port desc command to query port description.
----End
Example
Plan the format of user port description as "community ID-building ID-floor ID/shelf ID-slot
ID-port ID". "Community ID-building ID-floor ID" indicates the physical location where the
user terminal is deployed, and shelf ID-slot ID-port ID" indicates the physical port on the local
device that is connected to the user terminal. This plan can present the user terminal location
and the connection between the user terminal and the device, which facilitates query in
maintenance. Assume that the user terminal that is connected to port 0/2/0 of the UA5000 is
deployed in floor 1, building 01 of community A. To add port description according to the plan,
do as follows:
Context
The UA5000 supports two auto-save modes:
l Auto-save at preset interval.
l Auto-save at preset time.
l Auto-save at preset time conflicts with auto-save at preset interval. You can enable only
one of them.
l Saving data frequently affects the system. Therefore, an auto-save interval shorter than one
day is not recommended, and it is recommended that you set the interval equal to or longer
than one day.
l Before the system upgrade operation, run the autosave interval off or autosave time off
command to disable the auto-save function to prevent upgrade failure due to the conflict
between upgrade and auto-save operations.
NOTICE
After the system upgrade is complete, you must re-enable the auto-save function if the auto-
save function is required.
Configuration Flowchart
Figure 1-5 shows the flowchart for configuring the auto-save function.
Start
Alternative
End
Procedure
l Configure auto-save at preset interval.
1. In the global config mode, run the autosave interval on command to enable auto-
save at preset interval.
Auto-save at preset interval conflicts with auto-save at preset time. You can enable
only one of them.
2. (Optional) In the global config mode, run the autosave interval command to set the
auto-save interval.
After the setting, the system data is automatically saved at the set interval regardless
of whether the system data is modified. By default, the interval is 24 hours.
l Configure auto-save at preset time.
1. In the global mode, run the autosave time on command to enable auto-save at preset
time.
Auto-save at preset time conflicts with auto-save at preset interval. You can enable
only one of them.
2. (Optional) In the global config mode, run the autosave time command to set the auto-
save time.
After the setting, the system data is automatically saved at the set time regardless of
whether the system data is modified. By default, the time is 00:00:00.
----End
Example
To enable auto-save at preset interval on the UA5000 and set the auto-save interval to two days
(2880 minutes), do as follows:
huawei(config)#autosave interval on
huawei(config)#autosave interval 2880
huawei(config)#save
Context
The UA5000 needs to be interconnected with the upstream device through the Ethernet port.
Therefore, pay attention to the consistency of port attributes.
Default Configuration
Table 1-2 lists the default settings of the attributes of an Ethernet port.
Procedure
l Configure the physical attributes of an Ethernet port.
1. (Optional) Set the auto-negotiation mode of the Ethernet port.
Run the auto-neg command to set the auto-negotiation mode of the Ethernet port. You
can enable or disable the auto-negotiation mode:
– After the auto-negotiation mode is enabled, the port automatically negotiates with
the peer port for the rate and working mode of the Ethernet port.
– After the auto-negotiation mode is disabled, the rate and working mode of the port
are in the forced mode (adopt default values or are set through command lines).
2. (Optional) Set the rate of the Ethernet port.
Run the speed command to set the rate of the Ethernet port. After the port rate is set
successfully, the port works at the set rate. Pay attention to the following points:
– Make sure that the rate of the Ethernet port is the same as that of the interconnected
port on the peer device. This prevents communication failure.
– The auto-negotiation mode needs to be disabled.
3. (Optional) Set the duplex mode of the Ethernet port.
Run the duplex command to set the duplex mode of the Ethernet port. The duplex
mode of an Ethernet port can be full-duplex, half-duplex, or auto negotiation. Pay
attention to the following points:
– Make sure that the ports of two interconnected devices work in the same duplex
modes. This prevents communication failure.
– The auto-negotiation mode needs to be disabled.
4. (Optional) Configure the network cable adaptation mode of the Ethernet port.
Run the mdi command to configure the network cable adaptation mode of the Ethernet
port to match the actual network cable. The network adaptation modes are as follows:
– normal: Specifies the adaptation mode of the network cable as straight through
cable. In this case, the network cable connecting to the Ethernet port must be a
straight-through cable.
– across: Specifies the adaptation mode of the network cable as crossover cable. In
this case, the network cable connecting to the Ethernet port must be a crossover
cable.
– auto: Specifies the adaptation mode of the network cable as auto-sensing. The
network cable can be a straight through cable or crossover cable.
Pay attention to the following points:
– The Ethernet optical port does not support the network cable adaptation mode.
– If the Ethernet electrical port works in forced mode (auto-negotiation mode
disabled), the network cable type of the port cannot be configured to auto.
l Configure flow control on the Ethernet port.
Run the flow-control command to enable flow control on the Ethernet port. When the flow
of an Ethernet port is heavy, run this command to control the flow to prevent network
congestion, which may cause the loss of data packets. Flow control needs to be supported
on both the local and peer devices. Pay attention to the following points:
– If the peer device supports flow control, generally, enable flow control on the local
device.
– If the peer device does not support flow control, generally, disable flow control on the
local device.
By default, flow control is disabled.
l Mirror the Ethernet port.
Run the mirror port command to mirror the Ethernet port. When the system is faulty, copy
the traffic of a certain port to the other port and output the traffic for traffic observation,
network fault diagnosis, and data analysis.
----End
Example
Assume that Ethernet port 0/3/0 is an optical port, the port rate is 1000 Mbit/s in duplex mode,
and supporting flow control. To perform the configurations, do as follows:
Prerequisites
The Ethernet board must be configured in the system.
Context
l The IPMB board supports a maximum of four Ethernet port aggregation groups.
l One aggregation group supports a maximum of eight Ethernet ports.
l The Link Aggregation Control Protocol (LACP) is supported by the aggregated port with
the static attribute but not supported by the manually aggregated port.
l Multiple physical ports can be aggregated only if they meet the following requirements:
– The port must work in the full duplex mode.
– The port does not work in the auto negotiation mode.
– The rates of all the ports must be the same, and cannot be configured in the auto
negotiation mode.
– The attributes, such as the default VLAN (PVID) and VLAN of all the ports must be
the same.
– One port belongs to only one aggregation group.
– No mirror destination port is included.
Procedure
Step 1 Run the interface ipm command to enter the IPM mode.
Step 2 Run the link-aggregation command to configure the Ethernet port aggregation.
Step 3 Run the display link-aggregation command to query the information about the aggregated port.
----End
Example
To aggregate Ethernet ports 0 and 1, do as follows:
huawei(config)#interface ipm 0/3
huawei(config-if-ipm-0/3)#duplex 0 full
huawei(config-if-ipm-0/3)#duplex 1 full
huawei(config-if-ipm-0/3)#speed 0 1000
huawei(config-if-ipm-0/3)#speed 1 1000
huawei(config-if-ipm-0/3)#link-aggregation 0-1 ingress
huawei(config-if-ipm-0/3)#display link-aggregation
-------------------------------------------------------------
Master port Sub-ports Mode WorkMode
-------------------------------------------------------------
0 1 ingress manual
-------------------------------------------------------------
Total: 1 link-aggregation(s)
Context
The UA5000 can work in the L2 DHCP relay mode or L3 DHCP relay mode to forward the
DHCP packets exchanged between the user and the DHCP server. By default, the UA5000 works
in the L2 DHCP relay mode. In this mode, the UA5000 transparently transmits the DHCP packets
initiated by the user and configurations are not required. The L3 DHCP relay mode can be
classified into three working modes:
l DHCP standard mode
In this mode, the UA5000 identifies the VLAN to which the user belongs and binds different
VLANs to the corresponding DHCP server groups.
Configure the DHCP standard mode as follows: Configure the working mode of the DHCP
relay. Configure the DHCP server group. Bind VLANs to DHCP server groups.
l DHCP option60 mode
The UA5000 differentiates the DHCP packets transmitted from the user terminal according
to the DHCP option60 field in the packets, and binds different DHCP option60 domains to
the corresponding DHCP server groups.
Configure the DHCP option60 mode as follows: Configure the working mode of the DHCP
relay. Configure the DHCP server group. Create DHCP option60 field. Bind DHCP
option60 domains to DHCP server groups.
l Configuration mode of the MAC address segment
The UA5000 differentiates users according to the MAC address segment of the user
terminals, and binds different MAC address segments to the corresponding DHCP server
group.
Configure the MAC address segment mode as follows: Configure the working mode of the
DHCP relay. Configure the DHCP server group. Define the MAC address segment. Bind
MAC address segments to DHCP server groups.
NOTE
The UA5000 supports the DHCP option82 to ensure the security of the DHCP function. For the
configuration related to the DHCP option82 feature, see "1.13.2 Configuring Anti-Theft and Roaming
of User Account Through DHCP."
Prerequisites
A VLAN must be created. For details, see "1.10 Configuring a VLAN."
Procedure
Step 1 Configure the DHCP forwarding mode.
In the global config mode, run the dhcp mode layer-3 standard command to configure the
DHCP relay mode to standard L3 DHCP relay mode (layer-3, standard).
In the global config mode, run the dhcp-server command to create a DHCP server group.
l igroup-number: Indicates the number of the DHCP server group. It identifies a server group.
You can run the display dhcp-server all-group command to query the DHCP server groups
that are already configured and select a DHCP server group number that is not used in the
system.
l ip-addr: Indicates the IP address of the DHCP server in the DHCP server group. A maximum
of two IP addresses can be entered.
NOTICE
The IP address of the DHCP server configured here must be the same as the IP address of
the DHCP server on the network side.
1. In the global config mode, run the interface vlanif command to create a VLAN L3
interface.
The VLAN ID must be the same as the ID of the VLAN described in the prerequisite.
2. In the VLANIF mode, run the ip address command to configure the IP address of the
VLAN L3 interface.
After the configuration is complete, this IP address is used as the source IP address for
forwarding the IP packets in the VLAN at L3.
NOTICE
l If only an L2 device exists between the UA5000 and the DHCP server, the IP address
of the VLAN L3 interface needs to be in the same subnet as the IP address of the DHCP
server.
l If the upper-layer device of the UA5000 is an L3 device, the IP address of the VLAN
L3 interface and the IP address of the DHCP server can be in different subnets; however,
a route must exist between the VLAN L3 interface and the DHCP server. For details,
see "2.2 Configuring the Route."
3. In the VLANIF mode, run the dhcp-server command to bind the DHCP server to the
VLAN.
This command requires parameter group-number, the value of which is the number of the
created DHCP server group.
----End
Example
Assume that server group 1 contains two DHCP servers, with the maximum response time of
20s, the maximum count of response timeout of 10, the IP address of the primary server 10.1.1.9
and the IP address of the secondary server 10.1.1.10. To bind server group 1 to users in VLAN
2 (with the IP address of the L3 interface 10.1.1.101), do as follows:
Prerequisites
A VLAN must be created. For details, see "1.10 Configuring a VLAN."
Before the configuration, determine the option60 domain name of the user terminal.
Context
When multiple services are provisioned on the UA5000, such as video multicast and IP telephone
services, the services are provided by different service providers. The service providers may use
different relay IP addresses of the same DHCP server or different DHCP servers to allocate IP
addresses to users. Therefore, configure the users to apply for IP addresses from the DHCP server
in the DHCP option60 mode.
In the DHCP option60 mode, the DHCP server group is selected according to the character string
(namely, domain name) in the option60 of DHCP packets. Here, the option60 domain name and
the DHCP server group to which the domain name is bound need to be configured beforehand.
In this mode, users are differentiated according to the domain information in the packet, and
different service types in the same VLAN can also be differentiated.
Procedure
Step 1 Configure the DHCP forwarding mode.
In the global config mode, run the dhcp mode layer-3 option-60 command to configure the
DHCP relay mode to L3 option60 mode (layer-3, option60).
In the global config mode, run the dhcp-server command to create a DHCP server group.
l igroup-number: Indicates the number of the DHCP server group. It identifies a server group.
You can run the display dhcp-server all-group command to query the DHCP server groups
that are already configured and select a DHCP server group number that is not used in the
system.
l ip-addr: Indicates the IP address of the DHCP server in the DHCP server group. A maximum
of two IP addresses can be entered.
NOTICE
The IP address of the DHCP server configured here must be the same as the IP address of
the DHCP server on the network side.
Step 4 Bind the DHCP option60 domain to the DHCP server group.
In the option60 domain mode, run the dhcp-server command to bind the DHCP domain to the
DHCP server group. After the configuration is complete, the DHCP clients belonging to the
DHCP correspond to the DHCP server group.
Step 5 Configure the IP address of the gateway corresponding to the DHCP domain.
1. In the global config mode, run the interface vlanif command to create a VLAN L3
interface.
The VLAN ID must be the same as the ID of the VLAN described in the prerequisite.
2. In the VLANIF mode, run the ip address command to configure the IP address of the
VLAN L3 interface.
After the configuration is complete, this IP address is used as the source IP address for
forwarding the IP packets in the VLAN at L3.
NOTICE
l If only an L2 device exists between the UA5000 and the DHCP server, the IP address
of the VLAN L3 interface needs to be in the same subnet as the IP address of the DHCP
server.
l If the upper-layer device of the UA5000 is an L3 device, the IP address of the VLAN
L3 interface and the IP address of the DHCP server can be in different subnets; however,
a route must exist between the VLAN L3 interface and the DHCP server. For details,
see "2.2 Configuring the Route."
3. In the VLANIF mode, run the dhcp domain gateway command to configure the IP address
of the gateway corresponding to the DHCP domain.
The IP address of the gateway must be a configured IP address of the VLAN interface.
Under the same VLAN interface, different option60 domains can be configured with
different gateways. Therefore, different DHCP servers can be selected according to the
domain information in the packet.
----End
Example
Assume that server group 2 contains two DHCP servers, with the IP address of the primary server
10.10.10.10 and the IP address of the secondary server 10.10.10.11. To bind server group 2 to
users whose option60 domain name is msft in VLAN 2 (with the IP address of the L3 interface
10.1.2.1/24), do as follows:
huawei(config)#dhcp mode layer-3 option-60
huawei(config)#dhcp-server 2 ip 10.10.10.10 10.10.10.11
huawei(config)#dhcp domain msft
huawei(config-dhcp-domain-msft)#dhcp-server 2
huawei(config-dhcp-domain-msft)#quit
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ip address 10.1.2.1 24
huawei(config-if-vlanif2)#dhcp domain msft gateway 10.1.2.1
Prerequisites
A VLAN must be created. For details, see "1.10 Configuring a VLAN."
Context
In the networking, devices of various manufacturers may exist on the network. The devices of
each manufacturer have a fixed MAC address segment. In this case, the IP address can be
obtained from the DHCP server through DHCP relay in the MAC address segment configuration
mode.
The UA5000 can select the DHCP server based on the MAC address segment. After the
configuration is complete, clients in this MAC address segment obtain IP addresses from the
corresponding DHCP server.
Procedure
Step 1 Configure the DHCP forwarding mode.
In the global config mode, run the dhcp mode layer-3 mac-range command to configure the
DHCP relay mode to L3 MAC address segment mode (layer-3, mac-range).
NOTICE
The IP address of the DHCP server configured here must be the same as the IP address of
the DHCP server on the network side.
Step 4 Bind the DHCP server group to the MAC address segment.
In the MAC address segment configuration mode, run the dhcp-server command to bind a
DHCP server group to the MAC address segment.
Step 5 Configure the IP address of the gateway corresponding to the MAC address segment.
1. In the global config mode, run the interface vlanif command to create a VLAN L3
interface.
The VLAN ID must be the same as the ID of the VLAN described in the prerequisite.
2. In the VLANIF mode, run the ip address command to configure the IP address of the
VLAN L3 interface.
After the configuration is complete, this IP address is used as the source IP address for
forwarding the IP packets in the VLAN at L3.
NOTICE
l If only an L2 device exists between the UA5000 and the DHCP server, the IP address
of the VLAN L3 interface needs to be in the same subnet as the IP address of the DHCP
server.
l If the upper-layer device of the UA5000 is an L3 device, the IP address of the VLAN
L3 interface and the IP address of the DHCP server can be in different subnets; however,
a route must exist between the VLAN L3 interface and the DHCP server. For details,
see "2.2 Configuring the Route."
3. In the VLANIF mode, run the dhcp mac-range gateway command to configure the IP
address of the gateway corresponding to the DHCP domain.
The IP address of the gateway must be a configured IP address of the VLAN interface.
Under the same VLAN interface, different MAC address segments can be configured with
different gateways. Therefore, different DHCP servers can be selected according to the
MAC address segment information in the packet.
----End
Example
Assume that server group 2 contains two DHCP servers, with the IP address of the primary server
10.10.10.10 and the IP address of the secondary server 10.10.10.11. To bind server group 2 to
certain users (whose MAC address is in the range from 0000-0000-0001 to 0000-0000-0100) in
VLAN 2, do as follows:
huawei(config)#dhcp mode layer-3 mac-range
huawei(config)#dhcp-server 2 ip 10.10.10.10 10.10.10.11
huawei(config)#dhcp mac-range huawei
huawei(config-mac-range-huawei)#mac-range 0000-0000-0001 to 0000-0000-0100
huawei(config-mac-range-huawei)#dhcp-server 2
huawei(config-mac-range-huawei)#quit
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ip address 10.1.2.1 24
huawei(config-if-vlanif2)#dhcp mac-range huawei gateway 10.1.2.1
Prerequisites
The VLAN to be added must not exist in the system.
Application Context
VLAN application is specific to user types. For details on the VLAN application, see "Table
1-3."
Default Configuration
Table 1-4 lists the default parameter settings of VLAN.
Default VLAN of VLAN ID: 1 You can run the defaultvlan modify
the system Type: MUX VLAN command to modify the VLAN type but
cannot delete the VLAN.
Reserved VLAN VLAN ID range: You can run the vlan reserve command to
of the system 4079-4093 modify the VLAN reserved by the system.
Procedure
Step 1 Create a VLAN.
Run the vlan to create a VLAN. VLANs of different types are applicable to different scenarios.
Smart To add a smart VLAN, One smart VLAN may Smart VLANs are
VLAN run the vlan vlanid contain multiple xDSL applied in residential
smart command. service ports. The traffic communities to provide
streams of the service xDSL access.
ports are isolated from
each other and the traffic
streams in different
VLANs are isolated from
each other. One smart
VLAN provides access
for multiple users and
thus saves VLAN
resources.
MUX To add a MUX VLAN, One MUX VLAN MUX VLANs are
VLAN run the vlan vlanid mux contains only one xDSL applicable to xDSL
command. service port. The traffic service access. For
streams in different example, MUX VLANs
VLANs are isolated from can be used to distinguish
each other. One-to-one users.
mapping can be set up
between a MUX VLAN
and an access user.
Hence, a MUX VLAN
can identify an access
user.
Super To add a super VLAN, The super VLAN is based Super VLANs can be
VLAN run the vlan vlanid on layer 3. One super used for the L3
super command. VLAN contains multiple intercommunication and
sub-VLANs. Through an are applicable to the
ARP proxy, the sub- scenario where saving IP
VLANs in a super VLAN addresses and improving
can be interconnected at the usage of IP addresses
layer 3. are required.
For a super VLAN, sub-
VLANs must be
configured. You can run
the supervlan command
to add a sub-VLAN to a
specified super VLAN. A
sub-VLAN must be a
smart VLAN or a MUX
VLAN.
NOTE
l To add VLANs with consecutive IDs in batches, run the vlan vlanid to end-vlanid command.
l To add VLANs with inconsecutive IDs in batches, run the vlan vlan-list command.
The default attribute for a new VLAN is "common". You can run the vlan attrib command to
configure the attribute of the VLAN.
Com The default The VLAN with A VLAN with the Applicable to the
mon attribute for a new this attribute can common attribute N:1 access
VLAN is be a standard can function as a scenario.
"common". VLAN, smart common layer 2
VLAN, MUX VLAN or function
VLAN, or super for creating a layer
VLAN. 3 interface.
QinQ To configure QinQ The VLAN with The packets from a Applicable to the
VLA as the attribute of a this attribute can QinQ VLAN enterprise private
N VLAN, run the only be a smart contain two VLAN line scenario.
vlan attrib vlanid VLAN or MUX tags, that is, inner
q-in-q command. VLAN. The VLAN tag from
attribute of a sub the private network
VLAN, the and outer VLAN
VLAN with an L3 tag from the
interface, and the UA5000. Through
default VLAN of the outer VLAN,
the system cannot an L2 VPN tunnel
be set to QinQ can be set up to
VLAN. transparently
transmit the
services between
private networks.
VLA To configure The VLAN with The packets from a Applicable to the
N stacking as the this attribute can stacking VLAN 1:1 access scenario
Stacki attribute of a only be a smart contain two VLAN for the wholesale
ng VLAN, run the VLAN or MUX tags, that is, inner service or
vlan attrib vlanid VLAN. The VLAN tag and extension of
stacking attribute of a sub outer VLAN tag VLAN IDs.
command. VLAN, the from the UA5000. In the case of a
VLAN with an L3 The upper-layer stacking VLAN, to
interface, and the BRAS configure the inner
default VLAN of authenticates the tag of the service
the system cannot access users port, run the
be set to VLAN according to the stacking label
Stacking. two VLAN tags. In command.
this manner, the
number of access
users is increased.
On the upper-layer
network in the L2
working mode, a
packet can be
forwarded directly
by the outer VLAN
tag and MAC
address mode to
provide the
wholesale service
for ISPs.
NOTE
l To configure attributes for the VLANs with consecutive IDs in batches, run the vlan attribvlanidtoend-
vlanid command.
l To configure attributes for the VLANs with inconsecutive IDs in batches, run the vlan attribvlan-list
command.
To configure VLAN description, run the vlan desc command. You can configure VLAN
description to facilitate maintenance. The general VLAN description includes the usage and
service information of the VLAN.
----End
Example
Assume that a stacking VLAN with ID of 50 is to be configured for extension of the VLAN. A
service port is added to VLAN 50. The outer VLAN tag 50 of the stacking VLAN identifies the
access device and the inner VLAN tag 10 identifies the user with access to the device. For the
VLAN, description needs to be configured for easy maintenance. To configure such a VLAN,
do as follows:
huawei(config)#vlan 50 smart
huawei(config)#vlan attrib 50 stacking
huawei(config)#service-port vlan 50 adsl 0/7/0 vpi 0 vci 39 rx-cttr 2 tx-cttr 2
huawei(config)#stacking label vlan 50 baselabel 10
huawei(config)#vlan desc 50 description stackingvlan/label10
Context
l The port can be bound with the ADSL2+ line profile only when it is in the deactivated state.
l ADSL2+ line profile and alarm profile can be bound directly.
Table 1-7 lists the default settings of the ADSL2+ profile.
l Most of the parameters for an ADSL2+ port can be configured in an ADSL2+ line profile.
After the line profile is configured successfully, it can be used when the ports are activated.
Precautions
The ADSL2+ line profile of the UA5000 supports only the downstream seamless rate adaptation
(SRA).
Procedure
l Configure the ADSL2+ line profile.
Run the adsl line-profile quickadd command to quickly add an ADSL2+ line profile, or
run the interactive adsl line-profile add command to add an ADSL2+ line profile.
Main parameters:
– basic-para: Indicates the basic configuration parameters, such as line transmission
mode. By default, the system supports all the transmission modes. The user can adopt
the default value for auto-adaptation.
– rate: Indicates the line rate. During line activation, a proper rate between the preset
maximum rate and minimum rate is determined through automatic negotiation
according to the line condition and the profile configuration. The user rate can be
restricted by this line rate or the rate set in the traffic profile bound to the user. When
both rates function, the lower one is adopted as the user rate.
– snr: Indicates the SNR margin, which refers to the idle space for carrying noise,
excluding the space for carrying signals. Generally, the SNR margin of the minimum
tone is considered as the SNR margin of the entire ADSL connection.
l (Optional) Configure the ADSL2+ extended line profile.
Run the adsl extline-profile quickadd command to quickly add an ADSL2+ extended line
profile, or run the interactive adsl extline-profile add command to add an ADSL2+
extended line profile.
Main parameters:
– inp: Indicates impulse noise protection. As a parameter that describes the line capability
of resisting impulse interference, INP affects the port rate. If INP is 1, it indicates that
the current channel can resist the impulse noise in 1 DMT character length. The
interleave delay is related to INP. In the fast mode, INP does not apply.
– mode: The line profile also contains the parameter of transmission mode. When both
the extended line profile and the line profile are configured on the port and the
transmission mode is specified in the extended line profile, the port is activated using
the transmission mode specified in the extended line profile.
If the transmission mode and Annex type are specified in the extended line profile, the
transmission mode configured in the line profile does not take effect. The transmission
mode in the extended line profile works. Table 1-8 lists the mapping between the
transmission mode and the Annex type.
Table 1-8 Mapping between the transmission mode and the Annex type
G992.2 Supported - - -
T1.413 - - - -
Main parameters:
Alarm parameters include the ADSL transceiver unit - central office end (ATU-C) and the
ADSL transceiver unit - remote end (ATU-R). The followings parameters are particular to
the ATU-C:
----End
Example
Assume that the channel mode of an ADSL2+ line profile is interleaved, the adaptation mode
for the downstream transmission rate is fixed, the maximum downstream delay is 100 ms, the
maximum upstream delay is 100 ms, the minimum downstream transmission rate is 2048 kbit/
s, the maximum downstream transmission rate is 2048 kbit/s, the minimum upstream
transmission rate is 1000 kbit/s, and the maximum upstream transmission rate is 1100 kbit/s. To
configure such an ADSL2+ line profile, do as follows:
huawei(config)#adsl line-profile quickadd basic-para full-rate trellis 1 bitswap
1 1 channel interleaved 100 100 adapt fixed snr 5 4 9 5 4 9 rate 2048 2048 1000
1100
To quickly add an ADSL2+ extended line profile, whose 34-456 sub-carriers are disabled, and
the L2 power management mode is configured, do as follows:
huawei(config)#adsl extline-profile quickadd missingtone section_1 34-456 1 inp
minimum-inp-downstream 1 minimum-inp-upstream 1 l2 0 minimum-rate 256 maximum-rate
512
Assume that the ID of the profile is 4, all the thresholds on the local/remote end are set to 100s,
and the difference between the transmission rate in the channel mode and the former transmission
rate is 1000 kbit/s. To quickly configure such an ADSL2+ alarm profile, do as follows:
huawei(config)#adsl alarm-profile quickadd 4 atu-c trap enable 100 100 100 100 100
100 100 100 interleaved 1000 1000 fast 1000 1000 atu-r 100 100 100 100 100 100
interleaved 1000 1000 fast 1000 1000
Context
The SHDSL line profile and alarm profile can be directly bound to an SHDSL port.
SHDSL line profile Profile IDs: 1, 100, 101, 102, and 103
Profile 1 is used to activate the 2-wire ATM SHDSL
port. Profile 100 is used to activate the 4-wire ATM
SHDSL port. Profile 101 is used to activate the 6-
wire ATM SHDSL port. Profile 102 is used to
activate the 8-wire ATM SHDSL port. Profile 103
is used to activate the EFM-bonding SHDSL port.
Procedure
l Configure an SHDSL line profile.
Run the shdsl line-profile quickadd command to quickly add an SHDSL line profile, or
run the shdsl line-profile add command to interactively add an SHDSL line profile.
Main parameters:
– rate: Indicates the line rate. During line activation, a proper rate between the preset
maximum rate and minimum rate is determined through automatic negotiation
according to the line condition and the profile configuration. The user rate can be
restricted by this rate or the rate set in the traffic profile that is bound to the user. When
both rates function, the lower rate is selected as the user rate.
– transmission: Indicates the transmission mode. Set the transmission mode according
to line conditions and actual planning. Three transmission modes are supported: annex
A, annex B, and annex A&B.
– snr-margin: The larger the SNR margin, the better the line stability, and meanwhile
the lower the physical connection rate of the line after activation. For common Internet
access users, set the target SNR margin to 3; for users with higher priorities, set the
target SNR margin to 5.
NOTE
When the board supports G.SHDSL.bis (including the extended standard annex F), the maximum rate can
reach 5696 kbit/s.
l Configure an SHDSL alarm profile.
Run the shdsl alarm-profile quickadd command to quickly add an SHDSL alarm profile,
or run the shdsl line-profile add command to interactively add an SHDSL alarm profile.
----End
Example
To add SHDSL line profile 3 with the line rate of 4096 kbit/s, which is used to activate the 4-
wire SHDSL port, do as follows:
huawei(config)#shdsl line-profile quickadd 3 line four-wire rate 4096 psd
asymmetric transmission annex-a&b remote enable probe enable
Assume that the loop attenuation threshold is 10 dB, SNR margin is 0 dB, ES threshold is 100s,
SES threshold is 100s, CRC abnormality duration threshold is 10000, LOSWS threshold is 100s,
UAS threshold is 100s. To quickly add SHDSL line alarm profile 3 with these parameters, do
as follows:
huawei(config)#shdsl alarm-profile quickadd 3 loop-attenuation 10 snr-margin 0 es
100 ses 100 crc-anomaly 10000 losws 100 uas 100
Context
A VDSL2 line template consists of a VDSL2 line profile and a VDSL2 channel profile. Before
activating a VDSL2 port, bind a VDSL2 line template to the port. A VDSL2 alarm template
consists of a VDSL2 line alarm profile and a VDSL2 channel alarm profile. Bind a VDSL2
alarm template rather than a VDSL2 line alarm profile or a VDSL2 channel alarm profile to a
VDSL2 port. Figure 1-6 provides the configuration flow of a VDSL2 profile.
Start Start
End End
Procedure
l Configure a VDSL2 line template.
1. Run the vdsl line-profile quickadd command to quickly add a VDSL2 line profile,
or run the vdsl line-profile add command to interactively add a VDSL2 line profile.
Main parameters:
– transmode: Indicates the line transmission mode. By default, the system supports
all transmission modes. The default setting can be used. Then, the system
automatically adapts to the transmission mode of the peer end.
– snr: Indicates the SNR margin. It refers to the remaining space for carrying noise,
excluding the space for carrying signals. In general, the SNR margin of the
minimum tone is used as the SNR margin of the entire VDSL2 connection.
2. Run the vdsl channel-profile quickadd command to quickly add a VDSL2 channel
profile, or run the vdsl channel-profile add command to interactively add a VDSL2
channel profile.
Main parameters:
– path-mode: Indicates the path mode. There are two VDSL2 path modes: ATM
mode and PTM mode. By default, the system supports both modes. If the default
mode is used, the system can automatically adapt to the path mode of the peer end
and therefore the setting of the path mode is not required in this case. To set the
ATM mode as the VDSL2 path mode, select atm. To set the PTM mode as the
VDSL2 path mode, select ptm. The default setting both is recommended. When
both is selected, both modes are supported.
– interleaved-delay: Indicates the interleave delay. A zero interleave delay
corresponds to the fast mode. In the fast mode, the interleave delay is short, but
the error correction capability is weak. A non-zero interleave delay corresponds
to the interleave mode. The longer the interleave delay, the greater the interleave
depth. In the interleave mode, the greater the interleave depth, the stronger the error
correction capability, but the longer the delay.
– inp: Indicates the impulse noise protection. The INP is a parameter that describes
the line capability of resisting impulse interference. The INP affects the port rate.
If the INP is 1, it indicates that the current channel can resist the impulse noise in
1 DMT character length. The interleave delay is related to the INP. In the fast
mode, the INP is meaningless.
– rate: Indicates the line rate. During line activation, a proper rate between the preset
maximum rate and minimum rate is determined through automatic negotiation
according to the line condition and the profile configuration. The user rate can be
restricted by this rate or the rate set in the traffic profile bound to the user. When
both rates function, the lower rate is selected as the user rate.
3. Run the vdsl line-template quickadd command to quickly add a VDSL2 line
template, or run the vdsl line-template add command to interactively add a VDSL2
line template.
A VDSL2 line template consists of a VDSL2 line profile and a VDSL2 channel profile.
To activate a VDSL2 port, bind a VDSL2 line template to the port.
l Configure a VDSL2 alarm template.
1. Run the vdsl alarm-profile quickadd command to quickly add a VDSL2 line alarm
profile, or run the vdsl alarm-profile add command to interactively add a VDSL2
line alarm profile.
2. Run the vdsl channel-alarm-profile quickadd command to quickly add a VDSL2
channel alarm profile, or run the vdsl channel-alarm-profile add command to
interactively add a VDSL2 channel alarm profile.
3. Run the vdsl alarm-template quickadd command to quickly add a VDSL2 alarm
template, or run the vdsl alarm-template add command to interactively add a VDSL2
alarm template.
A VDSL2 alarm template consists of a VDSL2 line alarm profile and a VDSL2
channel alarm profile. Bind a VDSL2 alarm template rather than a VDSL2 line alarm
profile or a VDSL2 channel alarm profile to a VDSL port.
----End
Example
Assume that:
l Channel mode: interleave mode
l Downstream maximum interleave delay: 8 ms
l Upstream maximum interleave delay: 2 ms
l SNR margin: 6 dB
Context
With the system security feature, the UA5000 can be protected against the attacks from the
network side or user side, and thus the UA5000 can run stably on the network. System security
includes the following items:
l ACL/Packet filtering firewall
l Blacklist
l Anti-DoS attack
l Anti-ICMP/IP attack
l Source route filtering
l Source MAC address filtering
l Allowed/Denied address segment
Context
Firewall includes the following items:
l Blacklist: The blacklist function can be used to screen the packets sent from a specific IP
address. A major feature of the blacklist function is that blacklist entries can be dynamically
added or deleted. When firewall detects the attack attempt of a specific IP address according
to the characteristics of packets, firewall actively adds an entry to the blacklist and then
filters the packets from this IP address.
l ACL packet filtering firewall: Configure an ACL to filter data packets. To set a port to
allow only one type of packets to go through, use the ACL to implement the packet filtering
function.
For example, to allow only the packets from source IP address 1.1.1.1 to go through a port
in the inbound direction, do as follows:
1. Configure an ACL rule1, which allows the packets with source IP address 1.1.1.1 to
pass.
2. Configure an ACL rule2, which denies all packets.
3. Run the firewall packet-filter command, and bind rule2 first and then rule1 to the
inbound direction.
NOTE
On the UA5000, an ACL can be used in two modes. In two modes, the execution priorities on the
sub-rules in one ACL are different.
l Run the firewall packet-filter command to use an ACL. This mode is applied to the NMS. For
the sub-rules in one ACL, the execution priority is implemented by software. The earlier the
execution priority of the sub-rules in one ACL is configured, the higher the priority.
l Run the packet-filter command to use an ACL. For the sub-rules in one ACL, the execution
priority is implemented by hardware. The later the execution priority of the sub-rules in one
ACL is configured, the higher the priority.
NOTICE
To ensure device security, firewall must be configured. This is to control the packets that go
through the management port of the device.
Procedure
l Configure firewall blacklist.
Two modes are supported: configuring firewall blacklist by using ACLs or by adding the
source IP addresses of untrusted packets. Choose either mode, or both.
When two modes are configured, the priority of the firewall blacklist function is higher
than the priority of ACLs. That is, the system checks the firewall blacklist first, and then
matches ACLs.
NOTE
The firewall blacklist function only takes effect to the service packets that are sent from the user side.
– Configure the firewall blacklist function by using advanced ACLs.
1. Run the acl command to create an ACL. Only advanced ACLs can be used when
the blacklist function is enabled. Therefore, the range of the ACL ID is
3000-3999.
2. Run the rule(adv acl) command to create an advanced ACL.
3. Run the quit command to return to the global config mode.
4. Run the firewall blacklist enable acl-number acl-number command to enable
the firewall blacklist function.
– Configure the firewall blacklist function by adding the source IP addresses of untrusted
packets.
1. Run the firewall blacklist item command to add the source IP addresses of
untrusted packets to the blacklist.
2. Run the firewall blacklist enable command to enable the firewall blacklist
function.
l Configure the firewall (filtering packets based on the ACL).
1. Run the acl command to create an ACL. Only basic ACLs and advanced ACLs can
be used when packet filtering by firewall is configured. Therefore, the range of the
ACL ID is 2000-3999.
2. Run different commands to create different types of ACLs.
– Basic ACL: Run the rule(basic acl) command.
– Advanced ACL: Run the rule(adv acl) command.
3. Run the quit command to return to the global config mode.
4. Run the firewall enable command to enable the firewall blacklist function. By default,
the firewall blacklist function is disabled.
To filter the packets of a port based on the basic ACL, enable the firewall blacklist
function.
5. Run the interface meth command to enter the METH mode to configure the firewall
packet filtering rules for an METH interface; run the interface vlanif command to
enter the VLANIF mode to configure the firewall packet filtering rules for a VLAN
interface.
6. Run the firewall packet-filter command to apply firewall packet filtering rules to an
interface.
----End
Example
To add IP address 192.168.10.18 to the firewall blacklist with the aging time of 100 min, do as
follows:
huawei(config)#firewall blacklist item 192.168.10.18 timeout 100
huawei(config)#firewall blacklist enable
To add the IP addresses in network segment 10.10.10.0 to the firewall blacklist and bind ACL
3000 to these IP addresses, do as follows:
huawei(config)#acl 3000
huawei(config-acl-adv-3000)#rule deny ip source 10.10.10.0 0.0.0.255 destination
10.10.10.20 0
huawei(config-acl-adv-3000)#quit
huawei(config)#firewall blacklist enable acl-number 3000
To deny the users in network segment 172.16.25.0 to access the maintenance Ethernet port with
IP address 172.16.25.28 on the device, do as follows:
huawei(config)#acl 3001
huawei(config-acl-adv-3001)#rule 5 deny icmp source 172.16.25.0 0.0.0.255
destination 172.16.25.28 0
huawei(config-acl-adv-3001)#quit
huawei(config)#firewall enable
huawei(config)#interface meth 0
huawei(config-if-meth0)#firewall packet-filter 3001 inbound
ACL applied successfully
Context
The UA5000 supports the following measures to prevent malicious users attack on the system.
Choose measures according to actual requirements.
l Anti-DoS attack: Indicates the defensive measures taken by the system to receive only a
certain number of control packets sent from a user.
l Anti-ICMP attack: Indicates the defensive measures taken by the system to discard the
ICMP packets sent from the user-side device to the UA5000. This is to prevent the user-
side device from pinging the L3 interface on the UA5000.
l Anti-IP attack: Indicates the defensive measures taken by the system to discard the IP
packets sent from the user-side device to the UA5000.
l Source MAC address filtering: Indicates the defensive measures taken by the system to
filter the packets that are sent by the user and carry certain source MAC addresses.
Procedure
l Configure anti-DoS attack.
Run the security anti-dos enable command to enable anti-DoS attack. After the anti-DoS
attack function is enabled, the system adds the user port to the blacklist if the system receives
the attack packet. When anti-DoS attack is disabled, the system deletes the blacklist.
Application scenario: Two PCs (PC1 and PC2) are connected to the network through the
UA5000. If a malicious user (PC1) sends a large number of protocol control packets to
attack the CPU of the UA5000, the CPU usage of the UA5000 will be over high, and then
the UA5000 is unable to process the services of another user (PC2). To implement anti-
DoS attack, shield the attack port to protect the UA5000 from being attacked.
l Configure anti-ICMP attack.
Run the security anti-icmpattack enable command to enable anti-ICMP attack. Anti-
ICMP attack is used to prevent the user-side device from pinging the VLAN interface of
the UA5000.
Application scenario: Two PCs (PC1 and PC2) are connected to the network through the
UA5000. When PC2 sends a large number of ICMP packets to the VLAN interface, the
services of the user (PC1) that obtains the upper-layer DHCP information through the same
VLAN interface will be abnormal. To implement anti-ICMP attack, directly discard the
user-side ICMP packets if the IP address of the VLAN interface on the UA5000 is its
destination IP address.
l Enable anti-IP attack.
Run the security anti-ipattack enable command to enable anti-IP attack. The anti-IP attack
is used to prevent user-side IP packets from attacking the L3 interface of the device or to
prevent illegal users from logging in to the device through telnet.
Application scenario: When a PC sends the packets with the address of VLAN x as the
destination IP address to VLANIF x, it may send a large number of packets to attack the
device, causing the device to fail to process normal services; when a user knows the address
of VLAN x, and the user name and password for logging in to the device, it may log in to
the device through telnet to randomly change the configurations of the device. To prevent
the two preceding cases, the device needs to implement anti-IP attack. With this feature,
the device discards the packets with the address of the device interface as the destination
IP address to prevent the user from attacking the device.
l Configure the MAC address filtering function.
Run the security mac-filter command to enable the MAC address filtering function.
Application scenario: To prevent users from forging the MAC address of the network-side
device, or forging certain renowned MAC addresses, set the MAC address of the network-
side as the MAC address to be filtered.
----End
Example
To enable the anti-DoS attack function and anti-IP attack function, do as follows:
huawei(config)#security anti-dos enable
huawei(config)#security anti-ipattack enable
Context
Each firewall can be configured with up to 10 address segments.
When adding an address segment, ensure that the start address does not repeat an existing start
address.
To delete an address segment, you only need to enter the start address of the address segment.
Procedure
l Configure the permitted/denied IP address segment for the access through Telnet.
1. Run the sysman firewall telnet enable command to enable the firewall function for
the access through Telnet. By default, the firewall function of the system is disabled.
2. Run the sysman ip-access telnet command to configure the IP address segment that
is permitted to access the device through Telnet.
NOTICE
To ensure the device security, apply the minimum authorization principles. That is,
configure the permitted IP address segment, and add only the necessary management
IP address segment. IP addresses other than have been specified are not permitted to
access the device through the management port.
3. Run the sysman ip-refuse telnet command to configure the IP address segment that
is forbidden to access the device through Telnet.
NOTE
The permitted IP address segment and the denied IP address segment are not overlap and only the
user whose IP address is in the permitted address segment and is not in the denied address segment
can access the device.
l Configure the permitted/denied IP address segment for the access through SSH.
1. Run the sysman firewall ssh enable command to enable the firewall function for the
access through SSH. By default, the firewall function of the system is disabled.
2. Run the sysman ip-access ssh command to configure the IP address segment that is
permitted to access the device through SSH.
NOTICE
To ensure the device security, apply the minimum authorization principles. That is,
configure the permitted IP address segment, and add only the necessary management
IP address segment. IP addresses other than have been specified are not permitted to
access the device through the management port.
3. Run the sysman ip-refuse ssh command to configure the IP address segment that is
forbidden to access the device through SSH.
NOTE
The permitted IP address segment and the denied IP address segment are not overlap and only the
user whose IP address is in the permitted address segment and is not in the denied address segment
can access the device.
l Configure the permitted/denied IP address segment for the access through SNMP (NMS).
1. Run the sysman firewall snmp enable command to enable the firewall function for
the access through SNMP. By default, the firewall function of the system is disabled.
2. Run the sysman ip-access snmp command to configure the IP address segment that
is permitted to access the device through SNMP.
NOTICE
To ensure the device security, apply the minimum authorization principles. That is,
configure the permitted IP address segment, and add only the necessary management
IP address segment. IP addresses other than have been specified are not permitted to
access the device through the management port.
3. Run the sysman ip-refuse snmp command to configure the IP address segment that
is forbidden to access the device through SNMP.
NOTE
The permitted IP address segment and the denied IP address segment are not overlap and only the
user whose IP address is in the permitted address segment and is not in the denied address segment
can access the device.
----End
Example
To enable the firewall function for the access through Telnet, and permit only the users of the
IP address segment 134.140.5.1-134.140.5.254 to log in to the device through Telnet, do as
follows:
huawei(config)#sysman firewall telnet enable
huawei(config)#sysman ip-access telnet 134.140.5.1 134.140.5.254
To enable the firewall function for the access through SSH, and permit only the users of the IP
address segment 133.7.22.1-133.7.22.254 to log in to the device through SSH, do as follows:
huawei(config)#sysman firewall ssh enable
huawei(config)#sysman ip-access ssh 133.7.22.1 133.7.22.254
To enable the firewall function for the access through SNMP, and permit only the users of the
IP address segment 10.10.20.1-10.10.20.254 to log in to the device through SNMP, do as follows:
huawei(config)#sysman firewall snmp enable
huawei(config)#sysman ip-refuse snmp 10.10.20.1 10.10.20.254
Context
The user security mechanism includes:
l PITP: The purpose of the PITP feature is to provide the user physical location information
for the upper-layer authentication server. After the BRAS obtains the user physical location
information, the BRAS binds the information to the user account for authentication, thus
protecting the user account against theft and roaming.
l DHCP option 82: The user physical location information is added to the option 82 field in
the DHCP request sent by the user. The information is used by the upper-layer
authentication server for authenticating the user, thus protecting the user account against
theft and roaming.
l IP address binding: The IP address of the user is bound to the corresponding service port
for authenticating the user, thus ensuring the security of the authentication.
l MAC address binding: The MAC address is bound to the service port, thus preventing the
access of illegal users.
l Anti-MAC spoofing: It is a countermeasure taken by the system to prevent a user from
attacking the system with a forged MAC address.
l Anti-IP spoofing: It is a countermeasure taken by the system to prevent a user from attacking
the system with a forged IP address.
l User-side ring network detection.
Table 1-11 lists the default settings of the user security mechanism.
DHCP option Global function: disabled The DHCP option 82 function can
82 Port-level function: enabled be enabled only when the functions
at all levels are enabled.
Application Context
PITP is a member of Huawei Group Management Protocol (HGMP) family. It is used for
providing the user port information for the BRAS. After the BRAS obtains the user port
information, the BRAS binds the user account to the user port, thus protecting the user account
against theft and roaming. PITP has two modes, the PPPoE+ mode (also called the PITP P mode)
and the VBAS mode (also called the PITP V mode).
PITP is applicable to the networking of a standalone UA5000 and the networking of subtended
UA5000s.
l In the networking of a standalone UA5000: Two PCs (PC1 and PC2) are connected to
different ports of the UA5000 for the dialup access.
l In the networking of subtended UA5000s: Two PCs (PC1 and PC2) are connected to
different UA5000s (PC1 is connected to the UA5000, and PC2 is connected to the
UA5000 through a subtended device) for the dialup access.
The principles in the two scenarios are similar. The user dials up from PC1 by using the
corresponding user account. The BRAS binds the user account to the user's physical port
information reported by the UA5000. When the user of PC2 dials up by using the user account
of PC1, the BRAS discovers that the user account does not match the physical port information
and thus rejects the dialup access request of PC2.
Default Configuration
Table 1-12 lists the default settings related to PITP.
Procedure
Step 1 Configure the relay agent information option (RAIO). Before using the PITP function, you must
configure RAIO.
l Run the raio-mode mode pitp-pmode command to configure the RAIO mode in the PITP
P mode.
l Run the raio-mode mode pitp-vmode command to configure the RAIO mode in the PITP
V mode.
The PITP P mode supports all the RAIO modes; the PITP V mode currently supports only the
common, cntel, and userdefine modes.
user-defined: Indicates the user-defined mode. In this mode, you need to run the raio-format
command to configure the RAIO format. Select a corresponding keyword for configuring the
RAIO format according to the PITP mode.
l In the PITP P mode, run the raio-format pitp-pmode command to configure the RAIO
format.
l In the PITP V mode, run the raio-format pitp-vmode command to configure the RAIO
format.
In the case of the user-defined RAIO format, configure the circuit ID (CID) and the remote ID
(RID). If the access mode is not selected, the configured format applies to all access modes. If
the access mode is selected, the configured format applies to only this access mode. The CID
format and RID format in the PITP V mode are the same:
Global PITP function: Run the pitp enable pmode command to enable global PITP P mode. By
default, the global PITP function is disabled. In the PITP V mode, run the pitp vmode ether-
type command to configure the Ethernet protocol type to be the same as the Ethernet protocol
type of the BRAS. Then, run the pitp enable vmode command to enable global PITP V mode.
NOTE
The Ethernet protocol type of the PITP V mode must be configured when the PITP V mode is disabled.
----End
Example
Assume that:
l RAIO mode: user-defined mode
l CID format for the ATM access mode: shelf ID/slot ID/port ID: VPI.VCI
l CID format for the Ethernet access mode: shelf ID/slot ID/port ID: VLAN ID
To enable the PITP P mode, do as follows:
huawei(config)#raio-mode user-defined pitp-pmode
huawei(config)#raio-format pitp-pmode cid atm anid atm frame/slot/port:vpi.vci
huawei(config)#raio-format pitp-pmode cid eth anid eth frame/slot/port:vlanid
huawei(config)#raio-format pitp-pmode rid atm plabel
huawei(config)#raio-format pitp-pmode rid eth plabel
huawei(config)#pitp enable pmode
Assume that:
l RAIO mode: user-defined mode
l CID/RID format for the ATM access mode: shelf ID/slot ID/port ID: VPI.VCI
l CID/RID format for the Ethernet access mode: shelf ID/slot ID/port ID: VLAN ID
To set the Ethernet protocol type of VBRAS packets to be the same as the Ethernet protocol
type of the upper-layer BRAS, namely, 0x8500, and enable the PITP V mode, do as follows:
huawei(config)#raio-mode user-defined pitp-vmode
huawei(config)#raio-format pitp-vmode atm anid atm frame/slot/port:vpi.vci
huawei(config)#raio-format pitp-vmode eth anid eth frame/slot/port:vlanid
huawei(config)#pitp vmode ether-type 0x8500
huawei(config)#pitp enable vmode
Context
The option 82 field contains the circuit ID (CID), remote ID (RID), and sub-option 90 field
(optional), which provides the information such as the user shelf ID, slot ID, port ID, VPI, and
VCI.
The UA5000 can work in the L2 DHCP forwarding mode or L3 DHCP forwarding mode. In
either mode, anti-theft and roaming of user accounts through DHCP option 82 can be configured,
and the configurations are the same.
Table 1-13 lists the default settings related to DHCP option 82.
Procedure
Step 1 Configure the RAIO. The RAIO is the short form for relay agent information option. Before
using the DHCP function, you must configure the RAIO.
Run the dhcp option82 enable command to configure the DHCP option 82 function. By default,
the DHCP option 82 function is disabled globally.
----End
Example
Assume that:
l RAIO mode: user-defined mode
l CID format for the ETH access mode: shelf ID/slot ID/sub slot ID/port ID: vlanid
l RID format for all access modes: label of the service port
Context
Anti-IP spoofing is to dynamically trigger the IP address binding, thus preventing illegal users
from stealing the IP address of legal users. When anti-IP spoofing is enabled, a user port is bound
to an IP address after the user goes online. Then, the user cannot go online through this port by
using other IP addresses, and any user cannot go online through other ports by using this IP
address.
The major function of anti-MAC spoofing is to prevent illegal users from forging the MAC
address of legal users. The purpose is to ensure that the service of legal users is not affected.
Anti-MAC spoofing is applied to PPPoE and DHCP access users.
IP address binding refers to binding an IP address to a service port. After the binding, the service
port permits only the packet whose source IP address is the bound address to go upstream, and
discards the packets that carry other source IP addresses.
MAC address binding refers to binding a MAC address to a service port. After the binding, only
the user whose MAC address is the bound MAC address can access the network through the
service port.
Procedure
l Configure anti-IP spoofing.
Run the security anti-ipspoofing command to configure the anti-IP spoofing function. By
default, the anti-IP spoofing function is disabled.
NOTE
When anti-IP spoofing is enabled after a user is already online, the IP address of this user is not bound by
the system. As a result, the service of this user is interrupted, this user goes offline, and the user needs to
go online again. Only the user who goes online after anti-IP spoofing is enabled can have the IP address
bound.
l Configure anti-MAC spoofing.
NOTICE
To ensure device security, it is recommended that you enable this function.
When anti-MAC spoofing is enabled after a user is already online, the MAC address of this user is not
bound by the system. As a result, the service of this user is interrupted, this user goes offline, and the user
needs to go online again. Only the user who goes online after anti-MAC spoofing is enabled can have the
MAC address bound.
l Bind an IP address.
Run the bind ip command to bind an IP address to a service port.
To permit only the users of certain IP addresses to access the system so that illegal users
cannot access the system by using the IP addresses of legal users, configure the IP address
binding.
l Bind a MAC address.
Run the mac-address static command to bind a static MAC address.
----End
Example
To enable anti-IP spoofing of the traffic stream, do as follows:
huawei(config)#security anti-ipspoofing enable
To bind IP address 10.10.10.2 to the ADSL2+ service port whose physical port is 0/10/0, VPI/
VCI is 0/35, and user-side VLAN is 100, do as follows:
huawei(config)#bind ip adsl 0/10/0 vpi 0 vci 35 user-vlan 100 10.10.10.2
To bind static MAC address 1010-1010-1010 to the ADSL2+ service port whose physical port
is 0/10/0, VPI/VCI is 0/35, and user-side VLAN is 100, and set the maximum number of
learnable dynamic MAC addresses to 10, do as follows:
huawei(config)#mac-address static adsl 0/10/0 vpi 0 vci 35 1010-1010-1010
huawei(config)#mac-address max-mac-count adsl 0/10/0 vpi 0 vci 35 user-vlan 100 10
Context
l By default, the ring network detection on the user side is disabled.
l After the ring network detection on the user side is enabled, the system automatically detects
the ring network on the user side.
l After the ring network detection function is enabled, the UA5000 regularly sends private
BPDU packets to user ports. Currently, the system supports 8 kbit/s traffic. When
performing the ring network detection, the system checks 300 streams per second. If there
are many available streams in the system and more than 15 streams send the packets within
one second, the system terminates the ring network detection. In other words, if a ring
network exists, at most 8000/300 seconds are required for the system to detect the ring
network.
NOTICE
To ensure the device security, it is recommended that you enable the ring network detection on
the user side.
Procedure
Step 1 Run the ring check enable command to enable the ring network detection on the user side.
Step 2 Run the display ring check command to query the status of the ring network detection on the
user side.
----End
Example
To enable the ring network detection on the user side, do as follows:
hauwei(config)#ring check enable
huawei(config)#display ring check
{ <cr>|result<K> }:
Command:
display ring check
Ring checking function is enabled
Context
AAA refers to authentication, authorization, and accounting. In the process that a user accesses
network resources, through AAA, certain rights are authorized to the user if the user passes
authentication, and the original data about the user accessing network resources is recorded.
l Authentication: Checks whether a user is allowed to access network resources.
l Authorization: Determines what network resources a user can access.
l Accounting: Records the original data about the user accessing network resources.
Application Context
AAA is generally applied to the users that access the Internet in the PPPoA, PPPoE, 802.1x,
VLAN, WLAN, ISDN, or Admin Telnet (associating the user name and the password with the
domain name) mode.
NOTE
In the existing network, 802.1x and Admin Telnet correspond to the local AAA, that is, the UA5000
functions as a local AAA server; PPPoE corresponds to the remote AAA, that is, the UA5000 functions as
the client of a remote AAA server.
The preceding figure shows that the AAA function can be implemented on the UA5000 in the
following ways:
l The UA5000 functions as a local AAA server. In this case, the local AAA needs to be
configured. The local AAA does not support accounting.
l The UA5000 functions as the client of a remote AAA server, and is connected to the
RADIUS server through the RADIUS protocol, thus implementing the AAA. The RADIUS
protocol, however, does not support authorization.
Context
l What is RADIUS:
– RADIUS is short for the remote authentication dial-in user service. It is a distributed
information interaction protocol with the client/server structure. Generally, it is used to
manage a large number of distributed dial-in users.
– RADIUS implements the user authentication by managing a simple user database, and
adjusts the user service information according to the user service type and rights.
– The authentication request of users can be passed on to the RADIUS server through a
network access server (NAS).
l Principles of RADIUS:
– When a user tries to access another network (or some network resources) by setting up
a connection to the NAS through a network, the NAS forwards the user authentication
information to the RADIUS server. The RADIUS protocol specifies the means of
transmitting the user information between the NAS and the RADIUS server.
– The RADIUS server receives the connection requests of users sent from the NAS,
authenticates the user account and password contained in the user data, and returns the
required data to the NAS.
l Specification:
– For the UA5000, the RADIUS is configured based on each RADIUS server group.
– In actual networking, a RADIUS server group can be any of the following:
– An independent RADIUS server
– A pair of primary/secondary RADIUS servers with the same configuration but
different IP addresses
– The following lists the attributes of a RADIUS server template:
– IP addresses of primary and secondary servers
– Shared key
– RADIUS server type
l The configuration of the RADIUS protocol defines only the essential parameters for the
information exchange between the UA5000 and the RADIUS server. To make the essential
parameters take effect, the RADIUS server group needs to be referenced in a certain
domain.
Procedure
Step 1 Configure the AAA authentication scheme.
NOTE
l The authentication scheme specifies how all the users in an ISP domain are authenticated.
l The system supports up to 16 authentication schemes. The system has a default accounting scheme
named default. It can only be modified, but cannot be deleted.
l To guarantee normal communication between the UA5000 and the RADIUS server, before configuring
the IP address and UDP port of the RADIUS server, make sure that the route between the RADIUS
server and the UA5000 is in the normal state.
l Make sure that the configuration of the RADIUS service port of the UA5000 is consistent with the
port configuration of the RADIUS server.
3. (Optional) Run the radius-server shared-key command to configure the shared key of the
RADIUS server.
NOTE
l The RADIUS client (UA5000) and the RADIUS server use the MD5 algorithm to encrypt the RADIUS
packets. They check the validity of the packets by setting the encryption key. They can receive the
packets from each other and can respond to each other only when their keys are the same.
l By default, the shared key of the RADIUS server is huawei.
4. (Optional) Run the radius-server timeout command to set the response timeout time of
the RADIUS server. By default, the timeout time is 5s.
The UA5000 sends the request packets to the RADIUS server. If the RADIUS server does
not respond within the response timeout time, the UA5000 re-transmits the request packets
to the RADIUS to ensure that users can obtain corresponding services from the RADIUS
server.
5. (Optional) Run the radius-server retransmit command to set the maximum re-transmit
times of the RADIUS request packets. By default, the maximum re-transmit times is 3.
When the re-transmit times of the RADIUS request packets to a RADIUS server exceeds
the maximum re-transmit times, the UA5000 considers that its communication with the
RADIUS server is interrupted, and thus transmits the RADIUS request packets to another
RADIUS server.
6. (Optional) Run the (undo)radius-server user-name domain-included command to
configure the user name (not) to carry the domain name when transmitted to the RADIUS
server. By default, the user name of the RADIUS server carries the domain name.
l An access user is named in the format of userid@domain-name, and the part followed
by "@" is the domain name. The UA5000 classifies a user into a domain according to
the domain name.
l If a RADIUS server group rejects the user name carrying the domain name, the RADIUS
server group cannot be set or used in two or more domains. Otherwise, when some
access users in different domains have the same user name, the RADIUS server
considers that these users are the same because the names transmitted to the server are
the same.
7. Run the quit command to return to the global config mode.
You can reference an authentication scheme in a domain only after the authentication scheme is created.
In the domain mode, run the authentication-scheme command to reference the authentication
scheme.
Step 5 Reference the RADIUS server template.
NOTE
You can reference a RADIUS server template in a domain only after the RADIUS server template is created.
1. In the domain mode, run the radius-server template-name command to reference the
RADIUS server template.
2. Run the quit command to return to the AAA mode.
----End
Example
User1 in the isp domain adopts the RADIUS protocol for authentication. RADIUS server
129.7.66.66 functions as the primary authentication server, and RADIUS server 129.7.66.67
functions as the secondary authentication server. On the RADIUS server, the authentication port
ID is 1812, and the other parameters adopt the default values. To perform the preceding
configuration, do as follows:
huawei(config)#aaa
huawei(config-aaa)#authentication-scheme newscheme
huawei(config-aaa-authen-newscheme)#authentication-mode radius
huawei(config-aaa-authen-newscheme)#quit
huawei(config-aaa)#quit
huawei(config)#radius-server template hwtest
huawei(config-radius-hwtest)#radius-server authentication 129.7.66.66 1812
huawei(config-radius-hwtest)#radius-server authentication 129.7.66.67 1812
secondary
huawei(config-radius-hwtest)#quit
huawei(config)#aaa
huawei(config-aaa)#domain isp
huawei(config-aaa-domain-isp)#authentication-scheme newscheme
huawei(config-aaa-domain-isp)#radius-server hwtest
huawei(config-aaa-domain-isp)#quit
Service Requirements
l The RADIUS server performs authentication for user1 in isp1.
l The RADIUS server with the IP address 129.7.66.66 functions as the primary server for
authentication.
l The RADIUS server with the IP address 129.7.66.67 functions as the secondary server for
authentication.
l The authentication port ID is 1812.
l Other parameters adopt the default settings.
Networking
Figure 1-8 shows the example network of the RADIUS authentication.
user1@isp1
user2@isp2
UA5000
user3@isp3
Procedure
Step 1 Configure the authentication scheme.
Create RADIUS server template template1. RADIUS server 129.7.66.66 functions as the
primary authentication server, and RADIUS server 129.7.66.67 functions as the secondary
authentication.
huawei(config)#radius-server template template1
Note: Create a new server template
huawei(config-radius-template1)#radius-server authentication 129.7.66.66 1812
huawei(config-radius-template1)#radius-server authentication 129.7.66.67 1812
secondary
huawei(config-radius-template1)#quit
You can reference an authentication scheme in a domain only after the authentication scheme
is created.
huawei(config-aaa-domain-isp1)#authentication-scheme newscheme
You can reference a RADIUS server template in a domain only after the RADIUS server template
is created.
huawei(config-aaa-domain-isp1)#radius-server template1
huawei(config-aaa-domain-isp1)#quit
----End
Result
User1 in isp1 can be authenticated and can log in to the UA5000.
Configuration Script
aaa
authentication-scheme newscheme
authentication-mode radius
quit
quit
radius-server template radtest
radius-server authentication 129.7.66.66 1812
radius-server authentication 129.7.66.67 1812 secondary
quit
aaa
domain isp1
authentication-scheme newscheme
radius-server radtest
quit
Context
An access control list (ACL) is used to filter certain packets by a series of preset rules. In this
manner, the objects that need to be filtered can be identified. After the specific objects are
identified, the corresponding data packets are permitted to pass or prohibited from passing
according to the preset policy. The ACL-based traffic filtering process is a prerequisite for
configuring the QoS or user security.
Basic ACL 2000-2999 The rules of a standard ACL are only defined according
to the L3 source IP address for analyzing and processing
data packets.
Advanced ACL 3000-3999 The rules of an advanced ACL are defined according to
the source IP address, destination IP address, type of the
protocol over IP, and features of the protocol (including
TCP source port, TCP destination port, and ICMP
message type).
Compared with the basic ACL, the advanced ACL
contains more accurate, comprehensive, and flexible
rules.
When a packet reaches the port and matches two or more ACL rules, the matching sequence is
as follows:
l If the rules of an ACL are used at the same time, the rule configured earlier has priority
over the one configured later.
l If the rules of an ACL are used one by one, the rule used later has priority over the one used
earlier.
l If the rules are issued to the port from different ACLs, the rule used later has priority over
the one used earlier.
Precautions
The ACL is flexible in use. Therefore, the following suggestions on its configuration are
provided:
l It is recommended that you define a general rule, such as permit any or deny any, in each
ACL, so that each packet has a matching traffic rule that determines to forward or filter the
unspecified packet.
l The used ACL rules share the hardware resources with the protocol modules (such as DHCP
module and IPoA module). In this case, the hardware resources are limited and may be
insufficient. To prevent the failure of enabling other service functions due to insufficient
hardware resources, it is recommended you enable the protocol module first and then
activate ACL rules in the data configuration. If you fail to enable a protocol module, perform
the following steps:
1. Check whether ACL rules occupy too many resources.
2. If ACL rules occupy too many resources, deactivate or delete the unimportant or
temporarily unused ACL configurations, and then configure and enable the protocol
module.
Context
The number of a basic ACL is in the range of 2000-2999.
A basic ACL is only defined according to the L3 source IP address for analyzing and processing
data packets.
Procedure
Step 1 (Optional) Set a time range.
Run the time-range command to create a time range, which can be used when an ACL rule is
created.
Step 2 Create a basic ACL.
Run the acl command to create a basic ACL, and then enter the ACL mode. The number of a
basic ACL can only be in the range of 2000-2999.
Step 3 Configure a basic ACL rule.
In the acl-basic mode, run the rule command to create a basic ACL rule. The parameters are as
follows:
l rule-id: Indicates the ACL rule ID. To create an ACL rule with a specified ID, use this
parameter.
l permit: Indicates the keyword for allowing the data packets that meet related conditions to
pass.
l deny: Indicates the keyword for discarding the data packets that meet related conditions.
l time-range: Indicates the keyword of the time range during which the ACL rule is effective.
Step 4 Use the ACL.
After an ACL is configured, only an ACL is generated and the ACL does not take effect. You
need to run other commands to use the ACL as follows:
l Run the packet-filter command to use an ACL.
l Run the firewall packet-filter command to use an ACL. For details, see "Configuring the
Firewall."
l Perform the QoS operation. For details, see "Configuring Traffic Management Based on
ACL."
----End
Example
To configure that from 00:00 to 12:00 on Fridays, port 0/7/0 on the UA5000 receives only the
packets from 2.2.2.2, and discards the packets from other addresses, do as follows:
Context
The number of an advanced ACL is in the range of 3000-3999.
Procedure
Step 1 (Optional) Set a time range.
Run the time-range command to create a time range, which can be used when an ACL rule is
created.
----End
Example
Assume that the service board of the UA5000 resides in slot 7 and belongs to a VLAN, and the
IP address of the VLAN L3 interface is 10.10.10.101. To prohibit the ICMP (such as ping) and
telnet operations from the user side to the VLAN interface on the device, do as follows:
huawei(config)#acl 3001
huawei(config-acl-basic-3001)rule 1 deny icmp destination 10.10.10.101 0
huawei(config-acl-basic-3001)rule 2 deny tcp destination 10.10.10.101 0
destination-port eq telnet
huawei(config-acl-basic-3001)quit
huawei(config)#packet-filter inbound ip-group 3001 rule 1 port 0/7/0
huawei(config)#packet-filter inbound ip-group 3001 rule 2 port 0/7/0
huawei(config)#save
Context
The number of an L2 ACL is in the range of 4000-4999.
Procedure
Step 1 (Optional) Set a time range.
Run the time-range command to create a time range, which can be used when an ACL rule is
created.
----End
Example
To create an L2 ACL rule that allows data packets with protocol type 0x8863 (pppoe-control
message), VLAN ID 12, CoS 1, source MAC address 2222-2222-2222, and destination MAC
address 00e0-fc11-4141 to pass, do as follows:
huawei(config)#acl 4001
huawei(config-acl-link-4001)rule 1 permit type 0x8863 cos 1 source 12
2222-2222-2222 0000-0000-0000 destination 00e0-fc11-4141 0000-0000-0000
huawei(config-acl-basic-4001)quit
huawei(config)#save
Prerequisites
Configuring a user-defined ACL requires a deep understanding of the L2 data frame structure.
Be sure to make a data plan according to the format of the L2 data frame.
Context
The number of a user-defined ACL must be in the range of 5000-5999.
A user-defined ACL rule can be created according to any 32 bytes of the first 80 bytes of a L2
data frame
Table 1-15 lists the meaning of the letters and their offset values.
NOTE
The offset value of each field is the offset value in data frame ETH II+VLAN tag. In a user-defined ACL,
you can use the two parameters of rule mask and offset to extract any bytes from the first 80 bytes of the
data frame. After the comparison with the user-defined rule, the data frame matching the rule is filtered
for related processing.
Procedure
Step 1 (Optional) Set a time range.
Run the time-range command to create a time range, which can be used when an ACL rule is
created.
----End
Example
Assume that the packet sent from port 0/7/0 to the UA5000 is the QinQ packet containing two
VLAN tags. To change the CoS priority in the outer VLAN tag (VLAN ID: 10) to 5, do as
follows:
huawei(config)#acl 5001
huawei(config-acl-user-5001)#rule 1 permit 8100 ffff 16
NOTE
The type value of a QinQ packet varies according to different vendors. Huawei adopts the default 0x8100. As
shown in Figure 1-9, the offset of this type value needs to be 16 bytes.
huawei(config-acl-user-5001)#rule 10 permit 0a ff 19
NOTE
"19" indicates the ADN operation after an offset of 19 bytes with the header of the packet as the base. "0a" refers
to the value of the inner tag field of the QinQ packet. In this example, the second byte of the inner tag field is a
part of the VLAN ID, which is exactly the value of the inner VLAN ID (VLAN 10).
huawei(config-acl-user-5001)#quit
huawei(config)#traffic-priority inbound user-group 5001 cos 5 port 0/7/0
huawei(config)#save
Context
Configuring QoS in the system can provide different quality guarantees for different services.
QoS does not have a unified service model. Therefore, make the QoS plan for networkwide
services before making the configuration solution.
On the UA5000, the key points for implementing QoS are as follows:
l Traffic management
Configuring traffic management can limit the traffic for a user service or user port.
l Queue scheduling
For the service packets that are already configured with traffic management, through the
configuration of queue scheduling, the service packets can be placed into queues with
different priorities, thus implementing QoS inside the system.
In the scenario where users have flexible requirements on implementing QoS for traffic streams,
the ACL can be used to implement flexible traffic classification (see Configuring the ACL),
and then QoS can be implemented for traffic streams.
Overview
The UA5000 supports traffic management for the inbound and outbound traffic streams of the
system. Traffic management can be implemented based on the following two granularities:
l Based on traffic profile
NOTE
For details on configuring traffic classification, see "3.4 Creating an xDSL Service Port."
l Based on ACL rule
In addition, the UA5000 supports rate limit on the Ethernet port and traffic suppression on
inbound broadcast packets and unknown (multicast or unicast) packets.
Context
Traffic management based on service port is implemented by creating an IP traffic profile and
then binding the IP traffic profile when creating the service port.
l The system has seven default IP traffic profiles with the IDs of 0-6. You can run the display
traffic table command to query the traffic parameters of the default traffic profiles.
l It is recommended that you use the default traffic profiles. A new IP traffic profile is created
only when the default traffic profiles cannot meet the requirements.
Table 1-16 lists the traffic parameters defined in the IP traffic profiles.
Scheduling There are two types of scheduling policies, which are available only to
policies the inbound packet:
l Tag-In-Package: The system performs scheduling according to the
802.1p priority of the packet.
l Pvc-Setting: The system queues the packets according to the value
of the priority and waits for scheduling.
NOTE
"Outbound" (upstream) in this document refers to the direction from the user side to the network side, and
"inbound" (downstream) refers to the direction from the network side to the user side.
Procedure
Step 1 Run the display traffic table command to query whether there is a proper traffic profile in the
system.
Check whether an existing traffic profile meets the planned traffic management parameters,
priority policy, and scheduling policy to confirm the index of the traffic profile to be used. If a
proper traffic profile does not exist in the system, create an IP traffic profile.
Step 3 Run the service port command to bind a proper traffic profile.
----End
Example
Assume that the CAR is 2048 kbit/s, 802.1p priority of the outbound packet is 6, and the
scheduling policy of the inbound packet is Tag-In-Package. To add such an IP traffic profile, do
as follows:
huawei(config)#traffic table ip car 2048 priority 6 priority-policy tag-In-Package
Create traffic descriptor record successfully
-----------------------------------------------------------------------------
TD Index : 7
Priority : 6
Priority policy : tag-pri
CAR : 2048 kbps
TD Type : NoClpNoScr
Service category : ubr
Referenced Status: not used
EnPPDISC : on
EnEPDISC : on
Clp01Pcr : 2048 kbps
-----------------------------------------------------------------------------
huawei(config)#display traffic table index 7
-----------------------------------------------------------------------------
TD Index : 7
Priority : 6
Priority policy : tag-pri
CAR : 2048 kbps
TD Type : NoClpNoScr
Service category : ubr
Referenced Status: not used
EnPPDISC : on
EnEPDISC : on
Clp01Pcr : 2048 kbps
-----------------------------------------------------------------------------
Context
l The UA5000 supports the rate limitation on only the Ethernet upstream port and does not
support the rate limitation on service ports.
l The limited rate must be an integer multiple of 64.
l Traffic streams exceeding the specified rate are discarded.
Procedure
Step 1 In the global config mode, run the line-rate command to configure upstream rate limitation on
a specified Ethernet port.
The main parameters are as follows:
l target-rate: Indicates the limited rate of the port, in the unit of kbit/s.
l port: Indicates the shelf ID/slot ID/port ID.
Step 2 You can run the display qos-info line-rate port command to query the configured rate limitation
on the specified Ethernet port
----End
Example
To limit the rate of Ethernet port 0/3/0 to 6400 kbit/s, do as follows:
line-rate:
port 0/3/0:
Line rate: 6400 Kbps
Context
Traffic suppression can be configured based on a board or based on the port on a board.
Procedure
l Run the interface ipm command to enter the IPM mode.
l Query the thresholds of traffic suppression.
Run the display traffic-suppress all command to query the thresholds of traffic
suppression.
l Run the traffic-suppress command to suppress the traffic of the port on the IPM board.
The main parameters are as follows:
– broadcast: Suppresses the broadcast traffic.
– multicast: Suppresses the unknown multicast traffic.
– unicast: Suppresses the unknown unicast traffic.
– value: Indicates the index of the traffic suppression level. You can run the display
traffic-suppress all command to query this index value.
----End
Example
To suppress the broadcast packets according to traffic suppression level 8 on port 0 on the
IPMB board in slot 0/3, do as follows:
huawei(config)#interface ipm 0/3
huawei(config-if-ipm-0/3)#display traffic-suppress all
Traffic suppression ID definition:
---------------------------------------------------------------------
NO. Min bandwidth(kbps) Max bandwidth(kbps) Package number(pps)
/Jumbo frame enable(kbps)
---------------------------------------------------------------------
1 6 145 / 884 12
2 12 291 / 1769 24
3 24 582 / 3538 48
4 48 1153 / 7004 95
5 97 2319 / 14082 191
6 195 4639 / 28164 382
7 390 9265 / 56254 763
8 781 18531 / 112508 1526
9 1562 37063 / 225017 3052
10 3125 74126 / 450035 6104
11 6249 148241 / 899997 12207
12 12499 296483 / 1799995 24414
13 0 0 / 0 0
---------------------------------------------------------------------
---------------------------------------------------------------------
PortID Broadcast_index Multicast_index Unicast_index
---------------------------------------------------------------------
0 7 -- 7
1 7 -- 7
2 7 -- 7
3 7 -- 7
4 7 -- 7
5 7 -- 7
6 7 -- 7
7 7 -- 7
---------------------------------------------------------------------
huawei(config-if-ipm-0/3)#traffic-suppress all broadcast value 8
huawei(config-if-ipm-0/3)#display traffic-suppress 0
Traffic suppression ID definition:
---------------------------------------------------------------------
NO. Min bandwidth(kbps) Max bandwidth(kbps) Package number(pps)
/Jumbo frame enable(kbps)
---------------------------------------------------------------------
1 6 145 / 884 12
2 12 291 / 1769 24
3 24 582 / 3538 48
4 48 1153 / 7004 95
Prerequisite
The ACL and the rule of the ACL must be configured and the port for traffic limit must work
in the normal state.
Context
l The traffic statistics are only effective for the permit rules of an ACL.
l The limited traffic must be an integer multiple of 64 kbit/s.
Procedure
Step 1 Run the traffic-limit command to limit the traffic matching an ACL rule on a specified port.
Run this command to set the action to be taken when the traffic received on the port exceeds the
limit value. Two options are available:
l drop: Drop the traffic that exceeds the limit value.
l remark-dscp value: To set the DSCP priority for the traffic that exceeds the limit value, use
this parameter.
Step 2 Run the display qos-info traffic-limit port command to query the traffic limit information on
the specified port.
----End
Example
To limit the traffic that matches ACL 2001 received on port 0/7/0 to 512 kbit/s and add the DSCP
priority tag (af1) to packets that exceed the limit, do as follows:
Prerequisite
The ACL and the sub-rule of the ACL must be configured and the port for traffic limit must
work in the normal state.
Context
l The traffic statistics are only valid to permit rules of an ACL.
l The ToS and the DSCP priorities are mutually exclusive. Therefore, they cannot be
configured at the same time.
Procedure
Step 1 Run the traffic-priority command to add a priority tag to the traffic matching an ACL rule on
a specified port.
Step 2 Run the display qos-info traffic-priority port command to query the configured priority.
----End
Example
To add a priority tag to the traffic that matches ACL 2001 received on port 0/7/0, and the DSCP
priority and local priority of the traffic are 10 (af1) and 0 respectively, do as follows:
huawei(config)#traffic-priority inbound ip-group 2001 dscp af1 local-precedence 0
port 0/7/0
huawei(config)#display qos-info traffic-priority port 0/7/0
traffic-priority:
port 0/7/0:
Inbound:
Matches: Acl 2001 rule 5 running
Priority action: dscp af1 local-precedence 0
Prerequisite
The ACL and the sub-rule of the ACL must be configured and the port for traffic statistics must
work in the normal state.
Context
The traffic statistics are only valid to permit rules of an ACL.
Procedure
Step 1 Run the traffic-statistic command to enable the statistics collection of the traffic matching an
ACL rule on a specified port.
Step 2 Run the display qos-info traffic-mirror port command to query the statistics information about
the traffic matching an ACL rule on a specified port.
----End
Example
To enable the statistics collection of the traffic that matches ACL 2001 received on port 0/3/0,
do as follows:
huawei(config)#traffic-statistic inbound ip-group 2001 port 0/3/0
huawei(config)#display qos-info traffic-statistic port 0/3/0
traffic-statistic:
port 0/3/0:
Inbound:
Matches: Acl 2001 rule 5 running
0 packet
Prerequisite
The ACL and the rule of the ACL must be configured and the port for traffic mirroring must
work in the normal state.
Context
l The traffic statistics are only valid to permit rules of an ACL.
l The destination mirroring port cannot be an aggregation port.
l The system supports only one mirroring destination port and the mirroring destination port
must be the upstream port.
Procedure
Step 1 Run the traffic-mirror command to enable the mirroring of the traffic matching an ACL rule
on a specified port.
Step 2 Run the display qos-info traffic-mirror port command to query the mirroring information
about the traffic matching an ACL rule on a specified port.
----End
Example
To mirror the traffic that matches ACL 2001 received on port 0/7/0 to port 0/3/0, do as follows:
huawei(config)#traffic-mirror inbound ip-group 2001 port 0/7/0 to port 0/3/0
huawei(config)#display qos-info traffic-mirror port 0/7/0
traffic-mirror:
port 0/7/0:
Inbound:
Matches: Acl 2001 rule 5 running
Mirror to: port 0/3/0
Prerequisites
The ACL and the rule of the ACL must be configured and the port for redirection must work in
the normal state.
Context
l The traffic statistics are only valid to permit rules of an ACL.
l Currently, the service ports support only redirection of the traffic matching the ACL rule
to upstream ports. The upstream ports support only redirection of the traffic matching the
ACL rule to ports of the same type.
Procedure
Step 1 Run the traffic-redirect command to redirect the traffic matching an ACL rule on a specified
port.
Step 2 Run the display qos-info traffic-redirect port command to query the redirection information
about the traffic matching an ACL rule on a specified port.
----End
Example
To redirect the traffic that matches ACL 2001 received on port 0/3/0 to port 0/3/1, do as follows:
huawei(config)#traffic-redirect inbound ip-group 2001 port 0/3/0 to port 0/3/1
Context
The UA5000 supports the four queue scheduling modes: strict priority queue (PQ), weighted
fair queuing (WFQ), weighted round robin (WRR), and PQ+WRR.
The IPMD board of the UA5000 does not support the WFQ. For other specifications, the IPMD
board of the UA5000 is the same as the IPMB board of the UA5000.
l Strict PQ
The strict PQ gives preference to packets in a queue with a higher priority. The packets of
a lower priority queue can be transmitted only when a queue with a higher priority is empty.
By default, the system adopts the strict PQ mode.
l WFQ
The application of the WFQ automatically allocates the bandwidth with fairness to a certain
extent. When the WFQ is used, all the data streams queue, the throughputs are monitored,
and the weight values are allocated according to the amount of transmit data.
l WRR
The system supports WRR for eight queues. Each queue has a weight value (w7, w6, w5,
w4, w3, w2, w1, and w0 in a descending order) for resource acquisition. In the WRR
scheduling mode, the queues are scheduled in turn, which ensures that each queue can be
scheduled.
Table 1-17 lists the mapping between the queue weights and the actual queues.
Table 1-17 Mapping between the queue weights and the actual queues
7 W7 W7 -
6 W6 W6 -
5 W5 W5 -
4 W4 W4 -
3 W3 W3 W7+W6
2 W2 W2 W5+W4
1 W1 W1 W3+W2
0 W0 W0 W1+W0
Wn: Indicates the weight of queue n. The weight sum of the queues (except the queue with
weight value 255) must be equal to 0 or 100, where 0 indicates that the strict PQ scheduling
mode is used and 255 indicates that the queue is not used.
l PQ+WRR
– The system schedules some queues by PQ and schedules the other queues by WRR.
When the specified WRR value is 0, it indicates that the queue is scheduled in the PQ
mode.
– The queue scheduled in the PQ mode needs to be the queue that has the highest priority.
– The weight sum of the scheduled queues must be equal to 100.
Procedure
Step 1 Run the queue-scheduler command to configure the queue scheduling mode.
Step 2 Run the display queue-scheduler command to query the configuration information about the
queue scheduling mode.
----End
Example
To adopt the WRR scheduling mode and set the weight values of the eight queues to 10, 10, 20,
20, 10, 10, 10, and 10 respectively, do as follows:
huawei(config)#queue-scheduler wrr 10 10 20 20 10 10 10 10
huawei(config)#display queue-scheduler
To adopt the PQ+WRR scheduling mode and set the weight values of the six queues to 20, 20,
10, 30, 10, and 10 respectively, do as follows:
huawei(config)#queue-scheduler wrr 20 20 10 30 10 10 0 0
huawei(config)#display queue-scheduler
2 Protocol Configuration
Prerequisite
l The network devices and lines must be in the normal state.
l Service boards must be in the normal state.
l The VPI/VCI configured on the modem side must be 0/35.
Networking
Figure 2-1 shows the example network for configuring the ARP proxy.
PC1 and PC2 are in sub VLAN 10, service ports are isolated, and PC3 is in sub VLAN 20. User
packets can be forwarded in the L3 forwarding mode through the super VLAN interface. The
IP address of the super VLAN interface is 10.0.0.254, and the interface is in the same subnet as
PC1, PC2, and PC3. After the ARP proxy function is enabled, PC1 and PC2 can communicate
with each other, and PC3 can communicate with PC1 and PC2.
Router
UA5000
10.0.0.254/24
VLAN 10 VLAN 20
Data Plan
Table 2-1 provides the data plan for configuring the ARP proxy.
Item Data
IP address: 10.0.0.254/24
Configuration Flowchart
Figure 2-2 shows the flowchart for configuring the ARP proxy.
Start
End
Procedure
Step 1 Create a super VLAN.
huawei(config)#vlan 100 super
Step 2 Create sub VLANs, and add them to the super VLAN.
huawei(config)#vlan 10 smart
huawei(config)#vlan 20 mux
huawei(config)#supervlan 100 subvlan 10
huawei(config)#supervlan 100 subvlan 20
NOTE
The IP address of the L3 interface of the super VLAN must be in the same subnet as the IP addresses of
PC1-PC3.
NOTE
Skip substep c in step 6 if you only want PCs in different VLANs to communicate with each other.
----End
Result
After the global ARP proxy function and the ARP proxy function of the super VLAN interface
are enabled, PC1, PC2, and PC3 in different VLANs can communicate with each other.
After the global ARP proxy function, the ARP proxy function of the super VLAN interface, and
that of the sub VLAN interface are enabled, PC1 and PC2 in the same VLAN can communicate
with each other.
Service Requirements
l Two UA5000s that have the routing function are adopted, namely UA5000_A and
UA5000_B. Both of them are running the OSPF routing protocol, and within area 0.
l UA5000_A imports static routes, and UA5000_B is configured with the routing filtering
policy.
Static: 20.0.0.10
30.0.0.10
40.0.0.10
Vlanif2 Vlanif2
10.0.0.10/24 10.0.0.20/24
Procedure
Step 1 Configure UA5000_A.
1. Configure the IP address of the L3 interface. The upstream port on UA5000_A is 0/3/0 and
the IP address of the L3 interface is 10.0.0.10/24.
huawei(config)#vlan 2 smart
huawei(config)#port vlan 2 0/3 0
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ip address 10.0.0.10 24
huawei(config-if-vlanif2)#quit
2. Enable OSPF and specify the area ID to which the interface belongs.
huawei(config)#ospf
huawei(config-ospf-1)#area 0
huawei(config-ospf-1-area-0.0.0.0)#network 10.0.0.0 0.0.0.255
huawei(config-ospf-1-area-0.0.0.0)#quit
huawei(config-ospf-1)#quit
5. Import static routes into the OSPF routing table to improve its capability of obtaining routes.
huawei(config)#ospf
hawei(config-ospf-1)#import-route static
hawei(config-ospf-1)#quit
3. Enable OSPF and specify the area id to which the interface belongs.
huawei(config)#ospf
huawei(config-ospf-1)#area 0
huawei(config-ospf-1-area-0.0.0.0)#network 10.0.0.0 0.0.0.255
huawei(config-ospf-1-area-0.0.0.0)#quit
huawei(config-ospf-1)#quit
----End
Result
1. UA5000_A and UA5000_B run OSPF successfully and they can communicate well with
each other.
2. After the routing filtering policy is configured on UA5000_B, parts of the three imported
static routes are available while part of them is screened on UA5000_B. That is, routes
from segments 0.0.0.0 and 40.0.0.0 are available, while the route from segment 30.0.0.0 is
screened.
Configuration Script
Configuration on UA5000_A
interface vlanif 2
ip address 10.0.0.10 24
ospf
area 0
network 10.0.0.0 0.0.0.255
quit
quit
router id 1.1.1.10
ip route-static 20.0.0.10 32 vlanif 2
ip route-static 30.0.0.10 32 vlanif 2
ip route-static 40.0.0.10 32 vlanif 2
ospf
import-route static
quit
save
Configuration on UA5000_B
interface vlanif 2
ip address 10.0.0.0 24
acl 2000
rule deny source 30.0.0.0 255.255.255.0
quit
ospf
area 0
network 10.0.0.0 0.0.0.255
quit
quit
router id 2.2.2.20
ospf
filter-policy 2000 import
quit
save
Service Requirements
In this example network, UA5000_A, UA5000_B, and UA5000_C have the routing function. It
is expected that after the configuration, any two PCs can communicate with each other.
PC_C 1.1.5.1/24
1.1.5.2/24
1.1.2.2/24
1.1.3.1/24
1.1.2.1/24
UA5000_ C 1.1.3.2/24
1.1.1.2/24 1.1.4.2/24
UA5000_ A UA5000_ B
Prerequisite
Configure a native VLAN of the L3 interface of each UA5000 to ensure a normal communication
between UA5000s.
Procedure
Step 1 Configure the IP address of the L3 interface.
The configurations for the three UA5000s are the same. Here, only the configuration of
UA5000_A is considered as an example.
huawei(config)#vlan 2 smart
huawei(config)#port vlan 2 0/3 0
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ip address 1.1.1.2 24
huawei(config-if-vlanif2)#quit
huawei(config)#vlan 3 smart
huawei(config)#port vlan 3 0/3 0
huawei(config)#interface vlanif 3
huawei(config-if-vlanif3)#ip address 1.1.2.1 24
huawei(config-if-vlanif3)#quit
----End
Result
After the configuration, an interconnection can be set up between all the hosts and between all
the UA5000s.
Configuration Script
Configuration example of UA5000_A
vlan 2 smart
port vlan 2 0/3 0
interface vlanif 2
ip address 1.1.1.2 24
quit
vlan 3 smart
port vlan 3 0/3 0
interface vlanif 3
ip address 1.1.2.1 24
quit
ip route-static 1.1.5.0 255.255.255.0 1.1.2.2
ip route-static 1.1.4.0 255.255.255.0 1.1.2.2
Service Requirements
l UA5000_A is subtended with UA5000_B through port 0/3/1, and uses port 0/3/0 to transmit
services in the upstream. In addition, it connects to the management center network through
the WAN.
l RIP is enabled on UA5000_A and UA5000_B so that the administrator can access
UA5000_A and UA5000_B through the RIP route. Then, you can operate and maintain
UA5000_A and UA5000_B.
Management
Center
Router
192.13.24.5/22
GE UA5000_A
Loopback ip
192.15.24.1/26
192.13.2.1/24
Procedure
l Configure UA5000_A.
1. Configure the RIP-supported L3 interface.
The configuration of UA5000_A is as follow: The upstream port is 0/3/0, the
management VLAN is 100, the IP address of the L3 interface of the management
VLAN is 192.13.24.5/22, the IP address of the loopback interface is 192.13.2.1/24,
and the subtending port is 0/3/1.
huawei(config)#vlan 100 smart
huawei(config)#port vlan 100 0/3 0
huawei(config)#interface vlanif 100
huawei(config-if-vlanif100)#ip address 192.13.24.5 22
huawei(config-if-vlanif100)#quit
huawei(config)#interface loopBack 0
huawei(config-if-loopback0)#ip address 192.13.2.1 24
huawei(config-if-loopback0)#quit
2. Enable RIP.
huawei(config)#rip 1
huawei(config-rip-1)#network 192.13.24.0
huawei(config-rip-1)#network 192.13.2.0
huawei(config-rip-1)#version 2
huawei(config-rip-1)#quit
huawei(config)#rip 1
huawei(config-rip-1)#network 192.15.24.0
huawei(config-rip-1)#quit
l Configure UA5000_B.
1. Configure the RIP-supported L3 interface.
The configuration of UA5000_B is as follows: The subtanding port is 0/3/1, the
management VLAN is 10, the IP address of the L3 interface of the management VLAN
is 192.15.24.2/26, and the IP address of the loopback interface is 192.13.2.2/24.
huawei(config)#vlan 10 smart
huawei(config)#port vlan 10 0/3 0
huawei(config)#interface vlanif 10
huawei(config-if-vlanif10)#ip address 192.15.24.2 26
huawei(config-if-vlanif10)#quit
huawei(config)#interface loopBack 0
huawei(config-if-loopback0)#ip address 192.13.2.2 24
huawei(config-if-loopback0)#quit
2. Enable RIP.
huawei(config)#rip 1
huawei(config-rip-1)#network 192.15.24.0
huawei(config-rip-1)#network 192.13.2.0
huawei(config-rip-1)#version 2
huawei(config-rip-1)#quit
----End
Result
The maintenance terminal of the administration center can access UA5000_A and UA5000_B
for operation and maintenance.
Configuration Script
Configuration on UA5000_A
vlan 100 smart
port vlan 100 0/3 0
interface vlanif 100
ip address 192.13.24.5 22
quit
interface loopBack 0
ip address 192.13.2.1 24
quit
rip 1
network 192.13.24.0
network 192.13.2.0
version 2
quit
ip ip-prefix abc permit 192.13.2.1 32
ip ip-prefix abc permit 192.13.2.2 32
rip 1
filter-policy ip-prefix abc export vlanif 100
quit
save
vlan 10 smart
port vlan 10 0/3 1
native-vlan 1 vlan 10
interface vlanif 10
ip address 192.15.24.1 26
quit
rip 1
network 192.15.24.0
quit
Configuration on UA5000_B
vlan 10 smart
port vlan 10 0/3 0
interface vlanif 10
ip address 192.15.24.2 26
quit
interface loopBack 0
ip address 192.13.2.2 24
quit
rip 1
network 192.15.24.0
network 192.13.2.0
version 2
quit
ip ip-prefix abc permit 192.13.2.2 32
rip 1
filter-policy ip-prefix abc export vlanif 10
quit
save
Prerequisite
l The native VLAN must be configured for each upstream port on the UA5000 to ensure
normal communication.
l The configured OSPF area IDs of the UA5000s must be the same.
Service Requirements
l OSPF is enabled on the four UA5000s.
l UA5000_A is configured with the highest designated router (DR) priority, UA5000_C is
configured with the second highest DR priority, UA5000_B is configured with a low DR
priority, and UA5000_D is not configured with the DR priority. UA5000_A, as a DR,
broadcasts the link status of the network.
DR
192.1.1.1/24 192.1.4.4/24
192.1.2.2/24 192.1.3.3/24
BDR
Data Plan
Table 2-2 provides the data plan for configuring OSPF.
Priority: 100 -
VLAN ID: 2 -
Priority: 80 -
VLAN ID: 2 -
Priority: 90 -
VLAN ID: 2 -
VLAN ID: 2 -
Procedure
Step 1 Configure UA5000_A.
1. Configure the IP address of the L3 interface.
The configuration of UA5000_A is as follows: The IP address of the L3 interface is
192.1.1.1/24, the priority is 100, the VLAN ID is 2, and the router ID is 1.1.1.1.
huawei(config)#vlan 2 smart
huawei(config)#port vlan 2 0/3 0
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ip address 192.1.1.1 24
huawei(config-if-vlanif2)#quit
3. Enable OSPF.
huawei(config)#ospf
huawei(config-ospf-1)#area 0
huawei(config-ospf-1-area-0.0.0.0)#network 192.1.1.0 0.0.0.255
huawei(config-ospf-1-area-0.0.0.0)#network 1.1.1.1 0.0.0.0
huawei(config-ospf-1-area-0.0.0.0)#quit
huawei(config-ospf-1)#quit
3. Enable OSPF.
huawei(config)#ospf
huawei(config-ospf-1)#area 0
3. Enable OSPF.
huawei(config)#ospf
huawei(config-ospf-1)#area 0
huawei(config-ospf-1-area-0.0.0.0)#network 192.1.3.0 0.0.0.255
huawei(config-ospf-1-area-0.0.0.0)#network 3.3.3.3 0.0.0.0
huawei(config-ospf-1-area-0.0.0.0)#quit
huawei(config-ospf-1)#quit
3. Enable OSPF.
huawei(config)#ospf
huawei(config-ospf-1)#area 0
huawei(config-ospf-1-area-0.0.0.0)#network 192.1.4.0 0.0.0.255
huawei(config-ospf-1-area-0.0.0.0)#network 4.4.4.4 0.0.0.0
huawei(config-ospf-1-area-0.0.0.0)#quit
huawei(config-ospf-1)#quit
----End
Result
Run the display ip routing-table command and you can find the learned routing table. Hosts
can communicate with each other.
Configuration Script
Configuration on each UA5000 is similar. Here, the configuration on UA5000_A is considered
as an example.
vlan 2 smart
port vlan 2 0/3 0
interface vlanif 2
ip address 192.1.1.1 24
quit
router id 1.1.1.1
ospf
area 0
network 192.1.1.0 0.0.0.255
network 1.1.1.1 0.0.0.0
quit
quit
interface vlanif 2
ospf dr-priority 100
quit
save
Prerequisites
The BFD function must be enabled globally on the UA5000.
Networking
Figure 2-7 shows the example network of the BFD link detection.
Two static routes exist between UA5000 and Router_3. The two routes are UA5000<-
>Router_1<->Router_3 and UA5000<->Router_2<->Router_3. The static routes are bound in
the BFD session mode. When one link is faulty, the BFD session notifies the bound route for
route switching.
30.30.30.1
Router_3
Router_1 Router_2
10.10.10.2 20.20.20.2
10.10.10.1 20.20.20.1
UA5000
Data Plan
Table 2-3 provides the data plan for configuring the BFD link detection.
Table 2-3 Data plan for configuring the BFD link detection
VLAN ID: 40 -
VLAN type: Smart VLAN
IP address of the L3 interface: 20.20.20.1/24
Upstream port: 0/3/1
Procedure
Step 1 Create VLANs and add upstream ports to the VLANs.
huawei(config)#vlan 30 smart
huawei(config)#port vlan 30 0/3 0
huawei(config)#vlan 40 smart
huawei(config)#port vlan 40 0/3 1
huawei(config)#bfd
huawei(config)#interface vlanif 30
huawei(config-if-vlanif30)#bfd
huawei(config-if-vlanif30)#quit
huawei(config)#bfd ToRouter_1 bind peer-ip 10.10.10.2 interface vlanif 30
huawei(config-bfd-session-torouter_1)#min-rx-interval 250
huawei(config-bfd-session-torouter_1)#min-tx-interval 250
huawei(config-bfd-session-torouter_1)#detect-multiplier 3
huawei(config-bfd-session-torouter_1)#commit
huawei(config-bfd-session-torouter_1)#quit
huawei(config)#interface vlanif 40
huawei(config-if-vlanif40)#bfd
huawei(config-if-vlanif40)#quit
huawei(config)#bfd ToRouter_2 bind peer-ip 20.20.20.2 interface vlanif 40
huawei(config-bfd-session-torouter_2)#min-rx-interval 250
huawei(config-bfd-session-torouter_2)#min-tx-interval 250
huawei(config-bfd-session-torouter_2)#detect-multiplier 3
huawei(config-bfd-session-torouter_2)#commit
huawei(config-bfd-session-torouter_2)#quit
----End
Result
BFD sessions ToRouter_1 and ToRouter_2 are in the up state. The priority of the route to which
ToRouter_1 is bound takes effect and carries services because it has a higher priority. When a
faulty link is detected, you can run the display bfd state command to query that BFD session
ToRouter_1 turns to the down state, which triggers the deactivation of the bound route. In this
case, the route to which ToRouter_2 is bound takes effect and carries services.
Context
l RSTP applies to a redundant network. It makes up for the drawback of STP. RSTP not only
has all the functions of STP but also shortens the duration for the stability of the network
topology to a great extent, which fast recovers the connectivity of the network.
l By default, the RSTP function is disabled on the device.
Procedure
Step 1 Enable the RSTP function.
l The configuration takes effect only after the RSTP function is enabled. Before enabling the
RSTP function, you can configure the parameters of the bridge or port. The configuration,
however, can take effect only after the RSTP function is enabled. After the RSTP function
is disabled, the parameter configuration is retained. After the RSTP function is enabled, the
parameter configuration takes effect.
l The running of the Spanning Tree Protocol (STP) on the bridge occupies certain network
resources. The occupied network resources are little. Generally, redundancy links exist on
the network. Therefore, it is recommended that you enable the RSTP function.
l After the RSTP function is enabled on the bridge, the RSTP function is enabled on all the
ports. To use the RSTP function flexibly, you can disable the STP function on specified
Ethernet ports. In this manner, these ports are not involved in the calculation of the spanning
tree.
1. Run the stp enable command to enable the RSTP function on the bridge.
2. Run the stp port enable command to enable the RSTP function on the port.
3. Run the display stp or display stp port command to check whether the RSTP function on
the bridge or port is enabled.
Step 6 Run the stp port mcheck command to configure the mCheck variable.
----End
Example
Configure RSTP parameters. The information is as follows:
Context
When configuring RRPP, configure the corresponding function for each node on the RRPP ring.
An RRPP domain consists of the RRPP ring, control VLAN, master node, transmit node, primary
port, and secondary port.
l The topology convergence duration is unrelated to the number of nodes on the ring network.
NOTE
On the ring network, only RRPP or STP can be configured on the same interface. That is, RRPP and STP
cannot be configured on the same interface at the same time.
Networking
Figure 2-8 shows the example network for configuring the RRPP single-ring network.
Figure 2-8 Example network for configuring the RRPP single-ring network
Router
0/2/3
0/2/0 B
0/2/1
UA5000_1
0/2/0
0/2/1 UA5000_3
0/2/0 0/2/1
0/11/0
Modem
Data Plan
Table 2-4 provides the data plan for configuring the RRPP single-ring network.
Table 2-4 Data plan for configuring the RRPP single-ring network
Control VLAN ID 10 -
Procedure
l Configure UA5000_1.
1. Configure the RRPP domain and control VLAN of the master node.
huawei(config)#rrpp domain 1
huawei(config-rrpp-region)#control-vlan 10
2. (Optional) Configure the intervals of the hello timer and fail timer of the master node.
huawei(config-rrpp-region)#timer hello-timer 2 fail-timer 7
NOTE
This step is optional. If the intervals are not configured, the default intervals of the hello timer
and fail timer are 1s and 3s respectively in the system.
3. Configure UA5000_1 as the master node on the RRPP ring and specify the primary
and secondary ports.
huawei(config-rrpp-region)#ring 1 node-mode master primary-port 0/2/0
secondary-port 0/2/1 level 0
huawei(config-rrpp-region)#ring 1 enable
huawei(config-rrpp-region)#quit
4. Enable RRPP.
huawei(config)#rrpp enable
l Configure UA5000_2.
1. Configure the RRPP domain and control VLAN of the master node.
huawei(config)#rrpp domain 1
huawei(config-rrpp-region)#control-vlan 10
2. (Optional) Configure the intervals of the hello timer and fail timer of the master node.
huawei(config-rrpp-region)#timer hello-timer 2 fail-timer 7
NOTE
This step is optional. If the intervals are not configured, the default intervals of the hello timer
and fail timer are 1s and 3s respectively in the system.
3. Configure UA5000_2 as the transmit node on the RRPP ring and specify the primary
and secondary ports.
huawei(config-rrpp-region)#ring 1 node-mode Transit primary-port 0/2/0
secondary-port 0/2/1 level 0
huawei(config-rrpp-region)#ring 1 enable
huawei(config-rrpp-region)#quit
4. Enable RRPP.
huawei(config)#rrpp enable
5. Create a VLAN and add the primary and secondary ports to the VLAN.
huawei(config)#vlan 20 smart
huawei(config)#port vlan 20 0/2 0-1
l Configure UA5000_3.
1. Configure the RRPP domain and control VLAN of the master node.
huawei(config)#rrpp domain 1
huawei(config-rrpp-region)#control-vlan 10
2. (Optional) Configure the intervals of the hello timer and fail timer of the master node.
huawei(config-rrpp-region)#timer hello-timer 2 fail-timer 7
NOTE
This step is optional. If the intervals are not configured, the default intervals of the hello timer
and fail timer are 1s and 3s respectively in the system.
3. Configure UA5000_3 as the transmit node on the RRPP ring and specify the primary
and secondary ports.
huawei(config-rrpp-region)#ring 1 node-mode Transit primary-port 0/2/0
secondary-port 0/2/1 level 0
huawei(config-rrpp-region)#ring 1 enable
huawei(config-rrpp-region)#quit
4. Enable RRPP.
huawei(config)#rrpp enable
5. Create a VLAN and add the primary and secondary ports to the VLAN.
huawei(config)#vlan 20 smart
huawei(config)#port vlan 20 0/2 0-1
6. Add a service port and set the traffic of the service port with default traffic entries.
l Configure UA5000_4.
1. Configure the RRPP domain and control VLAN of the master node.
huawei(config)#rrpp domain 1
huawei(config-rrpp-region)#control-vlan 10
2. (Optional) Configure the intervals of the hello timer and fail timer of the master node.
huawei(config-rrpp-region)#timer hello-timer 2 fail-timer 7
NOTE
This step is optional. If the intervals are not configured, the default intervals of the hello timer
and fail timer are 1s and 3s respectively in the system.
3. Configure UA5000_4 as the transmit node on the RRPP ring and specify the primary
and secondary ports.
huawei(config-rrpp-region)#ring 1 node-mode Transit primary-port 0/2/0
secondary-port 0/2/1 level 0
huawei(config-rrpp-region)#ring 1 enable
huawei(config-rrpp-region)#quit
4. Enable RRPP.
huawei(config)#rrpp enable
5. Create a VLAN and add the primary and secondary ports to the VLAN.
huawei(config)#vlan 20 smart
huawei(config)#port vlan 20 0/2 0-1
----End
Result
l After the configuration is complete:
– Run the display rrpp brief command and you can find that the RRPP network of
UA5000_1 is in the Enable state.
– Run the display rrpp verbose command and you can find that the RRPP ring of
UA5000_1 is in the Complete state.
– Run the display rrpp verbose command and you can find that port 0/2/0 is in the UP
state and port 0/2/1 is in the BLOCKED state on UA5000_1.
– Run the display rrpp verbose command and you can find that port 0/2/0 is in the UP
state and port 0/2/1 is in the UP state on UA5000_3.
– The user can access the Internet in the IPoA access mode.
l After UA5000_2 is disconnected from UA5000_3:
– Run the display rrpp brief command and you can find that the RRPP network of
UA5000_1 is in the Enable state.
– Run the display rrpp verbose command and you can find that the RRPP ring of
UA5000_1 is in the Failed state.
– Run the display rrpp verbose command and you can find that port 0/2/0 is in the UP
state and port 0/2/1 is in the UP state on UA5000_1.
– Run the display rrpp verbose command and you can find that port 0/2/0 is in the
DOWN state and port 0/2/1 is in the UP state on UA5000_3.
– The user can still access the Internet in the IPoA access mode.
xDSL broadband Internet access is applicable in the scenario where the Internet service is
provided through the ordinary twisted pairs. In this scenario, a user can access Internet in IPoE,
PPPoE, IPoA, PPPoA, or 802.1X mode. This topic describes how to configure the Internet access
service on the UA5000 through the xDSL line.
Prerequisite
The xDSL profile for the Internet access service must be created. The xDSL profile refers to the
following ADSL2+ profile, SHDSL profile, and VDSL2 profile.
l Configuring the ADSL2+ Profile
l Configuring the SHDSL Profile
l Configuring the VDSL2 Profile
For the PPPoE or PPPoA Internet access mode, the AAA function must be configured:
l When the UA5000 provides the AAA function, configure the AAA by referring to
"Configuring the AAA."
l When the BRAS provides the AAA function, the connection between the UA5000 and the
BRAS must be set up. The BRAS must identify the VLAN tag carried in the upstream
packets of the UA5000 and you must configure the user account and password on the BRAS
for accessing the Internet through dialup.
Data Preparation
Before configuring an xDSL Internet access service, plan the data items as listed in Table 3-1.
Table 3-1 Data plan for the xDSL Internet access service
Procedure
1. 3.1 Configuring a VLAN
Configuring VLAN is a prerequisite for configuring a service. Hence, before configuring
a service, make sure that the VLAN is configured.
2. 3.2 Configuring an Upstream Port
This topic describes how to add an upstream port for an Internet access service to a VLAN.
3. 3.3 Configuring an xDSL Port
An xDSL port can transmit services only when it is activated. This topic describes how to
bind the port with an xDSL profile and activate an xDSL port.
4. 3.4 Creating an xDSL Service Port
A service port is a service channel connecting the user side to the network side. To provide
services, a service port must be created.
5. 3.5 (Optional) Configuring the xPoA-xPoE Protocol Conversion
Configuring protocol conversion is required only when the encapsulation mode is IPoA or
PPPoA, it is not required when the encapsulation mode is IPoE or PPPoE.
Prerequisites
The VLAN to be added must not exist in the system.
Application Context
VLAN application is specific to user types. For details on the VLAN application, see "Table
3-2."
Default Configuration
Table 3-3 lists the default parameter settings of VLAN.
Default VLAN of VLAN ID: 1 You can run the defaultvlan modify
the system Type: MUX VLAN command to modify the VLAN type but
cannot delete the VLAN.
Reserved VLAN VLAN ID range: You can run the vlan reserve command to
of the system 4079-4093 modify the VLAN reserved by the system.
Procedure
Step 1 Create a VLAN.
Run the vlan to create a VLAN. VLANs of different types are applicable to different scenarios.
Smart To add a smart VLAN, One smart VLAN may Smart VLANs are
VLAN run the vlan vlanid contain multiple xDSL applied in residential
smart command. service ports. The traffic communities to provide
streams of the service xDSL access.
ports are isolated from
each other and the traffic
streams in different
VLANs are isolated from
each other. One smart
VLAN provides access
for multiple users and
thus saves VLAN
resources.
MUX To add a MUX VLAN, One MUX VLAN MUX VLANs are
VLAN run the vlan vlanid mux contains only one xDSL applicable to xDSL
command. service port. The traffic service access. For
streams in different example, MUX VLANs
VLANs are isolated from can be used to distinguish
each other. One-to-one users.
mapping can be set up
between a MUX VLAN
and an access user.
Hence, a MUX VLAN
can identify an access
user.
Super To add a super VLAN, The super VLAN is based Super VLANs can be
VLAN run the vlan vlanid on layer 3. One super used for the L3
super command. VLAN contains multiple intercommunication and
sub-VLANs. Through an are applicable to the
ARP proxy, the sub- scenario where saving IP
VLANs in a super VLAN addresses and improving
can be interconnected at the usage of IP addresses
layer 3. are required.
For a super VLAN, sub-
VLANs must be
configured. You can run
the supervlan command
to add a sub-VLAN to a
specified super VLAN. A
sub-VLAN must be a
smart VLAN or a MUX
VLAN.
NOTE
l To add VLANs with consecutive IDs in batches, run the vlan vlanid to end-vlanid command.
l To add VLANs with inconsecutive IDs in batches, run the vlan vlan-list command.
The default attribute for a new VLAN is "common". You can run the vlan attrib command to
configure the attribute of the VLAN.
Com The default The VLAN with A VLAN with the Applicable to the
mon attribute for a new this attribute can common attribute N:1 access
VLAN is be a standard can function as a scenario.
"common". VLAN, smart common layer 2
VLAN, MUX VLAN or function
VLAN, or super for creating a layer
VLAN. 3 interface.
QinQ To configure QinQ The VLAN with The packets from a Applicable to the
VLA as the attribute of a this attribute can QinQ VLAN enterprise private
N VLAN, run the only be a smart contain two VLAN line scenario.
vlan attrib vlanid VLAN or MUX tags, that is, inner
q-in-q command. VLAN. The VLAN tag from
attribute of a sub the private network
VLAN, the and outer VLAN
VLAN with an L3 tag from the
interface, and the UA5000. Through
default VLAN of the outer VLAN,
the system cannot an L2 VPN tunnel
be set to QinQ can be set up to
VLAN. transparently
transmit the
services between
private networks.
VLA To configure The VLAN with The packets from a Applicable to the
N stacking as the this attribute can stacking VLAN 1:1 access scenario
Stacki attribute of a only be a smart contain two VLAN for the wholesale
ng VLAN, run the VLAN or MUX tags, that is, inner service or
vlan attrib vlanid VLAN. The VLAN tag and extension of
stacking attribute of a sub outer VLAN tag VLAN IDs.
command. VLAN, the from the UA5000. In the case of a
VLAN with an L3 The upper-layer stacking VLAN, to
interface, and the BRAS configure the inner
default VLAN of authenticates the tag of the service
the system cannot access users port, run the
be set to VLAN according to the stacking label
Stacking. two VLAN tags. In command.
this manner, the
number of access
users is increased.
On the upper-layer
network in the L2
working mode, a
packet can be
forwarded directly
by the outer VLAN
tag and MAC
address mode to
provide the
wholesale service
for ISPs.
NOTE
l To configure attributes for the VLANs with consecutive IDs in batches, run the vlan attribvlanidtoend-
vlanid command.
l To configure attributes for the VLANs with inconsecutive IDs in batches, run the vlan attribvlan-list
command.
----End
Example
Assume that a stacking VLAN with ID of 50 is to be configured for extension of the VLAN. A
service port is added to VLAN 50. The outer VLAN tag 50 of the stacking VLAN identifies the
access device and the inner VLAN tag 10 identifies the user with access to the device. For the
VLAN, description needs to be configured for easy maintenance. To configure such a VLAN,
do as follows:
huawei(config)#vlan 50 smart
huawei(config)#vlan attrib 50 stacking
huawei(config)#service-port vlan 50 adsl 0/7/0 vpi 0 vci 39 rx-cttr 2 tx-cttr 2
huawei(config)#stacking label vlan 50 baselabel 10
huawei(config)#vlan desc 50 description stackingvlan/label10
Procedure
Step 1 Configure an upstream port for the VLAN.
Run port vlan command to add the upstream port to the VLAN.
Step 2 Configure the attribute of the upstream port.
If the default attribute of the upstream port does not meet the requirement for interconnection
of the upstream port with the upper-layer device, you need to configure the attribute. For
configuration details, see "Configuring the Attributes of the Upstream Ethernet Port."
Step 3 Configure redundancy backup for the uplink.
To ensure reliability of the uplink, two upstream ports must be available. That is, redundancy
backup of the upstream ports needs to be configured. For details, see "Configuring the Uplink
Redundancy Backup."
----End
Example
Assume that the 0/2/0 and 0/3/0 upstream ports are to be added to VLAN 50. The 0/2/0 and
0/3/0 need to be configured into an aggregation group for double upstream accesses. For the two
upstream ports, the working mode is full-duplex (full) and the port rate is 100 Mbit/s. To
configure such upstream ports, do as follows:
huawei(config)#port vlan 50 0/2 0
huawei(config)#interface ipm 0/2
huawei(config-if-ipm-0/2)#duplex 0 full
huawei(config-if-ipm-0/2)#speed 0 100
huawei(config-if-ipm-0/2)#link-aggregation 0/2 0 0/3 0 egress-ingress workmode
lacp-static
Prerequisites
The xDSL profile is already created.
Context
l Activating (or activation) refers to the training between the ATU-C and the ATU-R. During
the training process, the system checks the line distance and conditions and performs a
negotiation between the ATU-C and the ATU-R to determine whether the port can work
under the conditions as preset in the line profile, such as upstream and downstream line
rates and noise margin.
l If the training is successful, the communication connection is set up between the ATU-C
and the ATU-R, and the devices are ready for service transmission. This state is called the
activated state of a port. That is, services can be transmitted between the xDSL port and
the ATU-R.
l If the ATU-R is online (powered on), the activating process is complete after the training
is successful. If the ATU-R is offline (powered on), the communication connection that is
set up during activation is terminated, and the ATU-C is in the listening state. When the
ATU-R goes online again, the training process begins automatically. When the training is
successful, the port is activated.
l An xDSL port may be in the activating, activated, deactivated, or loopback state. Figure
3-1 shows the inter-conversion between xDSL port states.
NOTE
By default, the port is not connected to the modem and the port is in the activating state. Ensure that the port is
deactivated before binding a profile to the port.
Procedure
l ADSL access mode
1. Run the interface adsl command to enter the ADSL mode.
2. Run the activate command to activate an ADSL2+ port and bind the port with an
ADSL2+ line profile.
To activate a port, you must bind the port with a line profile. If you do not specify the
index of the line profile, the system uses the template bound with the port last time to
activate the port.
3. Run the alarm-config command to bind an alarm profile to the port.
l SHDSL access mode
To activate a port, you must bind the port with a line template. If you do not specify the index
of the line template, the system uses the template bound with the port last time to activate the
port.
3. Run the alarm-config command to bind an alarm template to the port.
----End
Example
To activate ADSL2+ port 0/7/0 and bind line profile 2 and alarm profile 2 to it, do as follows:
huawei(config)#interface adsl 0/7
huawei(config-if-adsl-0/7)#deactivate 0
huawei(config-if-adsl-0/7)#activate 0 profile-index 2
huawei(config-if-adsl-0/7)#alarm-config 0 2
To activate SHDSL port 0/7/0 and bind line profile 2 and alarm profile 2 to it, do as follows:
huawei(config)#interface sdl 0/7
huawei(config-if-sdl-0/7)#deactivate 0
huawei(config-if-sdl-0/7)#activate 0 2
huawei(config-if-sdl-0/7)#alarm-config 0 2
To activate VDSL2 port 0/7/0 and bind line template 2 and alarm template 2 to it, do as follows:
huawei(config)#interface vdsl 0/7
huawei(config-if-vdsl-0/7)#deactivate 0
huawei(config-if-vdsl-0/7)#activate 0 template-index 2
huawei(config-if-vdsl-0/7)#alarm-config 0 2
Context
A service port can carry a single service or multiple services. When a service port carries multiple
services, the UA5000 supports the following modes of traffic classification:
l By user-side VLAN
l By user-side service encapsulation mode
l By user-side packet priority
Procedure
Step 1 Add a traffic profile.
Run the traffic table command to add a traffic profile. There are seven default traffic profiles
in the system with the IDs of 0-6.
Before creating a service port, run the display traffic table command to check whether the
traffic profiles in the system meet the requirement. If no traffic profile in the system meets the
requirement, add a traffic profile that meets the requirement. For details about the traffic profile,
see "Configuring the Traffic Management Based on the Traffic Profile."
You can choose to create a single service port or multiple service ports in batches according to
requirements.
l Run the service-port command to create a single service port. Service ports are classified
into single-service service ports and multi-service service ports. Multi-service service ports
are generally applied to the triple play service scenario.
– Single-service service ports:
Select single-service or do not input multi-service to create a single-service service
port.
– Multi-service service port based on the user-side VLAN (only for the SHDSL and
VDSL2 services in PTM mode):
Select multi-service user-vlan { untagged | user-vlanid }.
– untagged: When untagged is selected, user-side packets do not carry a tag.
– user-vlanid: When user-vlanid is selected, user-side packets carry a tag and the value
of user-vlanid must be the same as the tag carried in user-side packets. The user-
side VLAN is the C-VLAN.
– By user-side service encapsulation mode
Select multi-service user-encap user-encap.
– By user-side packet priority (802.1p)
l vlan indicates the S-VLAN. An S-VLAN can only be a MUX VLAN or smart VLAN.
l The access mode can be ATM or PTM. In the ATM access mode, the VPI, VCI, and autosense must
be input and must be the same as the configurations of the access terminal.
l rx-cttr is the same as outbound in terms of meanings and functions. Either of them indicates the index
of the traffic profile from the network side to the user side. tx-cttr is the same as inbound in terms of
meanings and functions. Either of them indicates the index of the traffic profile from the user side to
the network side. The traffic profile bound to the service port is created in Step 1.
l Run the multi-service-port command to create service ports in batches.
Step 3 Configure the attributes of the service port. Configure the attributes of the service port according
to requirements.
l Run the service-port desc command to configure the description of the service port.
Configure description for a service port to facilitate maintenance. In general, configure the
purpose and related service information as the description of a service port.
l Run the mac-address max-mac-count service-port command to set the maximum number
of MAC addresses learned by the service port to restrict the maximum number of PCs that
can access the Internet by using the same account. By default, the maximum number of the
MAC addresses that can be learned by a service port is 255.
----End
Example
The UA5000 provides the Internet access service with the access rate 3072 kbit/s to the user and
a maximum of 2 users can use the same account to access the Internet at the same time. The
query result shows that the system does not have a proper traffic profile. Therefore, a new traffic
profile needs to be created.
To plan data for a household user who accesses the Internet in the ADSL2+ mode, do as follows:
huawei(config)#display traffic table from-index 0
{ <cr>|to-index<K> }:
Command:
display traffic table from-index 0
Traffic parameters for IP service:
-----------------------------------------------------------------------------
TID CAR(kbps) Priority Pri-Policy
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------
A household user requests the Internet access service with the access rate 2048 kbit/s. To
facilitate service expansion in the future, the UA5000 adopts the SHDSL mode to provide the
Internet access service to the user and differentiates users by user-side VLAN (the S-VLAN is
VLAN 50 and the C-VLAN is VLAN 10). Query result shows that the system has a proper traffic
profile. Therefore, the system provisions the Internet access service to the user immediately. To
facilitate maintenance, configure description for the service port.
huawei(config)#display traffic table from-index 0
{ <cr>|to-index<K> }:
Command:
display traffic table from-index 0
Traffic parameters for IP service:
-----------------------------------------------------------------------------
TID CAR(kbps) Priority Pri-Policy
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------
A household user requests the Internet access service with the access rate 2048 kbit/s. To
facilitate service expansion in the future, the UA5000 adopts the SHDSL mode to provide the
Internet access service to the user. Query result shows that the system has a proper traffic profile.
Therefore, the system provisions the Internet access service to the user immediately. To facilitate
maintenance, configure description for the service port.
huawei(config)#display traffic table from-index 0
{ <cr>|to-index<K> }:
Command:
display traffic table from-index 0
Traffic parameters for IP service:
-----------------------------------------------------------------------------
TID CAR(kbps) Priority Pri-Policy
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------
A commercial user requests the Internet access service with the access rate 8192 kbit/s. To
facilitate service expansion in the future, the UA5000 adopts the VDSL mode to provide the
Internet access service to the user and differentiates users by user-side VLAN (the S-VLAN is
VLAN 50 and the C-VLAN is VLAN 10). Query result shows that the system does not have a
proper traffic profile. The system needs to provide the Internet access service to the user
immediately. To facilitate maintenance, configure description for the service port.
huawei(config)#display traffic table from-index 0
{ <cr>|to-index<K> }:
Command:
display traffic table from-index 0
Traffic parameters for IP service:
-----------------------------------------------------------------------------
TID CAR(kbps) Priority Pri-Policy
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------
Context
In the xPoA access mode, data cannot be directly transmitted in the IP network, and protocol
conversion is required. IPoA data and PPPoA data can be transmitted in the IP network only
after the IPoA-IPoE protocol conversion and the PPPoA-PPPoE protocol conversion are
performed.
The principles of the IPoA protocol are different from the principles of the PPPoA protocol. In
the PPPoA mode, the BRAS automatically allocates a gateway address to the PPPoA user after
the PPPoA user passes the authentication on the BRAS and dialup is successful. Therefore, the
default gateway address need not be configured in the PPPoA mode. IPoA data is forwarded
according to the route to the destination IP address and the next hop IP address needs to be
configured. Therefore, the default gateway address needs to be configured in the IPoA mode.
Figure 3-2 provides the configuration flow for the xPoA-xPoE protocol conversion.
Start Start
Configure the MAC address pool Configure the MAC address pool
End End
Table 3-7 lists the default settings of the xPoA-xPoE protocol conversion.
User MAC address allocation mode for the PPPoA- Multi-MAC mode
PPPoE protocol conversion
Procedure
l Configure the IPoA-IPoE protocol conversion.
A user can access the Internet in the IPoA mode only after the IPoA-IPoE protocol
conversion is enabled.
1. In the global config mode, run the mac-pool command to configure the MAC address
pool, which is used to allocate source MAC addresses to IPoA users. By default, the
number of the MAC addresses in the MAC address pool is 256, which can be changed
by setting parameter scope.
The MAC address encapsulated into packets during the IPoA-IPoE protocol
conversion is the MAC address allocated to the user from the MAC address pool.
2. Run the ipoa enable command to enable the IPoA-IPoE protocol conversion. By
default, the IPoA-IPoE protocol conversion is disabled.
3. Run the encapsulation command to set the user packet encapsulation mode (select
ipoa as the encapsulation mode).
NOTE
l Configure either the ipoa default gateway command or the dstip parameter in the
encapsulation command. If the UA5000 works in the L2 mode, set the IP address of the
upper-layer router as the default gateway. If the UA5000 works in the L3 mode, set the IP
address of the L3 interface corresponding to the UA5000 as the default gateway.
l IPoA encapsulation is not supported in the single-PVC for multiple services application.
l To switch the encapsulation mode from PPPoA to IPoA, you must change the encapsulation
mode to llc bridge first and then perform switching.
4. Run the ipoa expire-time command to set the aging time of the IPoA user forwarding
entry. By default, the aging time of the IPoA user forwarding entry is 1200s. The
default value is recommended.
A user can access the Internet through the PPPoA dialup only after the PPPoA-PPPoE
protocol conversion is enabled.
1. In the global config mode, run the mac-pool command to configure the MAC address
pool, which is used to allocate source MAC addresses to PPPoA users. By default, the
number of the MAC addresses in the MAC address pool is 256, which can be changed
by setting parameter scope.
The MAC address encapsulated into packets during the PPPoA-PPPoE conversion is
the MAC address allocated to the user from the MAC address pool.
2. Run the pppoa enable command to enable the PPPoA-PPPoE protocol conversion.
By default, the PPPoA-PPPoE protocol conversion is disabled.
3. Run the encapsulation command to set the user packet encapsulation mode (select
pppoa as the encapsulation mode).
NOTE
l PPPoA encapsulation is not supported in the single-PVC for multiple service or QinQ VLAN
application.
l To switch the encapsulation mode from IPoA to PPPoA, you must change the encapsulation
mode to llc bridge first and then perform switching.
4. Run the pppoa mru command to enable PPPoA-PPPoE MRU negotiation. By default,
the PPPoA-PPPoE MRU negotiation is disabled. Enable or disable the PPPoA-PPPoE
MRU negotiation according to the packet processing conditions.
– When the MRU negotiation is disabled, the PC initiates the PPPoE connection and
negotiates according to the 1492-byte MRU. In this case, packets need to be
segmented and reassembled.
– When the MRU negotiation is enabled, the UA5000 identifies the PPPoA-PPPoE
converted packets, adds a tag to the packets and then sends them to the upper-layer
BRAS. Then, the BRAS negotiates with the CPE according to the 1500-byte MRU.
In this manner, the MTU between the CPE and the BRAS is equal to the standard
Ethernet MTU. In this case, the packets need not be segmented or reassembled.
5. Run the pppoa mac-mode command to set the user MAC address allocation mode
for the PPPoA-PPPoE protocol conversion. By default, the user MAC address
allocation mode is the multi-mac mode. The single-mac mode can improve security.
Select this mode according to the MAC address allocation mode of PPPoA users.
– In the multi-MAC allocation mode (the multi-mac mode), PPPoE user are
authenticated on the BRAS using their respective MAC address, and PPPoA users
are allocated different MAC addresses and are authenticated on the BRAS using
these MAC addresses as source MAC addresses.
– In the single-MAC allocation mode (the single-mac mode), the source MAC
address for any PPPoA session of each board is the specified MAC address in the
system.
----End
Example
The UA5000 works in the L2 mode, the default gateway is the same as the IP address of the
upper-layer router, which is 10.1.1.1, and the IPoA service encapsulation mode is LLC.
To enable the IPoA-IPoE conversion with the start MAC address 0000-0000-0001 in the MAC
address pool that contains 200 MAC addresses, do as follows:
huawei(config)#mac-pool 0000-0000-0001 200
huawei(config)#ipoa enable
huawei(config)#ipoa default gateway 10.1.1.1
huawei(config)#encapsulation 0/7/0 vpi 0 vci 35 type ipoa llc srcIP 10.1.1.20
The PPPoA service encapsulation mode is LLC, and, to improve security, the user MAC address
allocation mode is the single-MAC mode.
To enable the PPPoA-PPPoE protocol conversion with the start MAC address 0000-1010-1000
in the MAC address pool that contains 200 MAC addresses, do as follows:
huawei(config)#mac-pool 0000-1010-1000 200
huawei(config)#pppoa enable
huawei(config)#encapsulation 0/7/0 vpi 0 vci 35 type pppoa llc
huawei(config)#pppoa mac-mode single-mac
This topic describes how to configure the multicast service on a standalone UA5000 Universal
Access Unit, and on the UA5000 Universal Access Unit in a subtending network.
Context
The multicast service of the UA5000 is widely used in streaming media, distance learning, video
conferencing, video multicasting, Web TV, online game, Internet data center (IDC), and other
point-to-multipoint data transmission.
In terms of multicast processing mode, the UA5000 supports the IGMP proxy and IGMP
snooping L2 multicast protocols. IGMP proxy and IGMP snooping both support multicast video
data forwarding; however, the two modes have different processing mechanisms.
l IGMP snooping obtains related information and maintains the multicast forwarding entries
by listening to the IGMP packets in the communication between the user and the multicast
router.
l IGMP proxy intercepts the IGMP packets between the user and the multicast router,
processes the IGMP packets, and then forwards the IGMP packets to the upper-layer
multicast router. For the multicast user, the UA5000 is a multicast router that implements
the router functions in the IGMP protocol; for the multicast router, the UA5000 is a
multicast user.
Context
Table 4-1 lists the default settings of the multicast service of the UA5000.
Application Context
The multicast service of the UA5000 is widely used in streaming media, distance learning, video
conferencing, video multicasting (Web TV), online game, Internet data center (IDC), and other
point-to-multipoint data transmission.
Currently, the multicast application of the UA5000 is oriented to L2, and the UA5000 forwards
data based on VLAN ID + multicast MAC address. A multicast program on the network is
identified by VLAN ID + multicast IP address uniquely. The UA5000 differentiates multicast
sources by VLAN ID. It allocates a unique VLAN ID to each multicast source, controls the
multicast domain and the user rights based on the multicast VLAN ID, and provides a platform
for different ISPs to implement different multicast video services.
Prerequisites
The license for the multicast program or the multicast user must be applied for and installed.
Data Preparation
Before configuring the multicast video service, plan the data items as listed in Table 4-2.
Table 4-2 Data plan for configuring the multicast service on a standalone UA5000 Universal
Access Unit
Device Item Remarks
Multicast general query and group- The default values are adopted. For
specific query parameters the default settings, see
"Configuring Global Multicast
Parameters."
Program list -
Context
Table 4-3 lists the default settings of global multicast parameters.
The purposes and principles of the general query and the group-specific query are as follows:
l Purpose: A general query packet is periodically sent by the UA5000 to check whether there
is any multicast user who leaves the multicast group without sending the leave packet.
Based on the query result, the UA5000 periodically updates the multicast forwarding table
and releases the bandwidth of the multicast user who has left the multicast group.
l Principles: The UA5000 periodically sends the general query packet to all the online IGMP
users. If the UA5000 does not receive the response packet from a multicast user within a
specified time (robustness variable x interval of the general query + maximum response
time of the general query), it regards the user as having left the multicast group and deletes
the user from the multicast group.
l Purpose: A group-specific query packet is sent by the UA5000 after a multicast user who
is not configured with the quick leave attribute sends the leave packet. The group-specific
query packet is used to check whether the multicast user has left the multicast group.
l Principles: When a multicast user leaves a multicast group, for example, switches to another
channel, the user sends a leave packet to the UA5000 in an unsolicited manner. If the
multicast user is not configured with the quick leave attribute, the UA5000 sends a group-
specific query packet to the multicast group. If the UA5000 does not receive the response
packet from the multicast user within a specified time (robustness variable x interval of the
group-specific query + maximum response time of the group-specific query), it deletes the
multicast user from the multicast group.
For the general query, the UA5000 queries the multicast packets of all the users. For the group-
specified query, the UA5000 queries the multicast packets of the user who watches the specified
multicast program.
Table 4-4 lists the default settings of global multicast parameters. In actual application, you can
change the settings according to your data plan.
Table 4-4 Default settings of general query and group-specific query parameters
Procedure
Step 1 Configure general query parameters.
1. Run the igmp proxy router gen-query-interval command to set the interval of the general
query. By default, the interval is 125s.
2. Run the igmp proxy router gen-response-time command to set the maximum response
time of the general query. By default, the time is 10s.
3. Run the igmp proxy router robustness command to set the count of the general query.
By default, the count is 2.
Step 2 Configure group-specific query parameters.
1. Run the igmp proxy router sp-query-interval command to set the interval of the group-
specific query. By default, the interval is 1s.
2. Run the igmp proxy router sp-response-time command to set the maximum response
time to the group-specific query. By default, the time is 0.8s.
3. Run the igmp proxy router sp-query-number command to set the count the group-
specific query. By default, the count is 2.
Step 3 Run the display igmp config command to check whether the parameters are configured
correctly.
----End
Example
To configure the multicast general query parameters by setting the query interval to 150s,
maximum response time to 20s, and query count to 3, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy router gen-query-interval 150
huawei(config-btv)#igmp proxy router gen-response-time 200
huawei(config-btv)#igmp proxy router robustness 3
To configure the multicast group-specific query parameters by setting the query interval to 20s,
maximum response time to 10s, and query count to 3, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy router sp-query-interval 200
huawei(config-btv)#igmp proxy router sp-response-time 100
huawei(config-btv)#igmp proxy router sp-query-number 3
Context
l A program name contains a maximum of 16 characters and cannot contain Chinese
characters.
l The multicast IP addresses in the segment from 224.0.0.1 to 224.0.0.255 are used as the
private addresses for transmitting the protocol packets of the local network segments. The
IP addresses in this segment cannot be assigned to multicast programs.
l The last 23 bits of a multicast IP address cannot be the same for different multicast
programs. Otherwise, the multicast MAC addresses mapping to the IP addresses will
conflict.
l When PVC prioritization is enabled, the priorities of the multicast programs delivered over
the PVC do not take effect.
l Table 4-5 lists the default settings of multicast parameters, such as the multicast upstream
port mode and L2 multicast mode.
Procedure
Step 1 Create a program VLAN.
1. Run the vlan command to create a program VLAN and configure the VLAN type according
to application requirements. For details, see "Configuring the VLAN."
2. Run the port vlan command to add the upstream port to the program VLAN.
the igmp program modify [ name name ] ip ip-addr vlan vlanid [ bind frameid/slotid/
portid ] command to change the upstream port bound to the program.
l rstp: Indicates the RSTP mode. The IGMP upstream port is the root port used by RSTP.
You can run the display stp command to query the root port of the device.
l rrpp: Indicates the RRPP mode. The IGMP upstream port is the primary port used by
RRPP. You can run the display rrpp verbose domain command to query the current
primary port of the device.
NOTE
RRPP refers to Rapid Ring Protection Protocol. When RRPP is used, the ring network is formed by
the device and the redundancy links are retained. When a link on the ring network is faulty, the service
is automatically switched to the standby link. On the RRPP ring network, the upstream port on the
device must work in the RRPP mode. This ensures that the multicast upstream port can be switched
when the link is switched. In this manner, the continuity of the multicast service is ensured.
In the BTV mode, run the igmp profile command to bind the rights profile to the program
and set the rights to watch the program.
NOTE
If a user is bound with multiple rights profiles but the rights to a program are different in these profiles,
the user uses the rights with the highest priority. You can run the igmp right-priority command to
adjust the priorities of the four rights: watch, preview, forbidden, and idle. By default, the priorities
of the four rights are forbidden > preview > watch > idle.
Run the igmp mode { proxy | snooping | off } command to select the L2 multicast mode. By
default, the IGMP proxy mode is used.
In the IGMP snooping mode, proxy can be enabled for the report packet and leave packet. When
a multicast user joins or leaves a multicast program, the UA5000 can implement IGMP proxy.
IGMP snooping and IGMP proxy are controlled separately.
l Run the igmp report-proxy enable command to enable the proxy of the snooping report
packet. When the first user requests for a program, after authenticating the user, the
UA5000 sends the user report packet to the network side and obtains a corresponding
multicast stream from the multicast router. The UA5000 does not send the report packets
from the subsequent users for joining the same program to the network side any more.
l Run the igmp leave-proxy enable command to enable the proxy of the snooping leave
packet. When the last user requests for leaving a program, the UA5000 sends the user leave
packet to the network side and notifies the upper-layer device of stopping sending multicast
streams. The UA5000 does not send the leave packets from the users before the last user to
the network side.
----End
Example
Assume that the VLAN ID is 101, the IP address of the program is 224.1.1.1, the program
bandwidth is 5000 kbit/s, the multicast upstream port is 0/3/0, and the IGMP proxy is enabled.
To configure a program with these attributes, do as follows:
huawei(config)#vlan 101 smart
huawei(config)#port vlan 101 0/3 0
huawei(config)#btv
huawei(config-btv)#igmp uplink-port 0/3/0
huawei(config-btv)#igmp program add name movie ip 224.1.1.1 vlan 101 bind 0/3/0
bandwidth 5000 hostip 10.0.0.254
huawei(config-btv)#igmp mode proxy
Are you sure to change IGMP mode?(y/n)[n]:y
Prerequisites
Before configuring the multicast user, you must create a service channel. The procedure is as
follows:
In the IGMP proxy mode, you need not add the upstream port to the user-side VLAN.
3. Run the service-port command to create an xDSL traffic stream.
4. (Optional) Run the igmp video-port command to configure a video service port for
transmitting multicast video streams. If the PVC is not set when a user is added, the default
multicast service port can transmit IGMP packets.
NOTE
This step is mandatory when you need to create an xDSL traffic stream whose parameter values are
the same as those set by running the igmp video-port command.
NOTE
l The multicast service supports the IPoE and PPPoE user access modes but does not support the IPoA
or PPPoA user access mode.
l Multicast video streams can be transmitted only if there is a traffic stream whose parameter values set
by running the service-port command are the same as those set by running the igmp video-port
command.
Context
Add a multicast user and bind the rights profile to the multicast user to implement multicast user
authentication.
Table 4-6 lists the default settings of the attributes related to the multicast user.
Table 4-6 Default settings of the attributes related to the multicast user
Limitation on the number of programs Maximum number of programs that can be watched
that can be watched by the multicast concurrently: 1
user
Procedure
Step 1 In the global config mode, run the btv command to enter the BTV mode.
Step 2 Configure the multicast user and the multicast user attributes.
1. Add a multicast user.
Run the igmp user add port frameId/slotId/portId { auth | no-auth } [ max-
programmax-program-num ] command to set the maximum number of programs that can
be watched by the multicast user concurrently. A maximum of eight programs can be
watched by the multicast user concurrently. By default, the system supports one program.
3. Set the quick leave mode of the multicast user.
Run the igmp user add port frameId/slotId/portId { auth | no-auth } quickleave
{ disable | immediate | mac-based } command to set the leave mode of the multicast user.
By default, the leave mode is the mac-based mode.
l disable: After receiving the leave request packet of the multicast user, the system sends
ACK packets to confirm that the multicast user leaves, and then deletes the multicast
user from the multicast group.
l immediate: After receiving the leave request packet of the multicast user, the system
immediately deletes the multicast user from the multicast group.
l mac-based: Indicates the quick leave mode based on the MAC address. The system
detects the MAC address in the leave packet of the user.
– If the MAC address in the leave packet received by the system is the MAC address
of the last user who watches the multicast program in the multicast group, the system
immediately deletes the multicast user from the multicast group.
– If the MAC address in the leave packet received by the system is not the MAC
address of the last user who watches the multicast program in the multicast group,
the system only makes the user with the corresponding MAC address go offline. In
this case, the user port need not go offline and the users with other MAC addresses
can go on watching this program.
This parameter is applicable to the scenario that the users of multiple terminals watch
the multicast program.
Step 3 Configure the multicast user authentication.
By default, the system does not authenticate the multicast user. To control the rights of a multicast
user, you can enable the multicast user authentication function.
1. Configure the multicast user authentication function.
Run the igmp user add port frameId/slotId/portId { auth | no-auth } command to
configure whether to authenticate a multicast user.
NOTE
After configuring multicast user authentication, you need to enable the global authentication function
to make the configuration take effect. By default, the global authentication function of multicast user
is enabled. You can run the igmp proxy authorization command to change the configuration.
2. Bind the rights profile to the multicast user. Binding the rights profile to the multicast user
implement user authentication.
Run the igmp user bind-profile command to bind the rights profile to the multicast user.
After the binding, the multicast user has the rights to the programs as configured in the
profile.
Step 4 Run the display igmp user all command to check whether the related multicast user is
configured correctly.
----End
Example
Assume that multicast user (port) 0/11/1 with VPI/VCI 0/35 is added to multicast VLAN 101,
the user authentication and the log report are enabled, the maximum number of programs that
can be watched is set to 6, and rights profile music is bound to the user. To perform the
configurations, do as follows:
huawei(config)#service-port vlan 101 adsl 0/11/1 vpi 0 vci 35 rx-cttr 2 tx-cttr 2
huawei(config)#btv
huawei(config-btv)#igmp video-port vpi 0 vci 35
huawei(config-btv)#igmp user add port 0/11/1 auth max-program 6
huawei(config-btv)#igmp user add smart-vlan 101 auth log enable
huawei(config-btv)#igmp profile rename profile1 music
huawei(config-btv)#igmp user bind-profile smart-vlan 101 profile-name music
Context
If the multicast bandwidth management function is enabled and a user requests a multicast
program, the system compares the remaining bandwidth of the user (bandwidth configured for
the user - total bandwidth of the online programs of the user) with the bandwidth of the multicast
program. If the remaining bandwidth of the user is sufficient, the system adds the user to the
multicast group. If the bandwidth is insufficient, the system does not respond to the request of
the user.
If the multicast bandwidth management function is disabled, the system does not guarantee the
bandwidth of the multicast program. When the bandwidth is not guaranteed, problems such as
mosaic and delay occur in the multicast program.
Table 4-7 lists the default settings of the multicast bandwidth management parameters.
Procedure
Step 1 In the global config mode, run the btv command to enter the BTV mode.
By default, the global CAC function is already enabled. You can run the igmp bandwidthCAC
{ enable | disable } command to change the setting.
Run the igmp program add ip ip-addr vlan vlanid bandwidth bandwidth command to
configure the bandwidth of a multicast program.
----End
Example
To enable the bandwidth management function of the multicast user, add multicast user 0/11/1
with maximum number of programs that can be watched concurrently to 6, and set the bandwidth
of program 224.1.1.1 to 1 Mbit/s, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp bandwidthcAC enable
huawei(config-btv)#igmp user add port 0/11/1 auth max-program 6
huawei(config-btv)#igmp program add ip 224.1.1.1 vlan 101 bandwidth 1024
Prerequisites
The program matching mode of the user VLAN must be the static configuration mode.
Context
The difference between program preview and normal program watching is that, after the user
goes online, the duration of the preview is restricted. When the duration expires, the user cannot
preview the program any more. The user can request for the program again only after the preview
interval expires. This interval is the minimum interval between two preview attempts set in the
system. The count by which the user can request for the program within a day (the start time can
be configured) is restricted by the preview count of the user.
Table 4-8 lists the default settings of the multicast preview parameters.
Procedure
Step 1 In the global config mode, run the btv command to enter the BTV mode.
By default, the global multicast preview function is enabled. You can run the igmp preview {
enable | disable } command to change the setting.
Run the igmp preview auto-reset-time command to change the time for resetting the preview
record. The preview record of the user remains valid within one day. On the second day, the
preview record is reset. By default, the system resets the preview record at 4:00:00 a.m.
Run the igmp proxy recognition-time command to modify the valid duration of multicast
preview. If the actual preview duration of the user is shorter than the valid duration, the preview
is not regarded as a valid one and is not added to the preview count. By default, the valid duration
of multicast preview is 30s.
Step 5 Run the display igmp config command to check whether the values of the multicast preview
parameters are correct.
----End
Example
To enable the multicast preview function, set the time for resetting the preview record to 5:00:00,
and set the valid duration of multicast preview to 40s, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp preview enable
huawei(config-btv)#igmp preview auto-reset-time 5:00:00
huawei(config-btv)#igmp proxy recognition-time 40
Prerequisites
The multicast program must exist on the network and the IP address of the multicast program
must be known.
Context
Multicast program prejoin is the same as program request. The UA5000 plays the role of a user
and sends the report packet for receiving in advance the multicast stream from the upper-layer
multicast router to the upstream port.
After the prejoin function is enabled, if the upper-layer multicast router does not support static
multicast entry forwarding, the unsolicited report function needs to be enabled so that the user
can request for the program quickly. Generally, the upper-layer multicast router processes the
user request by responding to the group-specific query and the general query.
Procedure
Step 1 Enable the program prejoin function.
Run the igmp program add [ name name ] ip ip-addr vlan vlanid [ bind frameid/slotid/
portid ] prejoin enable command to enable the program prejoin function. By default, this
function is disabled.
Step 2 After the program prejoin function is enabled, if the upper-layer multicast router does not support
static multicast entry forwarding, the unsolicited report function of IGMP packets needs to be
enabled.
l Run the igmp program add [ name name ] ip ip-addr vlan vlanid [ bind frameid/slotid/
portid ] unsolicited enable command to enable the unsolicited report function of IGMP
packets. By default, this function is disabled.
l Run the igmp proxy router report-interval command to change the interval of the
unsolicited report of IGMP packets. By default, the interval is 10s.
----End
Example
To enable the program prejoin function when adding a program whose IP address is 224.1.1.1,
do as follows:
huawei(config-btv)#igmp program add ip 224.1.1.1 vlan 101 prejoin enable
Prerequisites
If the multicast log is reported in the syslog mode, the syslog server must be configured properly.
Context
The multicast log involves the multicast log of the multicast user and the multicast log of the
multicast program. The system generates logs only when the log functions of both the multicast
user and the multicast program are enabled.
If the user stays online longer than the valid log generation time, the system generates logs in
any of the following conditions: when the user goes offline naturally, forcibly, or abnormally;
when the user is blocked or deleted; when the program is deleted; when the program priority is
changed; when the upstream port to which the program is bound is changed; when the VLAN
of the upstream port to which the program is bound is changed; when the user preview times
out; when the IGMP mode is switched; when the rights mode is switched; when the bandwidth
CAC fails.
The system supports a maximum of 10240 logs. When the user goes online, the system records
only the online date and time. The system generates a complete log only when the user goes
offline.
The UA5000 can report the multicast log to the log server in the syslog mode and the call detailed
record (CDR) mode. By default, the UA5000 reports the log in the syslog mode.
l syslog mode: Logs are reported to the syslog server in the form of a single log.
l CDR mode: Logs are reported to the log server in the form of a log file (.cvs). One log file
contains multiple logs.
Procedure
l Configure the parameters of the log generation function of the multicast host.
1. Enable the multicast log generation function.
The multicast log involves the multicast log of the multicast user and the multicast
log of the multicast program. The system generates logs only when the log functions
of both the multicast user and the multicast program are enabled. By default, the log
functions of both the multicast user and the multicast program are enabled.
– Run the igmp user add port frameId/slotId/portId { auth | no-auth } log
{ enable | disable } command to enable the log function of the multicast user.
– Run the igmp program add ip ip-addr vlan vlanid log { enable | disable }
command to enable the log function of the multicast program.
2. Change the interval of automatic log generation.
Run the igmp proxy log-interval command to change the interval of automatic log
generation. When the user stays online for a long time, the system generates logs at
preset intervals. This prevents the problem that a log is not generated when the user
leaves the multicast group without sending the leave packet, which can affect the
accounting. By default, the interval is two hours.
3. Change the minimum online duration for generating a valid log.
Run the igmp proxy recognition-time command to change the minimum online
duration for generating a valid log. If the user is in a multicast group (such as to preview
a program) for shorter than the preset duration, the user operation is not regarded as
a valid one and a log is not generated. A log is generated only when a user stays online
for longer than the specified duration. By default, the duration is 30s.
l Configure the multicast log report function in the CDR mode.
1. Enable the multicast log report function in the CDR mode.
Run the igmp cdr { enable | disable } command to enable the multicast log report
function in the CDR mode. After the function is enabled, the UA5000 reports local
multicast logs to the multicast log server in the form of a file. After the function is
disabled, the UA5000 reports each single log to the syslog server in the default syslog
mode.
2. Configure the parameters of the multicast log report in the CDR mode.
– Run the igmp cdr-interval command to set the interval of the multicast log report
in the CDR mode. By default, the interval is 600s.
– Run the igmp cdr-number command to set the maximum number of logs that can
be reported each time. When the number of multicast logs in the CDR file reaches
the preset value, the UA5000 reports the logs. By default, the maximum number
is 200.
3. Check whether the configuration is correct.
Run the display igmp config command to query the status and other parameters of
the multicast log report in the CDR mode.
----End
Example
To enable the IGMP proxy log function and configure the automatic log generation interval to
one hour, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp cdr enable
huawei(config-btv)#igmp proxy log-interval 1
Application Context
Figure 4-1 shows the application context of the multicast service in a subtending network. When
a subtended device needs to provide the multicast service, the subtending port on the subtending
device needs to be configured as a multicast subtending port. In this way, the subtending device
regards the subtended device as an IGMP user.
Multicast Server
Router
I
P C
M S
D R
0/3/0 B
0/3/1 UA5000_A
I
P C
M S
D R
0/3/0 B
0/3/1 UA5000_B
0/15
Modem Modem
PC PC
Precautions
l The multicast program list of the subtending device must cover the multicast program list
of the subtended device.
l In this network, the UA5000 Universal Access Unit functions as a subtending device, and
the program VLANs of the subtending device and subtended device must be the same.
Procedure
The procedure for configuring the subtended device is the same as described in 4.2 Configuring
the Multicast Service on a Single-NE Network.
1. For details on configuring the multicast service, see "4.2 Configuring the Multicast
Service on a Single-NE Network."
2. Configure the multicast subtending port.
Run the igmp cascade-port frameid/slotid/portid command to configure the subtending
port as the multicast subtending port. The multicast upstream port cannot be configured as
a multicast subtending port.
3. When the subtended device requires the quick leave function of the multicast user, run the
igmp cascade-port frameid/slotid/portid quickleave enable command to enable the quick
leave attribute on the multicast subtending port.
NOTICE
If the lower-layer device does not support the proxy of the IGMP leave packet, all the users
requesting the program may go offline when a user requesting the same program goes
offline. Therefore, when the quick leave attribute is enabled on the multicast subtending
port, it is recommended that the lower-layer device use the IGMP proxy function, or switch
to the IGMP snooping mode with the IGMP leave packet proxy function enabled.
Prerequisites
The required parameters have been configured for the RSTP ring network. For details, see
Configuring the RSTP.
Application Context
Figure 4-2 shows the application context of the multicast service in an RSTP network. When
the multicast service is provided in an RSTP ring network, the multicast upstream port and the
subtending port need to be added to the user VLAN. According to the running result of the RSTP
protocol, the multicast request packets are sent from the root port or the default port (when the
device is a root bridge), and the other ports in the VLAN serve as subtending ports.
Multicast Server
Router
0/3 0/15
C
0 S
1 R
2 B
3
IPMD UA5000_A
C C
0 S S
0
1 R 1 R
2 B 2 B
3 3
IPMD UA5000_B IPMD UA5000_C
0/3 0/15
C
0 S
R
B
IPMD UA5000_D
Modem
PC
NOTE
The procedures for configuring the four devices forming an RSTP ring network are similar. Unless
otherwise stated, all the four devices must be configured.
Procedure
Step 1 For details on configuring the RSTP ring network, see 4.2 Configuring the Multicast Service
on a Single-NE Network.
Step 2 Run the igmp uplink-port command to set port 0/3/0 on specified nodes UA5000_A and
UA5000_D on the RSTP ring network as multicast uplink ports.
Step 3 Run the igmp uplink-port-mode program command to set port 0/3/0 on specified nodes
UA5000_A and UA5000_D to be in the program mode.
Step 4 Run the igmp uplink-port-mode rstp command to set the ports on specified nodes
UA5000_B and UA5000_C on the RSTP ring network as RSTP ports.
The multicast service can run on an RSTP ring network only after a multicast uplink port is
configured as an RSTP port. After the configuration is complete, multicast packets are forwarded
from the root port.
Step 5 Run the igmp cascade-port command to configure multicast cascade ports.
Set the following ports on an RSTP ring network as multicast cascade ports. This ensures that
services are switched to a normal link when a link on the RSTP ring network fails.
l Node UA5000_A: ports 0/3/1 and 0/3/2
l Nodes UA5000_B and UA5000_C: ports 0/3/0 and 0/3/1
NOTE
The multicast cascade ports have been added to the multicast VLAN by using the port vlan command.
----End
Service Requirements
l The user accesses the Internet through the PPPoE dialup.
l PITP is enabled to protect the user account against theft and roaming.
l A traffic profile is adopted for rate limitation. The user access rate is 2048 kbit/s.
l To ensure reliability, dual GE ports are adopted for upstream transmission, and link
aggregation is configured for the two upstream ports.
Figure 5-1 shows the example network for configuring the xDSL Internet access service through
the PPPoA dialup.
Figure 5-1 Example network for configuring the xDSL Internet access service through the
PPPoA dialup
Modem
PC
Prerequisite
l Sufficient license resources must be applied because the number of xDSL ports is based
on the license resources.
l When the BRAS provides the AAA function, the connection between the UA5000 and the
BRAS must be set up. The BRAS must identify the VLAN tag carried in the upstream
packets of the UA5000 and you must configure the user account and password on the BRAS
for accessing the Internet through dialup.
Procedure
Step 1 Configure a VLAN.
Configure service VLAN 50. The user packet goes upstream carrying two VLAN tags. The outer
VLAN tag identifies the service and the inner VLAN tag identifies the user. Therefore, the
attribute of service VLAN 50 is stacking. The service of each user is identified by unique S+C
and the VLAN forwarding mode is the S+C mode.
huawei(config)#vlan 50 smart
huawei(config)#vlan attrib 50 stacking
huawei(config)#mac-address learn-ability vlan-list 50 disable
To aggregate the two upstream ports as one aggregation group, set the packet forwarding mode
of the aggregation group to egress-ingress, and set the aggregation group to work in the LACP
static mode, do as follows:
huawei(config)#interface ipm 0/3
huawei(config-if-ipm-0/3)#link-aggregation 0-1 egress-ingress workmode lacp-static
huawei(config-if-ipm-0/3)#quit
NOTE
NOTE
By default, an ADSL port is in the activated state. Before binding a template to the port, you must deactivate
the port.
3. Run the display traffic table command to query the existing traffic profiles in the system.
huawei(config)#display traffic table from-index 0
{ <cr>|to-
index<K> }:
Command:
display traffic table from-index 0
Traffic parameters for IP service:
-----------------------------------------------------------------------------
TID CAR(kbps) Priority Pri-Policy
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/EPD/
SHAPE
Type Type kbps kbps kbps kbps cells 1/10us
-----------------------------------------------------------------------------
0 cbr 2 1024 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /
off
5 ubr 2 2048 -- -- -- -- -- on /on /--
6 ubr 1 -- -- -- -- -- -- off/off/--
-----------------------------------------------------------------------------
Total Num : 7
Traffic type definition:
1:NoTrafficDescriptor 2:NoClpNoScr 3:ClpNoTaggingNoScr
4:ClpTaggingNoScr 5:NoClpScr 6:ClpNoTaggingScr
7:ClpTaggingScr 8:ClpNoTaggingMcr 9:ClpTransparentNoScr
10:ClpTransparentScr 11:NoClpTaggingNoScr 12:NoClpNoScrCdvt
13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt 15:ClpTaggingScrCdvt
-----------------------------------------------------------------------------
According to service requirements, the user access rate is 2048 kbit/s. The query result
shows that traffic profile 5 meets the requirements.
NOTE
l If a matched traffic profile is not available in the system, run the traffic table command to configure
a new traffic profile.
l On the UA5000, the user access rate can be limited by either a traffic profile or an ADSL line profile.
When both profiles are configured, the smaller one of the two rates configured in the profiles is adopted
as the user bandwidth. In this example, the traffic profile is used to limit the user access rate.
4. Run the service-port command to create a service port, adopt traffic profile 5, and set the
S-VLAN ID to 50. The VPI and VCI of the service port must be the same as the service
VPI and VCI of the peer modem. Assume that the service VPI and VCI of the modem are
1 and 39, and the access port ID is 0/7/0. To facilitate the maintenance of the service port,
configure the service port description.
huawei(config)#service-port vlan 50 adsl 0/7/0 vpi 1 vci 39 rx-cttr 5 tx-cttr
5
huawei(config)#service-port desc 0/7/0 vpi 1 vci 39 Vlanid:50/adsl/vpi:1vci:39/
stacking
5. Set the C-VLAN ID of the preset service port with VPI/VCI 1/39 to 10 for identifying the
user.
huawei(config)#stacking label 0/7/0 vpi 1 vci 39 10
2. Activate SHDSL port 0/7/0, and bind the preset SHDSL line profile 3 and the default
SHDSL alarm template (alarm template 1) to the port.
NOTE
By default, an SHDSL port is in the activated state. Before binding a profile or template to the port, you
must deactivate the port.
huawei(config)#interface sdl 0/7
huawei(config-if-sdl-0/7)#deactivate 0
huawei(config-if-sdl-0/7)#activate 0 3
huawei(config-if-sdl-0/7)#alarm-config 0 1
huawei(config-if-sdl-0/7)#quit
3. Run the display traffic table command to query the existing traffic profiles in the system.
huawei(config)#display traffic table from-index 0
{ <cr>|to-
index<K> }:
Command:
display traffic table from-index 0
Traffic parameters for IP service:
-----------------------------------------------------------------------------
TID CAR(kbps) Priority Pri-Policy
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/EPD/
SHAPE
Type Type kbps kbps kbps kbps cells 1/10us
-----------------------------------------------------------------------------
0 cbr 2 1024 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /
off
5 ubr 2 2048 -- -- -- -- -- on /on /--
6 ubr 1 -- -- -- -- -- -- off/off/--
-----------------------------------------------------------------------------
Total Num : 7
Traffic type definition:
1:NoTrafficDescriptor 2:NoClpNoScr 3:ClpNoTaggingNoScr
4:ClpTaggingNoScr 5:NoClpScr 6:ClpNoTaggingScr
7:ClpTaggingScr 8:ClpNoTaggingMcr 9:ClpTransparentNoScr
10:ClpTransparentScr 11:NoClpTaggingNoScr 12:NoClpNoScrCdvt
13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt 15:ClpTaggingScrCdvt
-----------------------------------------------------------------------------
According to service requirements, the user access rate is 2048 kbit/s. The query result
shows that traffic profile 5 meets the requirements.
NOTE
l If a matched traffic profile is not available in the system, run the traffic table command to configure
a new traffic profile.
l On the UA5000, the user access rate can be limited by either a traffic profile or an SHDSL line profile.
When both profiles are configured, the smaller one of the two rates configured in the profiles is adopted
as the user bandwidth. In this example, the traffic profile is used to limit the user access rate.
4. Run the service-port command to create a service port, adopt traffic profile 5, and set the
S-VLAN ID to 50. Set the SHDSL channel mode to PTM and the service port is 0/7/0. To
facilitate the maintenance of the service port, configure the service port description.
huawei(config)#service-port vlan 50 shdsl mode ptm 0/7/0 stream rx-cttr 5 tx-
cttr 5
huawei(config)#service-port desc 0/7/0 stream Vlanid:50/shdsl/vpi:1vci:39/
stacking
5. Set the C-VLAN ID of the preset service port 0/7/0 to 10 for identifying the user.
huawei(config)#stacking label 0/7/0 10
2. Activate VDSL port 0/7/0, and bind the preset VDSL line template 3 and the default VDSL
alarm template (alarm template 1) to the port.
NOTE
By default, a VDSL port is in the activated state. Before binding a template to the port, you must deactivate
the port.
huawei(config)#interface vdsl 0/7
huawei(config-if-vdsl-0/7)#deactivate 0
huawei(config-if-vdsl-0/7)#activate 0 profile-index 3
huawei(config-if-vdsl-0/7)#alarm-config 0 1
huawei(config-if-vdsl-0/7)#quit
3. Run the display traffic table command to query the existing traffic profiles in the system.
huawei(config)#display traffic table from-index 0
{ <cr>|to-
index<K> }:
Command:
display traffic table from-index 0
Traffic parameters for IP service:
-----------------------------------------------------------------------------
TID CAR(kbps) Priority Pri-Policy
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/EPD/
SHAPE
Type Type kbps kbps kbps kbps cells 1/10us
-----------------------------------------------------------------------------
0 cbr 2 1024 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /
off
5 ubr 2 2048 -- -- -- -- -- on /on /--
6 ubr 1 -- -- -- -- -- -- off/off/--
-----------------------------------------------------------------------------
Total Num : 7
Traffic type definition:
1:NoTrafficDescriptor 2:NoClpNoScr 3:ClpNoTaggingNoScr
4:ClpTaggingNoScr 5:NoClpScr 6:ClpNoTaggingScr
7:ClpTaggingScr 8:ClpNoTaggingMcr 9:ClpTransparentNoScr
10:ClpTransparentScr 11:NoClpTaggingNoScr 12:NoClpNoScrCdvt
13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt 15:ClpTaggingScrCdvt
-----------------------------------------------------------------------------
According to service requirements, the user access rate is 2048 kbit/s. The query result
shows that traffic profile 5 meets the requirements.
NOTE
l If a matched traffic profile is not available in the system, run the traffic table command to configure
a new traffic profile.
l On the UA5000, the user access rate can be limited by either a traffic profile or a VDSL line profile.
When both profiles are configured, the smaller one of the two rates configured in the profiles is adopted
as the user bandwidth. In this example, the traffic profile is used to limit the user access rate.
4. Run the service-port command to create a service port, adopt traffic profile 5, and set the
S-VLAN ID to 50. Set the VDSL channel mode to PTM, and the service port is 0/7/0. To
facilitate the maintenance of the service port, configure the service port description.
huawei(config)#service-port vlan 50 vdsl mode ptm 0/7/0 stream rx-cttr 5 tx-
cttr 5
huawei(config)#service-port desc 0/7/0 stream Vlanid:50/vdsl/vpi:1vci:39/
stacking
5. Set the C-VLAN ID of the preset service port 0/7/0 to 10 for identifying the user.
huawei(config)#stacking label 0/7/0 10
NOTE
For details about the PITP configuration for the user account security, see "1.13.1 Configuring Anti-Theft and
Roaming of User Account Through PITP."
----End
Verification
l Step 1: Dial up on the modem or on the PC by using the PPPoE dialup software. After the
dialup is successful, the user can access the Internet.
l Step 2: If the dialup is performed on the modem in Step 1, do as follows: When FTP is used
to download files, after the dialup is performed on the PPPoE dialup software, the PPPoE
dialup software displays a message indicating that the dialup is successful. Then, the PC
can access the Internet in the PPPoE mode. If the dialup is performed on the PC in Step 1,
skip this step.
l Step 3: When downloading files through FTP, you can open Task Manager in Windows
and click Networking to check the link speed. Then, you can calculate the Internet access
rate by the following formula: Attainable Internet access rate = Computer network adapter
rate/48 x 53 x 8. The calculation result approximates to the planned 2048 kbit/s.
Configuration Script
Configuration Script in the ADSL access mode:
vlan 50 smart
vlan attrib 50 stacking
mac-address learn-ability vlan-list 50 disable
Service Requirements
l The user accesses the Internet in the IPoE mode. The account authentication is implemented
through the DHCP option82 field.
l Double VLAN tags are added to user packets for upstream transmission, where the outer
VLAN tag identifies the service and the inner VLAN tag identifies the user. The service
of each user is identified by a unique S-VLAN+C-VLAN. This is called the 1:1 access.
l A traffic profile is adopted for rate limitation. The user access rate is 2048 kbit/s.
l Dual GE ports are adopted for upstream transmission to ensure reliability. Link aggregation
is configured for the two upstream ports.
Figure 5-2 shows the example network for configuring the xDSL IPoE Internet access service.
Figure 5-2 Example network for configuring the xDSL IPoE Internet access service
Modem
PC
Prerequisite
The number of xDSL ports is under the control of licenses. Make sure that sufficient licenses
are already requested.
Procedure
Step 1 Configure a VLAN.
Configure service VLAN 50. The user packet goes upstream carrying two VLAN tags. The outer
VLAN tag identifies the service and the inner VLAN tag identifies the user. Therefore, the
attribute of service VLAN 50 is stacking. The service of each user is identified by unique S+C
and the VLAN forwarding mode is the S+C mode.
huawei(config)#vlan 50 smart
huawei(config)#vlan attrib 50 stacking
huawei(config)#mac-address learn-ability vlan-list 50 disable
To aggregate the two upstream ports as one aggregation group, set the packet forwarding mode
of the aggregation group to egress-ingress, and set the aggregation group to work in the LACP
static mode, do as follows:
huawei(config)#interface ipm 0/3
huawei(config-if-ipm-0/3)#link-aggregation 0-1 egress-ingress workmode lacp-static
huawei(config-if-ipm-0/3)#quit
NOTE
By default, an ADSL port is in the activated state. Before binding a template to the port, you must deactivate
the port.
3. Run the display traffic table command to query the existing traffic profiles in the system.
huawei(config)#display traffic table from-index 0
{ <cr>|to-
index<K> }:
Command:
-----------------------------------------------------------------------------
TID CAR(kbps) Priority Pri-Policy
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/EPD/
SHAPE
Type Type kbps kbps kbps kbps cells 1/10us
-----------------------------------------------------------------------------
0 cbr 2 1024 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /
off
5 ubr 2 2048 -- -- -- -- -- on /on /--
6 ubr 1 -- -- -- -- -- -- off/off/--
-----------------------------------------------------------------------------
Total Num : 7
Traffic type definition:
1:NoTrafficDescriptor 2:NoClpNoScr 3:ClpNoTaggingNoScr
4:ClpTaggingNoScr 5:NoClpScr 6:ClpNoTaggingScr
7:ClpTaggingScr 8:ClpNoTaggingMcr 9:ClpTransparentNoScr
10:ClpTransparentScr 11:NoClpTaggingNoScr 12:NoClpNoScrCdvt
13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt 15:ClpTaggingScrCdvt
-----------------------------------------------------------------------------
According to service requirements, the user access rate is 2048 kbit/s. The query result
shows that traffic profile 5 meets the requirements.
NOTE
l If a matched traffic profile is not available in the system, run the traffic table command to configure
a new traffic profile.
l On the UA5000, the user access rate can be limited by either a traffic profile or an ADSL line profile.
When both profiles are configured, the smaller one of the two rates configured in the profiles is adopted
as the user bandwidth. In this example, the traffic profile is used to limit the user access rate.
4. Run the service-port command to create a service port, adopt traffic profile 5, and set the
S-VLAN ID to 50. The VPI and VCI of the service port must be the same as the service
VPI and VCI of the peer modem. Assume that the service VPI and VCI of the modem are
1 and 39, and the access port ID is 0/7/0. To facilitate the maintenance of the service port,
configure the service port description.
huawei(config)#service-port vlan 50 adsl 0/7/0 vpi 1 vci 39 rx-cttr 5 tx-cttr
5
huawei(config)#service-port desc 0/7/0 vpi 1 vci 39 Vlanid:50/adsl/vpi:1vci:39/
stacking
5. Set the C-VLAN ID of the preset service port with VPI/VCI 1/39 to 10 for identifying the
user.
huawei(config)#stacking label 0/7/0 vpi 1 vci 39 10
2. Activate SHDSL port 0/7/0, and bind the preset SHDSL line profile 3 and the default
SHDSL alarm template (alarm template 1) to the port.
NOTE
By default, an SHDSL port is in the activated state. Before binding a profile or template to the port, you
must deactivate the port.
huawei(config)#interface sdl 0/7
huawei(config-if-sdl-0/7)#deactivate 0
huawei(config-if-sdl-0/7)#activate 0 3
huawei(config-if-sdl-0/7)#alarm-config 0 1
huawei(config-if-sdl-0/7)#quit
3. Run the display traffic table command to query the existing traffic profiles in the system.
huawei(config)#display traffic table from-index 0
{ <cr>|to-
index<K> }:
Command:
display traffic table from-index 0
Traffic parameters for IP service:
-----------------------------------------------------------------------------
TID CAR(kbps) Priority Pri-Policy
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/EPD/
SHAPE
Type Type kbps kbps kbps kbps cells 1/10us
-----------------------------------------------------------------------------
0 cbr 2 1024 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /
off
5 ubr 2 2048 -- -- -- -- -- on /on /--
6 ubr 1 -- -- -- -- -- -- off/off/--
-----------------------------------------------------------------------------
Total Num : 7
Traffic type definition:
-----------------------------------------------------------------------------
According to service requirements, the user access rate is 2048 kbit/s. The query result
shows that traffic profile 5 meets the requirements.
NOTE
l If a matched traffic profile is not available in the system, run the traffic table command to configure
a new traffic profile.
l On the UA5000, the user access rate can be limited by either a traffic profile or an SHDSL line profile.
When both profiles are configured, the smaller one of the two rates configured in the profiles is adopted
as the user bandwidth. In this example, the traffic profile is used to limit the user access rate.
4. Run the service-port command to create a service port, adopt traffic profile 5, and set the
S-VLAN ID to 50. Set the SHDSL channel mode to PTM and the service port is 0/7/0. To
facilitate the maintenance of the service port, configure the service port description.
huawei(config)#service-port vlan 50 shdsl mode ptm 0/7/0 stream rx-cttr 5 tx-
cttr 5
huawei(config)#service-port desc 0/7/0 stream Vlanid:50/shdsl/vpi:1vci:39/
stacking
5. Set the C-VLAN ID of the preset service port 0/7/0 to 10 for identifying the user.
huawei(config)#stacking label 0/7/0 10
2. Activate VDSL port 0/7/0, and bind the preset VDSL line template 3 and the default VDSL
alarm template (alarm template 1) to the port.
NOTE
By default, a VDSL port is in the activated state. Before binding a template to the port, you must deactivate
the port.
huawei(config)#interface vdsl 0/7
huawei(config-if-vdsl-0/7)#deactivate 0
huawei(config-if-vdsl-0/7)#activate 0 profile-index 3
huawei(config-if-vdsl-0/7)#alarm-config 0 1
huawei(config-if-vdsl-0/7)#quit
3. Run the display traffic table command to query the existing traffic profiles in the system.
huawei(config)#display traffic table from-index 0
{ <cr>|to-
index<K> }:
Command:
display traffic table from-index 0
Traffic parameters for IP service:
-----------------------------------------------------------------------------
TID CAR(kbps) Priority Pri-Policy
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/EPD/
SHAPE
Type Type kbps kbps kbps kbps cells 1/10us
-----------------------------------------------------------------------------
0 cbr 2 1024 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /
off
5 ubr 2 2048 -- -- -- -- -- on /on /--
6 ubr 1 -- -- -- -- -- -- off/off/--
-----------------------------------------------------------------------------
Total Num : 7
Traffic type definition:
1:NoTrafficDescriptor 2:NoClpNoScr 3:ClpNoTaggingNoScr
4:ClpTaggingNoScr 5:NoClpScr 6:ClpNoTaggingScr
7:ClpTaggingScr 8:ClpNoTaggingMcr 9:ClpTransparentNoScr
10:ClpTransparentScr 11:NoClpTaggingNoScr 12:NoClpNoScrCdvt
13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt 15:ClpTaggingScrCdvt
-----------------------------------------------------------------------------
According to service requirements, the user access rate is 2048 kbit/s. The query result
shows that traffic profile 5 meets the requirements.
NOTE
l If a matched traffic profile is not available in the system, run the traffic table command to configure
a new traffic profile.
l On the UA5000, the user access rate can be limited by either a traffic profile or a VDSL line profile.
When both profiles are configured, the smaller one of the two rates configured in the profiles is adopted
as the user bandwidth. In this example, the traffic profile is used to limit the user access rate.
4. Run the service-port command to create a service port, adopt traffic profile 5, and set the
S-VLAN ID to 50. Set the VDSL channel mode to PTM, and the service port is 0/7/0. To
facilitate the maintenance of the service port, configure the service port description.
huawei(config)#service-port vlan 50 vdsl mode ptm 0/7/0 stream rx-cttr 5 tx-
cttr 5
huawei(config)#service-port desc 0/7/0 stream Vlanid:50/vdsl/vpi:1vci:39/
stacking
5. Set the C-VLAN ID of the preset service port 0/7/0 to 10 for identifying the user.
huawei(config)#stacking label 0/7/0 10
NOTE
l In this example, the UA5000 works in the L2 DHCP mode. Therefore, the DHCP-related configurations are
not required. If the UA5000 works in the L3 DHCP mode, the DHCP-related configurations on the
UA5000 are required. For details, see "Configuring DHCP."
l For the details about the security of DHCP accounts, see "Configuring Anti-Theft or Roaming of User
Accounts Through DHCP."
Assume that the RAIO mode is the user-defined mode, the CID is the access node name frame/
slot/port:vlanid, the RID is the label of the service port where the user is connected. To enable
the DHCP option82 function with these parameters, do as follows:
huawei(config)#dhcp option82 enable
huawei(config)#raio-mode user-defined dhcp-option82
huawei(config)#raio-format dhcp-option82 cid anid frame/slot/port:vlanid
huawei(config)#raio-format dhcp-option82 rid splabel
----End
Verification
l Step 1: After the PC NIC automatically obtains an IP address in the DHCP option82 mode
and a connection to the Internet is set up, the user can access the Internet.
l Step 2: To download a file through FTP, open Windows Task Manager and then click
Networking to observe the link rate. Calculate the Internet access rate by the formula:
attainable Internet access rate = computer NIC rate/48 x 53 x 8. The calculated result
approximates to the planned 2048 kbit/s.
Configuration Script
Configuration Script for the ADSL access mode:
vlan 50 smart
vlan attrib 50 stacking
mac-address learn-ability vlan-list 50 disable
port vlan 50 0/3 0
port vlan 50 0/3 1
interface ipm 0/3
link-aggregation 0-1 egress-ingress workmode lacp-static
quit
interface adsl 0/7
deactivate 0
activate 0 profile-index 1
alarm-config 0 1
quit
service-port vlan 50 adsl 0/7/0 vpi 1 vci 39 rx-cttr 5 tx-cttr 5
service-port desc 0/7/0 vpi 1 vci 39 Vlanid:50/adsl/vpi:1vci:39/stacking
stacking label 0/7/0 vpi 1 vci 39 10
dhcp option82 enable
raio-mode user-defined dhcp-option82
raio-format dhcp-option82 cid anid frame/slot/port:vlanid
raio-format dhcp-option82 rid splabel
save
Service Requirements
l The user accesses the Internet in the IPoA mode and obtains an IP address from the DHCP
server. The UA5000 works in the DHCP L2 mode.
l One VLAN tag is added to user packets for upstream transmission and the services of
multiple users are aggregated into one VLAN.
l DHCP option82 is enabled to protect user accounts from theft and roaming.
l A traffic profile is adopted for rate limitation. The user access rate is 2048 kbit/s.
l Dual GE ports are adopted for upstream transmission to ensure reliability. Link aggregation
is configured for the two upstream ports.
Figure 5-3 shows the example network for configuring the xDSL IPoA Internet access service.
Figure 5-3 Example network for configuring the xDSL IPoA Internet access service
PC
Prerequisite
The number of xDSL ports is under the control of licenses. Make sure that sufficient licenses
are already requested.
Procedure
Step 1 Create a VLAN.
To aggregate the two upstream ports as one aggregation group, set the packet forwarding mode
of the aggregation group to egress-ingress, and set the aggregation group to work in the LACP
static mode.
huawei(config)#link-aggregation 0/3 0 0/3 1 egress-ingress workmode lacp-static
NOTE
The aggregated ports must meet the following requirements: The ports must work in the full-duplex mode; the
port rates must be the same and the rate of an electrical port must not be of the auto-negotiation type; the attributes
of the ports, such as the default VLAN ID (PVID) and VLAN, must be the same; one port can belong to only
one aggregation group; the port must not be a mirroring destination port; the port must not be in the auto-
negotiation mode; the start port ID must be smaller than the end port ID.
Step 3 In the case of the ADSL access mode, follow this procedure.
1. Configure an ADSL2+ profile. For details, see "1.11.1 Configuring ADSL2+ Profiles."
The ID of the ADSL2+ line profile is 3, the downstream rate is 2048 kbit/s, the channel
mode is the interleave mode, the maximum interleave delay is 10 ms, and the SNR margin
is 6 dB.
huawei(config)#adsl line-profile quickadd basic-para full-rate trellis 1
bitswap
1 1 channel interleaved 100 100 adapt fixed snr 5 4 9 5 4 9 rate 2048 2048
1000 1100
2. Activate the ADSL port. The port is port 0/7/0, and ADSL line profile 3 and the default
alarm profile (alarm profile 1) are bound to the port.
NOTE
By default, a port is in the activated state. Before binding a profile to a port, you must deactivate the port.
huawei(config)#interface adsl 0/7/0
huawei(config-if-adsl-0/7/0)#deactivate 0
huawei(config-if-adsl-0/7/0)#activate 0 profile-index 3
huawei(config-if-adsl-0/7/0)#alarm-config 0 1
huawei(config-if-adsl-0/7/0)#quit
3. Run the display traffic table command to query the traffic profiles that exist in the system.
huawei(config)#display traffic table from-index 0
{ <cr>|to-
index<K> }:
Command:
display traffic table from-index 0
Traffic parameters for IP service:
-----------------------------------------------------------------------------
TID CAR(kbps) Priority Pri-Policy
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/EPD/
SHAPE
Type Type kbps kbps kbps kbps cells 1/10us
-----------------------------------------------------------------------------
0 cbr 2 1024 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
-----------------------------------------------------------------------------
Total Num : 7
Traffic type definition:
1:NoTrafficDescriptor 2:NoClpNoScr 3:ClpNoTaggingNoScr
4:ClpTaggingNoScr 5:NoClpScr 6:ClpNoTaggingScr
7:ClpTaggingScr 8:ClpNoTaggingMcr 9:ClpTransparentNoScr
10:ClpTransparentScr 11:NoClpTaggingNoScr 12:NoClpNoScrCdvt
13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt 15:ClpTaggingScrCdvt
-----------------------------------------------------------------------------
According to service requirement, the user access rate is 2048 kbit/s. The query result shows
that traffic profile 5 meets the requirement.
NOTE
l If no traffic profile in the system meets the service requirement, run the traffic table command to
configure a new traffic profile.
l On the UA5000, the user access rate can be limited by either a traffic profile or an xDSL line profile.
When both profiles are configured, the smaller one of the two rates configured in the profiles is adopted
as the user bandwidth. In this example, the traffic profile is used to limit the user access rate.
4. Run the service-port command to create a service port. The index of the new service port
is 1, the access port is port 0/7/0, traffic profile 5 meets the service requirement, and the S-
VLAN is VLAN 50. The VPI and VCI must be the same as the management VPI and VCI
of the peer modem. Assume that the management VPI and VCI of the modem are 1 and
39. To facilitate the maintenance of the service port, configure description for the service
port.
huawei(config)#service-port vlan 50 adsl 0/7/0 vpi 1 vci 39 rx-cttr 5 tx-cttr
5
huawei(config)#service-port desc 0/7/0 vpi 1 vci 39 UA5000HW/Vlanid:50/adsl/
smart
5. Set the maximum number of MAC addresses that can be learned by the service port is 16.
This parameter is to limit the maximum number of the MAC addresses that can be learned
by one account, namely, the maximum number of the PCs that can access the Internet
through one account.
huawei(config)#mac-address max-mac-count adsl 0/7/0 vpi 1 vci 39 16
Step 4 In the case of the SHDSL access mode, follow this procedure.
1. Configure an SHDSL profile. For details, see "1.11.2 Configuring SHDSL Profiles." The
ID of the SHDSL line profile is 3, the line rate is 2048 kbit/s, and the profile is used to
activate 4-wire ports.
huawei(config)#shdsl line-profile quickadd 3 line four-wire rate 2048 psd
asymmetric transmission annex-a&b remote enable probe enable
2. Activate the SHDSL port. The port is port 0/7/0, and SHDSL line profile 3 and the default
alarm profile (alarm profile 1) are bound to the port.
NOTE
By default, a port is in the activated state. Before binding a profile to a port, you must deactivate the port.
huawei(config)#interface sdl 0/7
huawei(config-if-sdl-0/7)#deactivate 0
huawei(config-if-sdl-0/7)#activate 0 3
huawei(config-if-sdl-0/7)#alarm-config 0 1
huawei(config-if-sdl-0/7)#quit
3. Run the display traffic table command to query the traffic profiles that exist in the system.
huawei(config)#display traffic table from-index 0
{ <cr>|to-
index<K> }:
Command:
display traffic table from-index 0
Traffic parameters for IP service:
-----------------------------------------------------------------------------
TID CAR(kbps) Priority Pri-Policy
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/EPD/
SHAPE
Type Type kbps kbps kbps kbps cells 1/10us
-----------------------------------------------------------------------------
0 cbr 2 1024 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /
off
5 ubr 2 2048 -- -- -- -- -- on /on /--
6 ubr 1 -- -- -- -- -- -- off/off/--
-----------------------------------------------------------------------------
Total Num : 7
Traffic type definition:
1:NoTrafficDescriptor 2:NoClpNoScr 3:ClpNoTaggingNoScr
4:ClpTaggingNoScr 5:NoClpScr 6:ClpNoTaggingScr
7:ClpTaggingScr 8:ClpNoTaggingMcr 9:ClpTransparentNoScr
10:ClpTransparentScr 11:NoClpTaggingNoScr 12:NoClpNoScrCdvt
13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt 15:ClpTaggingScrCdvt
-----------------------------------------------------------------------------
According to service requirement, the user access rate is 2048 kbit/s. The query result shows
that traffic profile 5 meets the requirement.
NOTE
l If no traffic profile in the system meets the service requirement, run the traffic table command to
configure a new traffic profile.
l On the UA5000, the user access rate can be limited by either a traffic profile or an SHDSL line profile.
When both profiles are configured, the smaller one of the two rates configured in the profiles is adopted
as the user bandwidth. In this example, the traffic profile is used to limit the user access rate.
4. Run the service-port command to create a service port. The index of the new service port
is 2, the access port is port 0/7/0, traffic profile 5 meets the service requirement, and the S-
VLAN is VLAN 50. The VPI and VCI must be the same as the management VPI and VCI
of the peer modem. Assume that the management VPI and VCI of the modem are 1 and
39. To facilitate the maintenance of the service port, configure description for the service
port.
huawei(config)#service-port vlan 50 shdsl mode atm 0/7/0 vpi 1 vci 39 rx-cttr
5 tx-cttr 5
huawei(config)#service-port desc 0/7/0 vpi 1 vci 39 UA5000HW/Vlanid:50/shdsl/
smart
5. Set the maximum number of MAC addresses that can be learned by the service port to 16.
This parameter is to limit the maximum number of the MAC addresses that can be learned
by one account, namely, the maximum number of the PCs that can access the Internet
through one account.
huawei(config)#mac-address max-mac-count shdsl 0/7/0 vpi 1 vci 39 16
Step 5 In the case of the VDSL access mode, follow this procedure.
1. Configure a VDSL profile. For details, see "Configuring the VDSL2 Profile." Configure
the VDSL profile with the following parameters: Profile ID: 3; The downstream
transmission rate: 2048 kbit/s; Channel mode: interleave mode; Downstream maximum
interleave delay: 8 ms; Upstream maximum interleave delay: 2 ms; SNR margin: 6 dB;
Downstream minimum INP: 4; Upstream minimum INP: 2.
huawei(config)#vdsl line-profile quickadd 3 snr 60 0 300 60 0 300
huawei(config)#vdsl channel-profile quickadd 3 path-mode atm interleaved-delay
8 2 inp 4 2 rate 128 10000 128 10000
huawei(config)#vdsl line-template quickadd 3 line 3 channel1 3 100 100
2. Activate VDSL port 0/7/0, and bind the preset VDSL line template 3 and the default VDSL
alarm template (alarm template 1) to the port.
NOTE
By default, a port is in the activated state. Before binding a profile to a port, you must deactivate the port.
huawei(config)#interface vdsl 0/7
huawei(config-if-vdsl-0/7)#deactivate 0
huawei(config-if-vdsl-0/7)#activate 0 profile-index 3
huawei(config-if-vdsl-0/7)#alarm-config 0 1
huawei(config-if-vdsl-0/7)#quit
3. Run the display traffic table command to query the traffic profiles that exist in the system.
huawei(config)#display traffic table from-index 0
{ <cr>|to-
index<K> }:
Command:
display traffic table from-index 0
Traffic parameters for IP service:
-----------------------------------------------------------------------------
TID CAR(kbps) Priority Pri-Policy
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/EPD/
SHAPE
Type Type kbps kbps kbps kbps cells 1/10us
-----------------------------------------------------------------------------
0 cbr 2 1024 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /
off
5 ubr 2 2048 -- -- -- -- -- on /on /--
6 ubr 1 -- -- -- -- -- -- off/off/--
-----------------------------------------------------------------------------
Total Num : 7
Traffic type definition:
1:NoTrafficDescriptor 2:NoClpNoScr 3:ClpNoTaggingNoScr
4:ClpTaggingNoScr 5:NoClpScr 6:ClpNoTaggingScr
7:ClpTaggingScr 8:ClpNoTaggingMcr 9:ClpTransparentNoScr
10:ClpTransparentScr 11:NoClpTaggingNoScr 12:NoClpNoScrCdvt
13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt 15:ClpTaggingScrCdvt
-----------------------------------------------------------------------------
According to service requirement, the user access rate is 2048 kbit/s. The query result shows
that traffic profile 5 meets the requirement.
NOTE
l If no traffic profile in the system meets the service requirement, run the traffic table command to
configure a new traffic profile.
l On the UA5000, the user access rate can be limited by either a traffic profile or a VDSL line profile.
When both profiles are configured, the smaller one of the two rates configured in the profiles is adopted
as the user bandwidth. In this example, the traffic profile is used to limit the user access rate.
4. Run the service-port command to create a service port. The index of the new service port
is 3, the access port is port 0/7/0, traffic profile 5 meets the service requirement, and the S-
VLAN is VLAN 50. The VPI and VCI must be the same as the management VPI and VCI
of the peer modem. Assume that the management VPI and VCI of the modem are 1 and
39. To facilitate the maintenance of the service port, configure description for the service
port.
huawei(config)#service-port vlan 50 vdsl mode atm 0/7/0 vpi 1 vci 39 rx-cttr 5
tx-cttr 5
huawei(config)#service-port desc 0/7/0 vpi 1 vci 39 UA5000HW/Vlanid:50/vdsl/
smart
5. Set the maximum number of MAC addresses that can be learned by the service port to 16.
This parameter is to limit the maximum number of the MAC addresses that can be learned
by one account, namely, the maximum number of the PCs that can access the Internet
through one account.
huawei(config)#mac-address max-mac-count vdsl 0/7/0 vpi 1 vci 39 16
----End
Verification
l Step 1: Set the VPI/VCI of the modem to 1/39, encapsulation mode to llc-ipoa, and IP
address to 192.168.1.1.
l Step 2: After the settings on the modem are complete, the network connection is
automatically set up and the user can access the Internet.
l Step 3: To download a file through FTP, open Windows Task Manager, and then click
Networking to observe the link rate. Calculate the Internet access rate by the formula:
attainable Internet access rate = computer NIC rate/48 x 53 x 8. The calculated result
approximates to the planned 2048 kbit/s.
Configuration Script
Configuration Script for the ADSL access mode:
vlan 50 smart
port vlan 50 0/3 0
port vlan 50 0/3 1
interface ipm 0/3
link-aggregation 0-1 egress-ingress workmode lacp-static
quit
adsl line-profile quickadd basic-para full-rate trellis 1 bitswap
1 1 channel interleaved 100 100 adapt fixed snr 5 4 9 5 4 9 rate 10000 10000 1000
1100
interface adsl 0/7
deactivate 0
activate 0 profile-index 3
alarm-config 0 1
quit
service-port vlan 50 adsl 0/7/0 vpi 1 vci 39 rx-cttr 5 tx-cttr 5
service-port desc 0/7/0 vpi 1 vci 39 UA5000HW/Vlanid:50/adsl/smart
mac-address max-mac-count adsl 0/7/0 vpi 1 vci 39 16
mac-pool 0 0000-1111-1010 300
ipoa enable
ipoa default gateway 192.168.1.20
encapsulation 0/7/0 vpi 1 vci 39 type ipoa llc srcIP 192.168.1.1
save
activate 0 3
alarm-config 0 1
quit
service-port vlan 50 shdsl mode atm 0/7/0 vpi 1 vci 39 rx-cttr 5 tx-cttr 5
service-port desc 0/7/0 vpi 1 vci 39 UA5000HW/Vlanid:50/shdsl/smart
mac-address max-mac-count shdsl 0/7/0 vpi 1 vci 39 16
mac-pool 0 0000-1111-1010 300
ipoa enable
ipoa default gateway 192.168.1.20
encapsulation 0/7/0 vpi 1 vci 39 type ipoa llc srcIP 192.168.1.1
save
Service Requirements
l The user accesses the Internet in the PPPoA mode.
l User packets, which carry a single VLAN tag, are transmitted in the upstream direction,
and the services of multiple users are converged into one VLAN. This is called the N:1
access.
l PITP is enabled to protect user accounts from theft and roaming.
l A traffic profile is adopted for rate limitation. The user access rate is 2048 kbit/s.
l Dual GE ports are adopted for upstream transmission to ensure reliability. Link aggregation
is configured for the two upstream ports.
Figure 5-4 shows the example network for configuring the xDSL PPPoA Internet access service.
Figure 5-4 Example network for configuring the xDSL PPPoA Internet access service
PC
Prerequisite
l Sufficient license resources must be applied because the number of xDSL ports is based
on the license resources.
l When the BRAS provides the AAA function, the connection between the UA5000 and the
BRAS must be set up. The BRAS must identify the VLAN tag carried in the upstream
packets of the UA5000 and you must configure the user account and password on the BRAS
for accessing the Internet through dialup.
Procedure
Step 1 Create a VLAN.
To aggregate the two upstream ports as one aggregation group, set the packet forwarding mode
of the aggregation group to egress-ingress, and set the aggregation group to work in the LACP
static mode, do as follows:
huawei(config)#interface ipm 0/3
huawei(config-if-ipm-0/3)#link-aggregation 0-1 egress-ingress workmode lacp-static
huawei(config-if-ipm-0/3)#quit
NOTE
Step 3 In the case of the ADSL access mode, follow this procedure.
1. Configure an ADSL2+ profile. For details, see "1.11.1 Configuring ADSL2+ Profiles."
The ID of the ADSL2+ line profile is 3, the downstream rate is 2048 kbit/s, the channel
mode is the interleave mode, the maximum interleave delay is 10 ms, and the SNR margin
is 6 dB.
huawei(config)#adsl line-profile quickadd basic-para full-rate trellis 1
bitswap
1 1 channel interleaved 100 100 adapt fixed snr 5 4 9 5 4 9 rate 2048 2048
1000 1100
2. Activate the ADSL port. The port is port 0/7/0, and ADSL line profile 3 and the default
alarm profile (alarm profile 1) are bound to the port.
NOTE
By default, a port is in the activated state. Before binding a profile to a port, you must deactivate the port.
huawei(config)#interface adsl 0/7/0
huawei(config-if-adsl-0/7/0)#deactivate 0
huawei(config-if-adsl-0/7/0)#activate 0 profile-index 3
huawei(config-if-adsl-0/7/0)#alarm-config 0 1
huawei(config-if-adsl-0/7/0)#quit
3. Run the display traffic table command to query the traffic profiles that exist in the system.
huawei(config)#display traffic table from-index 0
{ <cr>|to-
index<K> }:
Command:
display traffic table from-index 0
Traffic parameters for IP service:
-----------------------------------------------------------------------------
TID CAR(kbps) Priority Pri-Policy
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/EPD/
SHAPE
-----------------------------------------------------------------------------
0 cbr 2 1024 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /
off
5 ubr 2 2048 -- -- -- -- -- on /on /--
6 ubr 1 -- -- -- -- -- -- off/off/--
-----------------------------------------------------------------------------
Total Num : 7
Traffic type definition:
1:NoTrafficDescriptor 2:NoClpNoScr 3:ClpNoTaggingNoScr
4:ClpTaggingNoScr 5:NoClpScr 6:ClpNoTaggingScr
7:ClpTaggingScr 8:ClpNoTaggingMcr 9:ClpTransparentNoScr
10:ClpTransparentScr 11:NoClpTaggingNoScr 12:NoClpNoScrCdvt
13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt 15:ClpTaggingScrCdvt
-----------------------------------------------------------------------------
According to service requirement, the user access rate is 2048 kbit/s. The query result shows
that traffic profile 5 meets the requirement.
NOTE
l If no traffic profile in the system meets the service requirement, run the traffic table command to
configure a new traffic profile.
l On the UA5000, the user access rate can be limited by either a traffic profile or an xDSL line profile.
When both profiles are configured, the smaller one of the two rates configured in the profiles is adopted
as the user bandwidth. In this example, the traffic profile is used to limit the user access rate.
4. Run the service-port command to create a service port. The index of the new service port
is 1, the access port is port 0/7/0, traffic profile 5 meets the service requirement, and the S-
VLAN is VLAN 50. The VPI and VCI must be the same as the management VPI and VCI
of the peer modem. Assume that the management VPI and VCI of the modem are 1 and
39. To facilitate the maintenance of the service port, configure description for the service
port.
huawei(config)#service-port vlan 50 adsl 0/7/0 vpi 1 vci 39 rx-cttr 5 tx-cttr
5
huawei(config)#service-port desc 0/7/0 vpi 1 vci 39 UA5000HW/Vlanid:50/adsl/
smart
5. Set the maximum number of MAC addresses that can be learned by the service port is 16.
This parameter is to limit the maximum number of the MAC addresses that can be learned
by one account, namely, the maximum number of the PCs that can access the Internet
through one account.
huawei(config)#mac-address max-mac-count adsl 0/7/0 vpi 1 vci 39 16
Step 4 In the case of the SHDSL access mode, follow this procedure.
1. Configure an SHDSL profile. For details, see "1.11.2 Configuring SHDSL Profiles." The
ID of the SHDSL line profile is 3, the line rate is 2048 kbit/s, and the profile is used to
activate 4-wire ports.
huawei(config)#shdsl line-profile quickadd 3 line four-wire rate 2048 psd
asymmetric transmission annex-a&b remote enable probe enable
2. Activate the SHDSL port. The port is port 0/7/0, and SHDSL line profile 3 and the default
alarm profile (alarm profile 1) are bound to the port.
NOTE
By default, a port is in the activated state. Before binding a profile to a port, you must deactivate the port.
3. Run the display traffic table command to query the traffic profiles that exist in the system.
huawei(config)#display traffic table from-index 0
{ <cr>|to-
index<K> }:
Command:
display traffic table from-index 0
Traffic parameters for IP service:
-----------------------------------------------------------------------------
TID CAR(kbps) Priority Pri-Policy
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/EPD/
SHAPE
Type Type kbps kbps kbps kbps cells 1/10us
-----------------------------------------------------------------------------
0 cbr 2 1024 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /
off
5 ubr 2 2048 -- -- -- -- -- on /on /--
6 ubr 1 -- -- -- -- -- -- off/off/--
-----------------------------------------------------------------------------
Total Num : 7
Traffic type definition:
1:NoTrafficDescriptor 2:NoClpNoScr 3:ClpNoTaggingNoScr
4:ClpTaggingNoScr 5:NoClpScr 6:ClpNoTaggingScr
7:ClpTaggingScr 8:ClpNoTaggingMcr 9:ClpTransparentNoScr
10:ClpTransparentScr 11:NoClpTaggingNoScr 12:NoClpNoScrCdvt
13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt 15:ClpTaggingScrCdvt
-----------------------------------------------------------------------------
According to service requirement, the user access rate is 2048 kbit/s. The query result shows
that traffic profile 5 meets the requirement.
NOTE
l If no traffic profile in the system meets the service requirement, run the traffic table command to
configure a new traffic profile.
l On the UA5000, the user access rate can be limited by either a traffic profile or an SHDSL line profile.
When both profiles are configured, the smaller one of the two rates configured in the profiles is adopted
as the user bandwidth. In this example, the traffic profile is used to limit the user access rate.
4. Run the service-port command to create a service port. The index of the new service port
is 2, the access port is port 0/7/0, traffic profile 5 meets the service requirement, and the S-
VLAN is VLAN 50. The VPI and VCI must be the same as the management VPI and VCI
of the peer modem. Assume that the management VPI and VCI of the modem are 1 and
39. To facilitate the maintenance of the service port, configure description for the service
port.
huawei(config)#service-port vlan 50 shdsl mode atm 0/7/0 vpi 1 vci 39 rx-cttr
5 tx-cttr 5
huawei(config)#service-port desc 0/7/0 vpi 1 vci 39 UA5000HW/Vlanid:50/shdsl/
smart
5. Set the maximum number of MAC addresses that can be learned by the service port to 16.
This parameter is to limit the maximum number of the MAC addresses that can be learned
by one account, namely, the maximum number of the PCs that can access the Internet
through one account.
huawei(config)#mac-address max-mac-count shdsl 0/7/0 vpi 1 vci 39 16
Step 5 In the case of the VDSL access mode, follow this procedure.
1. Configure a VDSL profile. For details, see "Configuring the VDSL2 Profile." Configure
the VDSL profile with the following parameters: Profile ID: 3; The downstream
transmission rate: 2048 kbit/s; Channel mode: interleave mode; Downstream maximum
interleave delay: 8 ms; Upstream maximum interleave delay: 2 ms; SNR margin: 6 dB;
Downstream minimum INP: 4; Upstream minimum INP: 2.
huawei(config)#vdsl line-profile quickadd 3 snr 60 0 300 60 0 300
huawei(config)#vdsl channel-profile quickadd 3 path-mode atm interleaved-delay
8 2 inp 4 2 rate 128 10000 128 10000
huawei(config)#vdsl line-template quickadd 3 line 3 channel1 3 100 100
2. Activate VDSL port 0/7/0, and bind the preset VDSL line template 3 and the default VDSL
alarm template (alarm template 1) to the port.
NOTE
By default, a port is in the activated state. Before binding a profile to a port, you must deactivate the port.
huawei(config)#interface vdsl 0/7
huawei(config-if-vdsl-0/7)#deactivate 0
huawei(config-if-vdsl-0/7)#activate 0 profile-index 3
huawei(config-if-vdsl-0/7)#alarm-config 0 1
huawei(config-if-vdsl-0/7)#quit
3. Run the display traffic table command to query the traffic profiles that exist in the system.
huawei(config)#display traffic table from-index 0
{ <cr>|to-
index<K> }:
Command:
display traffic table from-index 0
Traffic parameters for IP service:
-----------------------------------------------------------------------------
TID CAR(kbps) Priority Pri-Policy
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/EPD/
SHAPE
Type Type kbps kbps kbps kbps cells 1/10us
-----------------------------------------------------------------------------
0 cbr 2 1024 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /
off
5 ubr 2 2048 -- -- -- -- -- on /on /--
6 ubr 1 -- -- -- -- -- -- off/off/--
-----------------------------------------------------------------------------
Total Num : 7
Traffic type definition:
1:NoTrafficDescriptor 2:NoClpNoScr 3:ClpNoTaggingNoScr
4:ClpTaggingNoScr 5:NoClpScr 6:ClpNoTaggingScr
7:ClpTaggingScr 8:ClpNoTaggingMcr 9:ClpTransparentNoScr
10:ClpTransparentScr 11:NoClpTaggingNoScr 12:NoClpNoScrCdvt
13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt 15:ClpTaggingScrCdvt
-----------------------------------------------------------------------------
According to service requirement, the user access rate is 2048 kbit/s. The query result shows
that traffic profile 5 meets the requirement.
NOTE
l If no traffic profile in the system meets the service requirement, run the traffic table command to
configure a new traffic profile.
l On the UA5000, the user access rate can be limited by either a traffic profile or a VDSL line profile.
When both profiles are configured, the smaller one of the two rates configured in the profiles is adopted
as the user bandwidth. In this example, the traffic profile is used to limit the user access rate.
4. Run the service-port command to create a service port. The index of the new service port
is 3, the access port is port 0/7/0, traffic profile 5 meets the service requirement, and the S-
VLAN is VLAN 50. The VPI and VCI must be the same as the management VPI and VCI
of the peer modem. Assume that the management VPI and VCI of the modem are 1 and
39. To facilitate the maintenance of the service port, configure description for the service
port.
huawei(config)#service-port vlan 50 vdsl mode atm 0/7/0 vpi 1 vci 39 rx-cttr 5
tx-cttr 5
huawei(config)#service-port desc 0/7/0 vpi 1 vci 39 UA5000HW/Vlanid:50/vdsl/
smart
5. Set the maximum number of MAC addresses that can be learned by the service port to 16.
This parameter is to limit the maximum number of the MAC addresses that can be learned
by one account, namely, the maximum number of the PCs that can access the Internet
through one account.
huawei(config)#mac-address max-mac-count vdsl 0/7/0 vpi 1 vci 39 16
NOTE
For details about the PITP configuration for the user account security, see "1.13.1 Configuring Anti-Theft and
Roaming of User Account Through PITP."
----End
Verification
l Step 1: Set the VPI/VCI of the modem to 1/39 and encapsulation mode to llc-pppoa.
Configure the user name and password used for dialing (the user name and password must
be the same as those configured on the BRAS.)
l Step 2: After the settings on the modem are complete, dialing is initialized, a network
connection is automatically set up, and the user can access the Internet.
l Step 3: To download a file through FTP, open Windows Task Manager and then click
Networking to observe the link rate. Calculate the Internet access rate by the formula:
attainable Internet access rate = computer NIC rate/48 x 53 x 8. The calculated result
approximates to the planned 2048 kbit/s.
Configuration Script
Configuration Script for the ADSL access mode:
vlan 50 smart
port vlan 50 0/3 0
port vlan 50 0/3 1
interface ipm 0/3
link-aggregation 0-1 egress-ingress workmode lacp-static
quit
adsl line-profile quickadd basic-para full-rate trellis 1 bitswap
1 1 channel interleaved 100 100 adapt fixed snr 5 4 9 5 4 9 rate 10000 10000 1000
1100
interface adsl 0/7
deactivate 0
activate 0 profile-index 3
alarm-config 0 1
quit
service-port vlan 50 adsl 0/7/0 vpi 1 vci 39 rx-cttr 5 tx-cttr 5
service-port desc 0/7/0 vpi 1 vci 39 UA5000HW/Vlanid:50/adsl/smart
mac-address max-mac-count adsl 0/7/0 vpi 1 vci 39 16
mac-pool 0 0000-1111-1010 300
pppoa enable
encapsulation 0/7/0 vpi 1 vci 39 type pppoa llc
Service Requirements
l The UA5000 adopts the IGMP proxy L2 multicast protocol.
l Multicast programs are configured statically and multicast users are authenticated.
Multicast server
10.10.10.10
Router
I C
P S
M R
D B
STB STB
TV TV
Prerequisites
The license for the multicast program and the multicast user is already requested and installed.
Procedure
Step 1 Configure the multicast program and multicast source.
Multicast adopts IGMP proxy and upstream port 0/3/1. Add the upstream port to VLAN 10.
Configure programs 224.1.1.1, 224.1.1.2, and 224.1.1.3 with the static attribute. Program
bandwidth is 6000 kbit/s.
huawei(config)#vlan 10 smart
huawei(config)#port vlan 10 0/3 1
huawei(config)#btv
huawei(config-btv)#igmp mode proxy
huawei(config-btv)#igmp uplink-port 0/3/1 100
huawei(config-btv)#igmp program add name program1 ip 224.1.1.1 vlan 10 bind 0/3/1
bandwidth 6000 hostip 10.0.0.254 log enable
huawei(config-btv)#igmp program add name program2 ip 224.1.1.2 vlan 10 bind 0/3/1
bandwidth 6000 hostip 10.0.0.254 log enable
huawei(config-btv)#igmp program add name program2 ip 224.1.1.3 vlan 10 bind 0/3/1
bandwidth 6000 hostip 10.0.0.254 log enable
Step 2 Configure right profiles named music and movie with the watch right, and bind the right profiles
to the programs.
huawei(config-btv)#igmp profile rename profile1 music
huawei(config-btv)#igmp profile profile-name music program-name program1 watch
huawei(config-btv)#igmp profile profile-name music program-name program2 watch
huawei(config-btv)#igmp profile rename profile2 movie
huawei(config-btv)#igmp profile profile-name movie program-name program3 watch
huawei(config-btv)#quit
Create service channels that belong to VLAN 10 on ADSL2+ ports 0/7/0 and 0/7/1 and use
traffic profile 3.
huawei(config)#service-port vlan 10 adsl 0/7/0 vpi 0 vci 35 rx-cttr 3 tx-cttr
3
huawei(config)#service-port vlan 10 adsl 0/7/1 vpi 0 vci 35 rx-cttr 3 tx-cttr
3
This step is mandatory when you need to create an xDSL traffic flow and set its parameters
to be the same as the default values set by running the igmp video-port command.
huawei(config-btv)#igmp video-port vpi 0 vci 35
Configure multicast user 0/7/0 as the authentication type and with log reporting enabled.
Configure multicast user 0/7/1 as the authentication type and with log reporting enabled.
huawei(config)#btv
huawei(config-btv)#igmp user add port 0/7/0 adsl 0 35 auth log enable
huawei(config-btv)#igmp user add port 0/7/1 adsl 0 35 auth log enable
Bind multicast user 0/7/0 to right profile music, and multicast user 0/7/1 to right profile
movie.
5. Activate the ports, and bind the ports to the line profile and alarm profile.
Bind ADSL2+ port 0/7/0 and port 0/7/1 to the default line profile (line profile 1) and the
default alarm profile (alarm profile 1).
huawei(config)#interface adsl 0/7
huawei(config-if-adsl-0/7)#deactivate 0
huawei(config-if-adsl-0/7)#activate 0 profile-index 1
huawei(config-if-adsl-0/7)#alarm-config 0 1
huawei(config-if-adsl-0/7)#deactivate 1
huawei(config-if-adsl-0/7)#activate 1 profile-index 1
huawei(config-if-adsl-0/7)#alarm-config 1 1
huawei(config-if-adsl-0/7)#quit
----End
Result
l User 1 can watch program1 and program2 that are provided by the ISP bound to right profile
music, but user 1 cannot watch program3.
l User 2 can watch program3 that is provided by the ISP bound to right profile movie.
Configuration Script
(config)#
vlan 10 smart
btv
igmp mode proxy
y
igmp uplink-port 0/3/1 100
igmp program add name program1 ip 224.1.1.1 vlan 10 bind 0/3/1 bandwidth 6000
hostip 10.0.0.254 log enable
igmp program add name program2 ip 224.1.1.2 vlan 10 bind 0/3/1 bandwidth 6000
hostip 10.0.0.254 log enable
igmp program add name program3 ip 224.1.1.3 vlan 10 bind 0/3/1 bandwidth 5000
hostip 10.0.0.254 log enable
igmp profile rename profile1 music
igmp profile profile-name music program-name program1 watch
igmp profile profile-name music program-name program2 watch
igmp profile rename profile2 movie
igmp profile profile-name movie program-name program3 watch
quit
service-port vlan 10 adsl 0/7/0 vpi 0 vci 35 rx-cttr 3 tx-cttr 3
service-port vlan 10 adsl 0/7/1 vpi 0 vci 35 rx-cttr 3 tx-cttr 3
btv
igmp video-port vpi 0 vci 35
igmp user add port 0/7/0 adsl 0 35 auth log enable
igmp user add port 0/7/1 adsl 0 35 auth log enable
igmp user bind-profile port 0/7/0 profile-name music
igmp user bind-profile port 0/7/1 profile-name movie
quit
interface adsl 0/7
deactivate 0
activate 0 profile-index 1
alarm-config 0 1
deactivate 1
activate 1 profile-index 1
alarm-config 1 1
quit
save
Prerequisites
The upper-layer network must work in the L2 mode, and must forward packets according to the
VLAN and the MAC address.
Service Requirements
l The user accesses the Internet in the PPPoE dialing mode.
l The user bandwidth is 2 Mbit/s.
l User packets carry two VLAN tags, of which the outer VLAN tag identifies the ISP and
the inner VLAN tag identifies the user.
Networking
Figure 5-6 shows the example network for configuring the VLAN stacking multi-ISP wholesale
access.
Users 1 and 2 belong to one ISP, and users 3 and 4 belong to another ISP. Based on the VLAN
stacking feature, the UA5000 adds the outer VLAN tag to differentiate ISPs and inner VLAN
tag to differentiate users and forwards the user packet to the L2 network. Then the L2 LAN
switch forwards the user packets to the specified ISP BRAS based on the outer VLAN tag. The
ISP BRASs remove the outer VLAN tag and identify the users based on the inner VLAN tag.
After passing the authentication, the users can obtain various services provided by the ISP.
Figure 5-6 Example network for configuring the VLAN stacking multi-ISP wholesale access
LSW
ISP1 VLAN ID: 60 VLAN ID: 61 ISP2
BRAS BRAS
UA5000
Modem
Procedure
Step 1 Create VLANs.
The outer VLAN IDs are 60 and 61, and the VLANs are smart VLANs.
huawei(config)#vlan 60-61 smart
It will take several minutes, and console may be timeout, please use command
idle-timeout to set time limit
Are you sure to add VLANs? (y/n)[n]:y
----End
Result
After passing the authentication by the ISP1 BRAS, user 1 and user 2 can obtain the service
provided by ISP1.
After passing the authentication by the ISP2 BRAS, user 3 and user 4 can obtain the service
provided by ISP2.
Configuration Script
[global-config]
<global-config>
vlan 60-61 smart
y
vlan attrib 60-61 stacking
y
port vlan 60-61 0/3 0
y
traffic table index 10 ip car 2048 priority 3 priority-policy tag-In-Package
service-port vlan 60 adsl 0/7/0 vpi 0 vci 35 rx-cttr 10 tx-cttr 10
service-port vlan 60 adsl 0/7/1 vpi 0 vci 35 rx-cttr 10 tx-cttr 10
service-port vlan 61 adsl 0/8/0 vpi 0 vci 35 rx-cttr 10 tx-cttr 10
service-port vlan 61 adsl 0/8/1 vpi 0 vci 35 rx-cttr 10 tx-cttr 10
stacking label 0/7/0 vpi 0 vci 35 11
stacking label 0/7/1 vpi 0 vci 35 12
stacking label 0/8/0 vpi 0 vci 35 11
stacking label 0/8/1 vpi 0 vci 35 12
save
Networking
Figure 5-7 shows the example network for configuring the VLAN ID extension.
Broadband users that access the WAN through multiple UA5000s are authenticated on the BRAS
to obtain the broadband service provided by the operator. The BRAS supports the user
identification through L2 VLAN. The outer VLAN tag identifies the UA5000 that is accessed
with users, and the inner VLAN tag identifies the users of the device.
BRAS
UA5000_A UA5000_B
Modem Modem
Procedure
l Configure UA5000_A.
1. Create a VLAN.
The VLAN ID is 60, and the VLAN is a smart VLAN.
huawei(config)#vlan 60 smart
l Configure UA5000_B.
----End
Result
After passing the authentication by the BRAS, the users on UA5000_A and UA5000_B can
access the Internet.
Prerequisites
The upper-layer network must work in the L2 mode, and must forward packets according to the
VLAN and the MAC address.
Service Requirements
The private networks of enterprise A distributed in two places can communicate with each other
in the normal state.
Networking
Figure 5-8 shows the example network for configuring the private line service.
The two branches of enterprise A are connected to the MAN through the UA5000_A and
UA5000_B. On UA5000_A and UA5000_B, the attribute of the upstream VLAN of user packets
is configured as QinQ private line service. In this manner, services and BPDU packets from the
private network of the enterprise can be transparently transmitted to the peer private network.
Figure 5-8 Example network for configuring the private line service
MAN
L2/L3 L2/L3
0/3/0 0/3/0
I C
C I C
C
P S P S
S S
M R M R
R R
B B B B
0/7/0 UA5000_A 0/7/0 UA5000_B
Modem Modem
LSW LSW
Enterprise A Enterprise B
The configuration on UA5000_A is the same as the configuration on UA5000_B. The following
uses the configuration on UA5000_A as an example to describe how to configure the private
line service implemented through a QinQ VLAN.
Procedure
Step 1 Create a VLAN.
The VLAN ID is 50, and the VLAN is a smart VLAN.
huawei(config)#vlan 50 smart
----End
Result
After the configuration, the two branches of enterprise A can communicate with each other, and
various services between private networks are implemented.
Context
Triple play is a service provisioning mode in which integrated services can be provided to a user.
Currently, the prevailing integrated services include the high-speed Internet access service, voice
over IP (VoIP) service, and IPTV service.
The early broadband access provides only the high-speed Internet access service. As the Internet
is rapidly developing, it can offer much richer services, such as video (IPTV) services. The
development of multiple access modes such as ADSL2+ and VDSL2 access, and the
improvement of broadband access also lay a solid foundation for provisioning the video services.
The early voice signals are transmitted over the narrowband public switched telephone network
(PSTN). Because the PSTN is no longer developed, the services over the PSTN are shifting to
the IP network. Providing the VoIP service over broadband lines can also reduce the equipment
maintenance cost.
For the xDSL access, the UA5000 supports the following triple play modes:
l Single-PVC for multiple services: Single-PVC for multiple services is a triple play mode
in which a single PVC is adopted for carrying multiple services from the access device to
each DSL user terminal. The different services are differentiated by the Ethernet
encapsulation mode (IPoE/PPPoE), VLAN IDs carried in the packets from the DSL user
terminal and so on.
l Multi-PVC for multiple services: Multi-PVC for multiple services is a triple play mode in
which multiple PVCs are adopted for carrying multiple services from the access device to
each DSL user terminal. The Internet access service, VoIP, and IPTV services are carried
by a single PVC to the user. That is, each xDSL port is configured with at least three PVCs.
On the network side, three VLANs are created for the upstream interface to carry different
types of services.
The different services have different request on the bandwidth and priority.
l The bandwidth and delay of the VoIP service are low. High delay may cause problems such
echo, which affects the voice quality. Therefore, the priority of the VoIP service is the
highest among the triple play services.
l The bandwidth occupied by the IPTV service is relatively high, and the bit error ratio/packet
loss ratio is relatively low. If the bit error ratio/packet loss ratio is high, the video frame is
lost so that mosaic images occur or even erratic display occurs, which affects the user
experience. Therefore, the priority of the IPTV service is lower than that of the VoIP service,
but is higher than that of the Internet access service.
l The common Internet access service, such as web browsing, has low requirements on real-
time performance and lower requirements on packet loss ratio than the IPTV service
because the reliability of the transmission is ensured through the retransmission
mechanism. Therefore, the priority of the high-speed Internet access service is the lowest
among the triple play services.
Service Requirements
l ADSL user 1 and ADSL user 2 are connected to the UA5000 to implement the triple play
application.
l The Internet service is provided in the PPPoE mode.
l The VoIP service and the IPTV service are provided in the DHCP mode, obtaining IP
addresses from the DHCP server in the standard DHCP mode.
l After receiving different traffic streams, the UA5000 provides different QoS guarantees to
the traffic streams according to the traffic priorities in the PVC.
Figure 5-9 shows the example network for configuring the triple play application in the multi-
PVC for multiple services mode.
Figure 5-9 Example network for configuring the triple play application in the multi-PVC for
multiple services mode
Program1:224.1.1.1
Program2:224.1.1.2
Muticast source
OSS & RADIUS Server/RADIUS Proxy
BMS
GW
IPTV DHCP IP1:20.2.2.2
Server IP2:20.2.2.3
UA5000
Home Gateway 2
Ephone PC TV Ephone PC TV
User 1 User 2
Procedure
l Configure the Internet service.
1. Create a VLAN and add an upstream port to the VLAN.
huawei(config)#vlan 2 smart
huawei(config)#port vlan 2 0/3 0
Because the VoIP, IPTV, and Internet services are provided through the same port, you must set the
802.1p priority of each service. Generally, the priorities are in a descending order for the VoIP
service, IPTV service, and Internet service.
Add traffic profile 7, set the committed information rate (CIR) to 2 Mbit/s, and set the
802.1p priority of the Internet service to 1.
Add a service port to the VLAN and use the traffic profile added in the preceding step.
huawei(config)#service-port vlan 2 adsl 0/7/0 vpi 0 vci 37 rx-cttr 7 tx-
cttr 7
huawei(config)#service-port vlan 2 adsl 0/8/0 vpi 0 vci 37 rx-cttr 7 tx-
cttr 7
Add traffic profile 8, set the CIR to 1 Mbit/s, and set the 802.1p priority of the voice
service to 6.
huawei(config)#traffic table index 8 ip car 1024 priority 6 priority-
policy pvc-Setting
Add a service port to the VLAN 3 and use the traffic profile 8 added in the preceding
step.
huawei(config)#service-port vlan 3 adsl 0/7/0 vpi 0 vci 36 rx-cttr 8 tx-
cttr 8
huawei(config)#service-port vlan 3 adsl 0/8/0 vpi 0 vci 36 rx-cttr 8 tx-
cttr 8
Add traffic profile 9 without limiting the rate of the packet, and set the 802.1p priority
of the IPTV service to 5.
huawei(config)#traffic table index 9 ip car off priority 5 priority-policy
pvc-Setting
NOTICE
On the UA5000, if the PVC is configured with a priority, the priority of the multicast
packets carried by the PVC does not take effect.
----End
Result
After the related upstream device and downstream device are configured, the triple play
application (Internet, VoIP, and IPTV services) is available.
l The Internet user can access the Internet through PPPoE dialup.
l VoIP users can call each other.
l The IPTV user connected to port 0/7/0 can watch all the programs, and the IPTV user
connected to port 0/8/0 can watch only program BTV-1.
Configuration Script
Internet:
vlan 2 smart
port vlan 2 0/3 0
traffic table index 7 ip car 2048 priority 1 priority-policy pvc-Setting
service-port vlan 2 adsl 0/7/0 vpi 0 vci 37 rx-cttr 7 tx-cttr 7
service-port vlan 2 adsl 0/8/0 vpi 0 vci 37 rx-cttr 7 tx-cttr 7
dhcp mode layer-3 standard
dhcp-server 1 ip 20.1.1.2 20.1.1.3
save
VoIP:
vlan 3 smart
port vlan 3 0/3 0
traffic table index 8 ip car 1024 priority 6 priority-policy pvc-Setting
service-port vlan 3 adsl 0/7/0 vpi 0 vci 36 rx-cttr 8 tx-cttr 8
service-port vlan 3 adsl 0/8/0 vpi 0 vci 36 rx-cttr 8 tx-cttr 8
dhcp mode layer-3 standard
dhcp-server 1 ip 20.1.1.2 20.1.1.3
interface vlanif 3
ip address 10.1.1.1 24
dhcp-server 1
quit
save
IPTV:
vlan 4 smart
port vlan 4 0/3 0
traffic table index 9 ip car off priority 5 priority-policy pvc-Setting
service-port vlan 4 adsl 0/7/0 vpi 0 vci 35 rx-cttr 9 tx-cttr 9
service-port vlan 4 adsl 0/8/0 vpi 0 vci 35 rx-cttr 9 tx-cttr 9
dhcp mode layer-3 standard
dhcp-server 2 ip 20.2.2.2 20.2.2.3
interface vlanif 4
ip address 10.2.2.1 24
dhcp-server 2
quit
btv
igmp mode proxy
igmp uplink-port 0/3/0
igmp uplink-port-mode program
igmp video-port vpi 0 vci 35
igmp program add name BTV-1 ip 224.1.1.1 vlan 4 bind 0/3/0
igmp program add name BTV-2 ip 224.1.1.2 vlan 4 bind 0/3/0
igmp profile profile-name profile0 program-name BTV-1 watch
igmp user add port 0/7/0 adsl 0 35 no-auth
igmp user add port 0/8/0 adsl 0 35 auth
igmp user bind-profile port 0/8/0 profile-name profile0
quit
save
Prerequisite
The service board and the upstream board must be added properly.
Service Requirements
l ADSL user 1 and ADSL user 2 are connected to the UA5000 to implement the triple play
application.
l The Internet service is accessed in the PPPoE mode.
l The VoIP service and the IPTV service are provided in the DHCP mode, obtaining IP
addresses from the DHCP server in the standard DHCP mode.
l After receiving different traffic streams through the same PVC, the UA5000 provides
different QoS guarantees to the traffic streams according to the user-side VLANs.
NOTE
The UA5000 can differentiate services by the following means:
l Ethernet type (IPoE/PPPoE)
l User-side VLAN ID
l User-side 802.1p value
Figure 5-10 shows the example network for configuring the triple play application in the single-
PVC for multiple services mode.
Figure 5-10 Example network for configuring the triple play application in the single-PVC for
multiple services mode
Program1:224.1.1.1
Program2:224.1.1.2
Muticast source
OSS & RADIUS Server/RADIUS Proxy
BMS
GW
IPTV DHCP IP1:20.2.2.2
Server IP2:20.2.2.3
UA5000
Home Gateway 2
Ephone PC TV Ephone PC TV
User 1 User 2
Procedure
l Configure the Internet service.
1. Create a VLAN and add an upstream port to the VLAN.
huawei(config)#vlan 2 smart
huawei(config)#port vlan 2 0/3 0
Because the VoIP, IPTV, and Internet services are provided through the same port, you must set the
802.1p priority of each service. Generally, the priorities are in a descending order for the VoIP
service, IPTV service, and Internet service.
Add traffic profile 7, set the committed information rate (CIR) to 2 Mbit/s, and set the
802.1p priority of the Internet service to 1.
Add a service port to VLAN 2 and use the traffic profile added in the preceding step.
huawei(config)#service-port vlan 2 adsl 0/7/0 vpi 0 vci 35 multi-service
user-vlan 20 rx-cttr 7 tx-cttr 7
huawei(config)#service-port vlan 2 adsl 0/8/0 vpi 0 vci 35 multi-service
user-vlan 20 rx-cttr 7 tx-cttr 7
Add traffic profile 8, set the CIR to 1 Mbit/s, and set the 802.1p priority of the voice
service to 6.
huawei(config)#traffic table index 8 ip car 1024 priority 6 priority-
policy pvc-Setting
Add a service port to the VLAN 3 and use the traffic profile 8 added in the preceding
step.
huawei(config)#service-port vlan 3 adsl 0/7/0 vpi 0 vci 35 multi-service
user-vlan 30 rx-cttr 8 tx-cttr 8
huawei(config)#service-port vlan 3 adsl 0/8/0 vpi 0 vci 35 multi-service
user-vlan 30 rx-cttr 8 tx-cttr 8
Add traffic profile 9 without limiting the rate of the packet, and set the 802.1p priority
of the IPTV service to 5.
huawei(config)#traffic table index 9 ip car off priority 5 priority-policy
pvc-Setting
NOTICE
On the UA5000, if the PVC is configured with a priority, the priority of the multicast
packets carried by the PVC does not take effect.
CAUTION
Multicast video streams can be transmitted only if the parameters values of the default
multicast service port are the same as those of a service port set by running the service-
port command.
huawei(config-if-vlanif4)#quit
huawei(config)#btv
huawei(config-btv)#igmp mode proxy
Are you sure to change IGMP mode?(y/n)[n]:y
huawei(config-btv)#igmp uplink-port 0/3/0
huawei(config-btv)#igmp uplink-port-mode program
Are you sure to change the uplink port mode?(y/n)[n]:y
huawei(config-btv)#igmp video-port vpi 0 vci 35
huawei(config-btv)#igmp video-port user-vlan 40
huawei(config-btv)#igmp program add name BTV-1 ip 224.1.1.1 vlan 4 bind
0/3/0
huawei(config-btv)#igmp program add name BTV-2 ip 224.1.1.2 vlan 4 bind
0/3/0
huawei(config-btv)#igmp profile profile-name profile0 program-name BTV-1
watch
huawei(config-btv)#igmp user add port 0/7/0 adsl 0 35 no-auth
----End
Result
After the related upstream device and downstream device are configured, the triple play
application (Internet, VoIP, and IPTV services) is available.
l The Internet user can access the Internet through PPPoE dialup.
l VoIP users can call each other.
l The IPTV user connected to port 0/7/0 can watch all the programs, and the IPTV user
connected to port 0/8/0 can watch only program BTV-1.
Configuration Script
Internet:
vlan 2 smart
port vlan 2 0/3 0
traffic table index 7 ip car 2048 priority 1 priority-policy pvc-Setting
service-port vlan 2 adsl 0/7/0 vpi 0 vci 35 multi-service user-vlan 20 rx-cttr 7 tx-
cttr 7
service-port vlan 2 adsl 0/8/0 vpi 0 vci 35 multi-service user-vlan 20 rx-cttr 7 tx-
cttr 7
dhcp mode layer-3 standard
dhcp-server 1 ip 20.1.1.2 20.1.1.3
save
VoIP:
vlan 3 smart
port vlan 3 0/3 0
traffic table index 8 ip car 1024 priority 6 priority-policy pvc-Setting
service-port vlan 3 adsl 0/7/0 vpi 0 vci 35 multi-service user-vlan 30 rx-cttr 8 tx-
cttr 8
service-port vlan 3 adsl 0/8/0 vpi 0 vci 35 multi-service user-vlan 30 rx-cttr 8 tx-
cttr 8
dhcp mode layer-3 standard
dhcp-server 1 ip 20.1.1.2 20.1.1.3
interface vlanif 3
ip address 10.1.1.1 24
dhcp-server 1
quit
save
IPTV:
vlan 4 smart
port vlan 4 0/3 0
traffic table index 9 ip car off priority 5 priority-policy pvc-Setting
service-port vlan 4 adsl 0/7/0 vpi 0 vci 35 multi-service user-vlan 40 rx-cttr 9 tx-
cttr 9
service-port vlan 4 adsl 0/8/0 vpi 0 vci 35 multi-service user-vlan 40 rx-cttr 9 tx-
cttr 9
dhcp mode layer-3 standard
dhcp-server 2 ip 20.2.2.2 20.2.2.3
interface vlanif 4
ip address 10.2.2.1 24
dhcp-server 2
quit
btv
igmp mode proxy
igmp uplink-port 0/3/0
igmp uplink-port-mode program
igmp video-port vpi 0 vci 35
igmp video-port user-vlan 40
igmp program add name BTV-1 ip 224.1.1.1 vlan 4 bind 0/3/0
igmp program add name BTV-2 ip 224.1.1.2 vlan 4 bind 0/3/0
igmp profile profile-name profile0 program-name BTV-1 watch
igmp user add port 0/7/0 adsl 0 35 no-auth
igmp user add port 0/8/0 adsl 0 35 auth
igmp user bind-profile port 0/8/0 profile-name profile0
quit
save
Service Requirements
l The UA5000 MiniMSAN adopts the EPON upstream transmission through the EP1A
board.
l The user accesses the Internet through PPPoE dialup.
l PITP is enabled to protect the user account against theft and roaming.
l This section describes the configuration only on the UA5000 MiniMSAN side. For the
configuration on the OLT side, see related manuals. For example, if the OLT is the
MA5680T provided by Huawei, see the MA5680T Configuration Guide.
l The configuration of UA5000 MiniMSAN_A is the same as the configuration of UA5000
MiniMSAN_B. In this section, the configuration of UA5000 MiniMSAN_A is considered
as an example.
Networking
Figure 5-11 shows the example network for configuring the EPON upstream transmission.
Figure 5-11 Example network for configuring the EPON upstream transmission
Router
OLT
EPON 0/6/0
Splitter I E C
C
P P S
S
M 1 R
D A R
EPON B
0/7/0
EPON
UA5000_A
UA5000_B
Modem
Splitter
Modem
PC PC
Phone
Prerequisite
l Sufficient license resources must be applied because the number of xDSL ports is based
on the license resources.
l When the UA5000 provides the AAA function, configure the AAA by referring to
"Configuring the AAA."
l When the BRAS provides the AAA function, the connection between the UA5000 and the
BRAS must be set up. The BRAS must identify the VLAN tag carried in the upstream
packets of the UA5000 and you must configure the user account and password on the BRAS
for accessing the Internet through dialup.
l The network devices and the lines must be normal.
l The interface VLAN of the upper-layer device of the UA5000 MiniMSAN must be the
same as the VLAN configured on the upstream port on the UA5000 MiniMSAN.
Data Plan
Table 5-1 provides the data plan for configuring the EPON upstream transmission.
Table 5-1 Data plan for the configuring the EPON upstream transmission
Line profile Index: 1002 (the default) When you activate the ADSL
port, the ADSL port
determines the actual
transmission parameters
according to the negotiation
between the line profile and
the customer premises
equipment (CPE).
Procedure
Step 1 The system automatically finds the EP1A board or manually add the EP1A board and then
confirm the board. The command for adding the EP1A board is as follows.
huawei(config)#board add 0/6 h601ep1a
huawei(config)#board confirm 0/6
Command:
display traffic table from-index 0
Traffic parameters for IP service:
--------------------------------------------------------------------------
TID CAR(kbps) Priority Pri-Policy
--------------------------------------------------------------------------
0 960 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
7 3072 6 pvc-pri
--------------------------------------------------------------------------
The query result shows that traffic profile 7 is available. If no traffic profile is available,
you can run the traffic table command to create a traffic profile.
2. Configure a VLAN and add the service port and upstream port to the VLAN.
huawei(config)#vlan 10 smart
huawei(config)#port vlan 10 0/3 0
huawei(config)#service-port vlan 10 adsl 0/7/0 vpi 0 vci 35 multi-service user-
encap pppoe rx-cttr 7 tx-cttr 7
----End
Verification
l Step 1: Configure the user account and password on the modem. Ensure that the
configuration is the same as the configuration on the BRAS; or dial up on the PC using the
PPPoE dialup software. After the dialup is successful, the user can access the Internet.
l Step 2: When FTP is used to download files, after the dialup is performed through the
PPPoE dialup software, the PPPoE dialup software prompts a message indicating that the
dialup is successful and the user can access the Internet through PPPoE dialup.
Configuration Script
board add 0/6 h601ep1a
display traffic table from-index 0
vlan 10 smart
port vlan 10 0/3 0
service-port vlan 10 adsl 0/7/0 vpi 0 vci 35 multi-service user-encap pppoe rx-cttr
7 tx-cttr 7
interface adsl 0/7
deactivate 0
Service Requirements
l The UA5000 MiniMSAN adopts the GPON upstream transmission through the GP1A
board.
l The user accesses the Internet through PPPoE dialup.
l PITP is enabled to protect the user account against theft and roaming.
l The GPON networking uses the P2MP technology and the access link shared by multiple
points to implement the access services. The GPON supports multiple networking modes
through subtending, including fiber to the curb (FTTC), fiber to the building (FTTB), and
fiber to the home (FTTH).
l This section describes the configuration only on the UA5000 MiniMSAN side. For the
configuration on the OLT side, see related manuals. For example, if the OLT is the
MA5680T provided by Huawei, see the MA5680T Configuration Guide.
l The configuration of UA5000 MiniMSAN_A is the same as the configuration of UA5000
MiniMSAN_B. In this section, the configuration of UA5000 MiniMSAN_A is considered
as an example.
Networking
Figure 5-12 shows the example network for configuring the GPON upstream transmission.
Figure 5-12 Example network for configuring the GPON upstream transmission
Router
OLT
GPON 0/6/0
Splitter I G C
C
P P S
S
M 1 R
GPON D A R
B
0/7/0
GPON
UA5000 _B
UA5000_A
Modem
Splitter
Modem
PC PC
Phone
Prerequisite
l Sufficient license resources must be applied because the number of xDSL ports is based
on the license resources.
l When the BRAS provides the AAA function, the connection between the UA5000 and the
BRAS must be set up. The BRAS must identify the VLAN tag carried in the upstream
packets of the UA5000 and you must configure the user account and password on the BRAS
for accessing the Internet through dialup.
l The network devices and the lines must be normal.
l The interface VLAN of the upper-layer device of the UA5000 MiniMSAN must be the
same as the VLAN configured on the upstream port on the UA5000 MiniMSAN.
Data Plan
Table 5-2 provides the data plan for configuring the GPON upstream transmission.
Table 5-2 Data plan for the configuring the GPON upstream transmission
Line profile Index: 1002 (the default When you activate the ADSL
profile) port, the ADSL port
determines the actual
transmission parameters
according to the negotiation
between the line profile and
the customer premises
equipment (CPE).
Procedure
Step 1 The system automatically finds the EP1A board or manually add the EP1A board and then
confirm the board. The command for adding the EP1A board is as follows.
huawei(config)#board add 0/6 h601ep1a
huawei(config)#board confirm 0/6
Command:
display traffic table from-index 0
Traffic parameters for IP service:
--------------------------------------------------------------------------
TID CAR(kbps) Priority Pri-Policy
--------------------------------------------------------------------------
0 960 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
7 3072 6 pvc-pri
--------------------------------------------------------------------------
2. If no proper traffic profile exists after the query, you can run the traffic table command to
create a traffic profile with index 8 and access rate 10 Mbit/s. The configuration is as
follows:
huawei(config)#traffic table ip car 10240 priority 6 priority-policy pvc-
Setting
3. Create a VLAN and add the service port and the upstream port to the VLAN.
huawei(config)#vlan 10 smart
huawei(config)#port vlan 10 0/3 0
huawei(config)#service-port vlan 10 adsl 0/7/0 vpi 0 vci 35 multi-service user-
encap pppoe rx-cttr 8 tx-cttr 8
----End
Verification
l Step 1: Configure the user account and password on the modem. Ensure that the
configuration is the same as the configuration on the BRAS.
l Step 2: Dial up on the PC using the PPPoE dialup software. After the dialup is successful,
the user can access the Internet.
l Step 3: When FTP is used to download files, after the dialup is performed through the
PPPoE dialup software, the PPPoE dialup software prompts a message indicating that the
dialup is successful and the user can access the Internet through PPPoE dialup.
Configuration Script
board add 0/6 h601gp1a
display traffic table from-index 0
This topic describes the uplink redundancy backup and how to configure the uplink redundancy
backup on the UA5000.
Context
Uplink redundancy backup includes the following information:
l Uplink aggregation group: Aggregate multiple Ethernet ports as an aggregation group to
expand the bandwidth and balance the input and output load among member ports. In
addition, the ports in an aggregation group back up each other, which enhances the link
security.
NOTE
NOTE
A protection group works in either of the following modes:
1. Port status detection mode
l Two ports in a protection group or the transmit ports on two boards are enabled. You can determine
whether to perform a switchover according to the port status.
l When the number of ports (in a protection group) that are in the up state on the standby board is
greater than the number of ports (in a protection group) that are in the up state on the active board,
a switchover is triggered.
2. Delay detection mode
l Only one transmit port in a protection group is enabled and the other port is disabled.
l When the enabled transmit port is in the down state, disable this transmit port and enable the other
transmit port.
l If the other transmit port is in the up state, perform the switchover. Otherwise, disable the port that
is in the up state and enable the other port to proceed with the detection.
3. Link Aggregation Control Protocol (LACP) detection mode
In this mode, the UA5000 detects port faults and triggers the switchover through the LACP protocol.
Before creating an LACP protection group, create an LACP aggregation group.
6.1 Configuring the Uplink Redundancy Backup (in the Upstream Port Aggregation Mode)
This topic describes how to back up the uplink in the upstream port aggregation mode. This is
used to protect the uplinks on the IPM board. In addition, this increases the bandwidth of the
upstream port and balances the load.
6.2 Configuring the Uplink Redundancy Backup (in the Protection Group Mode)
This topic describes how to configure a protection group of ports, which works with the active/
standby switchover mechanism to implement the service protection on an upstream port. This
is used to protect the uplinks on the IPM active and standby control boards. Three detection
modes are available, including the port status detection, delay detection, and LACP detection.
In the LACP detection mode, the upper-layer device is required to support the LACP mode.
6.3 Configuring the Uplink Redundancy Backup (in the Upstream Port Aggregation + Protection
Group Mode)
This topic describes how to set the LACP detection mode, which works with the active/standby
switchover mechanism to implement the service protection on an upstream port. This is used to
protect the uplinks of the ports on the active control board and the uplinks of the active and
standby control boards. Therefore, the reliability is high.
Service Requirements
Two upstream ports are on the same upstream board and they must be of the same port type.
Networking
Figure 6-1 shows the example network for configuring the uplink redundancy backup.
Figure 6-1 Example network for configuring the uplink redundancy backup
Router
I
P C
M S
R
0/3/0 B
0/3/1
UA5000
Modem
PC
Procedure
Step 1 Aggregate upstream ports.
huawei(config)#interface ipm 0/3
huawei(config-if-ipm-0/3)#link-aggregation 0,1 egress-ingress
----End
Verification
After the configuration, the user should be able to access the Internet. When the uplink of
upstream port 0/3/0 fails, the system automatically transfers the service carried on port 0/3/0 to
the uplink of upstream port 0/3/1 for transmission. In this manner, the user can still access the
Internet.
Configuration Script
interface ipm 0/3
link-aggregation 0,1 egress-ingress
quit
vlan 10 smart
port vlan 10 0/3 0-1
service-port vlan 10 adsl 0/7/0 vpi 0 vci 35 rx-cttr 6 tx-cttr 6
save
Service Requirements
Two ports in a protection group are on two upstream boards and they must be of the same port
type.
Networking
Figure 6-2 shows the example network for setting the port state detection mode.
Figure 6-2 Example network for setting the port state detection mode
NMS
Router
0 0
1 1
Procedure
Step 1 Enter the protect mode.
huawei(config)#protect
Step 2 Configure the protection group and set the port state detection mode for the protection group.
huawei(config-protect)#protect-group first 0/2/0 second 0/3/0 eth workmode
portstate enable
Step 3 Query the information about the protection group of the port.
huawei(config-protect)#display protect-group
{ <cr>|frameid/slotid<S><1,15>|frameid/slotid/portid<S><1,15> }:
Command:
display protect-group
---------------------------------------------------------------------------
NO. FirstIntf SecondIntf Enable ActiveFlag ProtectType WorkMode
---------------------------------------------------------------------------
0 0/2/0 0/3/0 Enable First ETH PortState
---------------------------------------------------------------------------
Total : 1
----End
Verification
When the service is interrupted due to the physical disconnection from the upper-layer device,
the configuration of the protection group implements the active/standby protection through the
switching of the service transmission from the faulty link to the standby link. This ensures the
normal transmission of the user data.
Configuration Script
protect
protect-group first 0/2/0 second 0/3/0 eth workmode portstate enable
quit
save
Prerequisites
l The upper-layer device must be configured with LACP.
l The two control boards and the two ports in a protection group must be of the same type.
Service Requirements
l Implement the link protection on the two control boards and on the two ports on the control
board respectively.
l If the LACP protection group triggers the protection switching, the service interruption
time is not longer than 4s.
Networking
Figure 6-3 shows the example network for configuring the uplink redundancy backup.
Figure 6-3 Example network for configuring the uplink redundancy backup
NMS
Router
0 0
UA5000
1 1
0/2 0/3
Primary IPM Secondary IPM
Procedure
Step 1 Configure the LACP static protocol on a specified port to generate the aggregation group.
huawei(config)#interface ipm 0/2
huawei(config-if-ipm-0/2)#link-aggregation 0-1 egress-ingress workmode lacp-static
Step 2 Configure the protection group and set the LACP detection mode for the protection group.
huawei(config-if-ipm-0/2)#quit
huawei(config)#protect
huawei(config-protect)#protect-group first 0/2/0 second 0/3/0 eth workmode lacp
enable
Step 4 Query the information about the aggregation group generated through the LACP static protocol.
huawei(config-protect)#quit
----End
Verification
Configure the LACP detection mode to work with the active/standby switchover mechanism of
the UA5000. The service protection of the upstream port uses the LACP detection mode.
Configuration Script
interface ipm 0/2
link-aggregation 0-1 egress-ingress workmode lacp-static
quit
protect
protect-group first 0/2/0 second 0/3/0 eth workmode lacp enable
display protect-group
quit
display lacp link-aggregation summary
display lacp link-aggregation verbose 1
save
Two or more UA5000s can subtend with each other through the GE port. The subtending of
UA5000s does not require the transfer board.
Prerequisites
l The network devices and lines are in the normal state.
l GE port 0/3/1 on UA5000_A and GE port 0/3/0 on UA5000_B must be of the same port
type. The port rate must be configured and the duplex mode must be configured to auto-
negotiation through the auto-neg command.
l The service configuration must be complete.
Networking
Figure 7-1 shows the example network for configuring device subtending.
NOTE
The subtending of UA5000s can be implemented through the IPMB or IPMD board. This section considers the
IPMB board as an example.
GE0/3/0
GE0/3/1
IPMB UA5000_A
GE0/3/0
IPMB UA5000_B
Configuration Flowchart
Procedure
Step 1 Configure UA5000_A.
1. Create a VLAN. This section considers the standard VLAN as an example.
huawei(config)#vlan 2 standard
----End
Verification
After the configuration, the two subtended devices should be able to be configured with various
services and the services are in the normal state.
Configuration Script
Configuration on UA5000_A
vlan 2 standard
port vlan 2 0/3 0
port vlan 2 0/3 1
Configuration on UA5000_B
vlan 2 standard
port vlan 2 0/3 0
This topic describes the related operation for configuring the integrated data and voice
networking of the UA5000.
8.1 Networking
The UA5000 accesses the voice and data services through the A32 and ETDB service boards,
and then transmits the IP service upstream to the IP network through the IPM board and transmits
the traditional voice service upstream to the PSTN network through the PVM board.
8.2 Prerequisites
This topic describes the prerequisites for the integrated data and voice networking of the
UA5000.
8.7 Verification
This topic describes how to verify the integrated data and voice networking of the UA5000. If
the broadband service is successfully configured, the user can access the Internet. If the
narrowband service is successfully configured, the user can make and receive calls.
8.1 Networking
The UA5000 accesses the voice and data services through the A32 and ETDB service boards,
and then transmits the IP service upstream to the IP network through the IPM board and transmits
the traditional voice service upstream to the PSTN network through the PVM board.
Figure 8-1 shows the integrated networking of the UA5000.
OSS
NMS
DHCP Server
BRAS Router
00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17
P P I I P P A C S V E E D E T
W W P P V V S H D D D S D S
3
X X M M M M R L M T T L T S
2
B B B B B B B B B B B D B B
STB
PC TV
8.2 Prerequisites
This topic describes the prerequisites for the integrated data and voice networking of the
UA5000.
l The hardware commissioning must be complete, and the system must be available for
service configuration.
l The modem must be connected and must be in the normal state.
l The upper-layer devices, including the BRAS, DHCP sever, multicast sever, MGC, and
BMS workstation must work in the normal state.
Table 8-1 provides the data plan for configuring the integrated data and voice network of the
UA5000.
Table 8-1 Data plan for configuring the integrated data and voice network
l VPI: 8
l VCI: 35
VPI: 8; VCI: 35
Internet access mode xDSL service: VPI 8, VCI 35, PPPoE The xDSL services use
mode, set the modem to the bridge mode. the PC dialing method.
If the modem dialing
method is required, set
Table 8-2 provides the data plan for configuring the integrated data and voice networking of the
UA5000.
Table 8-2 Data plan for configuring the integrated data and voice networking
Item Data
MG interface mgid: 0
code: text
Protocol: H.248
Item Data
Procedure
Step 1 Query the host software version.
huawei(config)#display language
NOTE
If the version does not match the planned version, see the version upgrade guide to update the host software
to the planned host software version.
Step 5 Add a standard VLAN, and assign FE ports 6 and 7 and IP upstream port 0 to the VLAN.
huawei(config)#vlan 1001 standard
huawei(config)#port vlan 1001 0/2 0
huawei(config)#port vlan 1001 0/2 6
huawei(config)#port vlan 1001 0/2 7
huawei(config)#interface vlanif 31
huawei(conffig-if-vlanif31)#ip address 10.5.24.3 255.255.255.0
huawei(conffig-if-vlanif31)#quit
huawei(config)#ip route-static 0.0.0.0 0.0.0.0 10.5.24.2
huawei(config)#snmp-agent community read public
huawei(config)#snmp-agent community write private
huawei(config)#snmp-agent trap enable standard
huawei(config)#snmp-agent target-host trap address 10.140.5.79 securityname
private
huawei(config)#snmp-agent trap source vlanif 31
Command:
adsl line-profile add
3
Start adding
profile
Press 'Q' to quit the current configuration and new configuration will be
neglected
> Do you want to name the profile (y/n)
[n]:
> Please choose default value type 0-adsl 1-adsl2+ (0~1)
[0]:
> Will you set basic configuration for modem? (y/n)[n]:
> Please select channel mode 0-interleaved 1-fast (0~1) [0]:
> Will you set interleaved delay? (y/n)
[n]:
> Please select form of transmit rate adaptation in downstream:
[n]:
Add profile 2 successfully
huawei(config)#interface sdl 0/8
huawei(config-if-sdl-0/8)#deactivate all
huawei(config-if-sdl-0/8)#activate all 2
Step 10 Configure the Internet access mode and the multicast channel (configure the modem).
l PPPoE mode
– Set the modem to be in the bridge mode.
----End
Procedure
Step 1 Configure the system networking mode to the integrated access networking.
huawei(config)#working mode integrated
NOTE
If the version does not match, see the version upgrading guide to update the host software to a proper
version.
huawei(config-esl-user)#quit
huawei(config)#save
----End
8.7 Verification
This topic describes how to verify the integrated data and voice networking of the UA5000. If
the broadband service is successfully configured, the user can access the Internet. If the
narrowband service is successfully configured, the user can make and receive calls.
A FAQ
A.1 How to Ensure the System and User Security Through the Proper Configuration?
A.7 How to Change the Service VLAN to Which the xDSL Port Belongs?
A.8 How to Delete the VLAN to Which the Upstream Port Is Bound?
A.10 Why Is the Actual Rate of the User Lower Than the Rate of the Bound Line Profile?
A.11 How to Query MAC Addresses of Online Users and Query the Ports that Provide the Access
for the Users According to the MAC Addresses?
The static user is a type of user on the BRAS. The data of the static user is configured on the
BRAS. The procedure for adding a static user on the UA5000 is the same as the procedure for
adding a dynamic user on the UA5000. You need only to create a VLAN, and add the upstream
port and service port to the VLAN.
NOTE
For the devices of early versions, the "network management VLAN" is called "management VLAN". The
name is unified as "network management VLAN" on the UA5000. The configuration of the "network
management VLAN" is different from the configuration of the previous "management VLAN".
NOTICE
Changing the network management VLAN interrupts the BMS service temporarily until the
configuration of the new BMS service is complete.
1. Run the undo service-port command to delete the service port (PVC).
2. Reconfigure the VLAN to which the xDSL belongs.
NOTE
For information about the restriction on deleting the service port, see the usage guidelines of the undo
service-port command.
1. Run the undo port vlan command to delete the upstream port of the VLAN.
2. Run the undo vlan command to delete the VLAN.
A.10 Why Is the Actual Rate of the User Lower Than the Rate
of the Bound Line Profile?
A: The UA5000 can limit the user rate through the line profile or through the traffic table. When
the user rate is limited through both the line profile and the traffic table, the actual rate of the
user is the lower rate limited by the two items. Therefore, when the actual rate of the user is
lower than the rate of the bound line profile, check the rate of the traffic table to which the
corresponding service port (PVC) of the user is bound. Then, change the traffic table or the rate
of the traffic table to which the service port is bound according to the requirement.
BTV Broadcast TV
CC Connection Confirm
DR Designated Router
DU Downstream Unsolicited
FE Fast Ethernet
GE Gigabit Ethernet
IP Internet Protocol
MA Maintenance Association
PQ Priority Queuing