UA5000 (IPM) V100R017 Configuration Guide 09

UA5000 Universal Access Unit
V100R017
Configuration Guide-IPM CLI
Issue 09
Date 2013-10-30
HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2013. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: http://www.huawei.com
Email: support@huawei.com
Issue 09 (2013-10-30) Huawei Proprietary and Confidential i

Copyright © Huawei Technologies Co., Ltd.
Configuration Guide-IPM CLI About This Document
About This Document
Intended Audience
This document describes the configuration procedures of various services supported by the
UA5000 (IPM) in terms of configuration example and function configuration. The description
covers the following topics:
l Purpose
l Networking
l Data plan
l Prerequisite
l Precaution
l Configuration flowchart
l Procedure
l Result
This document helps you to master the configuration procedure for the key services supported
by the UA5000.
The intended audience of this document is:
l Installation and commissioning engineers

l System maintenance engineers
l Data configuration engineers
NOTE
The UA5000 supports both the IPMB and IPMD control boards. The control board in this document is the IPMB
board unless otherwise stated.
By default, the upstream port on the IPMB board is used to transmit services in the upstream direction.
The difference between the IPMD and IPMB control boards lies in the upstream port.
l The IPMB control board can provide four FE electrical ports and two GE/FE optical ports.
l The IPMD control board can provide four GE optical ports and two GE electrical ports.
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Issue 09 (2013-10-30) Huawei Proprietary and Confidential ii

Symbol Description
Indicates a hazard with a high level of risk which, if not

prevented, may result in death or serious injury.
Indicates a hazard with a medium or low level of risk

which, if not prevented, may result in minor or moderate
injury.
Indicates a potentially hazardous situation that, if not

prevented, may result in equipment damage, data loss, and
performance degradation, or unexpected results.
Indicates a tip that may help you solve a problem or save

time.
Provides additional information to emphasize or

supplement important points of the main text.
Command Conventions
Convention Description
Boldface The keywords of a command line are in boldface.
Italic Command arguments are in italic.
[] Items (keywords or arguments) in square brackets [ ] are

optional.
{ x | y | ... } Alternative items are grouped in braces and separated by

vertical bars. One is selected.
[ x | y | ... ] Optional alternative items are grouped in square brackets

and separated by vertical bars. One or none is selected.
{ x | y | ... } * Alternative items are grouped in braces and separated by

vertical bars. A minimum of one or a maximum of all can
be selected.
[ x | y | ... ] * Optional alternative items are grouped in square brackets

and separated by vertical bars. Multiple or none are
selected.
GUI Conventions
Boldface Buttons, menus, parameters, tabs, window, and dialog

titles are in Boldface. For example, click OK.
Issue 09 (2013-10-30) Huawei Proprietary and Confidential iii

> Multi-level menus are in boldface and separated by the ">"

signs. For example, choose File > Create > Folder.
Update History
Updates between document versions are cumulative. Therefore, the latest document version
contains all updates made to previous versions.
Updates in Issue 09 (2013-10-30)

Based on issue 08 (2011-11-15), the document is updated as follows:
The following information is modified: 2.3 Configuration Example of the BFD Link
Detection

The following information is modified: 4.4 Configuring the Multicast Service in an RSTP
Network

The following information is modified:

l 5.5.2 Configuration Example of the Triple Play Application (Single-PVC for Multiple
Services)
l 5.2 Configuration Example of the Multicast Service
l 4.2.3 Configuring the Multicast User

The structure and content of the document are optimized comprehensively so that the document
can better cater to user preferences and guide users.


l Configuring AAA
l Configuring RADIUS
Issue 09 (2013-10-30) Huawei Proprietary and Confidential iv

l Configuring the ADSL2+ Service

l Configuring the SHDSL Service
l Configuring the VDSL2 Service

The following information is added:

l Enabling the Ring Network Detection on the User Side
l Enabling the Dual Sending Function for IGMP Packets

l Enabling the Anti MAC Spoofing Function
l Configuring the Firewall Function
l Configuring an Accessible Address Segment

The following information is added:

l Configuring the GPON Upstream Transmission
l Configuring RRPP
l Configuration Example of the Universal Power Monitoring

l Configuring the Port Rate Reachability Thresholds for an ADSL2+ Port
l Configuring the Environment Monitoring
l Adding a Service Port to a VLAN
l Configuring a POWER4845 EMU
l Configuration Example of Power Monitoring


l Introduction to the License
Issue 01 (2008-03-25)
This is the first release.
Issue 09 (2013-10-30) Huawei Proprietary and Confidential v

Configuration Guide-IPM CLI Contents
Contents
About This Document.....................................................................................................................ii

1 Basic Configurations.....................................................................................................................1
1.1 Configuring the License.................................................................................................................................................3
1.2 Configuring the System Clock.......................................................................................................................................5
1.3 Configuring the Network Time......................................................................................................................................6
1.3.1 (Optional) Configuring NTP Authentication...............................................................................................................7
1.3.2 Configuring the Broadcast Mode NTP........................................................................................................................8
1.3.3 Configuring the Multicast Mode NTP.......................................................................................................................10
1.3.4 Configuring the Unicast Server Mode NTP..............................................................................................................13
1.3.5 Configuring the Peer Mode NTP...............................................................................................................................15
1.4 Configuring Alarms......................................................................................................................................................17
1.5 Adding Port Description...............................................................................................................................................18
1.6 Configuring the Auto-save Function............................................................................................................................19
1.7 Configuring the Attributes of an Upstream Ethernet Port............................................................................................21
1.8 Configuring the Ethernet Port Load Balancing............................................................................................................23
1.9 Configuring DHCP.......................................................................................................................................................24
1.9.1 Configuring the Standard DHCP Mode.....................................................................................................................25
1.9.2 Configuring the DHCP Option60 Mode....................................................................................................................26
1.9.3 Configuring the DHCP MAC Address Segment Mode.............................................................................................28
1.10 Configuring a VLAN..................................................................................................................................................30
1.11 Configuring an xDSL Profile.....................................................................................................................................35
1.11.1 Configuring ADSL2+ Profiles.................................................................................................................................35
1.11.2 Configuring SHDSL Profiles...................................................................................................................................38
1.11.3 Configuring VDSL2 Profiles...................................................................................................................................39
1.12 Configuring System Security......................................................................................................................................42
1.12.1 Configuring Firewall...............................................................................................................................................42
1.12.2 Configuring Anti-Malicious Attacks to the System................................................................................................45
1.12.3 Preventing the Access of Illegal Users....................................................................................................................46
1.13 Configuring the User Security....................................................................................................................................48
1.13.1 Configuring Anti-Theft and Roaming of User Account Through PITP..................................................................49
1.13.2 Configuring Anti-Theft and Roaming of User Account Through DHCP...............................................................52
1.13.3 Configuring Anti-Malicious Attacks to Users.........................................................................................................53
Issue 09 (2013-10-30) Huawei Proprietary and Confidential vi

1.13.4 Configuring the Ring Network Detection on the User Side....................................................................................54

1.14 Configuring AAA.......................................................................................................................................................55
1.14.1 Configuring the Remote AAA (RADIUS Protocol)................................................................................................56
1.14.2 Configuration Example of the RADIUS Authentication.........................................................................................59
1.15 Configuring the ACL..................................................................................................................................................61
1.15.1 Configuring a Basic ACL........................................................................................................................................63
1.15.2 Configuring an Advanced ACL...............................................................................................................................64
1.15.3 Configuring an L2 ACL..........................................................................................................................................65
1.15.4 Configuring a User-defined ACL............................................................................................................................66
1.16 Configuring QoS.........................................................................................................................................................69
1.16.1 Configuring Traffic Management............................................................................................................................70
1.16.2 Configuring Traffic Management Based on ACL...................................................................................................74
1.16.3 Configuring the Queue Management......................................................................................................................78
2 Protocol Configuration...............................................................................................................81
2.1 Configuring ARP Proxy...............................................................................................................................................82
2.2 Configuring the Route..................................................................................................................................................85
2.2.1 Configuration Example of the Routing Policy..........................................................................................................85
2.2.2 Configuration Example of the Static Route...............................................................................................................87
2.2.3 Configuration Example of RIP..................................................................................................................................89
2.2.4 Configuration Example of OSPF...............................................................................................................................92
2.3 Configuration Example of the BFD Link Detection....................................................................................................96
2.4 Configuring the RSTP..................................................................................................................................................99
2.5 Configuring RRPP......................................................................................................................................................101
3 Configuring the xDSL Internet Access Service...................................................................108

3.1 Configuring a VLAN..................................................................................................................................................111
3.2 Configuring an Upstream Port....................................................................................................................................116
3.3 Configuring an xDSL Port..........................................................................................................................................116
3.4 Creating an xDSL Service Port..................................................................................................................................118
3.5 (Optional) Configuring the xPoA-xPoE Protocol Conversion...................................................................................124
4 Configuring the Multicast Service.........................................................................................128

4.1 Default Settings of the Multicast Service...................................................................................................................130
4.2 Configuring the Multicast Service on a Single-NE Network.....................................................................................130
4.2.1 Configuring Global Multicast Parameters...............................................................................................................131
4.2.2 Configuring the Multicast Program.........................................................................................................................135
4.2.3 Configuring the Multicast User...............................................................................................................................137
4.2.4 (Optional) Configuring the Multicast Bandwidth...................................................................................................139
4.2.5 (Optional) Configuring Multicast Preview..............................................................................................................141
4.2.6 (Optional) Configuring the Program Prejoin...........................................................................................................142
4.2.7 (Optional) Configuring the Multicast Log...............................................................................................................143
4.3 Configuring the Multicast Service in a Subtending Network.....................................................................................145
Issue 09 (2013-10-30) Huawei Proprietary and Confidential vii

4.4 Configuring the Multicast Service in an RSTP Network...........................................................................................147
5 Configuration Examples of Services......................................................................................150

5.1 Configuration Example of the xDSL Internet Access Service...................................................................................151
5.1.1 Configuration Example of the xDSL Internet Access Service Through PPPoE Dialup.........................................151
5.1.2 Configuration Example of the xDSL IPoE Internet Access Service.......................................................................159
5.1.3 Configuration Example of the xDSL IPoA Internet Access Service.......................................................................166
5.1.4 Configuration Example of the xDSL PPPoA Internet Access Service....................................................................174
5.2 Configuration Example of the Multicast Service.......................................................................................................182
5.3 Configuring the VLAN Stacking Wholesale Service.................................................................................................186
5.3.1 Configuration Example of VLAN Stacking Multi-ISP Wholesale Access.............................................................186
5.3.2 Configuration Example of VLAN ID Extension.....................................................................................................189
5.4 Configuration Example of the QinQ VLAN..............................................................................................................190
5.5 Configuring the Triple Play........................................................................................................................................192
5.5.1 Configuration Example of the Triple Play Application (Multi-PVC for Multiple Services)..................................193
5.5.2 Configuration Example of the Triple Play Application (Single-PVC for Multiple Services).................................198
5.6 Configuration Example of the EPON Upstream Transmission..................................................................................203
5.7 Configuration Example of the GPON Upstream Transmission.................................................................................208
6 Configuring the Uplink Redundancy Backup.....................................................................214

6.1 Configuring the Uplink Redundancy Backup (in the Upstream Port Aggregation Mode)........................................216
6.2 Configuring the Uplink Redundancy Backup (in the Protection Group Mode).........................................................217
6.3 Configuring the Uplink Redundancy Backup (in the Upstream Port Aggregation + Protection Group Mode)........219
7 Configuration Example of Device Subtending...................................................................222

8 Configuring the Integrated Data and Voice Networking..................................................225
8.1 Networking.................................................................................................................................................................227
8.2 Prerequisites................................................................................................................................................................227
8.3 Data Plan (IPM)..........................................................................................................................................................228
8.4 Data Plan (PVM)........................................................................................................................................................230
8.5 Configuration Procedure (IPM)..................................................................................................................................231
8.6 Configuration Procedure (PVM)................................................................................................................................235
8.7 Verification.................................................................................................................................................................236
A FAQ.............................................................................................................................................237
A.1 How to Ensure the System and User Security Through the Proper Configuration?..................................................238
A.2 How Many PVCs are Supported by Each xDSL Port?..............................................................................................238
A.3 Does the PVC Have Priority?....................................................................................................................................238
A.4 How to Configure the Static User?............................................................................................................................239
A.5 How to Configure the Network Management VLAN?..............................................................................................239
A.6 How to Change the Network Management VLAN?..................................................................................................239
A.7 How to Change the Service VLAN to Which the xDSL Port Belongs?...................................................................240
A.8 How to Delete the VLAN to Which the Upstream Port Is Bound?...........................................................................240
Issue 09 (2013-10-30) Huawei Proprietary and Confidential viii

A.9 How to Transparently Transmit the VLAN on the IPM Board?...............................................................................240

A.10 Why Is the Actual Rate of the User Lower Than the Rate of the Bound Line Profile?..........................................240
A.11 How to Query MAC Addresses of Online Users and Query the Ports that Provide the Access for the Users According
to the MAC Addresses?....................................................................................................................................................241
A.12 How to Delete the Service Board?...........................................................................................................................241
B Acronym and Abbreviation....................................................................................................242
Issue 09 (2013-10-30) Huawei Proprietary and Confidential ix

Configuration Guide-IPM CLI 1 Basic Configurations
1 Basic Configurations
About This Chapter
Basic configurations mainly include certain common configurations, public configurations, and
pre-configurations in service configurations. There is no logical relationship between basic
configurations. You can perform basic configurations according to actual requirements.
1.1 Configuring the License

With the license enabled, the license platform performs license control through license server
over the function entries and resource entries of the UA5000 and provides customized services
for users.
1.2 Configuring the System Clock
This topic describes how to configure the system clock to restrict the clock frequency and phase
of each node on a network within the preset tolerance scope. This prevents transmission
performance deterioration caused by poor timing at both the transmit and receive ends in the
digital transmission system.
1.3 Configuring the Network Time
Configuring the NTP protocol is to keep the time of all the devices on the network synchronized,
so that the UA5000 implements various service applications, such as the network management
system and the network accounting system, based on uniform time.
1.4 Configuring Alarms
Alarm management includes the following functions: alarm record, alarm setting, and alarm
statistics. These functions help you to maintain the device and ensure that the device works
efficiently.
1.5 Adding Port Description
This topic describes how to add port description.
1.6 Configuring the Auto-save Function
This topic describes how to configure the auto-save function so that the system configuration
data or database files can be saved automatically.
1.7 Configuring the Attributes of an Upstream Ethernet Port
This topic describes how to configure the attributes of a specified Ethernet port so that the system
communicates with the upstream device in the normal state.
Issue 09 (2013-10-30) Huawei Proprietary and Confidential 1

1.8 Configuring the Ethernet Port Load Balancing

This topic describes how to configure the Ethernet port aggregation. Port aggregation means the
aggregation of multiple ports to protect links and balance the load. The aggregation of multiple
ports expands the bandwidth and balances the input and output load among member ports. For
the application of the link protection, see "Configuring the Uplink Redundancy Backup."
1.9 Configuring DHCP

The UA5000 can implement DHCP relay on a network. Configuring DHCP relay is applicable
to the scenario where DHCP clients in different network segments dynamically obtain IP
addresses from the same DHCP server.
1.10 Configuring a VLAN

Configuring VLAN is a prerequisite for configuring a service. Hence, before configuring a
service, make sure that the VLAN is configured.
1.11 Configuring an xDSL Profile

Configuring an xDSL profile is a prerequisite for configuring an xDSL access service. This topic
describes how to configure ADSL2+ profiles, SHDSL profiles, and VDSL2 profiles.
1.12 Configuring System Security

This topic describes how to configure the network security and protection measures of the system
to protect the system from malicious attacks.
1.13 Configuring the User Security

Configuring the security mechanism can protect operation users and access users against user
account theft and roaming or from the attacks from malicious users.
1.14 Configuring AAA

This topic describes how to configure the AAA on the UA5000, including configuring the
UA5000 as the local and remote AAA servers.
1.15 Configuring the ACL

This topic describes the type, rule, and configuration of the ACL on the UA5000.
1.16 Configuring QoS

This topic describes how to configure quality of service (QoS) on the UA5000.

1.1 Configuring the License

With the license enabled, the license platform performs license control through license server
over the function entries and resource entries of the UA5000 and provides customized services
for users.
Prerequisites
The license must be enabled.
Application Context
The license platform provides the registration mechanism for the service modules of the
UA5000. During system initialization, the service modules need to register for the controlled
resource entries or the controlled function entries. After the system starts to work, based on the
controlled entries that are registered, the license client management module obtains the
authentication information about the license controlled entries of the UA5000 from the license
server.
When a service module is configured through the CLI or NMS, the UA5000 checks whether the
resource entries of the service module or the function entries of the service module are
overloaded.
l If overload occurs, the system quits the service configuration and displays a prompt of
insufficient license resources.
l If overload does not occur, the system allows the user to continue configuring and using
the service. When the service configuration is deleted, the system automatically releases
the license resources occupied by the service configuration.
Context
l The UA5000 adopts the network license solution, that is, a license server is deployed on
the network. The license server software can be installed on the same device with the NMS.
The license server software can also be installed separately on a license server. Each
UA5000 is a license client and the licenses of all the clients are managed by the license
server in a centralized manner.
l In the management scope of the license server (generally a region or a city), each product
has only one license file that is stored on the license server. The resources of the product
that are controlled by the license are defined by the license file. One license server can
manage multiple products. Therefore, multiple license files can be stored on one license
server.
l With the license platform enabled, the license server performs license control over the
function entries and resource entries supported by the UA5000 and provides customized
services, namely, specified function entries and resource entries, for users according to the
requirements.
The control entries of the license platform include function entries and resource entries.
You can run the display license feature command to query the corresponding control
entries.
– A function entry refers to the entry whose license is controlled based on the function.
The controllable function entries supported by the UA5000 include:

– SELT function
– Port rate fulfillment ratio
– Single-PVC for multiple services function
– Illegal access control function of the broadband MAN
– A resource entry refers to the entry whose license is controlled based on the count. The
controllable resource entries supported by the UA5000 include:
– SHDSL port resources
– SHDSL bound port and SHDSL bis port resources referencing the high-rate profile
– ADSL port resources
– Port resources supporting the AnnexM function
– Port resources supporting the INP function
– Port resources supporting the AnnexL function
– VDSL port resources
– Port resources supporting the ADSL/VDSL auto-adaptation function
– XPoA-to-XPoE converting resources
– License control of the BTV program resources
– License control of the BTV user resources
Precautions
l If you need to use the license platform supported by the UA5000, ensure to consider the
deployment of the license server in network planning.
l It is recommended that you install the license server on the same computer with the NMS
server. If there is no NMS server, you need to separately deploy a license server on the
network.
Procedure
Step 1 Configure the interface that is for communicating between the UA5000 and the license server.
1. Run the vlan command to create a VLAN.
2. Run the port vlan command to add an upstream port to the VLAN.
3. (Optional) Run the native-vlan command to configure the default VLAN of the upstream
port.
Whether the native VLAN needs to be set for the upstream port depends on whether the
upper-layer device connected to the upstream port supports packets carrying a VLAN tag.
The setting on the UA5000 must be the same as that on the upper-layer device.
4. Run the interface vlanif command to enter the VLAN interface mode.
5. Run the ip address command to configure the IP address of the VLAN L3 interface so that
the IP packets in the VLAN are forwarded by using this IP address.
Step 2 Run the license esn command to configure the equipment serial number (ESN) of the device.
Each client of the license server is uniquely identified by the ESN. The ESN needs to be
configured if the user enables the license platform. The ESN can be the NMS IP address of the
device or the IP address of the VLAN L3 interface.

Step 3 Run the license server command to configure the license server.
If the user enables the license platform, configure the IP address and TCP port ID of the license
server so that the license server can communicate with the client.
Step 4 Run the display license info command to query the communication status between the device
and the license server.
----End
Example
To configure the UA5000 to communicate with the server through smart VLAN 10, configure
the IP address of the L3 interface to 10.10.10.10/24, configure the UA5000 to communicate with
the license server (IP address: 10.20.20.2/24) through port 0/3/0, and configure the TCP port ID
to 10010, do as follows:
huawei(config)#vlan 10 smart
huawei(config)#port vlan 10 0/3 0
huawei(config)#interface vlanif 10
huawei(config-if-vlanif10)#ip address 10.10.10.10 24
huawei(config-if-vlanif10)#quit
huawei(config)#ip route-static 10.20.20.1 24 10.10.10.1
huawei(config)#license esn 10.10.10.10
huawei(config)#license server ipaddress 10.20.20.2 tcpport 10010
1.2 Configuring the System Clock

This topic describes how to configure the system clock to restrict the clock frequency and phase
of each node on a network within the preset tolerance scope. This prevents transmission
performance deterioration caused by poor timing at both the transmit and receive ends in the
digital transmission system.
Context
On a digital network comprising the UA5000 and other devices, the primary problem is clock
synchronization. To ensure that the system uses a unified clock standard, you must specify the
clock signals from a certain port as the system clock source.
Procedure
Step 1 Run the clock source command to configure the system clock source.
Specify the clock signals extracted from a certain port as the system clock source.
Step 2 Run the clock priority command to configure the priority of the clock source.
----End
Example
To obtain two clock sources from ports 0/6/0 and 0/6/1 on the AIUG board as clock source 0
and clock source 2 of the system, configure clock source 2 with the highest priority, and configure
clock source 0 with the second highest priority, do as follows:
huawei(config)#clock source 0 0/6/0
huawei(config)#clock source 2 0/6/1
huawei(config)#clock priority 2/0

1.3 Configuring the Network Time

Configuring the NTP protocol is to keep the time of all the devices on the network synchronized,
so that the UA5000 implements various service applications, such as the network management
system and the network accounting system, based on uniform time.
Context
Introduction to the NTP Protocol:
l The Network Time Protocol (NTP) is an application layer protocol defined in RFC 1305,
which is used to synchronize the times of the distributed time server and the client. The
RFC defines the structures, arithmetics, entities, and protocols used in the implementation
of NTP.
l NTP is developed from the time protocol and the ICMP timestamp message protocol, with
special design on the aspects of accuracy and robustness.
l NTP runs over UDP with port number as 123.
l Any local system that runs NTP can be time synchronized by other clock sources, and also
act as a clock source to synchronize other clocks. In addition, mutual synchronization can
be done through NTP packets exchanges.
NTP is applied to the following situations where all the clocks of hosts or routers on a network
need to be consistent:
l In the network management, an analysis of log or debugging information collected from
different routers needs time for reference.
l The charging system requires the clocks of all devices to be consistent.
l Completing certain functions, for example, timing restart of all the routers on a network
requires the clocks of all the routers to be consistent.
l When several systems work together on the same complicate event, they have to take the
same clock for reference to ensure correct implementation order.
l Incremental backup between the backup server and clients requires clocks on them to be
synchronized.
When all the devices on a network need to be synchronized, it is almost impossible for an
administrator to manually change the system clock by command line. This is because the work
load is heavy and clock accuracy cannot be ensured. NTP can quickly synchronize the clocks
of network devices and ensure their precision.
There are four NTP modes: unicast server, peer, broadcast, and multicast modes. The UA5000
supports all these modes.
Default Configuration
Table 1-1 provides the default configuration for NTP.

Table 1-1 Default configuration for NTP
Parameter Default Value
NTP-service authentication Disable

function
NTP-service authentication None

key
The maximum allowed 100

number of sessions
Clock stratum 16
1.3.1 (Optional) Configuring NTP Authentication

This topic describes how to configure NTP authentication to improve the network security and
prevent unauthorized users from modifying the clock.
Prerequisites
Before configuring the NTP authentication function, make sure that the network interface of the
UA5000 and the routing protocol are configured so that the server and the client are reachable
to each other at the network layer.
Context
In certain networks that have strict requirements on security, enable NTP authentication when
running the NTP protocol. Configuring NTP authentication is classified into configuring NTP
authentication on the client and configuring NTP authentication on the server.
Precautions
l If NTP authentication is not enabled on the client, the client can synchronize with the server,
regardless of whether NTP authentication is enabled on the server.
l If NTP authentication is enabled, a reliable key needs to be configured.
l The configuration of the server must be the same as that of the client.
l When NTP authentication is enabled on the client, the client can pass the authentication if
the server is configured with the same key as that of the client. In this case, you need not
enable NTP authentication on the server or declare that the key is reliable.
l The client synchronizes with only the server that provides the reliable key. If the key
provided by the server is unreliable, the client does not synchronize with the server.
Procedure
Step 1 Run the ntp-service authentication enable command to enable NTP authentication.
Step 2 Run the ntp-service authentication-keyid command to set an NTP authentication key.

Step 3 Run the ntp-service reliable authentication-keyid command to declare that the key is reliable.
----End
Example
To enable NTP authentication, set the NTP authentication key as aNiceKey with the key number
42, and then define key 42 as a reliable key, do as follows:
huawei(config)#ntp-service authentication enable
huawei(config)#ntp-service authentication-keyid 42 authentication-mode md5
aNiceKey
huawei(config)#ntp-service reliable authentication-keyid 42
1.3.2 Configuring the Broadcast Mode NTP

This topic describes how to configure the UA5000 for clock synchronization in the broadcast
mode NTP. After the configuration is complete, the server periodically sends broadcast clock
synchronization packets through a specified port, and the client listens to the broadcast packets
sent from the server and synchronizes the local clock according to the received broadcast packets.
Prerequisites
Before configuring the broadcast mode NTP, make sure that the interface and the routing
protocol are configured so that the server and the client are reachable to each other at the network
layer.
Context
In the broadcast mode, the server periodically sends clock synchronization packets to the
broadcast address 255.255.255.255, with the mode field set to 5 (indicating the broadcast mode).
The client listens to the broadcast packets sent from the server. After receiving the first broadcast
packet, the client exchanges NTP packet whose mode fields are set to 3 (client mode) and 4
(server mode) with the server to obtain the network delay between the client and the server. The
client then enters the broadcast client mode, continues to listen to the incoming broadcast
packets, and synchronizes the local clock according to the incoming broadcast packets, as shown
in Figure 1-1.
Figure 1-1 Broadcast mode NTP

Broadcast Broadcast
server client
Periodically broadcasts clock

synchronization packets (mode 5) After receiving the first broadcast packet,
issues the server/client mode request.
Exchanges clock synchronization

packets (modes 3 and 4) Obtains the network delay and enters the
broadcast client mode.
Periodically broadcasts clock
synchronization packets (mode 5)
Receives broadcast packets and
synchronizes the local clock.

Precautions
1. In the broadcast mode, you need to configure both the NTP server and the NTP client.
2. The clock stratum of the synchronizing device must be lower than or equal to that of the
synchronized device. Otherwise, the clock synchronization fails.
Procedure
l Configure the NTP broadcast server host.
1. Run the ntp-service refclock-master command to configure the local clock as the
master NTP clock, and specify the stratum of the master NTP clock.
2. (Optional) Configure NTP authentication.
In certain networks that have strict requirements on security, it is recommended that
you enable NTP authentication when running the NTP protocol. The configuration of
the server must be the same as that of the client.
a. Run the ntp-service authentication enable command to enable NTP
authentication.
b. Run the ntp-service authentication-keyid command to set an NTP
authentication key.
c. Run the ntp-service reliable authentication-keyid command to declare that the
key is reliable.
3. Add a VLAN L3 interface.
a. Run the vlan command to create a VLAN.
b. Run the port vlan command to add an upstream port to the VLAN so that the
user packets carrying the VLAN tag are transmitted upstream through the
upstream port.
c. In the global config mode, run the interface vlan command to create a VLAN
interface, and then enter the VLAN interface mode to configure the L3 interface.
d. Run the ip address command to configure the IP address and subnet mask of the
VLAN interface so that the IP packets in the VLAN can participate in the L3
forwarding.
4. Run the ntp-service broadcast-server command to configure the NTP broadcast
server mode of the host, and specify the key ID for the server to send packets to the
client.
l Configure the NTP broadcast client host.
authentication.
authentication key.
key is reliable.


upstream port.
forwarding.
3. Run the ntp-service broadcast-client command to configure a host as the NTP
broadcast client.
----End
Example
Assume the following configurations: UA5000_S uses the local clock as the master NTP clock
on stratum 2 and works in the broadcast mode NTP, sends broadcast clock synchronization
packets periodically through IP address 10.10.10.10/24 of the L3 interface of VLAN 2;
UA5000_C functions as the NTP client, listens to the broadcast packets sent from the server
through IP address 10.10.10.20/24 of the L3 interface of VLAN 2, and synchronizes with the
clock on the broadcast server. To perform these configurations, do as follows:
1. On UA5000_S:
huawei(config)#ntp-service refclock-master 2
huawei(config)#vlan 2 standard
huawei(config-if-vlanif2)#ntp-service broadcast-server
2. On UA5000_C:
huawei(config-if-vlanif2)#ntp-service broadcast-client
1.3.3 Configuring the Multicast Mode NTP

This topic describes how to configure the UA5000 for clock synchronization in the multicast
mode NTP. After the configuration is complete, the server periodically sends multicast clock
synchronization packets through a specified port, and the client listens to the multicast packets
sent from the server and synchronizes the local clock according to the received multicast packets.
Prerequisites
Before configuring the multicast mode NTP, make sure that the interface and the routing protocol
are configured so that the server and the client are reachable to each other at the network layer.
Context
In the multicast mode, the server periodically sends clock synchronization packets to the
multicast address configured by the user. The default NTP multicast address 224.0.1.1 is used

if the multicast address is not configured. The mode field of clock synchronization packet is set
to 5 (multicast mode). The client listens to the multicast packets sent from the server. After
receiving the first multicast packet, the client exchanges NTP packet whose mode fields are set
to 3 (client mode) and 4 (server mode) with the server to estimate the network delay between
the client and the server. The client then enters the multicast client mode, continues to listen to
the incoming multicast packets, and synchronizes the local clock according to the incoming
multicast packets, as shown in Figure 1-2.
Figure 1-2 Multicast mode NTP

Multicast Multicast
server client
Periodically multicasts clock

synchronization packets (mode 5) After receiving the first multicast packet,
issues the server/client mode request.

packets (modes 3 and 4) Obtains the network delay and enters the
multicast client mode.
Periodically multicasts clock
synchronization packets (mode 5)
Receives multicast packets and
synchronizes the local clock.
Precautions
1. In the multicast mode, you need to configure both the NTP server and the NTP client.
2. The clock stratum of the synchronizing device must be lower than or equal to that of the
synchronized device. Otherwise, the clock synchronization fails.
Procedure
l Configure the NTP multicast server host.
1. Run the ntp-service refclock-master command to configure the local clock as the
master NTP clock, and specify the stratum of the master NTP clock.

authentication.
authentication key.
key is reliable.

upstream port.
forwarding.
4. Run the ntp-service multicast-server command to configure the NTP multicast
server mode of the host, and specify the key ID for the server to send packets to the
client.
l Configure the NTP multicast client host.
authentication.
authentication key.
key is reliable.
upstream port.
forwarding.
3. Run the ntp-service multicast-client command to configure a host as the NTP
multicast client.
----End
Example
Assume the following configurations: UA5000_S uses the local clock as the master NTP clock
on stratum 2 and works in the multicast mode NTP, sends multicast clock synchronization
packets periodically through IP address 10.10.10.10/24 of the L3 interface of VLAN 2, and is
enabled with the NTP authentication function (the ID of the MD5 authentication key is set to
10, the key is set to BetterKey, and the authentication key is declared to be reliable);
UA5000_C functions as the NTP client, listens to the multicast packets sent from the server
through IP address 10.10.10.20/24 of the L3 interface of VLAN 2, and synchronizes with the
clock on the multicast server. To perform these configurations, do as follows:

1. On UA5000_S:
huawei(config)#ntp-service authentication enable
huawei(config)#ntp-service authentication-keyid 10 authentication-mode md5
BetterKey
huawei(config)#ntp-service reliable authentication-keyid 10
huawei(config-if-vlanif2)#ntp-service multicast-server
2. On UA5000_C:
huawei(config-if-vlanif2)#ntp-service multicast-client
1.3.4 Configuring the Unicast Server Mode NTP

This topic describes how to configure the UA5000 as the NTP client to synchronize time with
the NTP server on the network.
Prerequisites
Before configuring the unicast mode NTP, make sure that the interface and the routing protocol
Context
In the unicast server mode, the client sends a clock synchronization packet to the server, with
the mode field set to 3 (client mode). After receiving the packet, the server automatically enters
the server mode and sends a response packet with the mode field set to 4 (server mode). After
receiving the response from the server, the client filters and selects the clock, and synchronizes
with the preferred server, as shown in Figure 1-3.
Figure 1-3 Unicast mode NTP

Client Server
Clock synchronization
packets (mode 3) Automatically works in
the server mode and
sends response packets.
Filters and selects the clock Response packets (mode 4)

and synchronizes it with the
clock of the preferred server.
Precautions
1. In the unicast server mode, you need to configure only the client and need not configure
the server.

2. The clock stratum of the synchronizing device must be lower than or equal to the clock
stratum of the synchronized device. Otherwise, the clock synchronization fails.
Procedure
Step 1 Configure a VLAN L3 interface.
2. Run the port vlan command to add an upstream port to the VLAN so that the user packets
carrying the VLAN tag are transmitted upstream through the upstream port.
3. Run the interface vlan command to create a VLAN interface in the global config mode
and enter the VLAN interface mode to configure the L3 interface.
4. Run the ip address command to configure the IP address and subnet mask of the VLAN
interface so that the IP packets in the VLAN can be forwarded at layer 3.
Step 2 Run the ntp-service unicast-server command to configure the unicast server mode and specify
the IP address of the remote server that functions as the local timer server and the interface for
transmitting and receiving NTP packets.
NOTE
l In this command, ip-address is a unicast address, which cannot be a broadcast address, a multicast address,
or the IP address of a local clock.
l After the source interface of the NTP packets is specified by source-interface, the source IP address of the
NTP packets is configured as the primary IP address of the specified interface.
l A server can function as a time server to synchronize other devices only after its clock is synchronized.
l When the clock stratum of the server is higher than or equal to the clock stratum of the client, the client does
not synchronize with the server.
l You can run the ntp-service unicast-server command for multiple times to configure multiple servers.
Then, the client selects the optimal server according to clock priorities.
Step 3 (Optional) Configure the ACL rules.

Filter the packets that pass through the L3 interface. Only the IP packet from the clock server is
allowed to access the L3 interface and other unauthorized packets are not allowed to access the
L3 interface. It is recommended that you use the ACL rules for the system that has requirements
on strict security.
1. Run the acl adv-acl-numbe command to create an ACL.
2. Run the rule command to create an ACL according to the source IP address, destination
IP address, type of the protocol over IP, and protocol features of the packet, allowing or
forbidding the data packets that meet related requirements to pass.
3. Run the packet-filter command configure an ACL filtering rule for a specified port and
make the configuration take effect.
----End
Example
Assume the following configurations: One UA5000 functions as the NTP server (IP address:
10.20.20.20/24), the other UA5000 (IP address of the L3 interface of VLAN 2: 10.10.10.10/24,
gateway IP address: 10.10.10.1) functions as the NTP client, the NTP client sends the clock
synchronization request packet through the L3 interface of VLAN 2 to the NTP server, the NTP
server responds to the request packet, and ACL rules are configured to allow only IP packets
from the clock server to access the L3 interface. To perform these configurations, do as follows:

huawei(config)#ntp-service unicast-server 10.20.20.20 source-interface vlanif 2
huawei(config)#acl 3010
huawei(config-acl-adv-3010)#rule deny ip source any destination 10.10.10.10
0.0.0.0
huawei(config-acl-adv-3010)#rule permit ip source 10.20.20.20 0.0.0.0 destination
10.10.10.10 0.0.0.0
huawei(config-acl-adv-3010)#quit
huawei(config)#packet-filter inbound ip-group 3010 port 0/3/0
1.3.5 Configuring the Peer Mode NTP

This topic describes how to configure the UA5000 for clock synchronization in the peer mode
NTP. In the peer mode, configure only the active peer, and the passive peer need not be
configured. In the peer mode, the active peer and the passive peer can synchronize with each
other. The peer with a higher clock stratum is synchronized by the peer with a lower clock
stratum.
Prerequisites
Before configuring the peer mode NTP, make sure that the interface and the routing protocol
Context
In the peer mode, the active peer and the passive peer exchange NTP packets whose mode fields
are set to 3 (client mode) and 4 (server mode). Then, the active peer sends a clock synchronization
packet to the passive peer, with the mode field of the packet set to 1 (active peer). After receiving
the packet, the passive peer automatically works in the passive peer mode and sends a response
packet with the mode field set to 2 (passive peer). Through packet exchange, the peer mode is
set up. The active peer and the passive peer can synchronize with each other. If both the clock
of the active peer and that of the passive peer are synchronized, the clock on a lower stratum is
used, as shown in Figure 1-4.
Figure 1-4 Peer mode NTP

Active peer Passive peer

packets (modes 3 and 4)
Clock synchronization
packets (mode 1) Automatically works in the peer
mode and sends response packets.
Response packets (mode 2)
After the peer mode is set up, the
Synchronize with each other
active peer and the passive peer
can synchronize with each other.

Precautions
1. In the peer mode, you need to configure the NTP mode on only the active peer.
2. The peers determine clock synchronization according to the clock stratum instead of
according to whether the peer is an active peer.
Procedure
Step 1 Configure the L3 interface of the VLAN.
2. Run the port vlan command to add an upstream port to the VLAN so that the user packets
carrying the VLAN tag are transmitted upstream through the upstream port.
3. In the global config mode, run the interface vlan command to create a VLAN interface,
and then enter the VLAN interface mode to configure the L3 interface.
4. Run the ip address command to configure the IP address and subnet mask of the VLAN
interface so that the IP packets in the VLAN can be forwarded at L3.
Step 2 Configure the NTP active peer.

1. Run the ntp-service refclock-master command to configure the local clock as the master
NTP clock, and specify the stratum of the master NTP clock.
2. Run the ntp-service unicast-peer command to configure the peer mode NTP, and specify
the IP address of the remote server that functions as the local timer server and the interface
for transmitting and receiving NTP packets.
NOTE
l In this command, ip-address is a unicast address, which cannot be a broadcast address, a multicast
address, or the IP address of a reference clock.
l After the source interface of the NTP packets is specified by source-interface, the source IP address
of the NTP packets is configured as the primary IP address of the specified interface.
----End
Example
Assume the following configurations: One UA5000 functions as the NTP active peer (IP address
of the L3 interface of VLAN 2: 10.10.10.10/24) and works on clock stratum 4, the other
UA5000 (IP address: 10.10.10.20/24) functions as the NTP passive peer, the active peer sends
a clock synchronization request packet through the L3 interface of VLAN 2 to the passive peer,
the passive peer responds to the request packet, and the peer with a higher clock stratum is
synchronized by the peer with a lower clock stratum. To perform these configurations, do as
follows:
huawei(config)#ntp-service unicast-peer 10.10.10.20 source-interface vlanif 2

1.4 Configuring Alarms

Alarm management includes the following functions: alarm record, alarm setting, and alarm
statistics. These functions help you to maintain the device and ensure that the device works
efficiently.
Context
An alarm refers to the notification of the system after a fault is detected. After an alarm is
generated, the system broadcasts the alarm to the terminals, mainly including the NMS and CLI
terminals.
Alarms are classified into fault alarm and recovery alarm. After a fault alarm is generated at a
certain time, the fault alarm lasts until the fault is rectified to clear the alarm.
You can modify the alarm settings according to your requirements. The settings are alarm
severity, alarm output mode through the CLI and alarm statistics.
Procedure
l Run the alarm alarmlevel command to configure the alarm severity.
– Alarm severities are critical, major, minor, and warning.
– Parameter default indicates restoring the alarm severity to the default setting.
– You can run the display alarm list command to query the alarm severity.
– The system specifies the default (also recommended) alarm severity for each alarm. Use
the default alarm severity unless otherwise required.
l Run the alarm output/undo alarm output command to set or shield the output of alarms
to the CLI terminal.
– Setting the output mode of alarms does not affect the generating of alarms. The alarms
generated by the system are still recorded. You can run the display alarm history
command to query the alarms that are shielded.
– When the new output mode of an alarm conflicts with the previous mode, the new output
mode takes effect.
– The output mode of the recovery alarm is the same as the output mode of the fault alarm.
When the output mode of the fault alarm is set, the system automatically synchronizes
the output mode of its recovery alarm. The reverse is also applicable. That is, when the
output mode of the recovery alarm is set, the system automatically synchronizes the
output mode of its fault alarm.
l Run the alarm statistics period command to set the alarm statistics collection period.
– The system collects the occurrence times of alarms and events according to the set
period. To save the statistical result, run the alarm statistics save command to save the
statistics to the flash memory.
– You can use the statistical result of alarms and events to locate a problem in the system.
– You can run the display alarm statistics command to query the alarm statistical record.
l Run the display alarm configuration command to query the alarm configuration according
to the alarm ID. The alarm configuration that you can query includes the alarm ID, alarm

name, alarm class, alarm type, alarm severity, default alarm severity, number of parameters,
CLI output flag, conversion flag, and detailed alarm description.
l Run the display alarm statistics command to query the alarm statistical record.
– When you need to know the frequency in which one alarm occurs within a time range,
and to know the working conditions of the device and analyze the fault that may exist,
run this command.
– Currently, you can query the alarm statistics in the current 15 minutes, current 24 hours,
last 15 minutes, and last 24 hours in the system.
----End
Example
Assume the following configurations: The output of all the alarms at level warning are shielded
to the CLI terminal, the statistical period of the alarms and events is set to 72 hours, and all the
alarms at level major are saved to the flash memory so that a problem can be located through
the alarm statistical record. To perform these configurations, do as follows:
huawei(config)#undo alarm output alarmlevel warning
huawei(config)#alarm statistics period 72
huawei(config)#alarm alarmlevel 0x0121a001 critical
huawei(config)#alarm alarmlevel 0x02310000 critical
huawei(config)#alarm statistics save
1.5 Adding Port Description

This topic describes how to add port description.
Context
After the description of a physical port on the board is added, the description has the following
functions:
l You can perform operations on the port according to its description.

l The customized description of a port facilitates information query in the system
maintenance.
Procedure
Step 1 In the global config mode, run the port desc command to add port description.
Port description is a character string, used to identify a port on a board in a slot of a shelf.
Step 2 Run the display port desc command to query port description.
----End
Example
Plan the format of user port description as "community ID-building ID-floor ID/shelf ID-slot
ID-port ID". "Community ID-building ID-floor ID" indicates the physical location where the
user terminal is deployed, and shelf ID-slot ID-port ID" indicates the physical port on the local
device that is connected to the user terminal. This plan can present the user terminal location
and the connection between the user terminal and the device, which facilitates query in

maintenance. Assume that the user terminal that is connected to port 0/2/0 of the UA5000 is
deployed in floor 1, building 01 of community A. To add port description according to the plan,
do as follows:
huawei(config)#port desc 0/2/0 description A-01-01/0-2-0

huawei(config)#display port desc 0/2/0
------------------------------------------------------------
F/ S/ P IMA Group Port Description
------------------------------------------------------------
0/ 2/ 0 - A-01-01/0-2-0
------------------------------------------------------------
1.6 Configuring the Auto-save Function

This topic describes how to configure the auto-save function so that the system configuration
data or database files can be saved automatically.
Context
The UA5000 supports two auto-save modes:
l Auto-save at preset interval.
l Auto-save at preset time.
Pay attention to the following points:
l Auto-save at preset time conflicts with auto-save at preset interval. You can enable only
one of them.
l Saving data frequently affects the system. Therefore, an auto-save interval shorter than one
day is not recommended, and it is recommended that you set the interval equal to or longer
than one day.
l Before the system upgrade operation, run the autosave interval off or autosave time off
command to disable the auto-save function to prevent upgrade failure due to the conflict
between upgrade and auto-save operations.
NOTICE
After the system upgrade is complete, you must re-enable the auto-save function if the auto-
save function is required.
Configuration Flowchart
Figure 1-5 shows the flowchart for configuring the auto-save function.

Figure 1-5 Flowchart for configuring the auto-save function
Start
Alternative
Configure auto-save at Configure auto-

preset interval save at preset time
(Optional) Set the auto- (Optional) Set the

save interval auto-save time
End
Procedure
l Configure auto-save at preset interval.
1. In the global config mode, run the autosave interval on command to enable auto-
save at preset interval.
Auto-save at preset interval conflicts with auto-save at preset time. You can enable
only one of them.
2. (Optional) In the global config mode, run the autosave interval command to set the
auto-save interval.
After the setting, the system data is automatically saved at the set interval regardless
of whether the system data is modified. By default, the interval is 24 hours.
l Configure auto-save at preset time.
1. In the global mode, run the autosave time on command to enable auto-save at preset
time.
Auto-save at preset time conflicts with auto-save at preset interval. You can enable
only one of them.
2. (Optional) In the global config mode, run the autosave time command to set the auto-
save time.
After the setting, the system data is automatically saved at the set time regardless of
whether the system data is modified. By default, the time is 00:00:00.
----End
Example
To enable auto-save at preset interval on the UA5000 and set the auto-save interval to two days
(2880 minutes), do as follows:

huawei(config)#autosave interval on
huawei(config)#autosave interval 2880
huawei(config)#save
1.7 Configuring the Attributes of an Upstream Ethernet Port

This topic describes how to configure the attributes of a specified Ethernet port so that the system
communicates with the upstream device in the normal state.
Context
The UA5000 needs to be interconnected with the upstream device through the Ethernet port.
Therefore, pay attention to the consistency of port attributes.
Table 1-2 lists the default settings of the attributes of an Ethernet port.
Table 1-2 Default settings of the attributes of an Ethernet port
Parameter Default Setting (Optical Port) Default Setting (Electrical

Port)
Auto-negotiation Disabled Enabled

mode of the port
Port rate l FE optical port: 100 Mbit/s NA

l GE optical port: 1000 Mbit/s NOTE
After the auto-negotiation mode
l 10GE optical port: 10000 Mbit/ of the port is disabled, you can
s configure the port rate.
Duplex mode Full-duplex NA

NOTE
After the auto-negotiation mode
of the port is disabled, you can
configure the duplex mode.
Network cable Not supported l FE electrical port: auto

adaptation mode l GE electrical port: normal
Flow control Disabled Disabled
Procedure
l Configure the physical attributes of an Ethernet port.
1. (Optional) Set the auto-negotiation mode of the Ethernet port.
Run the auto-neg command to set the auto-negotiation mode of the Ethernet port. You
can enable or disable the auto-negotiation mode:

– After the auto-negotiation mode is enabled, the port automatically negotiates with
the peer port for the rate and working mode of the Ethernet port.
– After the auto-negotiation mode is disabled, the rate and working mode of the port
are in the forced mode (adopt default values or are set through command lines).
2. (Optional) Set the rate of the Ethernet port.
Run the speed command to set the rate of the Ethernet port. After the port rate is set
successfully, the port works at the set rate. Pay attention to the following points:
– Make sure that the rate of the Ethernet port is the same as that of the interconnected
port on the peer device. This prevents communication failure.
– The auto-negotiation mode needs to be disabled.
3. (Optional) Set the duplex mode of the Ethernet port.
Run the duplex command to set the duplex mode of the Ethernet port. The duplex
mode of an Ethernet port can be full-duplex, half-duplex, or auto negotiation. Pay
attention to the following points:
– Make sure that the ports of two interconnected devices work in the same duplex
modes. This prevents communication failure.
– The auto-negotiation mode needs to be disabled.
4. (Optional) Configure the network cable adaptation mode of the Ethernet port.
Run the mdi command to configure the network cable adaptation mode of the Ethernet
port to match the actual network cable. The network adaptation modes are as follows:
– normal: Specifies the adaptation mode of the network cable as straight through
cable. In this case, the network cable connecting to the Ethernet port must be a
straight-through cable.
– across: Specifies the adaptation mode of the network cable as crossover cable. In
this case, the network cable connecting to the Ethernet port must be a crossover
cable.
– auto: Specifies the adaptation mode of the network cable as auto-sensing. The
network cable can be a straight through cable or crossover cable.
Pay attention to the following points:
– The Ethernet optical port does not support the network cable adaptation mode.
– If the Ethernet electrical port works in forced mode (auto-negotiation mode
disabled), the network cable type of the port cannot be configured to auto.
l Configure flow control on the Ethernet port.
Run the flow-control command to enable flow control on the Ethernet port. When the flow
of an Ethernet port is heavy, run this command to control the flow to prevent network
congestion, which may cause the loss of data packets. Flow control needs to be supported
on both the local and peer devices. Pay attention to the following points:
– If the peer device supports flow control, generally, enable flow control on the local
device.
– If the peer device does not support flow control, generally, disable flow control on the
local device.
By default, flow control is disabled.
l Mirror the Ethernet port.

Run the mirror port command to mirror the Ethernet port. When the system is faulty, copy
the traffic of a certain port to the other port and output the traffic for traffic observation,
network fault diagnosis, and data analysis.
----End
Example
Assume that Ethernet port 0/3/0 is an optical port, the port rate is 1000 Mbit/s in duplex mode,
and supporting flow control. To perform the configurations, do as follows:
huawei(config)#interface ipm 0/3

huawei(config-if-ipm-0/3)#auto-neg 0 disable
huawei(config-if-ipm-0/3)#speed 0 1000
huawei(config-if-ipm-0/3)#duplex 0 full
huawei(config-if-ipm-0/3)#flow-control 0
1.8 Configuring the Ethernet Port Load Balancing

This topic describes how to configure the Ethernet port aggregation. Port aggregation means the
aggregation of multiple ports to protect links and balance the load. The aggregation of multiple
ports expands the bandwidth and balances the input and output load among member ports. For
the application of the link protection, see "Configuring the Uplink Redundancy Backup."
Prerequisites
The Ethernet board must be configured in the system.
Context
l The IPMB board supports a maximum of four Ethernet port aggregation groups.
l One aggregation group supports a maximum of eight Ethernet ports.
l The Link Aggregation Control Protocol (LACP) is supported by the aggregated port with
the static attribute but not supported by the manually aggregated port.
l Multiple physical ports can be aggregated only if they meet the following requirements:
– The port must work in the full duplex mode.
– The port does not work in the auto negotiation mode.
– The rates of all the ports must be the same, and cannot be configured in the auto
negotiation mode.
– The attributes, such as the default VLAN (PVID) and VLAN of all the ports must be
the same.
– One port belongs to only one aggregation group.
– No mirror destination port is included.
Procedure
Step 1 Run the interface ipm command to enter the IPM mode.
Step 2 Run the link-aggregation command to configure the Ethernet port aggregation.

Step 3 Run the display link-aggregation command to query the information about the aggregated port.
----End
Example
To aggregate Ethernet ports 0 and 1, do as follows:
huawei(config-if-ipm-0/3)#link-aggregation 0-1 ingress
huawei(config-if-ipm-0/3)#display link-aggregation
-------------------------------------------------------------
Master port Sub-ports Mode WorkMode
-------------------------------------------------------------
0 1 ingress manual
-------------------------------------------------------------
Total: 1 link-aggregation(s)
1.9 Configuring DHCP

The UA5000 can implement DHCP relay on a network. Configuring DHCP relay is applicable
to the scenario where DHCP clients in different network segments dynamically obtain IP
addresses from the same DHCP server.
Context
The UA5000 can work in the L2 DHCP relay mode or L3 DHCP relay mode to forward the
DHCP packets exchanged between the user and the DHCP server. By default, the UA5000 works
in the L2 DHCP relay mode. In this mode, the UA5000 transparently transmits the DHCP packets
initiated by the user and configurations are not required. The L3 DHCP relay mode can be
classified into three working modes:
l DHCP standard mode
In this mode, the UA5000 identifies the VLAN to which the user belongs and binds different
VLANs to the corresponding DHCP server groups.
Configure the DHCP standard mode as follows: Configure the working mode of the DHCP
relay. Configure the DHCP server group. Bind VLANs to DHCP server groups.
l DHCP option60 mode
The UA5000 differentiates the DHCP packets transmitted from the user terminal according
to the DHCP option60 field in the packets, and binds different DHCP option60 domains to
the corresponding DHCP server groups.
Configure the DHCP option60 mode as follows: Configure the working mode of the DHCP
relay. Configure the DHCP server group. Create DHCP option60 field. Bind DHCP
option60 domains to DHCP server groups.
l Configuration mode of the MAC address segment
The UA5000 differentiates users according to the MAC address segment of the user
terminals, and binds different MAC address segments to the corresponding DHCP server
group.

Configure the MAC address segment mode as follows: Configure the working mode of the
DHCP relay. Configure the DHCP server group. Define the MAC address segment. Bind
MAC address segments to DHCP server groups.
NOTE
The UA5000 supports the DHCP option82 to ensure the security of the DHCP function. For the
configuration related to the DHCP option82 feature, see "1.13.2 Configuring Anti-Theft and Roaming
of User Account Through DHCP."
1.9.1 Configuring the Standard DHCP Mode

This topic is applicable to the scenario for specifying the corresponding DHCP server groups
for different users of the VLAN (the VLAN that is used when the service ports are created).
Prerequisites
A VLAN must be created. For details, see "1.10 Configuring a VLAN."
Procedure
Step 1 Configure the DHCP forwarding mode.
In the global config mode, run the dhcp mode layer-3 standard command to configure the
DHCP relay mode to standard L3 DHCP relay mode (layer-3, standard).
Step 2 Configure the DHCP server group.
In the global config mode, run the dhcp-server command to create a DHCP server group.
l igroup-number: Indicates the number of the DHCP server group. It identifies a server group.
You can run the display dhcp-server all-group command to query the DHCP server groups
that are already configured and select a DHCP server group number that is not used in the
system.
l ip-addr: Indicates the IP address of the DHCP server in the DHCP server group. A maximum
of two IP addresses can be entered.
NOTICE
The IP address of the DHCP server configured here must be the same as the IP address of
the DHCP server on the network side.
Step 3 Bind the DHCP server to the VLAN.
1. In the global config mode, run the interface vlanif command to create a VLAN L3
interface.
The VLAN ID must be the same as the ID of the VLAN described in the prerequisite.
2. In the VLANIF mode, run the ip address command to configure the IP address of the
VLAN L3 interface.
After the configuration is complete, this IP address is used as the source IP address for
forwarding the IP packets in the VLAN at L3.

NOTICE
l If only an L2 device exists between the UA5000 and the DHCP server, the IP address
of the VLAN L3 interface needs to be in the same subnet as the IP address of the DHCP
server.
l If the upper-layer device of the UA5000 is an L3 device, the IP address of the VLAN
L3 interface and the IP address of the DHCP server can be in different subnets; however,
a route must exist between the VLAN L3 interface and the DHCP server. For details,
see "2.2 Configuring the Route."
3. In the VLANIF mode, run the dhcp-server command to bind the DHCP server to the
VLAN.
This command requires parameter group-number, the value of which is the number of the
created DHCP server group.
----End
Example
Assume that server group 1 contains two DHCP servers, with the maximum response time of
20s, the maximum count of response timeout of 10, the IP address of the primary server 10.1.1.9
and the IP address of the secondary server 10.1.1.10. To bind server group 1 to users in VLAN
2 (with the IP address of the L3 interface 10.1.1.101), do as follows:
huawei(config)#dhcp mode layer-3 standard

huawei(config)#dhcp-server 1 ip 10.1.1.9 10.1.1.10
huawei(config-if-vlanif2)#dhcp-server 1
1.9.2 Configuring the DHCP Option60 Mode

This topic is applicable to the scenario for specifying the corresponding DHCP servers for
different option60 domain users.
Prerequisites
Before the configuration, determine the option60 domain name of the user terminal.
Context
When multiple services are provisioned on the UA5000, such as video multicast and IP telephone
services, the services are provided by different service providers. The service providers may use
different relay IP addresses of the same DHCP server or different DHCP servers to allocate IP
addresses to users. Therefore, configure the users to apply for IP addresses from the DHCP server
in the DHCP option60 mode.
In the DHCP option60 mode, the DHCP server group is selected according to the character string
(namely, domain name) in the option60 of DHCP packets. Here, the option60 domain name and
the DHCP server group to which the domain name is bound need to be configured beforehand.

In this mode, users are differentiated according to the domain information in the packet, and
different service types in the same VLAN can also be differentiated.
Procedure
In the global config mode, run the dhcp mode layer-3 option-60 command to configure the
DHCP relay mode to L3 option60 mode (layer-3, option60).
system.
NOTICE
Step 3 Create a DHCP option60 domain.

In the global config mode, run the dhcp domain command to create a DHCP domain, and then
enter the DHCP domain mode. The option60 domain name needs to be configured according to
the type of the terminal connected to the device. For the DHCP client installed with the Windows
98/2000/XP/NT series of OSs, the domain name must be msft.
Step 4 Bind the DHCP option60 domain to the DHCP server group.
In the option60 domain mode, run the dhcp-server command to bind the DHCP domain to the
DHCP server group. After the configuration is complete, the DHCP clients belonging to the
DHCP correspond to the DHCP server group.
Step 5 Configure the IP address of the gateway corresponding to the DHCP domain.
interface.
VLAN L3 interface.

NOTICE
server.
3. In the VLANIF mode, run the dhcp domain gateway command to configure the IP address
of the gateway corresponding to the DHCP domain.
The IP address of the gateway must be a configured IP address of the VLAN interface.
Under the same VLAN interface, different option60 domains can be configured with
different gateways. Therefore, different DHCP servers can be selected according to the
domain information in the packet.
----End
Example
Assume that server group 2 contains two DHCP servers, with the IP address of the primary server
10.10.10.10 and the IP address of the secondary server 10.10.10.11. To bind server group 2 to
users whose option60 domain name is msft in VLAN 2 (with the IP address of the L3 interface
10.1.2.1/24), do as follows:
huawei(config)#dhcp mode layer-3 option-60
huawei(config)#dhcp domain msft
huawei(config-dhcp-domain-msft)#dhcp-server 2
huawei(config-dhcp-domain-msft)#quit
huawei(config-if-vlanif2)#dhcp domain msft gateway 10.1.2.1
1.9.3 Configuring the DHCP MAC Address Segment Mode

This topic is applicable to the scenario for specifying the corresponding DHCP servers for users
in different MAC address segments.
Prerequisites
Context
In the networking, devices of various manufacturers may exist on the network. The devices of
each manufacturer have a fixed MAC address segment. In this case, the IP address can be
obtained from the DHCP server through DHCP relay in the MAC address segment configuration
mode.

The UA5000 can select the DHCP server based on the MAC address segment. After the
configuration is complete, clients in this MAC address segment obtain IP addresses from the
corresponding DHCP server.
Procedure
In the global config mode, run the dhcp mode layer-3 mac-range command to configure the
DHCP relay mode to L3 MAC address segment mode (layer-3, mac-range).

system.
NOTICE
Step 3 Define the MAC address segment.

1. In the global config mode, run the dhcp mac-range to create a MAC address segment, and
then enter the MAC address segment configuration mode.
range-name indicates the name of the MAC address segment. It functions as a comment
and has no other special meanings.
2. In the MAC address segment configuration mode, run the mac-range mac-address-start
to mac-address-end command to configure the MAC address range.
Step 4 Bind the DHCP server group to the MAC address segment.
In the MAC address segment configuration mode, run the dhcp-server command to bind a
DHCP server group to the MAC address segment.
Step 5 Configure the IP address of the gateway corresponding to the MAC address segment.
interface.
VLAN L3 interface.

NOTICE
server.
3. In the VLANIF mode, run the dhcp mac-range gateway command to configure the IP
address of the gateway corresponding to the DHCP domain.
The IP address of the gateway must be a configured IP address of the VLAN interface.
Under the same VLAN interface, different MAC address segments can be configured with
different gateways. Therefore, different DHCP servers can be selected according to the
MAC address segment information in the packet.
----End
Example
Assume that server group 2 contains two DHCP servers, with the IP address of the primary server
10.10.10.10 and the IP address of the secondary server 10.10.10.11. To bind server group 2 to
certain users (whose MAC address is in the range from 0000-0000-0001 to 0000-0000-0100) in
VLAN 2, do as follows:
huawei(config)#dhcp mode layer-3 mac-range
huawei(config)#dhcp mac-range huawei
huawei(config-mac-range-huawei)#mac-range 0000-0000-0001 to 0000-0000-0100
huawei(config-mac-range-huawei)#dhcp-server 2
huawei(config-mac-range-huawei)#quit
huawei(config-if-vlanif2)#dhcp mac-range huawei gateway 10.1.2.1

Prerequisites
The VLAN to be added must not exist in the system.
Application Context
VLAN application is specific to user types. For details on the VLAN application, see "Table
1-3."

Table 1-3 VLAN application and planning
User Type Application Scenario VLAN Planning
l Household N:1 scenario, that is, the VLAN type: smart

user of the scenario of upstream VLAN attribute: common
Internet transmission through a
access single VLAN, where the
service services of multiple
l Commercial subscribers are
user of the converged to the same
Internet VLAN.
access
1:1 scenario, that is, the VLAN type: smart
service
scenario of upstream Attribute: stacking
transmission through
double VLANs, where
the outer VLAN tag
identifies a service and
the inner VLAN tag
identifies a user. The
service of each user is
indicated by a unique
SVLAN+CVLAN.
Commercial Public network VLAN type: smart

user of the resources provide a VLAN attribute: QinQ
transparent transparent and secure
transmission data channel for the
service private networks of an
enterprise that are
located at different
places.
Table 1-4 lists the default parameter settings of VLAN.
Table 1-4 Default parameter settings of VLAN
Parameter Default Setting Remarks
Default VLAN of VLAN ID: 1 You can run the defaultvlan modify
the system Type: MUX VLAN command to modify the VLAN type but
cannot delete the VLAN.
Reserved VLAN VLAN ID range: You can run the vlan reserve command to
of the system 4079-4093 modify the VLAN reserved by the system.
Default attribute Common -

of a new VLAN

Procedure
Step 1 Create a VLAN.
Run the vlan to create a VLAN. VLANs of different types are applicable to different scenarios.
Table 1-5 VLAN types and application scenarios
VLAN Configuration VLAN Description Application Scenario

Type Command
Standard To add a standard Standard VLAN. Only available to

VLAN VLAN, run the vlan Ethernet ports in a Ethernet ports and is
vlanid standard standard VLAN are applicable to inband
command. interconnected with each network management
other but Ethernet ports and subtending.
in different standard
VLANs are isolated from
each other.
Smart To add a smart VLAN, One smart VLAN may Smart VLANs are
VLAN run the vlan vlanid contain multiple xDSL applied in residential
smart command. service ports. The traffic communities to provide
streams of the service xDSL access.
ports are isolated from
each other and the traffic
streams in different
each other. One smart
VLAN provides access
for multiple users and
thus saves VLAN
resources.
MUX To add a MUX VLAN, One MUX VLAN MUX VLANs are
VLAN run the vlan vlanid mux contains only one xDSL applicable to xDSL
command. service port. The traffic service access. For
streams in different example, MUX VLANs
VLANs are isolated from can be used to distinguish
each other. One-to-one users.
mapping can be set up
between a MUX VLAN
and an access user.
Hence, a MUX VLAN
can identify an access
user.


Type Command
Super To add a super VLAN, The super VLAN is based Super VLANs can be
VLAN run the vlan vlanid on layer 3. One super used for the L3
super command. VLAN contains multiple intercommunication and
sub-VLANs. Through an are applicable to the
ARP proxy, the sub- scenario where saving IP
VLANs in a super VLAN addresses and improving
can be interconnected at the usage of IP addresses
layer 3. are required.
For a super VLAN, sub-
VLANs must be
configured. You can run
the supervlan command
to add a sub-VLAN to a
specified super VLAN. A
sub-VLAN must be a
smart VLAN or a MUX
VLAN.
NOTE
l To add VLANs with consecutive IDs in batches, run the vlan vlanid to end-vlanid command.
l To add VLANs with inconsecutive IDs in batches, run the vlan vlan-list command.
Step 2 (Optional) Configure the VLAN attribute.
The default attribute for a new VLAN is "common". You can run the vlan attrib command to
configure the attribute of the VLAN.
Configure the attribute according to VLAN planning.
Table 1-6 VLAN attributes and application scenarios
VLA Configuration VLAN Type VLAN Application

N Command Description Scenario
Attri
bute
Com The default The VLAN with A VLAN with the Applicable to the
mon attribute for a new this attribute can common attribute N:1 access
VLAN is be a standard can function as a scenario.
"common". VLAN, smart common layer 2
VLAN, MUX VLAN or function
VLAN, or super for creating a layer
VLAN. 3 interface.


Attri
bute
QinQ To configure QinQ The VLAN with The packets from a Applicable to the
VLA as the attribute of a this attribute can QinQ VLAN enterprise private
N VLAN, run the only be a smart contain two VLAN line scenario.
vlan attrib vlanid VLAN or MUX tags, that is, inner
q-in-q command. VLAN. The VLAN tag from
attribute of a sub the private network
VLAN, the and outer VLAN
VLAN with an L3 tag from the
interface, and the UA5000. Through
default VLAN of the outer VLAN,
the system cannot an L2 VPN tunnel
be set to QinQ can be set up to
VLAN. transparently
transmit the
services between
private networks.
VLA To configure The VLAN with The packets from a Applicable to the
N stacking as the this attribute can stacking VLAN 1:1 access scenario
Stacki attribute of a only be a smart contain two VLAN for the wholesale
ng VLAN, run the VLAN or MUX tags, that is, inner service or
vlan attrib vlanid VLAN. The VLAN tag and extension of
stacking attribute of a sub outer VLAN tag VLAN IDs.
command. VLAN, the from the UA5000. In the case of a
VLAN with an L3 The upper-layer stacking VLAN, to
interface, and the BRAS configure the inner
default VLAN of authenticates the tag of the service
the system cannot access users port, run the
be set to VLAN according to the stacking label
Stacking. two VLAN tags. In command.
this manner, the
number of access
users is increased.
On the upper-layer
network in the L2
working mode, a
packet can be
forwarded directly
by the outer VLAN
tag and MAC
address mode to
provide the
wholesale service
for ISPs.

NOTE
l To configure attributes for the VLANs with consecutive IDs in batches, run the vlan attribvlanidtoend-
vlanid command.
l To configure attributes for the VLANs with inconsecutive IDs in batches, run the vlan attribvlan-list
command.
Step 3 (Optional) Configure VLAN description.
To configure VLAN description, run the vlan desc command. You can configure VLAN
description to facilitate maintenance. The general VLAN description includes the usage and
service information of the VLAN.
----End
Example
Assume that a stacking VLAN with ID of 50 is to be configured for extension of the VLAN. A
service port is added to VLAN 50. The outer VLAN tag 50 of the stacking VLAN identifies the
access device and the inner VLAN tag 10 identifies the user with access to the device. For the
VLAN, description needs to be configured for easy maintenance. To configure such a VLAN,
do as follows:
huawei(config)#vlan attrib 50 stacking
huawei(config)#service-port vlan 50 adsl 0/7/0 vpi 0 vci 39 rx-cttr 2 tx-cttr 2
huawei(config)#stacking label vlan 50 baselabel 10
huawei(config)#vlan desc 50 description stackingvlan/label10
1.11 Configuring an xDSL Profile

Configuring an xDSL profile is a prerequisite for configuring an xDSL access service. This topic
describes how to configure ADSL2+ profiles, SHDSL profiles, and VDSL2 profiles.
1.11.1 Configuring ADSL2+ Profiles

This topic describes how to configure the ADSL2+ line profile, extended line profile, and alarm
profile.
Context
l The port can be bound with the ADSL2+ line profile only when it is in the deactivated state.
l ADSL2+ line profile and alarm profile can be bound directly.
Table 1-7 lists the default settings of the ADSL2+ profile.

Table 1-7 Default settings of the ADSL2+ profile

Parameter Default Setting
ADSL2+ line profile Profile ID: 1, 1000, 1001, and 1002

Profile 1 is used for activating the ADSL port
that works in common mode. Profile 1000 is used
for activating the ADSL port that works in fast
mode. Profile 1001 is used for activating the
ADSL port that works in long-distance mode.
Profile 1002 is used for activating the ADSL2+
port.
ADSL2+ alarm profile Profile ID: 1

The profile name is DEFVAL.
l Most of the parameters for an ADSL2+ port can be configured in an ADSL2+ line profile.
After the line profile is configured successfully, it can be used when the ports are activated.
Precautions
The ADSL2+ line profile of the UA5000 supports only the downstream seamless rate adaptation
(SRA).
Procedure
l Configure the ADSL2+ line profile.
Run the adsl line-profile quickadd command to quickly add an ADSL2+ line profile, or
run the interactive adsl line-profile add command to add an ADSL2+ line profile.
Main parameters:
– basic-para: Indicates the basic configuration parameters, such as line transmission
mode. By default, the system supports all the transmission modes. The user can adopt
the default value for auto-adaptation.
– rate: Indicates the line rate. During line activation, a proper rate between the preset
maximum rate and minimum rate is determined through automatic negotiation
according to the line condition and the profile configuration. The user rate can be
restricted by this line rate or the rate set in the traffic profile bound to the user. When
both rates function, the lower one is adopted as the user rate.
– snr: Indicates the SNR margin, which refers to the idle space for carrying noise,
excluding the space for carrying signals. Generally, the SNR margin of the minimum
tone is considered as the SNR margin of the entire ADSL connection.
l (Optional) Configure the ADSL2+ extended line profile.
Run the adsl extline-profile quickadd command to quickly add an ADSL2+ extended line
profile, or run the interactive adsl extline-profile add command to add an ADSL2+
extended line profile.
Main parameters:
– inp: Indicates impulse noise protection. As a parameter that describes the line capability
of resisting impulse interference, INP affects the port rate. If INP is 1, it indicates that

the current channel can resist the impulse noise in 1 DMT character length. The
interleave delay is related to INP. In the fast mode, INP does not apply.
– mode: The line profile also contains the parameter of transmission mode. When both
the extended line profile and the line profile are configured on the port and the
transmission mode is specified in the extended line profile, the port is activated using
the transmission mode specified in the extended line profile.
If the transmission mode and Annex type are specified in the extended line profile, the
transmission mode configured in the line profile does not take effect. The transmission
mode in the extended line profile works. Table 1-8 lists the mapping between the
transmission mode and the Annex type.
Table 1-8 Mapping between the transmission mode and the Annex type
Annex Mode Annex.A Annex.B Annex.L Annex.M
G992.1 Supported Supported - -
G992.2 Supported - - -
G992.3 Supported Supported Supported Supported
G992.5 Supported Supported - Supported
T1.413 - - - -
l Configure the ADSL2+ alarm profile.

Run the adsl alarm-profile quickadd command to quickly add an ADSL2+ alarm profile,
or run the interactive adsl alarm-profile add command to add an ADSL2+ alarm profile.
Main parameters:
Alarm parameters include the ADSL transceiver unit - central office end (ATU-C) and the
ADSL transceiver unit - remote end (ATU-R). The followings parameters are particular to
the ATU-C:
– The number of loss of link seconds

– The number of failed fast retrains seconds
– The status of alarm report at data initialization failure (DIF)
----End
Example
Assume that the channel mode of an ADSL2+ line profile is interleaved, the adaptation mode
for the downstream transmission rate is fixed, the maximum downstream delay is 100 ms, the
maximum upstream delay is 100 ms, the minimum downstream transmission rate is 2048 kbit/
s, the maximum downstream transmission rate is 2048 kbit/s, the minimum upstream
transmission rate is 1000 kbit/s, and the maximum upstream transmission rate is 1100 kbit/s. To
configure such an ADSL2+ line profile, do as follows:
huawei(config)#adsl line-profile quickadd basic-para full-rate trellis 1 bitswap
1 1 channel interleaved 100 100 adapt fixed snr 5 4 9 5 4 9 rate 2048 2048 1000
1100

To quickly add an ADSL2+ extended line profile, whose 34-456 sub-carriers are disabled, and
the L2 power management mode is configured, do as follows:
huawei(config)#adsl extline-profile quickadd missingtone section_1 34-456 1 inp
minimum-inp-downstream 1 minimum-inp-upstream 1 l2 0 minimum-rate 256 maximum-rate
512
Assume that the ID of the profile is 4, all the thresholds on the local/remote end are set to 100s,
and the difference between the transmission rate in the channel mode and the former transmission
rate is 1000 kbit/s. To quickly configure such an ADSL2+ alarm profile, do as follows:
huawei(config)#adsl alarm-profile quickadd 4 atu-c trap enable 100 100 100 100 100
100 100 100 interleaved 1000 1000 fast 1000 1000 atu-r 100 100 100 100 100 100
interleaved 1000 1000 fast 1000 1000
1.11.2 Configuring SHDSL Profiles

This topic describes how to configure the SHDSL line profile and alarm profile.
Context
The SHDSL line profile and alarm profile can be directly bound to an SHDSL port.
Table 1-9 lists the default SHDSL profiles.
Table 1-9 Default SHDSL profiles
SHDSL line profile Profile IDs: 1, 100, 101, 102, and 103
Profile 1 is used to activate the 2-wire ATM SHDSL
port. Profile 100 is used to activate the 4-wire ATM
SHDSL port. Profile 101 is used to activate the 6-
wire ATM SHDSL port. Profile 102 is used to
activate the 8-wire ATM SHDSL port. Profile 103
is used to activate the EFM-bonding SHDSL port.
SHDSL alarm profile Profile ID: 1
Procedure
l Configure an SHDSL line profile.
Run the shdsl line-profile quickadd command to quickly add an SHDSL line profile, or
run the shdsl line-profile add command to interactively add an SHDSL line profile.
Main parameters:
restricted by this rate or the rate set in the traffic profile that is bound to the user. When
both rates function, the lower rate is selected as the user rate.

– transmission: Indicates the transmission mode. Set the transmission mode according
to line conditions and actual planning. Three transmission modes are supported: annex
A, annex B, and annex A&B.
– snr-margin: The larger the SNR margin, the better the line stability, and meanwhile
the lower the physical connection rate of the line after activation. For common Internet
access users, set the target SNR margin to 3; for users with higher priorities, set the
target SNR margin to 5.
NOTE
When the board supports G.SHDSL.bis (including the extended standard annex F), the maximum rate can
reach 5696 kbit/s.
l Configure an SHDSL alarm profile.
Run the shdsl alarm-profile quickadd command to quickly add an SHDSL alarm profile,
or run the shdsl line-profile add command to interactively add an SHDSL alarm profile.
----End
Example
To add SHDSL line profile 3 with the line rate of 4096 kbit/s, which is used to activate the 4-
wire SHDSL port, do as follows:
huawei(config)#shdsl line-profile quickadd 3 line four-wire rate 4096 psd
asymmetric transmission annex-a&b remote enable probe enable
Assume that the loop attenuation threshold is 10 dB, SNR margin is 0 dB, ES threshold is 100s,
SES threshold is 100s, CRC abnormality duration threshold is 10000, LOSWS threshold is 100s,
UAS threshold is 100s. To quickly add SHDSL line alarm profile 3 with these parameters, do
as follows:
huawei(config)#shdsl alarm-profile quickadd 3 loop-attenuation 10 snr-margin 0 es
100 ses 100 crc-anomaly 10000 losws 100 uas 100
1.11.3 Configuring VDSL2 Profiles

This topic describes how to configure the VDSL2 line template and alarm template.
Context
A VDSL2 line template consists of a VDSL2 line profile and a VDSL2 channel profile. Before
activating a VDSL2 port, bind a VDSL2 line template to the port. A VDSL2 alarm template
consists of a VDSL2 line alarm profile and a VDSL2 channel alarm profile. Bind a VDSL2
alarm template rather than a VDSL2 line alarm profile or a VDSL2 channel alarm profile to a
VDSL2 port. Figure 1-6 provides the configuration flow of a VDSL2 profile.

Figure 1-6 Flowchart for configuring a VDSL2 profile
Flowchart for configuring Flowchart for configuring

a line template an alarm template
Start Start
Configure the VDSL2

Configure the VDSL2 line profile
alarm profile
Configure the VDSL2 Configure the VDSL2

channel profile channel alarm profile
Configure the VDSL2 line Configure the VDSL2

template alarm template
End End
Procedure
l Configure a VDSL2 line template.
1. Run the vdsl line-profile quickadd command to quickly add a VDSL2 line profile,
or run the vdsl line-profile add command to interactively add a VDSL2 line profile.
Main parameters:
– transmode: Indicates the line transmission mode. By default, the system supports
all transmission modes. The default setting can be used. Then, the system
automatically adapts to the transmission mode of the peer end.
– snr: Indicates the SNR margin. It refers to the remaining space for carrying noise,
excluding the space for carrying signals. In general, the SNR margin of the
minimum tone is used as the SNR margin of the entire VDSL2 connection.
2. Run the vdsl channel-profile quickadd command to quickly add a VDSL2 channel
profile, or run the vdsl channel-profile add command to interactively add a VDSL2
channel profile.
Main parameters:
– path-mode: Indicates the path mode. There are two VDSL2 path modes: ATM
mode and PTM mode. By default, the system supports both modes. If the default
mode is used, the system can automatically adapt to the path mode of the peer end
and therefore the setting of the path mode is not required in this case. To set the
ATM mode as the VDSL2 path mode, select atm. To set the PTM mode as the

VDSL2 path mode, select ptm. The default setting both is recommended. When
both is selected, both modes are supported.
– interleaved-delay: Indicates the interleave delay. A zero interleave delay
corresponds to the fast mode. In the fast mode, the interleave delay is short, but
the error correction capability is weak. A non-zero interleave delay corresponds
to the interleave mode. The longer the interleave delay, the greater the interleave
depth. In the interleave mode, the greater the interleave depth, the stronger the error
correction capability, but the longer the delay.
– inp: Indicates the impulse noise protection. The INP is a parameter that describes
the line capability of resisting impulse interference. The INP affects the port rate.
If the INP is 1, it indicates that the current channel can resist the impulse noise in
1 DMT character length. The interleave delay is related to the INP. In the fast
mode, the INP is meaningless.
restricted by this rate or the rate set in the traffic profile bound to the user. When
both rates function, the lower rate is selected as the user rate.
3. Run the vdsl line-template quickadd command to quickly add a VDSL2 line
template, or run the vdsl line-template add command to interactively add a VDSL2
line template.
A VDSL2 line template consists of a VDSL2 line profile and a VDSL2 channel profile.
To activate a VDSL2 port, bind a VDSL2 line template to the port.
l Configure a VDSL2 alarm template.
1. Run the vdsl alarm-profile quickadd command to quickly add a VDSL2 line alarm
profile, or run the vdsl alarm-profile add command to interactively add a VDSL2
line alarm profile.
2. Run the vdsl channel-alarm-profile quickadd command to quickly add a VDSL2
channel alarm profile, or run the vdsl channel-alarm-profile add command to
interactively add a VDSL2 channel alarm profile.
3. Run the vdsl alarm-template quickadd command to quickly add a VDSL2 alarm
template, or run the vdsl alarm-template add command to interactively add a VDSL2
alarm template.
A VDSL2 alarm template consists of a VDSL2 line alarm profile and a VDSL2
channel alarm profile. Bind a VDSL2 alarm template rather than a VDSL2 line alarm
profile or a VDSL2 channel alarm profile to a VDSL port.
----End
Example
Assume that:
l Channel mode: interleave mode
l Downstream maximum interleave delay: 8 ms
l Upstream maximum interleave delay: 2 ms
l SNR margin: 6 dB

l Downstream minimum INP: 4

l Upstream minimum INP: 2
To add VDSL2 profile 3 with these parameters, do as follows:

huawei(config)#vdsl line-profile quickadd 3 snr 60 0 300 60 0 300
huawei(config)#vdsl channel-profile quickadd 3 interleaved-delay 8 2 inp 4 2 rate
128 10000 128 10000
huawei(config)#vdsl line-template quickadd 3 line 3 channel1 3 100 100
1.12 Configuring System Security

This topic describes how to configure the network security and protection measures of the system
to protect the system from malicious attacks.
Context
With the system security feature, the UA5000 can be protected against the attacks from the
network side or user side, and thus the UA5000 can run stably on the network. System security
includes the following items:
l ACL/Packet filtering firewall
l Blacklist
l Anti-DoS attack
l Anti-ICMP/IP attack
l Source route filtering
l Source MAC address filtering
l Allowed/Denied address segment
Table 1-10 lists the default settings of system security.
Table 1-10 Default settings of system security
Firewall blacklist Disabled
Anti-DoS attack Disabled
Anti-ICMP attack Disabled
Anti-IP attack Disabled
Source route filtering Disabled
1.12.1 Configuring Firewall

Configuring system firewall can control the packets that go through the management port of the
device so that unauthorized operators cannot access the system through the inband or outband
channel.

Context
Firewall includes the following items:
l Blacklist: The blacklist function can be used to screen the packets sent from a specific IP
address. A major feature of the blacklist function is that blacklist entries can be dynamically
added or deleted. When firewall detects the attack attempt of a specific IP address according
to the characteristics of packets, firewall actively adds an entry to the blacklist and then
filters the packets from this IP address.
l ACL packet filtering firewall: Configure an ACL to filter data packets. To set a port to
allow only one type of packets to go through, use the ACL to implement the packet filtering
function.
For example, to allow only the packets from source IP address 1.1.1.1 to go through a port
in the inbound direction, do as follows:
1. Configure an ACL rule1, which allows the packets with source IP address 1.1.1.1 to
pass.
2. Configure an ACL rule2, which denies all packets.
3. Run the firewall packet-filter command, and bind rule2 first and then rule1 to the
inbound direction.
NOTE
On the UA5000, an ACL can be used in two modes. In two modes, the execution priorities on the
sub-rules in one ACL are different.
l Run the firewall packet-filter command to use an ACL. This mode is applied to the NMS. For
the sub-rules in one ACL, the execution priority is implemented by software. The earlier the
execution priority of the sub-rules in one ACL is configured, the higher the priority.
l Run the packet-filter command to use an ACL. For the sub-rules in one ACL, the execution
priority is implemented by hardware. The later the execution priority of the sub-rules in one
ACL is configured, the higher the priority.
NOTICE
To ensure device security, firewall must be configured. This is to control the packets that go
through the management port of the device.
Procedure
l Configure firewall blacklist.
Two modes are supported: configuring firewall blacklist by using ACLs or by adding the
source IP addresses of untrusted packets. Choose either mode, or both.
When two modes are configured, the priority of the firewall blacklist function is higher
than the priority of ACLs. That is, the system checks the firewall blacklist first, and then
matches ACLs.
NOTE
The firewall blacklist function only takes effect to the service packets that are sent from the user side.
– Configure the firewall blacklist function by using advanced ACLs.

1. Run the acl command to create an ACL. Only advanced ACLs can be used when
the blacklist function is enabled. Therefore, the range of the ACL ID is
3000-3999.
2. Run the rule(adv acl) command to create an advanced ACL.
3. Run the quit command to return to the global config mode.
4. Run the firewall blacklist enable acl-number acl-number command to enable
the firewall blacklist function.
– Configure the firewall blacklist function by adding the source IP addresses of untrusted
packets.
1. Run the firewall blacklist item command to add the source IP addresses of
untrusted packets to the blacklist.
2. Run the firewall blacklist enable command to enable the firewall blacklist
function.
l Configure the firewall (filtering packets based on the ACL).
1. Run the acl command to create an ACL. Only basic ACLs and advanced ACLs can
be used when packet filtering by firewall is configured. Therefore, the range of the
ACL ID is 2000-3999.
2. Run different commands to create different types of ACLs.
– Basic ACL: Run the rule(basic acl) command.
– Advanced ACL: Run the rule(adv acl) command.
4. Run the firewall enable command to enable the firewall blacklist function. By default,
the firewall blacklist function is disabled.
To filter the packets of a port based on the basic ACL, enable the firewall blacklist
function.
5. Run the interface meth command to enter the METH mode to configure the firewall
packet filtering rules for an METH interface; run the interface vlanif command to
enter the VLANIF mode to configure the firewall packet filtering rules for a VLAN
interface.
6. Run the firewall packet-filter command to apply firewall packet filtering rules to an
interface.
----End
Example
To add IP address 192.168.10.18 to the firewall blacklist with the aging time of 100 min, do as
follows:
huawei(config)#firewall blacklist item 192.168.10.18 timeout 100
huawei(config)#firewall blacklist enable
To add the IP addresses in network segment 10.10.10.0 to the firewall blacklist and bind ACL
3000 to these IP addresses, do as follows:
huawei(config-acl-adv-3000)#rule deny ip source 10.10.10.0 0.0.0.255 destination
10.10.10.20 0
huawei(config)#firewall blacklist enable acl-number 3000

To deny the users in network segment 172.16.25.0 to access the maintenance Ethernet port with
IP address 172.16.25.28 on the device, do as follows:
huawei(config-acl-adv-3001)#rule 5 deny icmp source 172.16.25.0 0.0.0.255
destination 172.16.25.28 0
huawei(config)#firewall enable
huawei(config)#interface meth 0
huawei(config-if-meth0)#firewall packet-filter 3001 inbound
ACL applied successfully
1.12.2 Configuring Anti-Malicious Attacks to the System

Enabling anti-DoS attack and anti-ICMP/IP attack and configuring the MAC address filtering
function can prevent malicious users attack on the system to improve system security.
Context
The UA5000 supports the following measures to prevent malicious users attack on the system.
Choose measures according to actual requirements.
l Anti-DoS attack: Indicates the defensive measures taken by the system to receive only a
certain number of control packets sent from a user.
l Anti-ICMP attack: Indicates the defensive measures taken by the system to discard the
ICMP packets sent from the user-side device to the UA5000. This is to prevent the user-
side device from pinging the L3 interface on the UA5000.
l Anti-IP attack: Indicates the defensive measures taken by the system to discard the IP
packets sent from the user-side device to the UA5000.
l Source MAC address filtering: Indicates the defensive measures taken by the system to
filter the packets that are sent by the user and carry certain source MAC addresses.
Procedure
l Configure anti-DoS attack.
Run the security anti-dos enable command to enable anti-DoS attack. After the anti-DoS
attack function is enabled, the system adds the user port to the blacklist if the system receives
the attack packet. When anti-DoS attack is disabled, the system deletes the blacklist.
Application scenario: Two PCs (PC1 and PC2) are connected to the network through the
UA5000. If a malicious user (PC1) sends a large number of protocol control packets to
attack the CPU of the UA5000, the CPU usage of the UA5000 will be over high, and then
the UA5000 is unable to process the services of another user (PC2). To implement anti-
DoS attack, shield the attack port to protect the UA5000 from being attacked.
l Configure anti-ICMP attack.
Run the security anti-icmpattack enable command to enable anti-ICMP attack. Anti-
ICMP attack is used to prevent the user-side device from pinging the VLAN interface of
the UA5000.
Application scenario: Two PCs (PC1 and PC2) are connected to the network through the
UA5000. When PC2 sends a large number of ICMP packets to the VLAN interface, the
services of the user (PC1) that obtains the upper-layer DHCP information through the same
VLAN interface will be abnormal. To implement anti-ICMP attack, directly discard the

user-side ICMP packets if the IP address of the VLAN interface on the UA5000 is its
destination IP address.
l Enable anti-IP attack.
Run the security anti-ipattack enable command to enable anti-IP attack. The anti-IP attack
is used to prevent user-side IP packets from attacking the L3 interface of the device or to
prevent illegal users from logging in to the device through telnet.
Application scenario: When a PC sends the packets with the address of VLAN x as the
destination IP address to VLANIF x, it may send a large number of packets to attack the
device, causing the device to fail to process normal services; when a user knows the address
of VLAN x, and the user name and password for logging in to the device, it may log in to
the device through telnet to randomly change the configurations of the device. To prevent
the two preceding cases, the device needs to implement anti-IP attack. With this feature,
the device discards the packets with the address of the device interface as the destination
IP address to prevent the user from attacking the device.
l Configure the MAC address filtering function.
Run the security mac-filter command to enable the MAC address filtering function.
Application scenario: To prevent users from forging the MAC address of the network-side
device, or forging certain renowned MAC addresses, set the MAC address of the network-
side as the MAC address to be filtered.
----End
Example
To enable the anti-DoS attack function and anti-IP attack function, do as follows:
huawei(config)#security anti-dos enable
huawei(config)#security anti-ipattack enable
1.12.3 Preventing the Access of Illegal Users

Only the users of the permitted IP address segment can access the device, and the users of the
denied IP address segment cannot access the device. This prevents the users of illegal IP address
segments from logging in to the system, thus safeguarding the system.
Context
Each firewall can be configured with up to 10 address segments.
When adding an address segment, ensure that the start address does not repeat an existing start
address.
To delete an address segment, you only need to enter the start address of the address segment.
Procedure
l Configure the permitted/denied IP address segment for the access through Telnet.
1. Run the sysman firewall telnet enable command to enable the firewall function for
the access through Telnet. By default, the firewall function of the system is disabled.
2. Run the sysman ip-access telnet command to configure the IP address segment that
is permitted to access the device through Telnet.

NOTICE
To ensure the device security, apply the minimum authorization principles. That is,
configure the permitted IP address segment, and add only the necessary management
IP address segment. IP addresses other than have been specified are not permitted to
access the device through the management port.
3. Run the sysman ip-refuse telnet command to configure the IP address segment that
is forbidden to access the device through Telnet.
NOTE
The permitted IP address segment and the denied IP address segment are not overlap and only the
user whose IP address is in the permitted address segment and is not in the denied address segment
can access the device.
l Configure the permitted/denied IP address segment for the access through SSH.
1. Run the sysman firewall ssh enable command to enable the firewall function for the
access through SSH. By default, the firewall function of the system is disabled.
2. Run the sysman ip-access ssh command to configure the IP address segment that is
permitted to access the device through SSH.
NOTICE
3. Run the sysman ip-refuse ssh command to configure the IP address segment that is
forbidden to access the device through SSH.
NOTE
l Configure the permitted/denied IP address segment for the access through SNMP (NMS).
1. Run the sysman firewall snmp enable command to enable the firewall function for
the access through SNMP. By default, the firewall function of the system is disabled.
2. Run the sysman ip-access snmp command to configure the IP address segment that
is permitted to access the device through SNMP.

NOTICE
3. Run the sysman ip-refuse snmp command to configure the IP address segment that
is forbidden to access the device through SNMP.
NOTE
----End
Example
To enable the firewall function for the access through Telnet, and permit only the users of the
IP address segment 134.140.5.1-134.140.5.254 to log in to the device through Telnet, do as
follows:
huawei(config)#sysman firewall telnet enable
huawei(config)#sysman ip-access telnet 134.140.5.1 134.140.5.254
To enable the firewall function for the access through SSH, and permit only the users of the IP
address segment 133.7.22.1-133.7.22.254 to log in to the device through SSH, do as follows:
huawei(config)#sysman firewall ssh enable
huawei(config)#sysman ip-access ssh 133.7.22.1 133.7.22.254
To enable the firewall function for the access through SNMP, and permit only the users of the
IP address segment 10.10.20.1-10.10.20.254 to log in to the device through SNMP, do as follows:
huawei(config)#sysman firewall snmp enable
huawei(config)#sysman ip-refuse snmp 10.10.20.1 10.10.20.254
1.13 Configuring the User Security

Configuring the security mechanism can protect operation users and access users against user
account theft and roaming or from the attacks from malicious users.
Context
The user security mechanism includes:
l PITP: The purpose of the PITP feature is to provide the user physical location information
for the upper-layer authentication server. After the BRAS obtains the user physical location
information, the BRAS binds the information to the user account for authentication, thus
protecting the user account against theft and roaming.
l DHCP option 82: The user physical location information is added to the option 82 field in
the DHCP request sent by the user. The information is used by the upper-layer

authentication server for authenticating the user, thus protecting the user account against
theft and roaming.
l IP address binding: The IP address of the user is bound to the corresponding service port
for authenticating the user, thus ensuring the security of the authentication.
l MAC address binding: The MAC address is bound to the service port, thus preventing the
access of illegal users.
l Anti-MAC spoofing: It is a countermeasure taken by the system to prevent a user from
attacking the system with a forged MAC address.
l Anti-IP spoofing: It is a countermeasure taken by the system to prevent a user from attacking
the system with a forged IP address.
l User-side ring network detection.
Table 1-11 lists the default settings of the user security mechanism.
Table 1-11 Default settings of the user security mechanism
PITP Global function: disabled The PITP function can be enabled

Port-level function: enabled only when the functions at all
levels are enabled.
DHCP option Global function: disabled The DHCP option 82 function can
82 Port-level function: enabled be enabled only when the functions
at all levels are enabled.
Anti-IP Global function: disabled The anti-IP spoofing function can

spoofing be enabled only when this function
is enabled.
Anti-MAC Global function: disabled The anti-MAC spoofing function

spoofing can be enabled only when this
function is enabled.
User-side ring disabled -

network
detection
1.13.1 Configuring Anti-Theft and Roaming of User Account

Through PITP
Policy Information Transfer Protocol (PITP) is used for the user PPPoE dialup access. It is a
protocol defined for transferring policy information between the access device and the BRAS
through L2 P2P communication. PITP can be used for transferring the user physical port
information and protecting the user account against theft and roaming.
Application Context
PITP is a member of Huawei Group Management Protocol (HGMP) family. It is used for
providing the user port information for the BRAS. After the BRAS obtains the user port

information, the BRAS binds the user account to the user port, thus protecting the user account
against theft and roaming. PITP has two modes, the PPPoE+ mode (also called the PITP P mode)
and the VBAS mode (also called the PITP V mode).
PITP is applicable to the networking of a standalone UA5000 and the networking of subtended
UA5000s.
l In the networking of a standalone UA5000: Two PCs (PC1 and PC2) are connected to
different ports of the UA5000 for the dialup access.
l In the networking of subtended UA5000s: Two PCs (PC1 and PC2) are connected to
different UA5000s (PC1 is connected to the UA5000, and PC2 is connected to the
UA5000 through a subtended device) for the dialup access.
The principles in the two scenarios are similar. The user dials up from PC1 by using the
corresponding user account. The BRAS binds the user account to the user's physical port
information reported by the UA5000. When the user of PC2 dials up by using the user account
of PC1, the BRAS discovers that the user account does not match the physical port information
and thus rejects the dialup access request of PC2.
Table 1-12 lists the default settings related to PITP.
Table 1-12 Default settings related to PITP
PITP function Global function: disabled
User-side PPPoE packet carrying the Disabled

vendor tag information
Procedure
Step 1 Configure the relay agent information option (RAIO). Before using the PITP function, you must
configure RAIO.
l Run the raio-mode mode pitp-pmode command to configure the RAIO mode in the PITP
P mode.
l Run the raio-mode mode pitp-vmode command to configure the RAIO mode in the PITP
V mode.
The PITP P mode supports all the RAIO modes; the PITP V mode currently supports only the
common, cntel, and userdefine modes.
user-defined: Indicates the user-defined mode. In this mode, you need to run the raio-format
command to configure the RAIO format. Select a corresponding keyword for configuring the
RAIO format according to the PITP mode.
l In the PITP P mode, run the raio-format pitp-pmode command to configure the RAIO
format.

l In the PITP V mode, run the raio-format pitp-vmode command to configure the RAIO
format.
In the case of the user-defined RAIO format, configure the circuit ID (CID) and the remote ID
(RID). If the access mode is not selected, the configured format applies to all access modes. If
the access mode is selected, the configured format applies to only this access mode. The CID
format and RID format in the PITP V mode are the same:
l CID: Identifies the attribute information about the device.

l RID: Identifies the access information about the user.
Step 2 Configure the PITP function.
Global PITP function: Run the pitp enable pmode command to enable global PITP P mode. By
default, the global PITP function is disabled. In the PITP V mode, run the pitp vmode ether-
type command to configure the Ethernet protocol type to be the same as the Ethernet protocol
type of the BRAS. Then, run the pitp enable vmode command to enable global PITP V mode.
NOTE
The Ethernet protocol type of the PITP V mode must be configured when the PITP V mode is disabled.
----End
Example
Assume that:
l RAIO mode: user-defined mode
l CID format for the ATM access mode: shelf ID/slot ID/port ID: VPI.VCI
l CID format for the Ethernet access mode: shelf ID/slot ID/port ID: VLAN ID
To enable the PITP P mode, do as follows:
huawei(config)#raio-mode user-defined pitp-pmode
huawei(config)#raio-format pitp-pmode cid atm anid atm frame/slot/port:vpi.vci
huawei(config)#raio-format pitp-pmode cid eth anid eth frame/slot/port:vlanid
huawei(config)#raio-format pitp-pmode rid atm plabel
huawei(config)#raio-format pitp-pmode rid eth plabel
huawei(config)#pitp enable pmode
Assume that:
l CID/RID format for the ATM access mode: shelf ID/slot ID/port ID: VPI.VCI
l CID/RID format for the Ethernet access mode: shelf ID/slot ID/port ID: VLAN ID
To set the Ethernet protocol type of VBRAS packets to be the same as the Ethernet protocol
type of the upper-layer BRAS, namely, 0x8500, and enable the PITP V mode, do as follows:
huawei(config)#raio-mode user-defined pitp-vmode
huawei(config)#raio-format pitp-vmode atm anid atm frame/slot/port:vpi.vci
huawei(config)#raio-format pitp-vmode eth anid eth frame/slot/port:vlanid
huawei(config)#pitp vmode ether-type 0x8500
huawei(config)#pitp enable vmode

1.13.2 Configuring Anti-Theft and Roaming of User Account

Through DHCP
DHCP improves the user authentication security by adding the user physical location information
to the option 82 field of the DHCP request packets initiated by the user to prevent theft and
roaming of the user account.
Context
The option 82 field contains the circuit ID (CID), remote ID (RID), and sub-option 90 field
(optional), which provides the information such as the user shelf ID, slot ID, port ID, VPI, and
VCI.
The UA5000 can work in the L2 DHCP forwarding mode or L3 DHCP forwarding mode. In
either mode, anti-theft and roaming of user accounts through DHCP option 82 can be configured,
and the configurations are the same.
Table 1-13 lists the default settings related to DHCP option 82.
Table 1-13 Default settings related to DHCP option 82
Status of the DHCP option 82 function Global status: disabled
Procedure
Step 1 Configure the RAIO. The RAIO is the short form for relay agent information option. Before
using the DHCP function, you must configure the RAIO.
Run the raio-mode command to set the RAIO mode.
l Select dhcp-option 82 as the corresponding mode.

l In the user-defined mode, you need to run the raio-format command to configure the RAIO
format, and select dhcp-option 82 as the corresponding mode. To configure the user-defined
format, mainly configure the RID in the CID. If the access mode is not selected, the
configured format is valid to all access modes. If the access mode is selected, the configured
format is valid to only this access mode. For details about the RAIO format, see the raio-
format command.
– CID identifies the attribute information of the device.
– RID identifies the access information of the user.
Step 2 Enable the DHCP option 82 function.
Run the dhcp option82 enable command to configure the DHCP option 82 function. By default,
the DHCP option 82 function is disabled globally.
----End

Example
Assume that:
l CID format for the ETH access mode: shelf ID/slot ID/sub slot ID/port ID: vlanid
l RID format for all access modes: label of the service port
To enable the DHCP option 82 function, do as follows:

huawei(config)#raio-mode user-defined dhcp-option82
huawei(config)#raio-format dhcp-option82 cid eth anid eth frame/slot/subslot/
port:vlanid
huawei(config)#raio-format dhcp-option82 rid eth splabel
huawei(config)#dhcp option82 enable
1.13.3 Configuring Anti-Malicious Attacks to Users

This topic describes how to configure anti-IP spoofing and anti-MAC spoofing to prevent
malicious users from attacking legal users by forging the IP address and MAC address of the
legal users.
Context
Anti-IP spoofing is to dynamically trigger the IP address binding, thus preventing illegal users
from stealing the IP address of legal users. When anti-IP spoofing is enabled, a user port is bound
to an IP address after the user goes online. Then, the user cannot go online through this port by
using other IP addresses, and any user cannot go online through other ports by using this IP
address.
The major function of anti-MAC spoofing is to prevent illegal users from forging the MAC
address of legal users. The purpose is to ensure that the service of legal users is not affected.
Anti-MAC spoofing is applied to PPPoE and DHCP access users.
IP address binding refers to binding an IP address to a service port. After the binding, the service
port permits only the packet whose source IP address is the bound address to go upstream, and
discards the packets that carry other source IP addresses.
MAC address binding refers to binding a MAC address to a service port. After the binding, only
the user whose MAC address is the bound MAC address can access the network through the
service port.
Procedure
l Configure anti-IP spoofing.
Run the security anti-ipspoofing command to configure the anti-IP spoofing function. By
default, the anti-IP spoofing function is disabled.
NOTE
When anti-IP spoofing is enabled after a user is already online, the IP address of this user is not bound by
the system. As a result, the service of this user is interrupted, this user goes offline, and the user needs to
go online again. Only the user who goes online after anti-IP spoofing is enabled can have the IP address
bound.
l Configure anti-MAC spoofing.

NOTICE
To ensure device security, it is recommended that you enable this function.
– Run the security anti-macspoofing command to configure the global function. By

default, the global function is disabled.
NOTE
When anti-MAC spoofing is enabled after a user is already online, the MAC address of this user is not
bound by the system. As a result, the service of this user is interrupted, this user goes offline, and the user
needs to go online again. Only the user who goes online after anti-MAC spoofing is enabled can have the
MAC address bound.
l Bind an IP address.
Run the bind ip command to bind an IP address to a service port.
To permit only the users of certain IP addresses to access the system so that illegal users
cannot access the system by using the IP addresses of legal users, configure the IP address
binding.
l Bind a MAC address.
Run the mac-address static command to bind a static MAC address.
----End
Example
To enable anti-IP spoofing of the traffic stream, do as follows:
huawei(config)#security anti-ipspoofing enable
To bind IP address 10.10.10.2 to the ADSL2+ service port whose physical port is 0/10/0, VPI/
VCI is 0/35, and user-side VLAN is 100, do as follows:
huawei(config)#bind ip adsl 0/10/0 vpi 0 vci 35 user-vlan 100 10.10.10.2
To bind static MAC address 1010-1010-1010 to the ADSL2+ service port whose physical port
is 0/10/0, VPI/VCI is 0/35, and user-side VLAN is 100, and set the maximum number of
learnable dynamic MAC addresses to 10, do as follows:
huawei(config)#mac-address static adsl 0/10/0 vpi 0 vci 35 1010-1010-1010
huawei(config)#mac-address max-mac-count adsl 0/10/0 vpi 0 vci 35 user-vlan 100 10
1.13.4 Configuring the Ring Network Detection on the User Side

This topic describes how to enable the ring network detection on the user side to prevent the
services from being affected by the ring network.
Context
l By default, the ring network detection on the user side is disabled.
l After the ring network detection on the user side is enabled, the system automatically detects
the ring network on the user side.
l After the ring network detection function is enabled, the UA5000 regularly sends private
BPDU packets to user ports. Currently, the system supports 8 kbit/s traffic. When

performing the ring network detection, the system checks 300 streams per second. If there
are many available streams in the system and more than 15 streams send the packets within
one second, the system terminates the ring network detection. In other words, if a ring
network exists, at most 8000/300 seconds are required for the system to detect the ring
network.
NOTICE
To ensure the device security, it is recommended that you enable the ring network detection on
the user side.
Procedure
Step 1 Run the ring check enable command to enable the ring network detection on the user side.
Step 2 Run the display ring check command to query the status of the ring network detection on the
user side.
----End
Example
To enable the ring network detection on the user side, do as follows:
hauwei(config)#ring check enable
huawei(config)#display ring check
{ <cr>|result<K> }:
Command:
display ring check
Ring checking function is enabled
1.14 Configuring AAA

This topic describes how to configure the AAA on the UA5000, including configuring the
UA5000 as the local and remote AAA servers.
Context
AAA refers to authentication, authorization, and accounting. In the process that a user accesses
network resources, through AAA, certain rights are authorized to the user if the user passes
authentication, and the original data about the user accessing network resources is recorded.
l Authentication: Checks whether a user is allowed to access network resources.
l Authorization: Determines what network resources a user can access.
l Accounting: Records the original data about the user accessing network resources.

Application Context
AAA is generally applied to the users that access the Internet in the PPPoA, PPPoE, 802.1x,
VLAN, WLAN, ISDN, or Admin Telnet (associating the user name and the password with the
domain name) mode.
NOTE
In the existing network, 802.1x and Admin Telnet correspond to the local AAA, that is, the UA5000
functions as a local AAA server; PPPoE corresponds to the remote AAA, that is, the UA5000 functions as
the client of a remote AAA server.
Figure 1-7 shows the example network of the AAA application.
Figure 1-7 Example network of the AAA application
UA5000 RADIUS server

PC
The preceding figure shows that the AAA function can be implemented on the UA5000 in the
following ways:
l The UA5000 functions as a local AAA server. In this case, the local AAA needs to be
configured. The local AAA does not support accounting.
l The UA5000 functions as the client of a remote AAA server, and is connected to the
RADIUS server through the RADIUS protocol, thus implementing the AAA. The RADIUS
protocol, however, does not support authorization.
1.14.1 Configuring the Remote AAA (RADIUS Protocol)

The UA5000 is interconnected with the RADIUS server through the RADIUS protocol to
implement authentication.
Context
l What is RADIUS:
– RADIUS is short for the remote authentication dial-in user service. It is a distributed
information interaction protocol with the client/server structure. Generally, it is used to
manage a large number of distributed dial-in users.
– RADIUS implements the user authentication by managing a simple user database, and
adjusts the user service information according to the user service type and rights.
– The authentication request of users can be passed on to the RADIUS server through a
network access server (NAS).
l Principles of RADIUS:
– When a user tries to access another network (or some network resources) by setting up
a connection to the NAS through a network, the NAS forwards the user authentication

information to the RADIUS server. The RADIUS protocol specifies the means of
transmitting the user information between the NAS and the RADIUS server.
– The RADIUS server receives the connection requests of users sent from the NAS,
authenticates the user account and password contained in the user data, and returns the
required data to the NAS.
l Specification:
– For the UA5000, the RADIUS is configured based on each RADIUS server group.
– In actual networking, a RADIUS server group can be any of the following:
– An independent RADIUS server
– A pair of primary/secondary RADIUS servers with the same configuration but
different IP addresses
– The following lists the attributes of a RADIUS server template:
– IP addresses of primary and secondary servers
– Shared key
– RADIUS server type
l The configuration of the RADIUS protocol defines only the essential parameters for the
information exchange between the UA5000 and the RADIUS server. To make the essential
parameters take effect, the RADIUS server group needs to be referenced in a certain
domain.
Procedure
Step 1 Configure the AAA authentication scheme.
NOTE
l The authentication scheme specifies how all the users in an ISP domain are authenticated.
l The system supports up to 16 authentication schemes. The system has a default accounting scheme
named default. It can only be modified, but cannot be deleted.
1. Run the aaa command to enter the AAA mode.

2. Run the authentication-scheme command to add an authentication scheme.
3. Run the authentication-mode radius command to configure the authentication mode of
the authentication scheme.
4. Run the quit command to return from the AAA mode to the global config mode.
Step 2 Configure the RADIUS protocol.

1. Run the radius-server template command to create a RADIUS server template and enter
the RADIUS server template mode.
2. Run the radius-server authentication command to configure the IP address and the UDP
port ID of the RADIUS server for authentication.
NOTE
l To guarantee normal communication between the UA5000 and the RADIUS server, before configuring
the IP address and UDP port of the RADIUS server, make sure that the route between the RADIUS
server and the UA5000 is in the normal state.
l Make sure that the configuration of the RADIUS service port of the UA5000 is consistent with the
port configuration of the RADIUS server.

3. (Optional) Run the radius-server shared-key command to configure the shared key of the
RADIUS server.
NOTE
l The RADIUS client (UA5000) and the RADIUS server use the MD5 algorithm to encrypt the RADIUS
packets. They check the validity of the packets by setting the encryption key. They can receive the
packets from each other and can respond to each other only when their keys are the same.
l By default, the shared key of the RADIUS server is huawei.
4. (Optional) Run the radius-server timeout command to set the response timeout time of
the RADIUS server. By default, the timeout time is 5s.
The UA5000 sends the request packets to the RADIUS server. If the RADIUS server does
not respond within the response timeout time, the UA5000 re-transmits the request packets
to the RADIUS to ensure that users can obtain corresponding services from the RADIUS
server.
5. (Optional) Run the radius-server retransmit command to set the maximum re-transmit
times of the RADIUS request packets. By default, the maximum re-transmit times is 3.
When the re-transmit times of the RADIUS request packets to a RADIUS server exceeds
the maximum re-transmit times, the UA5000 considers that its communication with the
RADIUS server is interrupted, and thus transmits the RADIUS request packets to another
RADIUS server.
6. (Optional) Run the (undo)radius-server user-name domain-included command to
configure the user name (not) to carry the domain name when transmitted to the RADIUS
server. By default, the user name of the RADIUS server carries the domain name.
l An access user is named in the format of userid@domain-name, and the part followed
by "@" is the domain name. The UA5000 classifies a user into a domain according to
the domain name.
l If a RADIUS server group rejects the user name carrying the domain name, the RADIUS
server group cannot be set or used in two or more domains. Otherwise, when some
access users in different domains have the same user name, the RADIUS server
considers that these users are the same because the names transmitted to the server are
the same.
Step 3 Create a domain.

NOTE
l A domain is a group of users of the same type.

l When the user name is in the format of userid@domain-name (for example,
huawei20041028@huawei.net), "domain-name" followed by "@" is the domain name, and "userid" is the
user name used for authentication.
l The domain name for user login cannot exceed 15 characters, and the other domain names cannot exceed
20 characters.
1. Run the aaa to enter the AAA mode.

2. In the AAA mode, run the domain command to create a domain.
Step 4 Reference the authentication scheme.

NOTE
You can reference an authentication scheme in a domain only after the authentication scheme is created.

In the domain mode, run the authentication-scheme command to reference the authentication
scheme.
Step 5 Reference the RADIUS server template.
NOTE
You can reference a RADIUS server template in a domain only after the RADIUS server template is created.
1. In the domain mode, run the radius-server template-name command to reference the
RADIUS server template.
2. Run the quit command to return to the AAA mode.
----End
Example
User1 in the isp domain adopts the RADIUS protocol for authentication. RADIUS server
129.7.66.66 functions as the primary authentication server, and RADIUS server 129.7.66.67
functions as the secondary authentication server. On the RADIUS server, the authentication port
ID is 1812, and the other parameters adopt the default values. To perform the preceding
configuration, do as follows:
huawei(config)#aaa
huawei(config-aaa)#authentication-scheme newscheme
huawei(config-aaa-authen-newscheme)#authentication-mode radius
huawei(config-aaa-authen-newscheme)#quit
huawei(config-aaa)#quit
huawei(config)#radius-server template hwtest
huawei(config-radius-hwtest)#radius-server authentication 129.7.66.66 1812
huawei(config-radius-hwtest)#radius-server authentication 129.7.66.67 1812
secondary
huawei(config-radius-hwtest)#quit
huawei(config)#aaa
huawei(config-aaa)#domain isp
huawei(config-aaa-domain-isp)#authentication-scheme newscheme
huawei(config-aaa-domain-isp)#radius-server hwtest
huawei(config-aaa-domain-isp)#quit
1.14.2 Configuration Example of the RADIUS Authentication

The UA5000 is interconnected with the RADIUS server through the RADIUS protocol to
implement authentication.
Service Requirements
l The RADIUS server performs authentication for user1 in isp1.
l The RADIUS server with the IP address 129.7.66.66 functions as the primary server for
authentication.
l The RADIUS server with the IP address 129.7.66.67 functions as the secondary server for
authentication.
l The authentication port ID is 1812.
l Other parameters adopt the default settings.
Networking
Figure 1-8 shows the example network of the RADIUS authentication.

Figure 1-8 Example network of the RADIUS authentication

RADIUS server RADIUS server
(Master) (Backup)
129.7.66.66 129.7.66.67
user1@isp1
user2@isp2
UA5000
user3@isp3
Procedure
Step 1 Configure the authentication scheme.
Configure authentication scheme newscheme (users are authenticated through RADIUS).

huawei(config)#aaa
huawei(config-aaa)#authentication-scheme newscheme
huawei(config-aaa-authen-newscheme)#authentication-mode radius
huawei(config-aaa-authen-newscheme)#quit
huawei(config-aaa)#quit
Step 2 Configure the RADIUS protocol.
Create RADIUS server template template1. RADIUS server 129.7.66.66 functions as the
primary authentication server, and RADIUS server 129.7.66.67 functions as the secondary
authentication.
huawei(config)#radius-server template template1
Note: Create a new server template
huawei(config-radius-template1)#radius-server authentication 129.7.66.66 1812
huawei(config-radius-template1)#radius-server authentication 129.7.66.67 1812
secondary
huawei(config-radius-template1)#quit
Step 3 Create a domain.
Create domain isp1.

huawei(config)#aaa
huawei(config-aaa)#domain isp1
Info: Create a new domain
Step 4 Reference the authentication scheme.
You can reference an authentication scheme in a domain only after the authentication scheme
is created.

huawei(config-aaa-domain-isp1)#authentication-scheme newscheme
Step 5 Reference the RADIUS server template.
You can reference a RADIUS server template in a domain only after the RADIUS server template
is created.
huawei(config-aaa-domain-isp1)#radius-server template1
huawei(config-aaa-domain-isp1)#quit
----End
Result
User1 in isp1 can be authenticated and can log in to the UA5000.
Configuration Script
aaa
authentication-scheme newscheme
authentication-mode radius
quit
quit
radius-server template radtest
radius-server authentication 129.7.66.66 1812
radius-server authentication 129.7.66.67 1812 secondary
quit
aaa
domain isp1
authentication-scheme newscheme
radius-server radtest
quit
1.15 Configuring the ACL

This topic describes the type, rule, and configuration of the ACL on the UA5000.
Context
An access control list (ACL) is used to filter certain packets by a series of preset rules. In this
manner, the objects that need to be filtered can be identified. After the specific objects are
identified, the corresponding data packets are permitted to pass or prohibited from passing
according to the preset policy. The ACL-based traffic filtering process is a prerequisite for
configuring the QoS or user security.
Table 1-14 lists the ACL types.
Table 1-14 ACL types
Type Value Feature

Range
Basic ACL 2000-2999 The rules of a standard ACL are only defined according
to the L3 source IP address for analyzing and processing
data packets.

Type Value Feature

Range
Advanced ACL 3000-3999 The rules of an advanced ACL are defined according to
the source IP address, destination IP address, type of the
protocol over IP, and features of the protocol (including
TCP source port, TCP destination port, and ICMP
message type).
Compared with the basic ACL, the advanced ACL
contains more accurate, comprehensive, and flexible
rules.
L2 ACL 4000-4999 A link-layer ACL allows definition of rules according to

the link-layer information such as the source MAC
address, VLAN ID, link-layer protocol type, and
destination MAC address, and the data is processed
accordingly.
User-defined 5000-5999 The rules of a user-defined ACL are defined according to

ACL any 32 bytes of the first 80 bytes in the L2 data frame for
analyzing and processing data packets.
When a packet reaches the port and matches two or more ACL rules, the matching sequence is
as follows:
l If the rules of an ACL are used at the same time, the rule configured earlier has priority
over the one configured later.
l If the rules of an ACL are used one by one, the rule used later has priority over the one used
earlier.
l If the rules are issued to the port from different ACLs, the rule used later has priority over
the one used earlier.
Precautions
The ACL is flexible in use. Therefore, the following suggestions on its configuration are
provided:
l It is recommended that you define a general rule, such as permit any or deny any, in each
ACL, so that each packet has a matching traffic rule that determines to forward or filter the
unspecified packet.
l The used ACL rules share the hardware resources with the protocol modules (such as DHCP
module and IPoA module). In this case, the hardware resources are limited and may be
insufficient. To prevent the failure of enabling other service functions due to insufficient
hardware resources, it is recommended you enable the protocol module first and then
activate ACL rules in the data configuration. If you fail to enable a protocol module, perform
the following steps:
1. Check whether ACL rules occupy too many resources.

2. If ACL rules occupy too many resources, deactivate or delete the unimportant or
temporarily unused ACL configurations, and then configure and enable the protocol
module.
1.15.1 Configuring a Basic ACL

This topic is applicable to the scenario where the device needs to classify traffic for packets
according to the source IP address.
Context
The number of a basic ACL is in the range of 2000-2999.
A basic ACL is only defined according to the L3 source IP address for analyzing and processing
data packets.
Procedure
Step 1 (Optional) Set a time range.
Run the time-range command to create a time range, which can be used when an ACL rule is
created.
Step 2 Create a basic ACL.
Run the acl command to create a basic ACL, and then enter the ACL mode. The number of a
basic ACL can only be in the range of 2000-2999.
Step 3 Configure a basic ACL rule.
In the acl-basic mode, run the rule command to create a basic ACL rule. The parameters are as
follows:
l rule-id: Indicates the ACL rule ID. To create an ACL rule with a specified ID, use this
parameter.
l permit: Indicates the keyword for allowing the data packets that meet related conditions to
pass.
l deny: Indicates the keyword for discarding the data packets that meet related conditions.
l time-range: Indicates the keyword of the time range during which the ACL rule is effective.
Step 4 Use the ACL.
After an ACL is configured, only an ACL is generated and the ACL does not take effect. You
need to run other commands to use the ACL as follows:
l Run the packet-filter command to use an ACL.
l Run the firewall packet-filter command to use an ACL. For details, see "Configuring the
Firewall."
l Perform the QoS operation. For details, see "Configuring Traffic Management Based on
ACL."
----End
Example
To configure that from 00:00 to 12:00 on Fridays, port 0/7/0 on the UA5000 receives only the
packets from 2.2.2.2, and discards the packets from other addresses, do as follows:

huawei(config)#time-range time1 00:00 to 12:00 fri

huawei(config-acl-basic-2000)#rule permit source 2.2.2.2 0.0.0.0 time-range time1
huawei(config-acl-basic-2000)#rule deny time-range time1
huawei(config-acl-basic-2000)#quit
huawei(config)#packet-filter inbound ip-group 2000 port 0/7/0
huawei(config)#save
1.15.2 Configuring an Advanced ACL

This topic describes how to classify traffic for the data packets according to the source IP address,
destination IP address, protocol type over IP, and features for protocol, such as source port of
the TCP, destination port of the TCP, and ICMP type of the data packets.
Context
The number of an advanced ACL is in the range of 3000-3999.
An advanced ACL can classify traffic according to the following information:

l Protocol type
l Source IP address
l Destination IP address
l Source port ID (source port of the UDP or TCP packets)
l Destination port ID (destination port of the UDP or TCP packets)
l ICMP packet type
l Precedence value: priority field of the data packet
l Type of service (ToS) value: ToS field of the data packet
l Differentiated services code point (DSCP) value: DSCP of the data packet
Procedure
created.
Step 2 Create an advanced ACL.

Run the acl command to create an advanced ACL, and then enter the acl-adv mode. The number
of an advanced ACL can only be in the range of 3000-3999.
Step 3 Configure a rule of the advanced ACL.

In the acl-adv mode, run the rule command to create an ACL rule. The parameters are as follows:
parameter.
pass.
l time-range: Indicates the keyword of the time range during which the ACL rules are
effective.

Step 4 Use the ACL.

need to run other commands to use the ACL. Some common commands are as follows:
l Run the firewall packet-filter command to use an ACL. For details, see "1.12.1 Configuring
Firewall."
l Perform the QoS operation. For details, see "1.16.2 Configuring Traffic Management
Based on ACL."
----End
Example
Assume that the service board of the UA5000 resides in slot 7 and belongs to a VLAN, and the
IP address of the VLAN L3 interface is 10.10.10.101. To prohibit the ICMP (such as ping) and
telnet operations from the user side to the VLAN interface on the device, do as follows:
huawei(config-acl-basic-3001)rule 1 deny icmp destination 10.10.10.101 0
huawei(config-acl-basic-3001)rule 2 deny tcp destination 10.10.10.101 0
destination-port eq telnet
huawei(config-acl-basic-3001)quit
huawei(config)#packet-filter inbound ip-group 3001 rule 1 port 0/7/0
huawei(config)#packet-filter inbound ip-group 3001 rule 2 port 0/7/0
huawei(config)#save
1.15.3 Configuring an L2 ACL

This topic describes how to classify traffic according to the L2 information such as source MAC
address, source VLAN ID, L2 protocol type, and destination MAC address.
Context
The number of an L2 ACL is in the range of 4000-4999.
An L2 ACL can classify traffic according to the following L2 information:

1. Protocol type over Ethernet
2. 802.1p priority
3. VLAN ID
4. Source MAC address
5. Destination MAC address
Procedure
created.
Step 2 Create an L2 ACL.

Run the acl command to create an L2 ACL, and then enter the acl-link mode. The number of an
L2 ACL can only be in the range of 4000-4999.

Step 3 Configure an L2 ACL rule.

In the acl-link mode, run the rule command to create an L2 ACL rule. The parameters are as
follows:
parameter.
pass.
Step 4 Use the ACL.

Based on ACL."
----End
Example
To create an L2 ACL rule that allows data packets with protocol type 0x8863 (pppoe-control
message), VLAN ID 12, CoS 1, source MAC address 2222-2222-2222, and destination MAC
address 00e0-fc11-4141 to pass, do as follows:
huawei(config-acl-link-4001)rule 1 permit type 0x8863 cos 1 source 12
2222-2222-2222 0000-0000-0000 destination 00e0-fc11-4141 0000-0000-0000
huawei(config-acl-basic-4001)quit
huawei(config)#save
1.15.4 Configuring a User-defined ACL

This topic describes how to classify traffic according to any 32 bytes of the first 80 bytes of a
L2 data frame.
Prerequisites
Configuring a user-defined ACL requires a deep understanding of the L2 data frame structure.
Be sure to make a data plan according to the format of the L2 data frame.
Context
The number of a user-defined ACL must be in the range of 5000-5999.
A user-defined ACL rule can be created according to any 32 bytes of the first 80 bytes of a L2
data frame

Figure 1-9 First 64 bytes of a data frame
Table 1-15 lists the meaning of the letters and their offset values.
Table 1-15 Description of letters and their offset values
Letter Description Offset Lette Description Offset

r
A Destination MAC 0 L IP check sum 28

address
B Source MAC address 6 M Source IP address 30
C VLAN tag 12 N Destination IP address 34
D: Protocol type 16 O TCP source port 38
E IP version number 18 P TCP destination port 40
F Type of service 19 Q Serial number 42
G Length of the IP packet 20 R Acknowledgement 46

field
H ID 22 S IP header length and 50

reserved bit
I Flags 24 T Reserved bit and flags 51

bit
J7 Time to live 26 U Window size 52
K Protocol ID ("6" 27 V Other 54

represents TCP and
"17" represents UDP)
NOTE
The offset value of each field is the offset value in data frame ETH II+VLAN tag. In a user-defined ACL,
you can use the two parameters of rule mask and offset to extract any bytes from the first 80 bytes of the
data frame. After the comparison with the user-defined rule, the data frame matching the rule is filtered
for related processing.

Procedure
created.
Step 2 Create a user-defined ACL.

Run the acl command to create a user-defined ACL, and then enter the acl-user mode. The
number of a user-defined ACL can only be in the range of 5000-5999.
Step 3 Configure the user-defined ACL rule.

In the acl-user mode, run the rule command to create an ACL rule. The parameters are as follows:
parameter.
pass.
l rule-string: Indicates the character string of the user-defined rule. The character string is in
hexadecimal notation. The number of characters in the string must be an even number.
l rule-mask: Indicates the mask of the user-defined rule. It is a positive mask, used to perform
the AND operation with the data packets for extracting the information of the data packets.
l offset: Indicates the offset. With the header of the packet as the reference point, it specifies
the byte from which the AND operation begins. With the rule mask, it extracts a character
string from the packets.
Step 4 Use the ACL.

Based on ACL."
----End
Example
Assume that the packet sent from port 0/7/0 to the UA5000 is the QinQ packet containing two
VLAN tags. To change the CoS priority in the outer VLAN tag (VLAN ID: 10) to 5, do as
follows:

Figure 1-10 QinQ packet format
huawei(config-acl-user-5001)#rule 1 permit 8100 ffff 16
NOTE
The type value of a QinQ packet varies according to different vendors. Huawei adopts the default 0x8100. As
shown in Figure 1-9, the offset of this type value needs to be 16 bytes.
huawei(config-acl-user-5001)#rule 10 permit 0a ff 19
NOTE
"19" indicates the ADN operation after an offset of 19 bytes with the header of the packet as the base. "0a" refers
to the value of the inner tag field of the QinQ packet. In this example, the second byte of the inner tag field is a
part of the VLAN ID, which is exactly the value of the inner VLAN ID (VLAN 10).
huawei(config-acl-user-5001)#quit
huawei(config)#traffic-priority inbound user-group 5001 cos 5 port 0/7/0
huawei(config)#save
1.16 Configuring QoS

This topic describes how to configure quality of service (QoS) on the UA5000.
Context
Configuring QoS in the system can provide different quality guarantees for different services.
QoS does not have a unified service model. Therefore, make the QoS plan for networkwide
services before making the configuration solution.
On the UA5000, the key points for implementing QoS are as follows:
l Traffic management
Configuring traffic management can limit the traffic for a user service or user port.
l Queue scheduling
For the service packets that are already configured with traffic management, through the
configuration of queue scheduling, the service packets can be placed into queues with
different priorities, thus implementing QoS inside the system.

In the scenario where users have flexible requirements on implementing QoS for traffic streams,
the ACL can be used to implement flexible traffic classification (see Configuring the ACL),
and then QoS can be implemented for traffic streams.
1.16.1 Configuring Traffic Management

This topic describes how to configure traffic management on the UA5000.
Overview
The UA5000 supports traffic management for the inbound and outbound traffic streams of the
system. Traffic management can be implemented based on the following two granularities:
l Based on traffic profile
NOTE
For details on configuring traffic classification, see "3.4 Creating an xDSL Service Port."
l Based on ACL rule
In addition, the UA5000 supports rate limit on the Ethernet port and traffic suppression on
inbound broadcast packets and unknown (multicast or unicast) packets.
Configuring Traffic Management Based on Traffic Profile

This topic describes how to configure traffic management based on traffic profile. When
configuring a service port, you need to bind an IP traffic profile to the service port and manage
the traffic of the service port through the traffic parameters defined in the profile.
Context
Traffic management based on service port is implemented by creating an IP traffic profile and
then binding the IP traffic profile when creating the service port.
l The system has seven default IP traffic profiles with the IDs of 0-6. You can run the display
traffic table command to query the traffic parameters of the default traffic profiles.
l It is recommended that you use the default traffic profiles. A new IP traffic profile is created
only when the default traffic profiles cannot meet the requirements.
Table 1-16 lists the traffic parameters defined in the IP traffic profiles.
Table 1-16 Traffic parameters defined in the IP traffic profiles
Item Parameter Description
CAR CAR: committed access rate
Scheduling There are two types of scheduling policies, which are available only to
policies the inbound packet:
l Tag-In-Package: The system performs scheduling according to the
802.1p priority of the packet.
l Pvc-Setting: The system queues the packets according to the value
of the priority and waits for scheduling.

NOTE
"Outbound" (upstream) in this document refers to the direction from the user side to the network side, and
"inbound" (downstream) refers to the direction from the network side to the user side.
Procedure
Step 1 Run the display traffic table command to query whether there is a proper traffic profile in the
system.
Check whether an existing traffic profile meets the planned traffic management parameters,
priority policy, and scheduling policy to confirm the index of the traffic profile to be used. If a
proper traffic profile does not exist in the system, create an IP traffic profile.
Step 2 Run the traffic table command to create a traffic profile.

The following is a detailed description:
l The traffic management parameters must contain at least CAR, which must be assigned with
a value.
l Keyword priority must be entered to set the outer 802.1p priority of the packet. Enter a value
in the range of 0-7 to specify a priority for the packet.
l Keyword priority-policy must be entered to specify a scheduling policy for the inbound
packet. For details about the scheduling policies, see "Table 1-16."
Step 3 Run the service port command to bind a proper traffic profile.
----End
Example
Assume that the CAR is 2048 kbit/s, 802.1p priority of the outbound packet is 6, and the
scheduling policy of the inbound packet is Tag-In-Package. To add such an IP traffic profile, do
as follows:
huawei(config)#traffic table ip car 2048 priority 6 priority-policy tag-In-Package
Create traffic descriptor record successfully
-----------------------------------------------------------------------------
TD Index : 7
Priority : 6
Priority policy : tag-pri
CAR : 2048 kbps
TD Type : NoClpNoScr
Service category : ubr
Referenced Status: not used
EnPPDISC : on
EnEPDISC : on
Clp01Pcr : 2048 kbps
-----------------------------------------------------------------------------
huawei(config)#display traffic table index 7
-----------------------------------------------------------------------------
TD Index : 7
Priority : 6
Priority policy : tag-pri
CAR : 2048 kbps
EnPPDISC : on
EnEPDISC : on
-----------------------------------------------------------------------------

Configuring Rate Limitation on an Upstream Port

This topic describes how to configure upstream rate limitation on a specified Ethernet port.
Context
l The UA5000 supports the rate limitation on only the Ethernet upstream port and does not
support the rate limitation on service ports.
l The limited rate must be an integer multiple of 64.
l Traffic streams exceeding the specified rate are discarded.
Procedure
Step 1 In the global config mode, run the line-rate command to configure upstream rate limitation on
a specified Ethernet port.
The main parameters are as follows:
l target-rate: Indicates the limited rate of the port, in the unit of kbit/s.
l port: Indicates the shelf ID/slot ID/port ID.
Step 2 You can run the display qos-info line-rate port command to query the configured rate limitation
on the specified Ethernet port
----End
Example
To limit the rate of Ethernet port 0/3/0 to 6400 kbit/s, do as follows:
huawei(config)#line-rate 6400 port 0/3/0

huawei(config)#display qos-info line-rate port 0/3/0
line-rate:
port 0/3/0:
Line rate: 6400 Kbps
Configuring the Traffic Suppression for the Upstream Port

This topic describes how to configure the traffic suppression for the upstream port. The purpose
of the traffic suppression for the upstream port is to ensure the provisioning of the normal service
of system users by suppressing the broadcast, unknown multicast, and unknown unicast packets
received by the system.
Context
Traffic suppression can be configured based on a board or based on the port on a board.
Procedure
l Run the interface ipm command to enter the IPM mode.
l Query the thresholds of traffic suppression.

Run the display traffic-suppress all command to query the thresholds of traffic
suppression.
l Run the traffic-suppress command to suppress the traffic of the port on the IPM board.
The main parameters are as follows:
– broadcast: Suppresses the broadcast traffic.
– multicast: Suppresses the unknown multicast traffic.
– unicast: Suppresses the unknown unicast traffic.
– value: Indicates the index of the traffic suppression level. You can run the display
traffic-suppress all command to query this index value.
----End
Example
To suppress the broadcast packets according to traffic suppression level 8 on port 0 on the
IPMB board in slot 0/3, do as follows:
huawei(config-if-ipm-0/3)#display traffic-suppress all
Traffic suppression ID definition:
---------------------------------------------------------------------
NO. Min bandwidth(kbps) Max bandwidth(kbps) Package number(pps)
/Jumbo frame enable(kbps)
---------------------------------------------------------------------
1 6 145 / 884 12
2 12 291 / 1769 24
3 24 582 / 3538 48
4 48 1153 / 7004 95
5 97 2319 / 14082 191
6 195 4639 / 28164 382
7 390 9265 / 56254 763
8 781 18531 / 112508 1526
9 1562 37063 / 225017 3052
10 3125 74126 / 450035 6104
11 6249 148241 / 899997 12207
12 12499 296483 / 1799995 24414
13 0 0 / 0 0
---------------------------------------------------------------------
---------------------------------------------------------------------
PortID Broadcast_index Multicast_index Unicast_index
---------------------------------------------------------------------
0 7 -- 7
1 7 -- 7
2 7 -- 7
3 7 -- 7
4 7 -- 7
5 7 -- 7
6 7 -- 7
7 7 -- 7
---------------------------------------------------------------------
huawei(config-if-ipm-0/3)#traffic-suppress all broadcast value 8
huawei(config-if-ipm-0/3)#display traffic-suppress 0
Traffic suppression ID definition:
---------------------------------------------------------------------
NO. Min bandwidth(kbps) Max bandwidth(kbps) Package number(pps)
/Jumbo frame enable(kbps)
---------------------------------------------------------------------
1 6 145 / 884 12
2 12 291 / 1769 24
3 24 582 / 3538 48
4 48 1153 / 7004 95

5 97 2319 / 14082 191

6 195 4639 / 28164 382
7 390 9265 / 56254 763
8 781 18531 / 112508 1526
9 1562 37063 / 225017 3052
10 3125 74126 / 450035 6104
11 6249 148241 / 899997 12207
12 12499 296483 / 1799995 24414
13 0 0 / 0 0
---------------------------------------------------------------------
Current traffic suppression ID of broadcast : 8
Current traffic suppression ID of multicast :--
Current traffic suppression ID of unicast : 7
1.16.2 Configuring Traffic Management Based on ACL

The ACL can be used to implement flexible traffic classification according to user requirements.
After traffic classification based on ACL is complete, you can perform QoS for the traffic
streams.
Configuring the Limitation on the Traffic Matching an ACL Rule

This topic describes how to limit the traffic matching an ACL rule on a specified port, and process
the traffic that exceeds the limit, such as adding the DSCP tag or dropping the packet directly.
Prerequisite
The ACL and the rule of the ACL must be configured and the port for traffic limit must work
in the normal state.
Context
l The traffic statistics are only effective for the permit rules of an ACL.
l The limited traffic must be an integer multiple of 64 kbit/s.
Procedure
Step 1 Run the traffic-limit command to limit the traffic matching an ACL rule on a specified port.
Run this command to set the action to be taken when the traffic received on the port exceeds the
limit value. Two options are available:
l drop: Drop the traffic that exceeds the limit value.
l remark-dscp value: To set the DSCP priority for the traffic that exceeds the limit value, use
this parameter.
Step 2 Run the display qos-info traffic-limit port command to query the traffic limit information on
the specified port.
----End
Example
To limit the traffic that matches ACL 2001 received on port 0/7/0 to 512 kbit/s and add the DSCP
priority tag (af1) to packets that exceed the limit, do as follows:

huawei(config)#traffic-limit inbound ip-group 2001 512 exceed remark-dscp af1 port

0/7/0
//"af1" represents a dscp type: Assured Forwarding 1 service (10).
huawei(config)#display qos-info traffic-limit port 0/7/0
traffic-limit:
port 0/7/0:
Inbound:
Matches: Acl 2001 rule 5 running
Target rate: 512 Kbps
Exceed action: remark-dscp af1
Adding a Priority Tag to the Traffic Matching an ACL Rule

This topic describes how to add a priority tag to the traffic matching an ACL rule on a specified
port so that the traffic can obtain the service that matches the specified priority. The priority tag
type can be ToS, DSCP, or 802.1p.
Prerequisite
The ACL and the sub-rule of the ACL must be configured and the port for traffic limit must
work in the normal state.
Context
l The traffic statistics are only valid to permit rules of an ACL.
l The ToS and the DSCP priorities are mutually exclusive. Therefore, they cannot be
configured at the same time.
Procedure
Step 1 Run the traffic-priority command to add a priority tag to the traffic matching an ACL rule on
a specified port.
Step 2 Run the display qos-info traffic-priority port command to query the configured priority.
----End
Example
To add a priority tag to the traffic that matches ACL 2001 received on port 0/7/0, and the DSCP
priority and local priority of the traffic are 10 (af1) and 0 respectively, do as follows:
huawei(config)#traffic-priority inbound ip-group 2001 dscp af1 local-precedence 0
port 0/7/0
huawei(config)#display qos-info traffic-priority port 0/7/0
traffic-priority:
port 0/7/0:
Inbound:
Priority action: dscp af1 local-precedence 0
Enabling the Statistics Collection of the Traffic Matching an ACL Rule

This topic describes how to enable the statistics collection of the traffic matching an ACL rule,
thus analyzing and monitoring the traffic.

Prerequisite
The ACL and the sub-rule of the ACL must be configured and the port for traffic statistics must
Context
The traffic statistics are only valid to permit rules of an ACL.
Procedure
Step 1 Run the traffic-statistic command to enable the statistics collection of the traffic matching an
ACL rule on a specified port.
Step 2 Run the display qos-info traffic-mirror port command to query the statistics information about
the traffic matching an ACL rule on a specified port.
----End
Example
To enable the statistics collection of the traffic that matches ACL 2001 received on port 0/3/0,
do as follows:
huawei(config)#traffic-statistic inbound ip-group 2001 port 0/3/0
huawei(config)#display qos-info traffic-statistic port 0/3/0
traffic-statistic:
port 0/3/0:
Inbound:
0 packet
Enabling the Mirroring of the Traffic Matching an ACL Rule

This topic describes how to mirror the traffic matching an ACL rule on a port to a specified port.
Mirroring does not affect packet receipt and transmission on the mirroring source port. You can
monitor the traffic of the mirroring source port by analyzing the traffic that passes the mirroring
destination port.
Prerequisite
The ACL and the rule of the ACL must be configured and the port for traffic mirroring must
Context
l The destination mirroring port cannot be an aggregation port.
l The system supports only one mirroring destination port and the mirroring destination port
must be the upstream port.

Procedure
Step 1 Run the traffic-mirror command to enable the mirroring of the traffic matching an ACL rule
on a specified port.
Step 2 Run the display qos-info traffic-mirror port command to query the mirroring information
about the traffic matching an ACL rule on a specified port.
----End
Example
To mirror the traffic that matches ACL 2001 received on port 0/7/0 to port 0/3/0, do as follows:
huawei(config)#traffic-mirror inbound ip-group 2001 port 0/7/0 to port 0/3/0
huawei(config)#display qos-info traffic-mirror port 0/7/0
traffic-mirror:
port 0/7/0:
Inbound:
Mirror to: port 0/3/0
Enabling the Redirection of the Traffic Matching an ACL Rule

This topic describes how to redirect the traffic matching an ACL rule on a specified port. After
this operation is executed successfully, the original port does not forward the traffic matching
the ACL rule, but the specified port forwards the traffic.
Prerequisites
The ACL and the rule of the ACL must be configured and the port for redirection must work in
the normal state.
Context
l Currently, the service ports support only redirection of the traffic matching the ACL rule
to upstream ports. The upstream ports support only redirection of the traffic matching the
ACL rule to ports of the same type.
Procedure
Step 1 Run the traffic-redirect command to redirect the traffic matching an ACL rule on a specified
port.
Step 2 Run the display qos-info traffic-redirect port command to query the redirection information
about the traffic matching an ACL rule on a specified port.
----End
Example
To redirect the traffic that matches ACL 2001 received on port 0/3/0 to port 0/3/1, do as follows:
huawei(config)#traffic-redirect inbound ip-group 2001 port 0/3/0 to port 0/3/1

huawei(config)#display qos-info traffic-redirect port 0/3/0

traffic-redirect:
port 0/3/0:
Inbound:
Redirected to: port 0/3/1
1.16.3 Configuring the Queue Management

This topic describes how to configure the queue scheduling mode for ensuring that packets in
the queue with a higher priority can be processed in time in case of congestion.
Context
The UA5000 supports the four queue scheduling modes: strict priority queue (PQ), weighted
fair queuing (WFQ), weighted round robin (WRR), and PQ+WRR.
The IPMD board of the UA5000 does not support the WFQ. For other specifications, the IPMD
board of the UA5000 is the same as the IPMB board of the UA5000.
l Strict PQ
The strict PQ gives preference to packets in a queue with a higher priority. The packets of
a lower priority queue can be transmitted only when a queue with a higher priority is empty.
By default, the system adopts the strict PQ mode.
l WFQ
The application of the WFQ automatically allocates the bandwidth with fairness to a certain
extent. When the WFQ is used, all the data streams queue, the throughputs are monitored,
and the weight values are allocated according to the amount of transmit data.
l WRR
The system supports WRR for eight queues. Each queue has a weight value (w7, w6, w5,
w4, w3, w2, w1, and w0 in a descending order) for resource acquisition. In the WRR
scheduling mode, the queues are scheduled in turn, which ensures that each queue can be
scheduled.
Table 1-17 lists the mapping between the queue weights and the actual queues.
Table 1-17 Mapping between the queue weights and the actual queues
Queue Configured Actual Queue Actual Queue

Number Weight Weight (Port Weight (Port
Supporting Eight Supporting Four
Queues) Queues)
7 W7 W7 -
6 W6 W6 -
5 W5 W5 -
4 W4 W4 -
3 W3 W3 W7+W6
2 W2 W2 W5+W4

Queue Configured Actual Queue Actual Queue

Number Weight Weight (Port Weight (Port
Supporting Eight Supporting Four
Queues) Queues)
1 W1 W1 W3+W2
0 W0 W0 W1+W0
Wn: Indicates the weight of queue n. The weight sum of the queues (except the queue with
weight value 255) must be equal to 0 or 100, where 0 indicates that the strict PQ scheduling
mode is used and 255 indicates that the queue is not used.
l PQ+WRR
– The system schedules some queues by PQ and schedules the other queues by WRR.
When the specified WRR value is 0, it indicates that the queue is scheduled in the PQ
mode.
– The queue scheduled in the PQ mode needs to be the queue that has the highest priority.
– The weight sum of the scheduled queues must be equal to 100.
Procedure
Step 1 Run the queue-scheduler command to configure the queue scheduling mode.
Step 2 Run the display queue-scheduler command to query the configuration information about the
queue scheduling mode.
----End
Example
To adopt the WRR scheduling mode and set the weight values of the eight queues to 10, 10, 20,
20, 10, 10, 10, and 10 respectively, do as follows:
huawei(config)#queue-scheduler wrr 10 10 20 20 10 10 10 10
huawei(config)#display queue-scheduler
Queue scheduling mode: weighted round robin

weight of queue 0: 10%
To adopt the PQ+WRR scheduling mode and set the weight values of the six queues to 20, 20,
10, 30, 10, and 10 respectively, do as follows:
huawei(config)#queue-scheduler wrr 20 20 10 30 10 10 0 0
huawei(config)#display queue-scheduler
Queue scheduling mode: weighted round robin




Configuration Guide-IPM CLI 2 Protocol Configuration
2 Protocol Configuration
About This Chapter
Protocol configurations mainly include protocol common configurations. There is no obvious

logical relationship between protocol configurations. You can perform protocol configurations
according to actual requirements
2.1 Configuring ARP Proxy

This topic describes how to configure the ARP proxy of the L3 interface so that users on isolated
ports of the same broadcast domain or on ports of different broadcast domains can communicate
with each other. To reduce the network load, the ARP request packets are limited in a VLAN.
2.2 Configuring the Route

This topic describes the routing policy supported by the UA5000 and how to configure the
routing protocol.
2.3 Configuration Example of the BFD Link Detection

The UA5000 supports detecting the fault of a static route using the BFD. This topic describes
how to configure the BFD link detection based on an example network.
2.4 Configuring the RSTP

The UA5000 supports the application of the Rapid Spanning Tree Protocol (RSTP) and is
compatible with the Spanning Tree Protocol (STP) and the RSTP protocol. The UA5000
supports the RSTP ring network to meet various networking requirements.
2.5 Configuring RRPP

Rapid Ring Protection Protocol (RRPP) is a link-layer protocol that is used specifically for
Ethernet ring networks. RRPP can prevent the broadcast storm that is caused by data loop when
the Ethernet ring network is complete. When a link on the Ethernet ring network is disconnected,
RRPP can quickly recover the communication on the ring network.

2.1 Configuring ARP Proxy

This topic describes how to configure the ARP proxy of the L3 interface so that users on isolated
ports of the same broadcast domain or on ports of different broadcast domains can communicate
with each other. To reduce the network load, the ARP request packets are limited in a VLAN.
Prerequisite
l The network devices and lines must be in the normal state.
l Service boards must be in the normal state.
l The VPI/VCI configured on the modem side must be 0/35.
Networking
Figure 2-1 shows the example network for configuring the ARP proxy.
PC1 and PC2 are in sub VLAN 10, service ports are isolated, and PC3 is in sub VLAN 20. User
packets can be forwarded in the L3 forwarding mode through the super VLAN interface. The
IP address of the super VLAN interface is 10.0.0.254, and the interface is in the same subnet as
PC1, PC2, and PC3. After the ARP proxy function is enabled, PC1 and PC2 can communicate
with each other, and PC3 can communicate with PC1 and PC2.
Figure 2-1 Example network for configuring the ARP proxy
Router
UA5000
10.0.0.254/24
PC1 PC2 PC3
VLAN 10 VLAN 20
Data Plan
Table 2-1 provides the data plan for configuring the ARP proxy.

Table 2-1 Data plan for configuring the ARP proxy
Item Data
Super VLAN VLAN ID: 100
Sub VLAN: VLAN 10, VLAN 20
IP address: 10.0.0.254/24
Sub VLAN VLAN ID: 10
VLAN type: smart VLAN
Sub VLAN VLAN ID: 20
VLAN type: MUX VLAN
Figure 2-2 shows the flowchart for configuring the ARP proxy.
Figure 2-2 Flowchart for configuring the ARP proxy
Start
Create a super VLAN
Create sub VLANs and configure

the super VLAN
Configure the service ports of the

sub VLANs
Configure an L3 Interface for the

super VLAN
Enable ARP proxy
Save the data
End

Procedure
Step 1 Create a super VLAN.
huawei(config)#vlan 100 super
Step 2 Create sub VLANs, and add them to the super VLAN.
huawei(config)#vlan 20 mux
huawei(config)#supervlan 100 subvlan 10
huawei(config)#supervlan 100 subvlan 20
Step 3 Configure the service ports of the sub VLANs.

Step 4 Configure an L3 Interface for the super VLAN.

NOTE
The IP address of the L3 interface of the super VLAN must be in the same subnet as the IP addresses of
PC1-PC3.
Step 5 Enable ARP proxy.

1. Enable the ARP proxy function globally.
huawei(config)#arp proxy enable
2. Enable the global ARP proxy on the VLAN interface.

huawei(config-if-vlanif100)#arp proxy enable
3. Enable ARP proxy on the sub VLAN interface.

huawei(config-if-vlanif100)#arp proxy enable subvlan 10
NOTE
Skip substep c in step 6 if you only want PCs in different VLANs to communicate with each other.
Step 6 Save the data.

huawei(config)#save
----End
Result
After the global ARP proxy function and the ARP proxy function of the super VLAN interface
are enabled, PC1, PC2, and PC3 in different VLANs can communicate with each other.
After the global ARP proxy function, the ARP proxy function of the super VLAN interface, and
that of the sub VLAN interface are enabled, PC1 and PC2 in the same VLAN can communicate
with each other.

2.2 Configuring the Route

This topic describes the routing policy supported by the UA5000 and how to configure the
routing protocol.
2.2.1 Configuration Example of the Routing Policy

This topic describes how to configure a routing policy for imported routes.
l Two UA5000s that have the routing function are adopted, namely UA5000_A and
UA5000_B. Both of them are running the OSPF routing protocol, and within area 0.
l UA5000_A imports static routes, and UA5000_B is configured with the routing filtering
policy.
Figure 2-3 Example network for configuring the routing policy
Static: 20.0.0.10
30.0.0.10
40.0.0.10
Vlanif2 Vlanif2
10.0.0.10/24 10.0.0.20/24
UA5000_A Area 0 UA5000_B

1.1.1.10 2.2.2.20
Procedure
Step 1 Configure UA5000_A.
1. Configure the IP address of the L3 interface. The upstream port on UA5000_A is 0/3/0 and
the IP address of the L3 interface is 10.0.0.10/24.
2. Enable OSPF and specify the area ID to which the interface belongs.
huawei(config)#ospf
huawei(config-ospf-1)#area 0
huawei(config-ospf-1-area-0.0.0.0)#network 10.0.0.0 0.0.0.255
huawei(config-ospf-1-area-0.0.0.0)#quit
huawei(config-ospf-1)#quit

3. Configure the OSPF router ID.

huawei(config)#router id 1.1.1.10
4. Configure three static routes.

huawei(config)#ip route-static 20.0.0.10 32 vlanif 2
5. Import static routes into the OSPF routing table to improve its capability of obtaining routes.
huawei(config)#ospf
hawei(config-ospf-1)#import-route static
hawei(config-ospf-1)#quit
6. Save the data.

huawei(config)#save
Step 2 Configure UA5000_B.

1. Configure the IP address of the L3 interface. The upstream port on UA5000_B is 0/3/0 and
the IP address of the L3 interface is 10.0.0.20/24.
2. Configure the ACL.

huawei(config-acl-basic-2000)#rule deny source 30.0.0.0 255.255.255.0
huawei(config-acl-basic-2000)#quit
3. Enable OSPF and specify the area id to which the interface belongs.
huawei(config)#ospf

5. Filter imported routes.

huawei(config)#ospf
uawei(config-ospf-1)#filter-policy 2000 import
6. Save the data.

huawei(config)#save
----End
Result
1. UA5000_A and UA5000_B run OSPF successfully and they can communicate well with
each other.
2. After the routing filtering policy is configured on UA5000_B, parts of the three imported
static routes are available while part of them is screened on UA5000_B. That is, routes
from segments 0.0.0.0 and 40.0.0.0 are available, while the route from segment 30.0.0.0 is
screened.
Configuration on UA5000_A

interface vlanif 2
ip address 10.0.0.10 24
ospf
area 0
network 10.0.0.0 0.0.0.255
quit
quit
router id 1.1.1.10
ip route-static 20.0.0.10 32 vlanif 2
ospf
import-route static
quit
save
Configuration on UA5000_B
interface vlanif 2
ip address 10.0.0.0 24
acl 2000
rule deny source 30.0.0.0 255.255.255.0
quit
ospf
area 0
network 10.0.0.0 0.0.0.255
quit
quit
router id 2.2.2.20
ospf
filter-policy 2000 import
quit
save
2.2.2 Configuration Example of the Static Route

This topic describes how to manually add the static route to implement the interconnection
between UA5000s.
In this example network, UA5000_A, UA5000_B, and UA5000_C have the routing function. It
is expected that after the configuration, any two PCs can communicate with each other.

Figure 2-4 Example network for configuring the static route
PC_C 1.1.5.1/24
1.1.5.2/24
1.1.2.2/24
1.1.3.1/24
1.1.2.1/24
UA5000_ C 1.1.3.2/24
1.1.1.2/24 1.1.4.2/24
UA5000_ A UA5000_ B
PC_A 1.1.1.1/24 PC_B 1.1.4.1/24
Prerequisite
Configure a native VLAN of the L3 interface of each UA5000 to ensure a normal communication
between UA5000s.
Procedure
Step 1 Configure the IP address of the L3 interface.
The configurations for the three UA5000s are the same. Here, only the configuration of
UA5000_A is considered as an example.
Step 2 Configure static routes.

1. Configure static route for UA5000_A.
huawei(config)#ip route-static 1.1.5.0 255.255.255.0 1.1.2.2
2. Configure static route for UA5000_B.


3. Configure static routes for UA5000_C.

Step 3 Configure the host gateways.

1. Configure the default gateway of Host A to 1.1.1.2.
2. Configure the default gateway of Host B to 1.1.4.2.
3. Configure the default gateway of Host C to 1.1.5.2.

huawei(config)#save
----End
Result
After the configuration, an interconnection can be set up between all the hosts and between all
the UA5000s.
Configuration example of UA5000_A
vlan 2 smart
port vlan 2 0/3 0
interface vlanif 2
quit
vlan 3 smart
port vlan 3 0/3 0
interface vlanif 3
quit
ip route-static 1.1.5.0 255.255.255.0 1.1.2.2
ip route-static 1.1.4.0 255.255.255.0 1.1.2.2
2.2.3 Configuration Example of RIP

This topic describes how to configure RIP on the UA5000.
l UA5000_A is subtended with UA5000_B through port 0/3/1, and uses port 0/3/0 to transmit
services in the upstream. In addition, it connects to the management center network through
the WAN.
l RIP is enabled on UA5000_A and UA5000_B so that the administrator can access
UA5000_A and UA5000_B through the RIP route. Then, you can operate and maintain
UA5000_A and UA5000_B.

Figure 2-5 Example network for configuring RIP
Management
Center
Router
192.13.24.5/22
GE UA5000_A
Loopback ip
192.15.24.1/26
192.13.2.1/24
UA5000_B Operation and maintenance

Loopback ip
192.15.24.2/26
192.13.2.2/24
Procedure
l Configure UA5000_A.
1. Configure the RIP-supported L3 interface.
The configuration of UA5000_A is as follow: The upstream port is 0/3/0, the
management VLAN is 100, the IP address of the L3 interface of the management
VLAN is 192.13.24.5/22, the IP address of the loopback interface is 192.13.2.1/24,
and the subtending port is 0/3/1.
huawei(config)#interface loopBack 0
huawei(config-if-loopback0)#ip address 192.13.2.1 24
huawei(config-if-loopback0)#quit
2. Enable RIP.
huawei(config)#rip 1
huawei(config-rip-1)#network 192.13.24.0
huawei(config-rip-1)#version 2
huawei(config-rip-1)#quit
3. Configure the route filtering policy.

huawei(config)#ip ip-prefix abc permit 192.13.2.1 32
huawei(config-rip-1)#filter-policy ip-prefix abc export vlanif 100
4. Configure the subtending port.

huawei(config-if-ipm-0/3)#native-vlan 1 vlan 10
huawei(config-if-ipm-0/3)#quit
5. Enable RIP on the subtending port.

6. Save the data.

huawei(config)#save
l Configure UA5000_B.
1. Configure the RIP-supported L3 interface.
The configuration of UA5000_B is as follows: The subtanding port is 0/3/1, the
management VLAN is 10, the IP address of the L3 interface of the management VLAN
is 192.15.24.2/26, and the IP address of the loopback interface is 192.13.2.2/24.
huawei(config)#interface loopBack 0
huawei(config-if-loopback0)#ip address 192.13.2.2 24
huawei(config-if-loopback0)#quit
2. Enable RIP.
huawei(config-rip-1)#version 2
3. Configure the route filtering policy.

huawei(config-rip-1)#filter-policy ip-prefix abc export vlanif 10
4. Save the data.

huawei(config)#save
----End
Result
The maintenance terminal of the administration center can access UA5000_A and UA5000_B
for operation and maintenance.
vlan 100 smart
port vlan 100 0/3 0
interface vlanif 100
ip address 192.13.24.5 22
quit
interface loopBack 0
ip address 192.13.2.1 24
quit
rip 1
network 192.13.24.0
network 192.13.2.0
version 2
quit
ip ip-prefix abc permit 192.13.2.1 32

rip 1
filter-policy ip-prefix abc export vlanif 100
quit
save
vlan 10 smart
port vlan 10 0/3 1
native-vlan 1 vlan 10
interface vlanif 10
ip address 192.15.24.1 26
quit
rip 1
network 192.15.24.0
quit
vlan 10 smart
port vlan 10 0/3 0
interface vlanif 10
ip address 192.15.24.2 26
quit
interface loopBack 0
ip address 192.13.2.2 24
quit
rip 1
network 192.15.24.0
network 192.13.2.0
version 2
quit
rip 1
filter-policy ip-prefix abc export vlanif 10
quit
save
2.2.4 Configuration Example of OSPF

This topic describes how to configure OSPF on the UA5000.
Prerequisite
l The native VLAN must be configured for each upstream port on the UA5000 to ensure
normal communication.
l The configured OSPF area IDs of the UA5000s must be the same.
l OSPF is enabled on the four UA5000s.
l UA5000_A is configured with the highest designated router (DR) priority, UA5000_C is
configured with the second highest DR priority, UA5000_B is configured with a low DR
priority, and UA5000_D is not configured with the DR priority. UA5000_A, as a DR,
broadcasts the link status of the network.

Figure 2-6 Example network for configuring OSPF
UA5000_ A 1.1.1.1 UA5000_D 4.4.4.4
DR
192.1.1.1/24 192.1.4.4/24
192.1.2.2/24 192.1.3.3/24
BDR
UA5000_B 2.2.2.2 UA5000_C 3.3.3.3
Data Plan
Table 2-2 provides the data plan for configuring OSPF.
Table 2-2 Data plan for configuring OSPF
Item Data Remarks
UA5000_A IP address of the L3 interface: -

192.1.1.1/24
Priority: 100 -
VLAN ID: 2 -
Router ID: 1.1.1.1 -
UA5000_B IP address of the L3 interface: -

192.1.2.2/24
Priority: 80 -
VLAN ID: 2 -
UA5000_C IP address of the L3 interface: -

192.1.3.3/24
Priority: 90 -
VLAN ID: 2 -

Item Data Remarks
UA5000_D IP address of the L3 interface: -

192.1.4.4/24
Priority: not configured Default: 1
VLAN ID: 2 -
Procedure
1. Configure the IP address of the L3 interface.
The configuration of UA5000_A is as follows: The IP address of the L3 interface is
192.1.1.1/24, the priority is 100, the VLAN ID is 2, and the router ID is 1.1.1.1.

3. Enable OSPF.
huawei(config)#ospf
4. Configure the OSPF priority.

huawei(config-if-vlanif2)#ospf dr-priority 100
5. Save the data.

huawei(config)#save

The configuration of UA5000_B is as follows: The IP address of the L3 interface is
192.1.1.2/24, the priority is 80, the VLAN ID is 2 and the router ID is 2.2.2.2.

3. Enable OSPF.
huawei(config)#ospf



5. Save the data.

huawei(config)#save
Step 3 Configure UA5000_C.

The configuration of UA5000_C is as follows: The IP address of the L3 interface is
192.1.1.3/24, the priority is 90, the VLAN ID is 2, and the router ID is 3.3.3.3.

3. Enable OSPF.
huawei(config)#ospf

5. Save the data.

huawei(config)#save
Step 4 Configure UA5000_D.

The configuration of UA5000_D is as follows: The IP address of the L3 interface is
192.1.1.4/24, the priority is the default value 1, the VLAN ID is 2, and the router ID is
4.4.4.4.

3. Enable OSPF.
huawei(config)#ospf

4. Save the data.

huawei(config)#save
----End
Result
Run the display ip routing-table command and you can find the learned routing table. Hosts
can communicate with each other.
Configuration on each UA5000 is similar. Here, the configuration on UA5000_A is considered
as an example.
vlan 2 smart
port vlan 2 0/3 0
interface vlanif 2
ip address 192.1.1.1 24
quit
router id 1.1.1.1
ospf
area 0
network 192.1.1.0 0.0.0.255
network 1.1.1.1 0.0.0.0
quit
quit
interface vlanif 2
ospf dr-priority 100
quit
save
2.3 Configuration Example of the BFD Link Detection

The UA5000 supports detecting the fault of a static route using the BFD. This topic describes
how to configure the BFD link detection based on an example network.
Prerequisites
The BFD function must be enabled globally on the UA5000.
Networking
Figure 2-7 shows the example network of the BFD link detection.
Two static routes exist between UA5000 and Router_3. The two routes are UA5000<-
>Router_1<->Router_3 and UA5000<->Router_2<->Router_3. The static routes are bound in
the BFD session mode. When one link is faulty, the BFD session notifies the bound route for
route switching.

Figure 2-7 Example network of the BFD link detection
30.30.30.1
Router_3
Router_1 Router_2
10.10.10.2 20.20.20.2
10.10.10.1 20.20.20.1
UA5000
Data Plan
Table 2-3 provides the data plan for configuring the BFD link detection.
Table 2-3 Data plan for configuring the BFD link detection
Item Data Remarks
VLAN VLAN ID: 30 -

VLAN type: Smart VLAN
IP address of the L3 interface: 10.10.10.1/24
Upstream port: 0/3/0
VLAN ID: 40 -
VLAN type: Smart VLAN
IP address of the L3 interface: 20.20.20.1/24

Item Data Remarks
BFD session Session name: ToRouter_1 -

Minimum transmit interval: 250 ms
Minimum receive interval: 250 ms
Detection multiplier: 3
Identifier: auto-negotiation
Session name: ToRouter_2 -

Minimum transmit interval: 250 ms
Minimum receive interval: 250 ms
Detection multiplier: 3
Identifier: auto-negotiation
Requirements for Router_1: For details

the upper-layer l IP address of the L3 interface: see the example about the
device network configuration
of the routers,
l VLAN ID: 30 see the
l BFD session parameters: consistent with the corresponding
parameters of the UA5000 configuration
Router_2: guide.
l IP address of the L3 interface: see the example
network
l VLAN ID: 40
l BFD session parameters: consistent with the
parameters of the UA5000
Procedure
Step 1 Create VLANs and add upstream ports to the VLANs.
Step 2 Configure the IP address of the L3 interface of the VLAN.

Step 3 Configure the BFD sessions.

You can configure BFD sessions only after the BFD function is enabled.
huawei(config)#bfd
huawei(config-if-vlanif30)#bfd

huawei(config)#bfd ToRouter_1 bind peer-ip 10.10.10.2 interface vlanif 30
huawei(config-bfd-session-torouter_1)#min-rx-interval 250
huawei(config-bfd-session-torouter_1)#min-tx-interval 250
huawei(config-bfd-session-torouter_1)#detect-multiplier 3
huawei(config-bfd-session-torouter_1)#commit
huawei(config-bfd-session-torouter_1)#quit
huawei(config-if-vlanif40)#bfd
huawei(config)#bfd ToRouter_2 bind peer-ip 20.20.20.2 interface vlanif 40
huawei(config-bfd-session-torouter_2)#min-rx-interval 250
huawei(config-bfd-session-torouter_2)#min-tx-interval 250
huawei(config-bfd-session-torouter_2)#detect-multiplier 3
huawei(config-bfd-session-torouter_2)#commit
huawei(config-bfd-session-torouter_2)#quit
Step 4 Bind the BFD sessions to the static routes.

huawei(config)#ip route-static 30.30.30.1 24 10.10.10.2 preference 2 track bfd-
session ToRouter_1
huawei(config)#ip route-static 30.30.30.1 24 20.20.20.2 preference 6 track bfd-
session ToRouter_2

huawei(config)#save
----End
Result
BFD sessions ToRouter_1 and ToRouter_2 are in the up state. The priority of the route to which
ToRouter_1 is bound takes effect and carries services because it has a higher priority. When a
faulty link is detected, you can run the display bfd state command to query that BFD session
ToRouter_1 turns to the down state, which triggers the deactivation of the bound route. In this
case, the route to which ToRouter_2 is bound takes effect and carries services.
2.4 Configuring the RSTP

The UA5000 supports the application of the Rapid Spanning Tree Protocol (RSTP) and is
compatible with the Spanning Tree Protocol (STP) and the RSTP protocol. The UA5000
supports the RSTP ring network to meet various networking requirements.
Context
l RSTP applies to a redundant network. It makes up for the drawback of STP. RSTP not only
has all the functions of STP but also shortens the duration for the stability of the network
topology to a great extent, which fast recovers the connectivity of the network.
l By default, the RSTP function is disabled on the device.
Procedure
Step 1 Enable the RSTP function.
l The configuration takes effect only after the RSTP function is enabled. Before enabling the
RSTP function, you can configure the parameters of the bridge or port. The configuration,
however, can take effect only after the RSTP function is enabled. After the RSTP function

is disabled, the parameter configuration is retained. After the RSTP function is enabled, the
parameter configuration takes effect.
l The running of the Spanning Tree Protocol (STP) on the bridge occupies certain network
resources. The occupied network resources are little. Generally, redundancy links exist on
the network. Therefore, it is recommended that you enable the RSTP function.
l After the RSTP function is enabled on the bridge, the RSTP function is enabled on all the
ports. To use the RSTP function flexibly, you can disable the STP function on specified
Ethernet ports. In this manner, these ports are not involved in the calculation of the spanning
tree.
1. Run the stp enable command to enable the RSTP function on the bridge.
2. Run the stp port enable command to enable the RSTP function on the port.
3. Run the display stp or display stp port command to check whether the RSTP function on
the bridge or port is enabled.
Step 2 Configure the RSTP working mode.

l RSTP is compatible with STP. If the bridge that runs STP exists on the switching network,
RSTP automatically runs in the RSTP/STP compatible mode.
l When the network condition is good, after the bridge that runs STP in the subnet is removed,
the corresponding port still runs in the STP compatible mode. In this case, you can run the
stp mode rstp command to configure the port to work in the RSTP mode.
1. Run the stp mode rstp command to configure the working mode to RSTP.
2. Run the display stp command to query the configured RSTP working mode.
Step 3 Configure the diameter of the switching network.

1. Run the stp bridge-diameter command to configure the diameter of the switching network.
2. Run the display stp command to query the configured diameter of the switching network.
Step 4 Configure the parameters of a specified bridge.

1. Run the stp priority command to configure the priority.
2. Run the stp timer forward-delay command to configure the forward delay.
3. Run the stp timer hello command to configure the hello time.
4. Run the stp timer max-age command to configure the maximum aging time.
Step 5 Configure the parameters of a specified port.

l Run the stp port transit-limit command to configure the maximum transmit rate.
l Run the stp port edged-port enable command to configure the specified port as an edge
port.
l Run the stp port cost command to configure the path cost.
l Run the stp port port-priority command to configure the priority.
l Run the stp port point-to-point command to connect the specified port to the point-to-point
link.
Step 6 Run the stp port mcheck command to configure the mCheck variable.
----End

Example
Configure RSTP parameters. The information is as follows:
l Enable the RSTP function.

l Configure the working mode to RSTP.
l Configure the diameter of the switching network to 5.
l Configure the parameters of a specified bridge.
– Configure the priority to 4096.
– Configure the forward delay to 20s, namely, 2000 centiseconds.
– Configure the hello time to 3s, namely, 300 centiseconds.
– Configure the maximum aging time to 10s.
l Configure the parameters of a specified port.
– Configure the maximum transmit rate to 5.
– Configure the 0/3/0 port as an edge port.
– Configure the path cost to 200.
– Configure the priority to 64.
– Configure the link connected to the port that can be automatically detected to a point-
to-point link.
huawei(config)#stp enable
huawei(config)#stp mode rstp
huawei(config)#stp bridge-diameter 5
huawei(config)#stp priority 4096
huawei(config)#stp timer forward-delay 2000
huawei(config)#stp timer hello 300
huawei(config)#stp timer max-age 1000
huawei(config)#stp port 0/3/0 transit-limit 5
huawei(config)#stp port 0/3/0 edged-port enable
huawei(config)#stp port 0/3/0 cost 200
huawei(config)#stp port 0/3/0 port-priority 64
huawei(config)#stp port 0/3/0 point-to-point auto
2.5 Configuring RRPP

Rapid Ring Protection Protocol (RRPP) is a link-layer protocol that is used specifically for
Ethernet ring networks. RRPP can prevent the broadcast storm that is caused by data loop when
the Ethernet ring network is complete. When a link on the Ethernet ring network is disconnected,
RRPP can quickly recover the communication on the ring network.
Context
When configuring RRPP, configure the corresponding function for each node on the RRPP ring.
An RRPP domain consists of the RRPP ring, control VLAN, master node, transmit node, primary
port, and secondary port.
Compared with STP, RRPP has the following features:

l The topology convergence is fast. That is, the topology convergence duration is less than
50 ms.

l The topology convergence duration is unrelated to the number of nodes on the ring network.
NOTE
On the ring network, only RRPP or STP can be configured on the same interface. That is, RRPP and STP
cannot be configured on the same interface at the same time.
Networking
Figure 2-8 shows the example network for configuring the RRPP single-ring network.
Figure 2-8 Example network for configuring the RRPP single-ring network
Router
0/2/3
0/2/0 B
0/2/1
UA5000_1
UA5000_2 0/2/1 UA5000_4

0/2/0
0/2/0
0/2/1 UA5000_3
0/2/0 0/2/1
0/11/0
Modem
The area enclosed by dashed PC

lines is the RRPP domain.
The blue circle is the RRPP ring.
The red arrow represents traffic
stream direction.
B : Indicates that port 0/2/1 on UA5000_1 is blocked
when the RRPP network is in the normal state.

Data Plan
Table 2-4 provides the data plan for configuring the RRPP single-ring network.
Table 2-4 Data plan for configuring the RRPP single-ring network
Item Data Remarks
RRPP domain ID 1 All the UA5000s in the same

domain need to be configured
with the same domain ID,
ring ID, and control VLAN.
Control VLAN ID 10 -
Timer Hello timer: 2s Default: 1s.
Fail timer: 7s Default: 3s.
RRPP ring RRPP ring ID: 1 -
RRPP ring level: 0 -
Master node: UA5000_1 -
Transmit nodes: UA5000_2, -

UA5000_3, and UA5000_4
UA5000_1 H612IPMD board -

l Primary port: 0/2/0
l Secondary port: 0/2/1
l Upstream port: 0/2/3
VLAN ID: 20 It must be the same as the

VLAN ID of the upper-layer
device.


device.

ADSL2+ port: 0/11/0 -

device.

Item Data Remarks


device.
Internet access mode Internet access mode: IPoA -
Encapsulation mode: LLC -
Rate of the subscriber line: 2 -

Mbit/s
Gateway IP address: You can log in to the IPM

10.1.1.1/24 system through the serial port
or network port on the
commissioning terminal and
maintain the device normally
through the commissioning
terminal.
Source IP address: The source IP address needs

10.1.1.20/24 to be the same as the IP
address of the modem.
Procedure
l Configure UA5000_1.
1. Configure the RRPP domain and control VLAN of the master node.
huawei(config)#rrpp domain 1
huawei(config-rrpp-region)#control-vlan 10
2. (Optional) Configure the intervals of the hello timer and fail timer of the master node.
huawei(config-rrpp-region)#timer hello-timer 2 fail-timer 7
NOTE
This step is optional. If the intervals are not configured, the default intervals of the hello timer
and fail timer are 1s and 3s respectively in the system.
3. Configure UA5000_1 as the master node on the RRPP ring and specify the primary
and secondary ports.
huawei(config-rrpp-region)#ring 1 node-mode master primary-port 0/2/0
secondary-port 0/2/1 level 0
huawei(config-rrpp-region)#ring 1 enable
huawei(config-rrpp-region)#quit
4. Enable RRPP.
huawei(config)#rrpp enable
5. Create a VLAN and add an upstream port to the VLAN.


6. Add the primary and secondary ports to the VLAN.

huawei(config)#port vlan 20 0/2 0-1
7. Save the data.

huawei(config)#save
NOTE
3. Configure UA5000_2 as the transmit node on the RRPP ring and specify the primary
huawei(config-rrpp-region)#ring 1 node-mode Transit primary-port 0/2/0
4. Enable RRPP.
5. Create a VLAN and add the primary and secondary ports to the VLAN.
6. Save the data.

huawei(config)#save
NOTE
4. Enable RRPP.
6. Add a service port and set the traffic of the service port with default traffic entries.

huawei(config)#service-port vlan 20 adsl 0/11/0 vpi 0 vci 35 rx-cttr 6 tx-

cttr 6
7. Use the default line profile 1 to activate port 0/11/0.

huawei(config)#interface adsl 0/11
huawei(config-if-adsl-0/11)#activate 0 profile-index 1
huawei(config-if-adsl-0/11)#quit
8. Configure the Internet access mode.

huawei(config)#mac-pool 0 0000-0000-0001
huawei(config)#ipoa enable
huawei(config)#ipoa default gateway 10.1.1.1
huawei(config)#encapsulation 0/11/0 vpi 0 vci 35 type ipoa llc srcIP
10.1.1.20
9. Save the data.

huawei(config)#save
NOTE
4. Enable RRPP.
6. Save the data.

huawei(config)#save
----End
Result
l After the configuration is complete:
– Run the display rrpp brief command and you can find that the RRPP network of
UA5000_1 is in the Enable state.
– Run the display rrpp verbose command and you can find that the RRPP ring of
UA5000_1 is in the Complete state.
– Run the display rrpp verbose command and you can find that port 0/2/0 is in the UP
state and port 0/2/1 is in the BLOCKED state on UA5000_1.
state and port 0/2/1 is in the UP state on UA5000_3.

– The user can access the Internet in the IPoA access mode.
l After UA5000_2 is disconnected from UA5000_3:
– Run the display rrpp brief command and you can find that the RRPP network of
UA5000_1 is in the Enable state.
– Run the display rrpp verbose command and you can find that the RRPP ring of
UA5000_1 is in the Failed state.
state and port 0/2/1 is in the UP state on UA5000_1.
– Run the display rrpp verbose command and you can find that port 0/2/0 is in the
DOWN state and port 0/2/1 is in the UP state on UA5000_3.
– The user can still access the Internet in the IPoA access mode.

Configuration Guide-IPM CLI 3 Configuring the xDSL Internet Access Service
3 Configuring the xDSL Internet Access

Service
About This Chapter
xDSL broadband Internet access is applicable in the scenario where the Internet service is
provided through the ordinary twisted pairs. In this scenario, a user can access Internet in IPoE,
PPPoE, IPoA, PPPoA, or 802.1X mode. This topic describes how to configure the Internet access
service on the UA5000 through the xDSL line.
Prerequisite
The xDSL profile for the Internet access service must be created. The xDSL profile refers to the
following ADSL2+ profile, SHDSL profile, and VDSL2 profile.
l Configuring the ADSL2+ Profile
l Configuring the SHDSL Profile
l Configuring the VDSL2 Profile
For the PPPoE or PPPoA Internet access mode, the AAA function must be configured:
l When the UA5000 provides the AAA function, configure the AAA by referring to
"Configuring the AAA."
l When the BRAS provides the AAA function, the connection between the UA5000 and the
BRAS must be set up. The BRAS must identify the VLAN tag carried in the upstream
packets of the UA5000 and you must configure the user account and password on the BRAS
for accessing the Internet through dialup.
Data Preparation
Before configuring an xDSL Internet access service, plan the data items as listed in Table 3-1.

Table 3-1 Data plan for the xDSL Internet access service
Item Data Remarks
UA5000 Access rate Specify an access rate according to the

user requirement. It is recommended
that you set the maximum rate to 2.5
Mbit/s.
Access port Specify an access port according to the

specific network planning.
VPI/VCI The VPI/VCI is valid only for the

ATM access and must be the same as
the VPI/VCI of the interconnected
device.
VLAN planning The VLAN planning must ensure

proper cooperation with the upper-
layer device and thus the upstream
VLAN must be consistent with the
upstream VLAN of the upper-layer
device.
QoS policy According to the general QoS policy

for the entire network, the priority of
an ordinary Internet access service is
lower than the priority of a voice or
video service.
IP address The IP address must be consistent with

the IP address of the upper-layer route.
Upper- The LAN switch transparently -

layer LAN transmits the service packets of the
switch UA5000 on L2.
The VLAN ID must be consistent with
the VLAN ID of the upstream service
packets of the UA5000.

Item Data Remarks
BRAS The BRAS performs the related -

configurations according to the
authentication and accounting
requirements for dialup users. For
example, the BRAS configures the
access user domain (including the
authentication plan, accounting plan,
and authorization plan bound to the
domain) and specifies the RADIUS
server.
If the BRAS is used to authenticate
users, you need to configure the user
name and the password for each user
on the BRAS. If the BRAS is used to
allocate IP addresses, you must
configure an IP address pool on the
BRAS.
Procedure
1. 3.1 Configuring a VLAN
Configuring VLAN is a prerequisite for configuring a service. Hence, before configuring
a service, make sure that the VLAN is configured.
2. 3.2 Configuring an Upstream Port
This topic describes how to add an upstream port for an Internet access service to a VLAN.
3. 3.3 Configuring an xDSL Port
An xDSL port can transmit services only when it is activated. This topic describes how to
bind the port with an xDSL profile and activate an xDSL port.
4. 3.4 Creating an xDSL Service Port
A service port is a service channel connecting the user side to the network side. To provide
services, a service port must be created.
5. 3.5 (Optional) Configuring the xPoA-xPoE Protocol Conversion
Configuring protocol conversion is required only when the encapsulation mode is IPoA or
PPPoA, it is not required when the encapsulation mode is IPoE or PPPoE.


Prerequisites
The VLAN to be added must not exist in the system.
Application Context
VLAN application is specific to user types. For details on the VLAN application, see "Table
3-2."
Table 3-2 VLAN application and planning
User Type Application Scenario VLAN Planning
l Household N:1 scenario, that is, the VLAN type: smart

user of the scenario of upstream VLAN attribute: common
Internet transmission through a
access single VLAN, where the
service services of multiple
l Commercial subscribers are
user of the converged to the same
Internet VLAN.
access
1:1 scenario, that is, the VLAN type: smart
service
scenario of upstream Attribute: stacking
transmission through
double VLANs, where
the outer VLAN tag
identifies a service and
the inner VLAN tag
identifies a user. The
service of each user is
indicated by a unique
SVLAN+CVLAN.
Commercial Public network VLAN type: smart

user of the resources provide a VLAN attribute: QinQ
transparent transparent and secure
transmission data channel for the
service private networks of an
enterprise that are
located at different
places.

Table 3-3 lists the default parameter settings of VLAN.
Table 3-3 Default parameter settings of VLAN
Default VLAN of VLAN ID: 1 You can run the defaultvlan modify
the system Type: MUX VLAN command to modify the VLAN type but
cannot delete the VLAN.
Reserved VLAN VLAN ID range: You can run the vlan reserve command to
of the system 4079-4093 modify the VLAN reserved by the system.
Default attribute Common -

of a new VLAN
Procedure
Run the vlan to create a VLAN. VLANs of different types are applicable to different scenarios.
Table 3-4 VLAN types and application scenarios

Type Command
Standard To add a standard Standard VLAN. Only available to

VLAN VLAN, run the vlan Ethernet ports in a Ethernet ports and is
vlanid standard standard VLAN are applicable to inband
command. interconnected with each network management
other but Ethernet ports and subtending.
in different standard
each other.
Smart To add a smart VLAN, One smart VLAN may Smart VLANs are
VLAN run the vlan vlanid contain multiple xDSL applied in residential
smart command. service ports. The traffic communities to provide
streams of the service xDSL access.
ports are isolated from
each other and the traffic
streams in different
each other. One smart
VLAN provides access
for multiple users and
thus saves VLAN
resources.


Type Command
MUX To add a MUX VLAN, One MUX VLAN MUX VLANs are
VLAN run the vlan vlanid mux contains only one xDSL applicable to xDSL
command. service port. The traffic service access. For
streams in different example, MUX VLANs
VLANs are isolated from can be used to distinguish
each other. One-to-one users.
mapping can be set up
between a MUX VLAN
and an access user.
Hence, a MUX VLAN
can identify an access
user.
Super To add a super VLAN, The super VLAN is based Super VLANs can be
VLAN run the vlan vlanid on layer 3. One super used for the L3
super command. VLAN contains multiple intercommunication and
sub-VLANs. Through an are applicable to the
ARP proxy, the sub- scenario where saving IP
VLANs in a super VLAN addresses and improving
can be interconnected at the usage of IP addresses
layer 3. are required.
For a super VLAN, sub-
VLANs must be
configured. You can run
the supervlan command
to add a sub-VLAN to a
specified super VLAN. A
sub-VLAN must be a
smart VLAN or a MUX
VLAN.
NOTE
l To add VLANs with consecutive IDs in batches, run the vlan vlanid to end-vlanid command.
l To add VLANs with inconsecutive IDs in batches, run the vlan vlan-list command.
Step 2 (Optional) Configure the VLAN attribute.
The default attribute for a new VLAN is "common". You can run the vlan attrib command to
configure the attribute of the VLAN.
Configure the attribute according to VLAN planning.

Table 3-5 VLAN attributes and application scenarios

Attri
bute
Com The default The VLAN with A VLAN with the Applicable to the
mon attribute for a new this attribute can common attribute N:1 access
VLAN is be a standard can function as a scenario.
"common". VLAN, smart common layer 2
VLAN, MUX VLAN or function
VLAN, or super for creating a layer
VLAN. 3 interface.
QinQ To configure QinQ The VLAN with The packets from a Applicable to the
VLA as the attribute of a this attribute can QinQ VLAN enterprise private
N VLAN, run the only be a smart contain two VLAN line scenario.
vlan attrib vlanid VLAN or MUX tags, that is, inner
q-in-q command. VLAN. The VLAN tag from
attribute of a sub the private network
VLAN, the and outer VLAN
VLAN with an L3 tag from the
interface, and the UA5000. Through
default VLAN of the outer VLAN,
the system cannot an L2 VPN tunnel
be set to QinQ can be set up to
VLAN. transparently
transmit the
services between
private networks.


Attri
bute
VLA To configure The VLAN with The packets from a Applicable to the
N stacking as the this attribute can stacking VLAN 1:1 access scenario
Stacki attribute of a only be a smart contain two VLAN for the wholesale
ng VLAN, run the VLAN or MUX tags, that is, inner service or
vlan attrib vlanid VLAN. The VLAN tag and extension of
stacking attribute of a sub outer VLAN tag VLAN IDs.
command. VLAN, the from the UA5000. In the case of a
VLAN with an L3 The upper-layer stacking VLAN, to
interface, and the BRAS configure the inner
default VLAN of authenticates the tag of the service
the system cannot access users port, run the
be set to VLAN according to the stacking label
Stacking. two VLAN tags. In command.
this manner, the
number of access
users is increased.
On the upper-layer
network in the L2
working mode, a
packet can be
forwarded directly
by the outer VLAN
tag and MAC
address mode to
provide the
wholesale service
for ISPs.
NOTE
l To configure attributes for the VLANs with consecutive IDs in batches, run the vlan attribvlanidtoend-
vlanid command.
l To configure attributes for the VLANs with inconsecutive IDs in batches, run the vlan attribvlan-list
command.
Step 3 (Optional) Configure VLAN description.

To configure VLAN description, run the vlan desc command. You can configure VLAN
description to facilitate maintenance. The general VLAN description includes the usage and
service information of the VLAN.
----End
Example
Assume that a stacking VLAN with ID of 50 is to be configured for extension of the VLAN. A
service port is added to VLAN 50. The outer VLAN tag 50 of the stacking VLAN identifies the

access device and the inner VLAN tag 10 identifies the user with access to the device. For the
VLAN, description needs to be configured for easy maintenance. To configure such a VLAN,
do as follows:
huawei(config)#stacking label vlan 50 baselabel 10
huawei(config)#vlan desc 50 description stackingvlan/label10
3.2 Configuring an Upstream Port

This topic describes how to add an upstream port for an Internet access service to a VLAN.
Procedure
Step 1 Configure an upstream port for the VLAN.
Run port vlan command to add the upstream port to the VLAN.
Step 2 Configure the attribute of the upstream port.
If the default attribute of the upstream port does not meet the requirement for interconnection
of the upstream port with the upper-layer device, you need to configure the attribute. For
configuration details, see "Configuring the Attributes of the Upstream Ethernet Port."
Step 3 Configure redundancy backup for the uplink.
To ensure reliability of the uplink, two upstream ports must be available. That is, redundancy
backup of the upstream ports needs to be configured. For details, see "Configuring the Uplink
Redundancy Backup."
----End
Example
Assume that the 0/2/0 and 0/3/0 upstream ports are to be added to VLAN 50. The 0/2/0 and
0/3/0 need to be configured into an aggregation group for double upstream accesses. For the two
upstream ports, the working mode is full-duplex (full) and the port rate is 100 Mbit/s. To
configure such upstream ports, do as follows:
huawei(config-if-ipm-0/2)#link-aggregation 0/2 0 0/3 0 egress-ingress workmode
lacp-static
3.3 Configuring an xDSL Port

An xDSL port can transmit services only when it is activated. This topic describes how to bind
the port with an xDSL profile and activate an xDSL port.
Prerequisites
The xDSL profile is already created.

l Configuring the ADSL2+ Profile

l Configuring the SHDSL Profile
l Configuring the VDSL2 Profile
Context
l Activating (or activation) refers to the training between the ATU-C and the ATU-R. During
the training process, the system checks the line distance and conditions and performs a
negotiation between the ATU-C and the ATU-R to determine whether the port can work
under the conditions as preset in the line profile, such as upstream and downstream line
rates and noise margin.
l If the training is successful, the communication connection is set up between the ATU-C
and the ATU-R, and the devices are ready for service transmission. This state is called the
activated state of a port. That is, services can be transmitted between the xDSL port and
the ATU-R.
l If the ATU-R is online (powered on), the activating process is complete after the training
is successful. If the ATU-R is offline (powered on), the communication connection that is
set up during activation is terminated, and the ATU-C is in the listening state. When the
ATU-R goes online again, the training process begins automatically. When the training is
successful, the port is activated.
l An xDSL port may be in the activating, activated, deactivated, or loopback state. Figure
3-1 shows the inter-conversion between xDSL port states.
Figure 3-1 Inter-conversion between xDSL port states

Supported by SHDSL
The modem is only
undo trained successfully loopback
loopback activate
activating
Local The link is down or the activated Remote
deactivated deactivate
loopback modem is powered off loopback
undo
loopback deactivate loopback
NOTE
By default, the port is not connected to the modem and the port is in the activating state. Ensure that the port is
deactivated before binding a profile to the port.
Procedure
l ADSL access mode
1. Run the interface adsl command to enter the ADSL mode.
2. Run the activate command to activate an ADSL2+ port and bind the port with an
ADSL2+ line profile.
To activate a port, you must bind the port with a line profile. If you do not specify the
index of the line profile, the system uses the template bound with the port last time to
activate the port.
3. Run the alarm-config command to bind an alarm profile to the port.
l SHDSL access mode

1. Run the interface sdl command to enter the SHDSL mode.

2. Run the activate command to activate an SHDSL port and bind the port with an
SHDSL line profile.
To activate a port, you must bind the port with a line profile. If you do not specify the
index of the line profile, the system uses the profile bound with the port last time to
activate the port.
3. Run the alarm-config command to bind an alarm profile to the port.
l VDSL access mode
1. Run the interface vdsl command to enter the VDSL mode.
2. Activate a VDSL port and bind the port with a profile.
– Run the activate portid template-index template-index command to activate a
VDSL2 port and bind the port with a VDSL2 line template.
NOTE
To activate a port, you must bind the port with a line template. If you do not specify the index
of the line template, the system uses the template bound with the port last time to activate the
port.
3. Run the alarm-config command to bind an alarm template to the port.
----End
Example
To activate ADSL2+ port 0/7/0 and bind line profile 2 and alarm profile 2 to it, do as follows:
huawei(config-if-adsl-0/7)#deactivate 0
huawei(config-if-adsl-0/7)#alarm-config 0 2
To activate SHDSL port 0/7/0 and bind line profile 2 and alarm profile 2 to it, do as follows:
huawei(config)#interface sdl 0/7
huawei(config-if-sdl-0/7)#deactivate 0
huawei(config-if-sdl-0/7)#activate 0 2
huawei(config-if-sdl-0/7)#alarm-config 0 2
To activate VDSL2 port 0/7/0 and bind line template 2 and alarm template 2 to it, do as follows:
huawei(config)#interface vdsl 0/7
huawei(config-if-vdsl-0/7)#deactivate 0
huawei(config-if-vdsl-0/7)#activate 0 template-index 2
huawei(config-if-vdsl-0/7)#alarm-config 0 2
3.4 Creating an xDSL Service Port

A service port is a service channel connecting the user side to the network side. To provide
services, a service port must be created.
Context
A service port can carry a single service or multiple services. When a service port carries multiple
services, the UA5000 supports the following modes of traffic classification:

l By user-side VLAN
l By user-side service encapsulation mode
l By user-side packet priority
Table 3-6 lists the default settings of a service port.
Table 3-6 Default settings of a service port
Traffic profile ID 0-6
Maximum number of learnable MAC 255

addresses
Procedure
Step 1 Add a traffic profile.
Run the traffic table command to add a traffic profile. There are seven default traffic profiles
in the system with the IDs of 0-6.
Before creating a service port, run the display traffic table command to check whether the
traffic profiles in the system meet the requirement. If no traffic profile in the system meets the
requirement, add a traffic profile that meets the requirement. For details about the traffic profile,
see "Configuring the Traffic Management Based on the Traffic Profile."
Step 2 Create a service port.
You can choose to create a single service port or multiple service ports in batches according to
requirements.
l Run the service-port command to create a single service port. Service ports are classified
into single-service service ports and multi-service service ports. Multi-service service ports
are generally applied to the triple play service scenario.
– Single-service service ports:
Select single-service or do not input multi-service to create a single-service service
port.
– Multi-service service port based on the user-side VLAN (only for the SHDSL and
VDSL2 services in PTM mode):
Select multi-service user-vlan { untagged | user-vlanid }.
– untagged: When untagged is selected, user-side packets do not carry a tag.
– user-vlanid: When user-vlanid is selected, user-side packets carry a tag and the value
of user-vlanid must be the same as the tag carried in user-side packets. The user-
side VLAN is the C-VLAN.
– By user-side service encapsulation mode
Select multi-service user-encap user-encap.
– By user-side packet priority (802.1p)

Select multi-service user-8021p user-8021p [ user-vlan user-vlanid ].

NOTE
l vlan indicates the S-VLAN. An S-VLAN can only be a MUX VLAN or smart VLAN.
l The access mode can be ATM or PTM. In the ATM access mode, the VPI, VCI, and autosense must
be input and must be the same as the configurations of the access terminal.
l rx-cttr is the same as outbound in terms of meanings and functions. Either of them indicates the index
of the traffic profile from the network side to the user side. tx-cttr is the same as inbound in terms of
meanings and functions. Either of them indicates the index of the traffic profile from the user side to
the network side. The traffic profile bound to the service port is created in Step 1.
l Run the multi-service-port command to create service ports in batches.
Step 3 Configure the attributes of the service port. Configure the attributes of the service port according
to requirements.
l Run the service-port desc command to configure the description of the service port.
Configure description for a service port to facilitate maintenance. In general, configure the
purpose and related service information as the description of a service port.
l Run the mac-address max-mac-count service-port command to set the maximum number
of MAC addresses learned by the service port to restrict the maximum number of PCs that
can access the Internet by using the same account. By default, the maximum number of the
MAC addresses that can be learned by a service port is 255.
----End
Example
The UA5000 provides the Internet access service with the access rate 3072 kbit/s to the user and
a maximum of 2 users can use the same account to access the Internet at the same time. The
query result shows that the system does not have a proper traffic profile. Therefore, a new traffic
profile needs to be created.
To plan data for a household user who accesses the Internet in the ADSL2+ mode, do as follows:
huawei(config)#display traffic table from-index 0
{ <cr>|to-index<K> }:
Command:
display traffic table from-index 0
Traffic parameters for IP service:
-----------------------------------------------------------------------------
TID CAR(kbps) Priority Pri-Policy
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------
Traffic parameters for ATM service:

-----------------------------------------------------------------------------
TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/EPD/SHAPE
Type Type kbps kbps kbps kbps cells 1/10us
-----------------------------------------------------------------------------
0 cbr 2 1024 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--

3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--

4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /off
5 ubr 2 2048 -- -- -- -- -- on /on /--
6 ubr 1 -- -- -- -- -- -- off/off/--
-----------------------------------------------------------------------------
Total Num : 7
Traffic type definition:
1:NoTrafficDescriptor 2:NoClpNoScr 3:ClpNoTaggingNoScr
4:ClpTaggingNoScr 5:NoClpScr 6:ClpNoTaggingScr
7:ClpTaggingScr 8:ClpNoTaggingMcr 9:ClpTransparentNoScr
10:ClpTransparentScr 11:NoClpTaggingNoScr 12:NoClpNoScrCdvt
13:NoClpScrCdvt 14:ClpNoTaggingScrCdvt 15:ClpTaggingScrCdvt
-----------------------------------------------------------------------------
huawei(config)#traffic table ip car 3072 priority 4 priority-policy pvc-
Setting
-----------------------------------------------------------------------------
TD Index : 7
Priority : 4
Priority policy : pvc-pri
CAR : 3072 kbps
EnPPDISC : on
EnEPDISC : on
-----------------------------------------------------------------------------
huawei(config)#mac-address max-mac-count adsl 0/7/0 vpi 0 vci 35 2
A household user requests the Internet access service with the access rate 2048 kbit/s. To
facilitate service expansion in the future, the UA5000 adopts the SHDSL mode to provide the
Internet access service to the user and differentiates users by user-side VLAN (the S-VLAN is
VLAN 50 and the C-VLAN is VLAN 10). Query result shows that the system has a proper traffic
profile. Therefore, the system provisions the Internet access service to the user immediately. To
facilitate maintenance, configure description for the service port.
Command:
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------

-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
0 cbr 2 1024 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /off

5 ubr 2 2048 -- -- -- -- -- on /on /--

6 ubr 1 -- -- -- -- -- -- off/off/--
-----------------------------------------------------------------------------
Total Num : 7
-----------------------------------------------------------------------------
huawei(config)#service-port vlan 50 shdsl mode ptm 0/7/0 multi-service user-vlan
10 rx-cttr 5 tx-cttr 5
huawei(config)#service-port desc 0/7/0 description HW_adsl/VlanID:50/uservlan/10
A household user requests the Internet access service with the access rate 2048 kbit/s. To
facilitate service expansion in the future, the UA5000 adopts the SHDSL mode to provide the
Internet access service to the user. Query result shows that the system has a proper traffic profile.
Therefore, the system provisions the Internet access service to the user immediately. To facilitate
maintenance, configure description for the service port.
Command:
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------

-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
0 cbr 2 1024 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /off
5 ubr 2 2048 -- -- -- -- -- on /on /--
6 ubr 1 -- -- -- -- -- -- off/off/--
-----------------------------------------------------------------------------
Total Num : 7
-----------------------------------------------------------------------------
huawei(config)#service-port vlan 50 shdsl mode ptm 0/7/0 rx-cttr 5 tx-cttr 5
huawei(config)#service-port desc 0/7/0 description HW_shdsl/singleservice/VlanID:50
A commercial user requests the Internet access service with the access rate 8192 kbit/s. To
facilitate service expansion in the future, the UA5000 adopts the VDSL mode to provide the
Internet access service to the user and differentiates users by user-side VLAN (the S-VLAN is

VLAN 50 and the C-VLAN is VLAN 10). Query result shows that the system does not have a
proper traffic profile. The system needs to provide the Internet access service to the user
immediately. To facilitate maintenance, configure description for the service port.
Command:
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------

-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
0 cbr 2 1024 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /off
5 ubr 2 2048 -- -- -- -- -- on /on /--
6 ubr 1 -- -- -- -- -- -- off/off/--
-----------------------------------------------------------------------------
Total Num : 7
-----------------------------------------------------------------------------
Setting
-----------------------------------------------------------------------------
TD Index : 7
Priority : 4
Priority policy : pvc-pri
CAR : 8192 kbps
EnPPDISC : on
EnEPDISC : on
-----------------------------------------------------------------------------
huawei(config)#service-port vlan 50 vdsl mode ptm 0/7/0 multi-service user-vlan
10 rx-cttr 7 tx-cttr 7
huawei(config)#service-port desc 0/7/0 description HW_vdsl/VlanID:50/uservaln:10

3.5 (Optional) Configuring the xPoA-xPoE Protocol

Conversion
Configuring protocol conversion is required only when the encapsulation mode is IPoA or
PPPoA, it is not required when the encapsulation mode is IPoE or PPPoE.
Context
In the xPoA access mode, data cannot be directly transmitted in the IP network, and protocol
conversion is required. IPoA data and PPPoA data can be transmitted in the IP network only
after the IPoA-IPoE protocol conversion and the PPPoA-PPPoE protocol conversion are
performed.
The principles of the IPoA protocol are different from the principles of the PPPoA protocol. In
the PPPoA mode, the BRAS automatically allocates a gateway address to the PPPoA user after
the PPPoA user passes the authentication on the BRAS and dialup is successful. Therefore, the
default gateway address need not be configured in the PPPoA mode. IPoA data is forwarded
according to the route to the destination IP address and the next hop IP address needs to be
configured. Therefore, the default gateway address needs to be configured in the IPoA mode.
Figure 3-2 provides the configuration flow for the xPoA-xPoE protocol conversion.
Figure 3-2 Flowchart for configuring the xPoA-xPoE protocol conversion
IPoA-IPoE protocol conversion PPPoA-PPPoE protocol conversion
Start Start
Configure the MAC address pool Configure the MAC address pool
Configure the IPoA protocol Configure the PPPoA protocol

conversion function conversion function
Configure the encapsulation type of

Configure the default gateway
the user
Configure the encapsulation type of (Optional) Configure the PPPoA-

the user PPPoE MRU negotiation
(Optional) Configure the aging time (Optional) Configure the MAC

of the forwarding entry of IPoA user address allocation mode for the user
End End

Table 3-7 lists the default settings of the xPoA-xPoE protocol conversion.
Table 3-7 Default settings of the xPoA-xPoE protocol conversion
Maximum number of the MAC addresses in the 256

MAC address pool
Status of the IPoA-IPoE protocol conversion Disabled
Aging time of the IPoA user forwarding entry 1200s
Status of the PPPoA-PPPoE protocol conversion Disabled
Status of the MRU negotiation function during the Disabled

PPPoA-PPPoE protocol conversion
User MAC address allocation mode for the PPPoA- Multi-MAC mode
PPPoE protocol conversion
Procedure
l Configure the IPoA-IPoE protocol conversion.
A user can access the Internet in the IPoA mode only after the IPoA-IPoE protocol
conversion is enabled.
1. In the global config mode, run the mac-pool command to configure the MAC address
pool, which is used to allocate source MAC addresses to IPoA users. By default, the
number of the MAC addresses in the MAC address pool is 256, which can be changed
by setting parameter scope.
The MAC address encapsulated into packets during the IPoA-IPoE protocol
conversion is the MAC address allocated to the user from the MAC address pool.
2. Run the ipoa enable command to enable the IPoA-IPoE protocol conversion. By
default, the IPoA-IPoE protocol conversion is disabled.
3. Run the encapsulation command to set the user packet encapsulation mode (select
ipoa as the encapsulation mode).
NOTE
l Configure either the ipoa default gateway command or the dstip parameter in the
encapsulation command. If the UA5000 works in the L2 mode, set the IP address of the
upper-layer router as the default gateway. If the UA5000 works in the L3 mode, set the IP
address of the L3 interface corresponding to the UA5000 as the default gateway.
l IPoA encapsulation is not supported in the single-PVC for multiple services application.
l To switch the encapsulation mode from PPPoA to IPoA, you must change the encapsulation
mode to llc bridge first and then perform switching.
4. Run the ipoa expire-time command to set the aging time of the IPoA user forwarding
entry. By default, the aging time of the IPoA user forwarding entry is 1200s. The
default value is recommended.

l Configure the PPPoA-PPPoE protocol conversion.
A user can access the Internet through the PPPoA dialup only after the PPPoA-PPPoE
protocol conversion is enabled.
1. In the global config mode, run the mac-pool command to configure the MAC address
pool, which is used to allocate source MAC addresses to PPPoA users. By default, the
number of the MAC addresses in the MAC address pool is 256, which can be changed
by setting parameter scope.
The MAC address encapsulated into packets during the PPPoA-PPPoE conversion is
the MAC address allocated to the user from the MAC address pool.
2. Run the pppoa enable command to enable the PPPoA-PPPoE protocol conversion.
By default, the PPPoA-PPPoE protocol conversion is disabled.
3. Run the encapsulation command to set the user packet encapsulation mode (select
pppoa as the encapsulation mode).
NOTE
l PPPoA encapsulation is not supported in the single-PVC for multiple service or QinQ VLAN
application.
l To switch the encapsulation mode from IPoA to PPPoA, you must change the encapsulation
mode to llc bridge first and then perform switching.
4. Run the pppoa mru command to enable PPPoA-PPPoE MRU negotiation. By default,
the PPPoA-PPPoE MRU negotiation is disabled. Enable or disable the PPPoA-PPPoE
MRU negotiation according to the packet processing conditions.
– When the MRU negotiation is disabled, the PC initiates the PPPoE connection and
negotiates according to the 1492-byte MRU. In this case, packets need to be
segmented and reassembled.
– When the MRU negotiation is enabled, the UA5000 identifies the PPPoA-PPPoE
converted packets, adds a tag to the packets and then sends them to the upper-layer
BRAS. Then, the BRAS negotiates with the CPE according to the 1500-byte MRU.
In this manner, the MTU between the CPE and the BRAS is equal to the standard
Ethernet MTU. In this case, the packets need not be segmented or reassembled.
5. Run the pppoa mac-mode command to set the user MAC address allocation mode
for the PPPoA-PPPoE protocol conversion. By default, the user MAC address
allocation mode is the multi-mac mode. The single-mac mode can improve security.
Select this mode according to the MAC address allocation mode of PPPoA users.
– In the multi-MAC allocation mode (the multi-mac mode), PPPoE user are
authenticated on the BRAS using their respective MAC address, and PPPoA users
are allocated different MAC addresses and are authenticated on the BRAS using
these MAC addresses as source MAC addresses.
– In the single-MAC allocation mode (the single-mac mode), the source MAC
address for any PPPoA session of each board is the specified MAC address in the
system.
----End
Example
The UA5000 works in the L2 mode, the default gateway is the same as the IP address of the
upper-layer router, which is 10.1.1.1, and the IPoA service encapsulation mode is LLC.

To enable the IPoA-IPoE conversion with the start MAC address 0000-0000-0001 in the MAC
address pool that contains 200 MAC addresses, do as follows:
huawei(config)#mac-pool 0000-0000-0001 200
huawei(config)#encapsulation 0/7/0 vpi 0 vci 35 type ipoa llc srcIP 10.1.1.20
The PPPoA service encapsulation mode is LLC, and, to improve security, the user MAC address
allocation mode is the single-MAC mode.
To enable the PPPoA-PPPoE protocol conversion with the start MAC address 0000-1010-1000
in the MAC address pool that contains 200 MAC addresses, do as follows:
huawei(config)#mac-pool 0000-1010-1000 200
huawei(config)#pppoa enable
huawei(config)#encapsulation 0/7/0 vpi 0 vci 35 type pppoa llc
huawei(config)#pppoa mac-mode single-mac

Configuration Guide-IPM CLI 4 Configuring the Multicast Service
4 Configuring the Multicast Service
About This Chapter
This topic describes how to configure the multicast service on a standalone UA5000 Universal
Access Unit, and on the UA5000 Universal Access Unit in a subtending network.
Context
The multicast service of the UA5000 is widely used in streaming media, distance learning, video
conferencing, video multicasting, Web TV, online game, Internet data center (IDC), and other
point-to-multipoint data transmission.
In terms of multicast processing mode, the UA5000 supports the IGMP proxy and IGMP
snooping L2 multicast protocols. IGMP proxy and IGMP snooping both support multicast video
data forwarding; however, the two modes have different processing mechanisms.
l IGMP snooping obtains related information and maintains the multicast forwarding entries
by listening to the IGMP packets in the communication between the user and the multicast
router.
l IGMP proxy intercepts the IGMP packets between the user and the multicast router,
processes the IGMP packets, and then forwards the IGMP packets to the upper-layer
multicast router. For the multicast user, the UA5000 is a multicast router that implements
the router functions in the IGMP protocol; for the multicast router, the UA5000 is a
multicast user.
4.1 Default Settings of the Multicast Service

This topic provides the default settings of the multicast service supported by the UA5000,
including the configuration of multicast mode, authentication function, multicast bandwidth
management, multicast preview, and multicast log function.
4.2 Configuring the Multicast Service on a Single-NE Network

This topic describes how to configure the multicast service for an xDSL user of a standalone
UA5000 Universal Access Unit.
4.3 Configuring the Multicast Service in a Subtending Network

This topic describes how to configure the multicast service for an xDSL user of the UA5000
Universal Access Unit in a subtending network.

4.4 Configuring the Multicast Service in an RSTP Network

Universal Access Unit in an RSTP network.

4.1 Default Settings of the Multicast Service

This topic provides the default settings of the multicast service supported by the UA5000,
including the configuration of multicast mode, authentication function, multicast bandwidth
management, multicast preview, and multicast log function.
Context
Table 4-1 lists the default settings of the multicast service of the UA5000.
Table 4-1 Default settings of the multicast service of the UA5000
Feature Default Setting
Multicast mode Proxy
Authentication function enable
Multicast bandwidth management enable
Multicast preview enable
Multicast log function enable
4.2 Configuring the Multicast Service on a Single-NE

Network
This topic describes how to configure the multicast service for an xDSL user of a standalone
UA5000 Universal Access Unit.
Application Context
The multicast service of the UA5000 is widely used in streaming media, distance learning, video
conferencing, video multicasting (Web TV), online game, Internet data center (IDC), and other
point-to-multipoint data transmission.
Currently, the multicast application of the UA5000 is oriented to L2, and the UA5000 forwards
data based on VLAN ID + multicast MAC address. A multicast program on the network is
identified by VLAN ID + multicast IP address uniquely. The UA5000 differentiates multicast
sources by VLAN ID. It allocates a unique VLAN ID to each multicast source, controls the
multicast domain and the user rights based on the multicast VLAN ID, and provides a platform
for different ISPs to implement different multicast video services.
Prerequisites
The license for the multicast program or the multicast user must be applied for and installed.

Data Preparation
Before configuring the multicast video service, plan the data items as listed in Table 4-2.
Table 4-2 Data plan for configuring the multicast service on a standalone UA5000 Universal
Access Unit
Device Item Remarks
UA5000 User VLAN -
L2 multicast protocol IGMP proxy and IGMP snooping

are supported.
IGMP version IGMP V3 and IGMP V2 are

supported and IGMP V3 is
compatible with IGMP V2.
Configuration mode of the multicast -

program
Multicast general query and group- The default values are adopted. For
specific query parameters the default settings, see
"Configuring Global Multicast
Parameters."
Program list -
User authentication policy -
Program bandwidth, upstream port -

bandwidth, and user bandwidth
Multicast log policy Multicast logs can be reported to

the log server in the syslog mode or
in the CDR mode.
Upper-layer IGMP version The IGMP version of the upper-

multicast layer multicast router cannot be
router earlier than the IGMP version used
by the UA5000.
Home gateway IGMP version The IGMP version of the CPE

or modem cannot be earlier than the IGMP
version used by the UA5000.
4.2.1 Configuring Global Multicast Parameters

The general parameters of L2 multicast protocols (including IGMP proxy and IGMP snooping)
configured globally for a device are applicable to all the multicast VLANs of the device.
Context
Table 4-3 lists the default settings of global multicast parameters.

Table 4-3 Default settings of global multicast parameters
Number of programs with license 1024
IGMP mode Proxy
Authentication function Enable
Default video VPI 0
Default video VCI 35
Default 802.1p priority 6
Default encapsulation mode on the user side ipoe
Default user VLAN 1
System robustness factor 2
Interval of the general query (unit: second) 125
Maximum response time to the general query (unit: 0.1s) 100
Interval of the group-specific query (unit: 0.1s) 10
Maximum response time to the group-specific query (unit: 8

0.1s)
Number of group-specific queries 2
Aging time of the V1 router (unit: second) 400
Interval of unsolicited report (unit: second) 10
Upstream port mode Program binding mode
Log function Enable
User activity report function Disable
Preview function Enable
Recognition time (unit: second) 30
Automatic preview count clearing time 04:00:00
Automatic log generation interval (unit: hour) 2
Rights mode Profile mode
Bandwidth management function Enable
Available bandwidth for the user (unit: %) 100
CDR function Disable

Threshold of the duration for the CDR automatic report 600

(unit: second)
Threshold of the CDR automatic report count 200
Proxy function of the report packet Disable
Proxy function of the leave packet Disable
Querier function Disable
User aging time (unit: second) 150
The purposes and principles of the general query and the group-specific query are as follows:
For the general query:
l Purpose: A general query packet is periodically sent by the UA5000 to check whether there
is any multicast user who leaves the multicast group without sending the leave packet.
Based on the query result, the UA5000 periodically updates the multicast forwarding table
and releases the bandwidth of the multicast user who has left the multicast group.
l Principles: The UA5000 periodically sends the general query packet to all the online IGMP
users. If the UA5000 does not receive the response packet from a multicast user within a
specified time (robustness variable x interval of the general query + maximum response
time of the general query), it regards the user as having left the multicast group and deletes
the user from the multicast group.
For the group-specific query:
l Purpose: A group-specific query packet is sent by the UA5000 after a multicast user who
is not configured with the quick leave attribute sends the leave packet. The group-specific
query packet is used to check whether the multicast user has left the multicast group.
l Principles: When a multicast user leaves a multicast group, for example, switches to another
channel, the user sends a leave packet to the UA5000 in an unsolicited manner. If the
multicast user is not configured with the quick leave attribute, the UA5000 sends a group-
specific query packet to the multicast group. If the UA5000 does not receive the response
packet from the multicast user within a specified time (robustness variable x interval of the
group-specific query + maximum response time of the group-specific query), it deletes the
multicast user from the multicast group.
For the general query, the UA5000 queries the multicast packets of all the users. For the group-
specified query, the UA5000 queries the multicast packets of the user who watches the specified
multicast program.
Table 4-4 lists the default settings of global multicast parameters. In actual application, you can
change the settings according to your data plan.

Table 4-4 Default settings of general query and group-specific query parameters
General query parameter Query interval: 125s

Maximum response time: 10s
Robustness variable (query count): 2
Group-specific query parameter Query interval: 1s

Maximum response time: 0.8s
Robustness variable (query count): 2
Procedure
Step 1 Configure general query parameters.
1. Run the igmp proxy router gen-query-interval command to set the interval of the general
query. By default, the interval is 125s.
2. Run the igmp proxy router gen-response-time command to set the maximum response
time of the general query. By default, the time is 10s.
3. Run the igmp proxy router robustness command to set the count of the general query.
By default, the count is 2.
Step 2 Configure group-specific query parameters.
1. Run the igmp proxy router sp-query-interval command to set the interval of the group-
specific query. By default, the interval is 1s.
2. Run the igmp proxy router sp-response-time command to set the maximum response
time to the group-specific query. By default, the time is 0.8s.
3. Run the igmp proxy router sp-query-number command to set the count the group-
specific query. By default, the count is 2.
Step 3 Run the display igmp config command to check whether the parameters are configured
correctly.
----End
Example
To configure the multicast general query parameters by setting the query interval to 150s,
maximum response time to 20s, and query count to 3, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy router gen-query-interval 150
huawei(config-btv)#igmp proxy router gen-response-time 200
huawei(config-btv)#igmp proxy router robustness 3
To configure the multicast group-specific query parameters by setting the query interval to 20s,
maximum response time to 10s, and query count to 3, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp proxy router sp-query-interval 200
huawei(config-btv)#igmp proxy router sp-response-time 100
huawei(config-btv)#igmp proxy router sp-query-number 3

4.2.2 Configuring the Multicast Program

When adding programs, you need to configure the attributes of the programs, such as program
name, multicast IP address, upstream port bound to the program, and program VLAN.
Context
l A program name contains a maximum of 16 characters and cannot contain Chinese
characters.
l The multicast IP addresses in the segment from 224.0.0.1 to 224.0.0.255 are used as the
private addresses for transmitting the protocol packets of the local network segments. The
IP addresses in this segment cannot be assigned to multicast programs.
l The last 23 bits of a multicast IP address cannot be the same for different multicast
programs. Otherwise, the multicast MAC addresses mapping to the IP addresses will
conflict.
l When PVC prioritization is enabled, the priorities of the multicast programs delivered over
the PVC do not take effect.
l Table 4-5 lists the default settings of multicast parameters, such as the multicast upstream
port mode and L2 multicast mode.
Table 4-5 Default settings of multicast parameters
Multicast upstream port mode program
L2 multicast mode Proxy
Procedure
Step 1 Create a program VLAN.
1. Run the vlan command to create a program VLAN and configure the VLAN type according
to application requirements. For details, see "Configuring the VLAN."
2. Run the port vlan command to add the upstream port to the program VLAN.
Step 2 Configure the multicast upstream port.

1. Run the igmp uplink-port command to specify the multicast upstream port and configure
its bandwidth. Then, all the packets from the VLAN corresponding to the upstream port
are forwarded and received through this upstream port.
2. In the BTV mode, run the igmp uplink-port-mode command to change the mode of the
multicast upstream port. The default mode is program. For the RSTP networking, the RSTP
mode is used; for the RRPP networking, the RRPP mode is used.
l program: Indicates the program mode. The upstream port is bound when you add the
program. Protocol packets are sent upstream through this port. You can run the igmp
program add [ name name ] ip ip-addr vlan vlanid [ bind frameid/slotid/portid ]
[ hostip ip-addr ] command to bind the upstream port when adding the program; or run

the igmp program modify [ name name ] ip ip-addr vlan vlanid [ bind frameid/slotid/
portid ] command to change the upstream port bound to the program.
l rstp: Indicates the RSTP mode. The IGMP upstream port is the root port used by RSTP.
You can run the display stp command to query the root port of the device.
l rrpp: Indicates the RRPP mode. The IGMP upstream port is the primary port used by
RRPP. You can run the display rrpp verbose domain command to query the current
primary port of the device.
NOTE
RRPP refers to Rapid Ring Protection Protocol. When RRPP is used, the ring network is formed by
the device and the redundancy links are retained. When a link on the ring network is faulty, the service
is automatically switched to the standby link. On the RRPP ring network, the upstream port on the
device must work in the RRPP mode. This ensures that the multicast upstream port can be switched
when the link is switched. In this manner, the continuity of the multicast service is ensured.
Step 3 Configure the multicast programs.

l Configure the program list for the multicast VLAN in advance and bind the rights profile
to the program to manage the programs.
1. In the BTV mode, run the igmp program add [name name ] ip ip-addr vlan vlanid bind
frameid/slotid/portid [ hostip ip-addr ] command to add a multicast program.
2. Bind the rights profile to the program.
In the BTV mode, run the igmp profile command to bind the rights profile to the program
and set the rights to watch the program.
NOTE
If a user is bound with multiple rights profiles but the rights to a program are different in these profiles,
the user uses the rights with the highest priority. You can run the igmp right-priority command to
adjust the priorities of the four rights: watch, preview, forbidden, and idle. By default, the priorities
of the four rights are forbidden > preview > watch > idle.
Step 4 Select the multicast mode.
Run the igmp mode { proxy | snooping | off } command to select the L2 multicast mode. By
default, the IGMP proxy mode is used.
In the IGMP snooping mode, proxy can be enabled for the report packet and leave packet. When
a multicast user joins or leaves a multicast program, the UA5000 can implement IGMP proxy.
IGMP snooping and IGMP proxy are controlled separately.
l Run the igmp report-proxy enable command to enable the proxy of the snooping report
packet. When the first user requests for a program, after authenticating the user, the
UA5000 sends the user report packet to the network side and obtains a corresponding
multicast stream from the multicast router. The UA5000 does not send the report packets
from the subsequent users for joining the same program to the network side any more.
l Run the igmp leave-proxy enable command to enable the proxy of the snooping leave
packet. When the last user requests for leaving a program, the UA5000 sends the user leave
packet to the network side and notifies the upper-layer device of stopping sending multicast
streams. The UA5000 does not send the leave packets from the users before the last user to
the network side.
Step 5 Change the priority for forwarding IGMP packets.
The priority of IGMP packets is a fixed value, which cannot be changed.

Step 6 Check whether the configuration is correct.

l Run the display igmp config command to query the multicast attributes.
l Run the display igmp program command to query the multicast program.
----End
Example
Assume that the VLAN ID is 101, the IP address of the program is 224.1.1.1, the program
bandwidth is 5000 kbit/s, the multicast upstream port is 0/3/0, and the IGMP proxy is enabled.
To configure a program with these attributes, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp uplink-port 0/3/0
huawei(config-btv)#igmp program add name movie ip 224.1.1.1 vlan 101 bind 0/3/0
bandwidth 5000 hostip 10.0.0.254
huawei(config-btv)#igmp mode proxy
Are you sure to change IGMP mode?(y/n)[n]:y
4.2.3 Configuring the Multicast User

This topic describes how to configure the multicast user and the related user rights for providing
the multicast service.
Prerequisites
Before configuring the multicast user, you must create a service channel. The procedure is as
follows:
1. Run the vlan command to add a VLAN.

2. (Optional) Run the port vlan command to configure the upstream port.
NOTE
In the IGMP proxy mode, you need not add the upstream port to the user-side VLAN.
3. Run the service-port command to create an xDSL traffic stream.
4. (Optional) Run the igmp video-port command to configure a video service port for
transmitting multicast video streams. If the PVC is not set when a user is added, the default
multicast service port can transmit IGMP packets.
NOTE
This step is mandatory when you need to create an xDSL traffic stream whose parameter values are
the same as those set by running the igmp video-port command.
NOTE
l The multicast service supports the IPoE and PPPoE user access modes but does not support the IPoA
or PPPoA user access mode.
l Multicast video streams can be transmitted only if there is a traffic stream whose parameter values set
by running the service-port command are the same as those set by running the igmp video-port
command.

Context
Add a multicast user and bind the rights profile to the multicast user to implement multicast user
authentication.
Table 4-6 lists the default settings of the attributes related to the multicast user.
Table 4-6 Default settings of the attributes related to the multicast user
Limitation on the number of programs Maximum number of programs that can be watched
that can be watched by the multicast concurrently: 1
user
Quick leave mode of the multicast user mac-based
Function of global multicast user enable

authentication
Procedure
Step 1 In the global config mode, run the btv command to enter the BTV mode.
Step 2 Configure the multicast user and the multicast user attributes.
1. Add a multicast user.
Run the igmp user add command to add a multicast user.

2. Configure the maximum number of programs that can be watched by the multicast user.
Run the igmp user add port frameId/slotId/portId { auth | no-auth } [ max-
programmax-program-num ] command to set the maximum number of programs that can
be watched by the multicast user concurrently. A maximum of eight programs can be
watched by the multicast user concurrently. By default, the system supports one program.
3. Set the quick leave mode of the multicast user.
Run the igmp user add port frameId/slotId/portId { auth | no-auth } quickleave
{ disable | immediate | mac-based } command to set the leave mode of the multicast user.
By default, the leave mode is the mac-based mode.
l disable: After receiving the leave request packet of the multicast user, the system sends
ACK packets to confirm that the multicast user leaves, and then deletes the multicast
user from the multicast group.
l immediate: After receiving the leave request packet of the multicast user, the system
immediately deletes the multicast user from the multicast group.
l mac-based: Indicates the quick leave mode based on the MAC address. The system
detects the MAC address in the leave packet of the user.
– If the MAC address in the leave packet received by the system is the MAC address
of the last user who watches the multicast program in the multicast group, the system
immediately deletes the multicast user from the multicast group.

– If the MAC address in the leave packet received by the system is not the MAC
address of the last user who watches the multicast program in the multicast group,
the system only makes the user with the corresponding MAC address go offline. In
this case, the user port need not go offline and the users with other MAC addresses
can go on watching this program.
This parameter is applicable to the scenario that the users of multiple terminals watch
the multicast program.
Step 3 Configure the multicast user authentication.
By default, the system does not authenticate the multicast user. To control the rights of a multicast
user, you can enable the multicast user authentication function.
1. Configure the multicast user authentication function.
Run the igmp user add port frameId/slotId/portId { auth | no-auth } command to
configure whether to authenticate a multicast user.
NOTE
After configuring multicast user authentication, you need to enable the global authentication function
to make the configuration take effect. By default, the global authentication function of multicast user
is enabled. You can run the igmp proxy authorization command to change the configuration.
2. Bind the rights profile to the multicast user. Binding the rights profile to the multicast user
implement user authentication.
Run the igmp user bind-profile command to bind the rights profile to the multicast user.
After the binding, the multicast user has the rights to the programs as configured in the
profile.
Step 4 Run the display igmp user all command to check whether the related multicast user is
configured correctly.
----End
Example
Assume that multicast user (port) 0/11/1 with VPI/VCI 0/35 is added to multicast VLAN 101,
the user authentication and the log report are enabled, the maximum number of programs that
can be watched is set to 6, and rights profile music is bound to the user. To perform the
configurations, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp video-port vpi 0 vci 35
huawei(config-btv)#igmp user add port 0/11/1 auth max-program 6
huawei(config-btv)#igmp user add smart-vlan 101 auth log enable
huawei(config-btv)#igmp profile rename profile1 music
huawei(config-btv)#igmp user bind-profile smart-vlan 101 profile-name music
4.2.4 (Optional) Configuring the Multicast Bandwidth

To limit the multicast bandwidth of a user, you can enable multicast bandwidth management
function, that is, control the bandwidth of a multicast user by setting the program bandwidth.
Context
If the multicast bandwidth management function is enabled and a user requests a multicast
program, the system compares the remaining bandwidth of the user (bandwidth configured for

the user - total bandwidth of the online programs of the user) with the bandwidth of the multicast
program. If the remaining bandwidth of the user is sufficient, the system adds the user to the
multicast group. If the bandwidth is insufficient, the system does not respond to the request of
the user.
If the multicast bandwidth management function is disabled, the system does not guarantee the
bandwidth of the multicast program. When the bandwidth is not guaranteed, problems such as
mosaic and delay occur in the multicast program.
Table 4-7 lists the default settings of the multicast bandwidth management parameters.
Table 4-7 Default settings of the multicast bandwidth management parameters
CAC function enable
Bandwidth of the multicast 5000 kbit/s

program
Procedure
Step 2 Enable the global CAC function.
By default, the global CAC function is already enabled. You can run the igmp bandwidthCAC
{ enable | disable } command to change the setting.
Step 3 Configure the bandwidth of the multicast program.
Run the igmp program add ip ip-addr vlan vlanid bandwidth bandwidth command to
configure the bandwidth of a multicast program.
Step 4 Check whether the multicast bandwidth configuration is correct.

l Run the display igmp config command to check the status of the global CAC function.
l Run the display igmp program command to query the bandwidth of the multicast program.
----End
Example
To enable the bandwidth management function of the multicast user, add multicast user 0/11/1
with maximum number of programs that can be watched concurrently to 6, and set the bandwidth
of program 224.1.1.1 to 1 Mbit/s, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp bandwidthcAC enable
huawei(config-btv)#igmp user add port 0/11/1 auth max-program 6
huawei(config-btv)#igmp program add ip 224.1.1.1 vlan 101 bandwidth 1024

4.2.5 (Optional) Configuring Multicast Preview

Multicast preview is an advertising method provided by carriers for ISPs. This allows users to
have an overview of a program in a controlled manner before the user requests for the program.
In other words, the duration, interval, and count of the user previews are controlled.
Prerequisites
The program matching mode of the user VLAN must be the static configuration mode.
Context
The difference between program preview and normal program watching is that, after the user
goes online, the duration of the preview is restricted. When the duration expires, the user cannot
preview the program any more. The user can request for the program again only after the preview
interval expires. This interval is the minimum interval between two preview attempts set in the
system. The count by which the user can request for the program within a day (the start time can
be configured) is restricted by the preview count of the user.
Table 4-8 lists the default settings of the multicast preview parameters.
Table 4-8 Default settings of the multicast preview parameters
Global multicast preview enable

function
Time for resetting the preview 4:00:00

record
Valid duration of multicast 30s

preview
Procedure
Step 2 Enable the global multicast preview function.
By default, the global multicast preview function is enabled. You can run the igmp preview {
enable | disable } command to change the setting.
Step 3 Change the time for resetting the preview record.
Run the igmp preview auto-reset-time command to change the time for resetting the preview
record. The preview record of the user remains valid within one day. On the second day, the
preview record is reset. By default, the system resets the preview record at 4:00:00 a.m.
Step 4 Modify the valid duration of multicast preview.
Run the igmp proxy recognition-time command to modify the valid duration of multicast
preview. If the actual preview duration of the user is shorter than the valid duration, the preview

is not regarded as a valid one and is not added to the preview count. By default, the valid duration
of multicast preview is 30s.
Step 5 Run the display igmp config command to check whether the values of the multicast preview
parameters are correct.
----End
Example
To enable the multicast preview function, set the time for resetting the preview record to 5:00:00,
and set the valid duration of multicast preview to 40s, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp preview enable
huawei(config-btv)#igmp preview auto-reset-time 5:00:00
huawei(config-btv)#igmp proxy recognition-time 40
4.2.6 (Optional) Configuring the Program Prejoin

In program prejoin, the UA5000 applies for multicast stream of a program and receives in
advance the multicast stream of the program from the upper-layer multicast router to the
upstream port before a user sends a request to join a program, thus shortening the waiting time
of the user for requesting for the program.
Prerequisites
The multicast program must exist on the network and the IP address of the multicast program
must be known.
Context
Multicast program prejoin is the same as program request. The UA5000 plays the role of a user
and sends the report packet for receiving in advance the multicast stream from the upper-layer
multicast router to the upstream port.
After the prejoin function is enabled, if the upper-layer multicast router does not support static
multicast entry forwarding, the unsolicited report function needs to be enabled so that the user
can request for the program quickly. Generally, the upper-layer multicast router processes the
user request by responding to the group-specific query and the general query.
Table 4-9 lists the default settings of program prejoin parameters.
Table 4-9 Default settings of program prejoin parameters
Program prejoin function disable
Unsolicited report of IGMP packets disable

Procedure
Step 1 Enable the program prejoin function.
Run the igmp program add [ name name ] ip ip-addr vlan vlanid [ bind frameid/slotid/
portid ] prejoin enable command to enable the program prejoin function. By default, this
function is disabled.
Step 2 After the program prejoin function is enabled, if the upper-layer multicast router does not support
static multicast entry forwarding, the unsolicited report function of IGMP packets needs to be
enabled.
l Run the igmp program add [ name name ] ip ip-addr vlan vlanid [ bind frameid/slotid/
portid ] unsolicited enable command to enable the unsolicited report function of IGMP
packets. By default, this function is disabled.
l Run the igmp proxy router report-interval command to change the interval of the
unsolicited report of IGMP packets. By default, the interval is 10s.
Step 3 Check whether the prejoin function is configured correctly.

l Run the display igmp program command to query the status of the program prejoin function
and the unsolicited report function.
l Run the display igmp config command to query the interval of the unsolicited report.
----End
Example
To enable the program prejoin function when adding a program whose IP address is 224.1.1.1,
do as follows:
huawei(config-btv)#igmp program add ip 224.1.1.1 vlan 101 prejoin enable
4.2.7 (Optional) Configuring the Multicast Log

The multicast log provides a criterion for carriers to evaluate the viewership of multicast
programs.
Prerequisites
If the multicast log is reported in the syslog mode, the syslog server must be configured properly.
Context
The multicast log involves the multicast log of the multicast user and the multicast log of the
multicast program. The system generates logs only when the log functions of both the multicast
user and the multicast program are enabled.
If the user stays online longer than the valid log generation time, the system generates logs in
any of the following conditions: when the user goes offline naturally, forcibly, or abnormally;
when the user is blocked or deleted; when the program is deleted; when the program priority is
changed; when the upstream port to which the program is bound is changed; when the VLAN
of the upstream port to which the program is bound is changed; when the user preview times
out; when the IGMP mode is switched; when the rights mode is switched; when the bandwidth
CAC fails.

The system supports a maximum of 10240 logs. When the user goes online, the system records
only the online date and time. The system generates a complete log only when the user goes
offline.
The UA5000 can report the multicast log to the log server in the syslog mode and the call detailed
record (CDR) mode. By default, the UA5000 reports the log in the syslog mode.
l syslog mode: Logs are reported to the syslog server in the form of a single log.
l CDR mode: Logs are reported to the log server in the form of a log file (.cvs). One log file
contains multiple logs.
Table 4-10 lists the default settings of multicast log parameters.
Table 4-10 Default settings of multicast log parameters
Report mode of the multicast log syslog mode
Log function of the multicast user enable
Log function of the multicast program enable
Interval of automatic log generation 2 hours
Minimum online duration for 30s

generating a valid log
Parameters of the log report in the Report interval: 600s

CDR mode Maximum number of logs that can be reported each
time: 200
Procedure
l Configure the parameters of the log generation function of the multicast host.
1. Enable the multicast log generation function.
The multicast log involves the multicast log of the multicast user and the multicast
log of the multicast program. The system generates logs only when the log functions
of both the multicast user and the multicast program are enabled. By default, the log
functions of both the multicast user and the multicast program are enabled.
– Run the igmp user add port frameId/slotId/portId { auth | no-auth } log
{ enable | disable } command to enable the log function of the multicast user.
– Run the igmp program add ip ip-addr vlan vlanid log { enable | disable }
command to enable the log function of the multicast program.
2. Change the interval of automatic log generation.
Run the igmp proxy log-interval command to change the interval of automatic log
generation. When the user stays online for a long time, the system generates logs at
preset intervals. This prevents the problem that a log is not generated when the user

leaves the multicast group without sending the leave packet, which can affect the
accounting. By default, the interval is two hours.
3. Change the minimum online duration for generating a valid log.
Run the igmp proxy recognition-time command to change the minimum online
duration for generating a valid log. If the user is in a multicast group (such as to preview
a program) for shorter than the preset duration, the user operation is not regarded as
a valid one and a log is not generated. A log is generated only when a user stays online
for longer than the specified duration. By default, the duration is 30s.
l Configure the multicast log report function in the CDR mode.
1. Enable the multicast log report function in the CDR mode.
Run the igmp cdr { enable | disable } command to enable the multicast log report
function in the CDR mode. After the function is enabled, the UA5000 reports local
multicast logs to the multicast log server in the form of a file. After the function is
disabled, the UA5000 reports each single log to the syslog server in the default syslog
mode.
2. Configure the parameters of the multicast log report in the CDR mode.
– Run the igmp cdr-interval command to set the interval of the multicast log report
in the CDR mode. By default, the interval is 600s.
– Run the igmp cdr-number command to set the maximum number of logs that can
be reported each time. When the number of multicast logs in the CDR file reaches
the preset value, the UA5000 reports the logs. By default, the maximum number
is 200.
3. Check whether the configuration is correct.
Run the display igmp config command to query the status and other parameters of
the multicast log report in the CDR mode.
----End
Example
To enable the IGMP proxy log function and configure the automatic log generation interval to
one hour, do as follows:
huawei(config)#btv
huawei(config-btv)#igmp cdr enable
huawei(config-btv)#igmp proxy log-interval 1
4.3 Configuring the Multicast Service in a Subtending

Network
Universal Access Unit in a subtending network.
Application Context
Figure 4-1 shows the application context of the multicast service in a subtending network. When
a subtended device needs to provide the multicast service, the subtending port on the subtending

device needs to be configured as a multicast subtending port. In this way, the subtending device
regards the subtended device as an IGMP user.
Figure 4-1 Application context of multicast service in a subtending network
Multicast Server
Router
I
P C
M S
D R
0/3/0 B
0/3/1 UA5000_A
I
P C
M S
D R
0/3/0 B
0/3/1 UA5000_B
0/15
Modem Modem
PC PC
Precautions
l The multicast program list of the subtending device must cover the multicast program list
of the subtended device.
l In this network, the UA5000 Universal Access Unit functions as a subtending device, and
the program VLANs of the subtending device and subtended device must be the same.

Procedure
The procedure for configuring the subtended device is the same as described in 4.2 Configuring
the Multicast Service on a Single-NE Network.
The procedure of configuring the subtending device is as follows:
1. For details on configuring the multicast service, see "4.2 Configuring the Multicast
Service on a Single-NE Network."
2. Configure the multicast subtending port.
Run the igmp cascade-port frameid/slotid/portid command to configure the subtending
port as the multicast subtending port. The multicast upstream port cannot be configured as
a multicast subtending port.
3. When the subtended device requires the quick leave function of the multicast user, run the
igmp cascade-port frameid/slotid/portid quickleave enable command to enable the quick
leave attribute on the multicast subtending port.
NOTICE
If the lower-layer device does not support the proxy of the IGMP leave packet, all the users
requesting the program may go offline when a user requesting the same program goes
offline. Therefore, when the quick leave attribute is enabled on the multicast subtending
port, it is recommended that the lower-layer device use the IGMP proxy function, or switch
to the IGMP snooping mode with the IGMP leave packet proxy function enabled.
4.4 Configuring the Multicast Service in an RSTP Network

Universal Access Unit in an RSTP network.
Prerequisites
The required parameters have been configured for the RSTP ring network. For details, see
Configuring the RSTP.
Application Context
Figure 4-2 shows the application context of the multicast service in an RSTP network. When
the multicast service is provided in an RSTP ring network, the multicast upstream port and the
subtending port need to be added to the user VLAN. According to the running result of the RSTP
protocol, the multicast request packets are sent from the root port or the default port (when the
device is a root bridge), and the other ports in the VLAN serve as subtending ports.

Figure 4-2 Application context of the multicast service in an RSTP network
Multicast Server
Router
0/3 0/15
C
0 S
1 R
2 B
3
IPMD UA5000_A
0/3 0/15 0/3 0/15
C C
0 S S
0
1 R 1 R
2 B 2 B
3 3
IPMD UA5000_B IPMD UA5000_C
0/3 0/15
C
0 S
R
B
IPMD UA5000_D
Modem
PC
NOTE
The procedures for configuring the four devices forming an RSTP ring network are similar. Unless
otherwise stated, all the four devices must be configured.
Procedure
Step 1 For details on configuring the RSTP ring network, see 4.2 Configuring the Multicast Service
on a Single-NE Network.
Step 2 Run the igmp uplink-port command to set port 0/3/0 on specified nodes UA5000_A and
UA5000_D on the RSTP ring network as multicast uplink ports.

Step 3 Run the igmp uplink-port-mode program command to set port 0/3/0 on specified nodes
UA5000_A and UA5000_D to be in the program mode.
Step 4 Run the igmp uplink-port-mode rstp command to set the ports on specified nodes
UA5000_B and UA5000_C on the RSTP ring network as RSTP ports.
The multicast service can run on an RSTP ring network only after a multicast uplink port is
configured as an RSTP port. After the configuration is complete, multicast packets are forwarded
from the root port.
Step 5 Run the igmp cascade-port command to configure multicast cascade ports.
Set the following ports on an RSTP ring network as multicast cascade ports. This ensures that
services are switched to a normal link when a link on the RSTP ring network fails.
l Node UA5000_A: ports 0/3/1 and 0/3/2
l Nodes UA5000_B and UA5000_C: ports 0/3/0 and 0/3/1
NOTE
The multicast cascade ports have been added to the multicast VLAN by using the port vlan command.
Step 6 Run the save command to save data.
----End

Configuration Guide-IPM CLI 5 Configuration Examples of Services
5 Configuration Examples of Services
About This Chapter
This topic describes typical services supported by the UA5000.
5.1 Configuration Example of the xDSL Internet Access Service

This topic describes how to configure the xDSL Internet access service.
5.2 Configuration Example of the Multicast Service

This topic describes how to configure the multicast service in the static configuration mode.
5.3 Configuring the VLAN Stacking Wholesale Service

This topic describes the VLAN stacking wholesale service and how to configure the VLAN
stacking wholesale service supported by the UA5000.
5.4 Configuration Example of the QinQ VLAN

This topic describes how to configure the private line service based on the QinQ feature to
provide security channel for data transmission between private networks of the enterprises.
5.5 Configuring the Triple Play

This topic describes how to configure the Triple Play service on the UA5000.
5.6 Configuration Example of the EPON Upstream Transmission

The UA5000 MiniMSAN, which is an optical network unit (ONU), provides the EPON upstream
port and works with the optical line terminal (OLT) to form an Ethernet passive optical network
(EPON) network.
5.7 Configuration Example of the GPON Upstream Transmission

The UA5000 MiniMSAN functions as the optical network unit (ONU), provides the GPON
upstream port, and works with the optical line terminal (OLT) to form the GPON.

5.1 Configuration Example of the xDSL Internet Access

Service
This topic describes how to configure the xDSL Internet access service.
5.1.1 Configuration Example of the xDSL Internet Access Service

Through PPPoE Dialup
This topic describes how to configure a user so that the user can access the UA5000 in the xDSL
mode through the PPPoE dialup and at a rate of 2048 kbit/s.
l The user accesses the Internet through the PPPoE dialup.
l PITP is enabled to protect the user account against theft and roaming.
l A traffic profile is adopted for rate limitation. The user access rate is 2048 kbit/s.
l To ensure reliability, dual GE ports are adopted for upstream transmission, and link
aggregation is configured for the two upstream ports.
Figure 5-1 shows the example network for configuring the xDSL Internet access service through
the PPPoA dialup.
Figure 5-1 Example network for configuring the xDSL Internet access service through the
PPPoA dialup
LAN Swith BRAS

0/3 0/7 0/8 0/9
0 C S V
1 S H D
R L M
B B B
IPMB UA5000
PPPoE/IPoE
Modem
PC

Prerequisite
l Sufficient license resources must be applied because the number of xDSL ports is based
on the license resources.
Procedure
Step 1 Configure a VLAN.
Configure service VLAN 50. The user packet goes upstream carrying two VLAN tags. The outer
VLAN tag identifies the service and the inner VLAN tag identifies the user. Therefore, the
attribute of service VLAN 50 is stacking. The service of each user is identified by unique S+C
and the VLAN forwarding mode is the S+C mode.
huawei(config)#mac-address learn-ability vlan-list 50 disable
Step 2 Configure upstream ports.

Add upstream ports 0/3/0 and 0/3/1 to VLAN 50. Two ports are added for the purpose of port
aggregation.
To aggregate the two upstream ports as one aggregation group, set the packet forwarding mode
of the aggregation group to egress-ingress, and set the aggregation group to work in the LACP
static mode, do as follows:
huawei(config-if-ipm-0/3)#link-aggregation 0-1 egress-ingress workmode lacp-static
NOTE
The aggregated ports must meet the following requirements:

l The ports must work in the full-duplex mode.
l The port rates must be the same and the rate of an electrical port must not be of the auto-negotiation type.
l The attributes of the ports, such as the default VLAN ID (PVID) and VLAN, must be the same.
l One port can belong to only one aggregation group.
l The port must not be a mirroring destination port.
l The optical port can be in the auto-negotiation mode and the electrical port must not be in the auto-negotiation
mode.
l The start port ID must be smaller than the end port ID.
Step 3 In the ADSL access mode, follow this procedure.

1. Configure an ADSL2+ profile. For details, see "1.11.1 Configuring ADSL2+ Profiles."
Here, the default ADSL2+ line profile (line profile 1) and the default ADSL2+ alarm profile
(alarm profile 1) are used as an example.
2. Activate the ADSL port, and bind the ADSL2+ templates.

NOTE
By default, an ADSL port is in the activated state. Before binding a template to the port, you must deactivate
the port.
In the ADSL access mode, the access port is 0/7/0.

3. Run the display traffic table command to query the existing traffic profiles in the system.
{ <cr>|to-
index<K> }:
Command:
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/EPD/
SHAPE
-----------------------------------------------------------------------------
0 cbr 2 1024 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /
off
5 ubr 2 2048 -- -- -- -- -- on /on /--
6 ubr 1 -- -- -- -- -- -- off/off/--
-----------------------------------------------------------------------------
Total Num : 7
-----------------------------------------------------------------------------
According to service requirements, the user access rate is 2048 kbit/s. The query result
shows that traffic profile 5 meets the requirements.

NOTE
l If a matched traffic profile is not available in the system, run the traffic table command to configure
a new traffic profile.
l On the UA5000, the user access rate can be limited by either a traffic profile or an ADSL line profile.
When both profiles are configured, the smaller one of the two rates configured in the profiles is adopted
as the user bandwidth. In this example, the traffic profile is used to limit the user access rate.
4. Run the service-port command to create a service port, adopt traffic profile 5, and set the
S-VLAN ID to 50. The VPI and VCI of the service port must be the same as the service
VPI and VCI of the peer modem. Assume that the service VPI and VCI of the modem are
1 and 39, and the access port ID is 0/7/0. To facilitate the maintenance of the service port,
configure the service port description.
huawei(config)#service-port vlan 50 adsl 0/7/0 vpi 1 vci 39 rx-cttr 5 tx-cttr
5
huawei(config)#service-port desc 0/7/0 vpi 1 vci 39 Vlanid:50/adsl/vpi:1vci:39/
stacking
5. Set the C-VLAN ID of the preset service port with VPI/VCI 1/39 to 10 for identifying the
user.
huawei(config)#stacking label 0/7/0 vpi 1 vci 39 10
Step 4 In the SHDSL access mode, follow this procedure.

1. Configure an SHDSL profile. For details, see "1.11.2 Configuring SHDSL Profiles." Add
SHDSL line profile 3 of the PTM type, with the maximum line rate 2048 kbit/s.
huawei(config)#shdsl line-profile quickadd 3 ptm rate 512 2048
2. Activate SHDSL port 0/7/0, and bind the preset SHDSL line profile 3 and the default
SHDSL alarm template (alarm template 1) to the port.
NOTE
By default, an SHDSL port is in the activated state. Before binding a profile or template to the port, you
must deactivate the port.
huawei(config-if-sdl-0/7)#quit
{ <cr>|to-
index<K> }:
Command:
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------

-----------------------------------------------------------------------------
SHAPE
-----------------------------------------------------------------------------
0 cbr 2 1024 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /
off
5 ubr 2 2048 -- -- -- -- -- on /on /--
6 ubr 1 -- -- -- -- -- -- off/off/--
-----------------------------------------------------------------------------
Total Num : 7
-----------------------------------------------------------------------------
NOTE
l On the UA5000, the user access rate can be limited by either a traffic profile or an SHDSL line profile.
S-VLAN ID to 50. Set the SHDSL channel mode to PTM and the service port is 0/7/0. To
facilitate the maintenance of the service port, configure the service port description.
huawei(config)#service-port vlan 50 shdsl mode ptm 0/7/0 stream rx-cttr 5 tx-
cttr 5
huawei(config)#service-port desc 0/7/0 stream Vlanid:50/shdsl/vpi:1vci:39/
stacking
5. Set the C-VLAN ID of the preset service port 0/7/0 to 10 for identifying the user.
huawei(config)#stacking label 0/7/0 10
Step 5 In the VDSL access mode, follow this procedure.

1. Configure a VDSL profile. For details, see "1.11.3 Configuring VDSL2 Profiles." Assume
that the VDSL profile ID is 3, channel mode is the interleave mode, maximum downstream
interleave delay is 8 ms, maximum upstream interleave delay is 2 ms, SNR margin is 6 dB,
minimum downstream INP is 4, and minimum upstream INP is 2.
huawei(config)#vdsl channel-profile quickadd 3 path-mode ptm interleaved-delay
8 2 inp 4 2 rate 128 10000 128 10000
2. Activate VDSL port 0/7/0, and bind the preset VDSL line template 3 and the default VDSL
alarm template (alarm template 1) to the port.

NOTE
By default, a VDSL port is in the activated state. Before binding a template to the port, you must deactivate
the port.
huawei(config-if-vdsl-0/7)#activate 0 profile-index 3
huawei(config-if-vdsl-0/7)#quit
{ <cr>|to-
index<K> }:
Command:
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
SHAPE
-----------------------------------------------------------------------------
0 cbr 2 1024 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /
off
5 ubr 2 2048 -- -- -- -- -- on /on /--
6 ubr 1 -- -- -- -- -- -- off/off/--
-----------------------------------------------------------------------------
Total Num : 7
-----------------------------------------------------------------------------

NOTE
l On the UA5000, the user access rate can be limited by either a traffic profile or a VDSL line profile.
S-VLAN ID to 50. Set the VDSL channel mode to PTM, and the service port is 0/7/0. To
huawei(config)#service-port vlan 50 vdsl mode ptm 0/7/0 stream rx-cttr 5 tx-
cttr 5
huawei(config)#service-port desc 0/7/0 stream Vlanid:50/vdsl/vpi:1vci:39/
stacking
Step 6 Configure the user account security.

The PITP P mode can be enabled to protect the user account against theft and roaming. The
RAIO mode can be customized according to actual requirements. Here, the encoding format
required by China Telecom is considered as an example. The encoding format required by China
Telecom is a customized format, corresponding to the cntel option.
huawei(config)#raio-mode cntel pitp-pmode
NOTE
For details about the PITP configuration for the user account security, see "1.13.1 Configuring Anti-Theft and
Roaming of User Account Through PITP."

huawei(config)#save
----End
Verification
l Step 1: Dial up on the modem or on the PC by using the PPPoE dialup software. After the
dialup is successful, the user can access the Internet.
l Step 2: If the dialup is performed on the modem in Step 1, do as follows: When FTP is used
to download files, after the dialup is performed on the PPPoE dialup software, the PPPoE
dialup software displays a message indicating that the dialup is successful. Then, the PC
can access the Internet in the PPPoE mode. If the dialup is performed on the PC in Step 1,
skip this step.
l Step 3: When downloading files through FTP, you can open Task Manager in Windows
and click Networking to check the link speed. Then, you can calculate the Internet access
rate by the following formula: Attainable Internet access rate = Computer network adapter
rate/48 x 53 x 8. The calculation result approximates to the planned 2048 kbit/s.
Configuration Script in the ADSL access mode:
vlan 50 smart
vlan attrib 50 stacking
mac-address learn-ability vlan-list 50 disable

port vlan 50 0/3 0

port vlan 50 0/3 1
interface ipm 0/3
link-aggregation 0-1 egress-ingress workmode lacp-static
quit
interface adsl 0/7
deactivate 0
activate 0 profile-index 1
alarm-config 0 1
quit
service-port vlan 50 adsl 0/7/0 vpi 1 vci 39 rx-cttr 5 tx-cttr 5
service-port desc 0/7/0 vpi 1 vci 39 Vlanid:50/adsl/vpi:1vci:39/stacking
stacking label 0/7/0 vpi 1 vci 39 10
pitp enable pmode
raio-mode cntel pitp-pmode
save
Configuration Script in the SHDSL access mode:

vlan 50 smart
port vlan 50 0/3 0
port vlan 50 0/3 1
interface ipm 0/3
quit
shdsl line-profile quickadd 3 ptm rate 512 2048
interface sdl 0/7
activate 0 3
alarm-config 0 1
quit
service-port vlan 50 shdsl mode ptm 0/7/0 stream rx-cttr 5 tx-cttr 5
service-port desc 0/7/0 stream Vlanid:50/shdsl/vpi:1vci:39/stacking
stacking label 0/7/0 10
pitp enable pmode
save
Configuration Script in the VDSL access mode:

vlan 50 smart
port vlan 50 0/3 0
port vlan 50 0/3 1
interface ipm 0/3
quit
vdsl line-profile quickadd 3 snr 60 0 300 60 0 300
vdsl channel-profile quickadd 3 path-mode ptm interleaved-delay 8 2 inp 4 2 rate
128 10000 128 10000 2048 2048
128 10000 128 10000
interface vdsl 0/7
deactivate 0
activate 0 template-index 3
alarm-config 0 1
quit
service-port vlan 50 vdsl mode ptm 0/7/0 stream rx-cttr 5 tx-cttr 5
service-port desc 0/7/0 stream Vlanid:50/vdsl/vpi:1vci:39/stacking
pitp enable pmode
save

5.1.2 Configuration Example of the xDSL IPoE Internet Access

Service
mode, and then access the Internet in the IPoE mode at a rate of 2048 kbit/s.
l The user accesses the Internet in the IPoE mode. The account authentication is implemented
through the DHCP option82 field.
l Double VLAN tags are added to user packets for upstream transmission, where the outer
VLAN tag identifies the service and the inner VLAN tag identifies the user. The service
of each user is identified by a unique S-VLAN+C-VLAN. This is called the 1:1 access.
l Dual GE ports are adopted for upstream transmission to ensure reliability. Link aggregation
is configured for the two upstream ports.
Figure 5-2 shows the example network for configuring the xDSL IPoE Internet access service.
Figure 5-2 Example network for configuring the xDSL IPoE Internet access service
LAN Swith BRAS

0/3 0/7 0/8 0/9
0 C S V
1 S H D
R L M
B B B
IPMB UA5000
PPPoE/IPoE
Modem
PC
Prerequisite
The number of xDSL ports is under the control of licenses. Make sure that sufficient licenses
are already requested.
Procedure
Step 1 Configure a VLAN.

Configure service VLAN 50. The user packet goes upstream carrying two VLAN tags. The outer
VLAN tag identifies the service and the inner VLAN tag identifies the user. Therefore, the
attribute of service VLAN 50 is stacking. The service of each user is identified by unique S+C
and the VLAN forwarding mode is the S+C mode.
huawei(config)#mac-address learn-ability vlan-list 50 disable

aggregation.
NOTE

mode.
Step 3 In the ADSL access mode, follow this procedure.

Here, the default ADSL2+ line profile (line profile 1) and the default ADSL2+ alarm profile
(alarm profile 1) are used as an example.
2. Activate the ADSL port, and bind the ADSL2+ templates.
NOTE
By default, an ADSL port is in the activated state. Before binding a template to the port, you must deactivate
the port.
In the ADSL access mode, the access port is 0/7/0.

{ <cr>|to-
index<K> }:
Command:


-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
SHAPE
-----------------------------------------------------------------------------
0 cbr 2 1024 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /
off
5 ubr 2 2048 -- -- -- -- -- on /on /--
6 ubr 1 -- -- -- -- -- -- off/off/--
-----------------------------------------------------------------------------
Total Num : 7
-----------------------------------------------------------------------------
NOTE
l On the UA5000, the user access rate can be limited by either a traffic profile or an ADSL line profile.
S-VLAN ID to 50. The VPI and VCI of the service port must be the same as the service
VPI and VCI of the peer modem. Assume that the service VPI and VCI of the modem are
1 and 39, and the access port ID is 0/7/0. To facilitate the maintenance of the service port,
configure the service port description.
5
huawei(config)#service-port desc 0/7/0 vpi 1 vci 39 Vlanid:50/adsl/vpi:1vci:39/
stacking

5. Set the C-VLAN ID of the preset service port with VPI/VCI 1/39 to 10 for identifying the
user.
Step 4 In the SHDSL access mode, follow this procedure.

1. Configure an SHDSL profile. For details, see "1.11.2 Configuring SHDSL Profiles." Add
SHDSL line profile 3 of the PTM type, with the maximum line rate 2048 kbit/s.
huawei(config)#shdsl line-profile quickadd 3 ptm rate 512 2048
2. Activate SHDSL port 0/7/0, and bind the preset SHDSL line profile 3 and the default
SHDSL alarm template (alarm template 1) to the port.
NOTE
By default, an SHDSL port is in the activated state. Before binding a profile or template to the port, you
must deactivate the port.
{ <cr>|to-
index<K> }:
Command:
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
SHAPE
-----------------------------------------------------------------------------
0 cbr 2 1024 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /
off
5 ubr 2 2048 -- -- -- -- -- on /on /--
6 ubr 1 -- -- -- -- -- -- off/off/--
-----------------------------------------------------------------------------
Total Num : 7


-----------------------------------------------------------------------------
NOTE
S-VLAN ID to 50. Set the SHDSL channel mode to PTM and the service port is 0/7/0. To
huawei(config)#service-port vlan 50 shdsl mode ptm 0/7/0 stream rx-cttr 5 tx-
cttr 5
huawei(config)#service-port desc 0/7/0 stream Vlanid:50/shdsl/vpi:1vci:39/
stacking
Step 5 In the VDSL access mode, follow this procedure.

1. Configure a VDSL profile. For details, see "1.11.3 Configuring VDSL2 Profiles." Assume
that the VDSL profile ID is 3, channel mode is the interleave mode, maximum downstream
interleave delay is 8 ms, maximum upstream interleave delay is 2 ms, SNR margin is 6 dB,
minimum downstream INP is 4, and minimum upstream INP is 2.
huawei(config)#vdsl channel-profile quickadd 3 path-mode ptm interleaved-delay
8 2 inp 4 2 rate 128 10000 128 10000
NOTE
By default, a VDSL port is in the activated state. Before binding a template to the port, you must deactivate
the port.
{ <cr>|to-
index<K> }:
Command:
-----------------------------------------------------------------------------

-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
SHAPE
-----------------------------------------------------------------------------
0 cbr 2 1024 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /
off
5 ubr 2 2048 -- -- -- -- -- on /on /--
6 ubr 1 -- -- -- -- -- -- off/off/--
-----------------------------------------------------------------------------
Total Num : 7
-----------------------------------------------------------------------------
NOTE
S-VLAN ID to 50. Set the VDSL channel mode to PTM, and the service port is 0/7/0. To
huawei(config)#service-port vlan 50 vdsl mode ptm 0/7/0 stream rx-cttr 5 tx-
cttr 5
huawei(config)#service-port desc 0/7/0 stream Vlanid:50/vdsl/vpi:1vci:39/
stacking
Step 6 Configure the security of user accounts.

NOTE
l In this example, the UA5000 works in the L2 DHCP mode. Therefore, the DHCP-related configurations are
not required. If the UA5000 works in the L3 DHCP mode, the DHCP-related configurations on the
UA5000 are required. For details, see "Configuring DHCP."
l For the details about the security of DHCP accounts, see "Configuring Anti-Theft or Roaming of User
Accounts Through DHCP."
Assume that the RAIO mode is the user-defined mode, the CID is the access node name frame/
slot/port:vlanid, the RID is the label of the service port where the user is connected. To enable
the DHCP option82 function with these parameters, do as follows:
huawei(config)#dhcp option82 enable
huawei(config)#raio-mode user-defined dhcp-option82
huawei(config)#raio-format dhcp-option82 cid anid frame/slot/port:vlanid
huawei(config)#raio-format dhcp-option82 rid splabel

huawei(config)#save
----End
Verification
l Step 1: After the PC NIC automatically obtains an IP address in the DHCP option82 mode
and a connection to the Internet is set up, the user can access the Internet.
l Step 2: To download a file through FTP, open Windows Task Manager and then click
Networking to observe the link rate. Calculate the Internet access rate by the formula:
attainable Internet access rate = computer NIC rate/48 x 53 x 8. The calculated result
approximates to the planned 2048 kbit/s.
Configuration Script for the ADSL access mode:
vlan 50 smart
mac-address learn-ability vlan-list 50 disable
port vlan 50 0/3 0
port vlan 50 0/3 1
interface ipm 0/3
quit
interface adsl 0/7
deactivate 0
alarm-config 0 1
quit
service-port desc 0/7/0 vpi 1 vci 39 Vlanid:50/adsl/vpi:1vci:39/stacking
dhcp option82 enable
raio-mode user-defined dhcp-option82
raio-format dhcp-option82 cid anid frame/slot/port:vlanid
raio-format dhcp-option82 rid splabel
save
Configuration Script for the SHDSL access mode:

vlan 50 smart
port vlan 50 0/3 0

port vlan 50 0/3 1

interface ipm 0/3
quit
shdsl line-profile quickadd 3 ptm rate 512 2048
interface sdl 0/7
activate 0 3
alarm-config 0 1
quit
service-port vlan 50 shdsl mode ptm 0/7/0 stream rx-cttr 5 tx-cttr 5
service-port desc 0/7/0 stream Vlanid:50/shdsl/vpi:1vci:39/stacking
save
Configuration Script for the VDSL access mode:

vlan 50 smart
port vlan 50 0/3 0
port vlan 50 0/3 1
interface ipm 0/3
quit
128 10000 128 10000 2048 2048
128 10000 128 10000
interface vdsl 0/7
deactivate 0
alarm-config 0 1
quit
service-port vlan 50 vdsl mode ptm 0/7/0 stream rx-cttr 5 tx-cttr 5
service-port desc 0/7/0 stream Vlanid:50/vdsl/vpi:1vci:39/stacking
save
5.1.3 Configuration Example of the xDSL IPoA Internet Access

Service
mode, and then access the Internet in the IPoA mode at a rate of 2048 kbit/s.
l The user accesses the Internet in the IPoA mode and obtains an IP address from the DHCP
server. The UA5000 works in the DHCP L2 mode.
l One VLAN tag is added to user packets for upstream transmission and the services of
multiple users are aggregated into one VLAN.
l DHCP option82 is enabled to protect user accounts from theft and roaming.

Figure 5-3 shows the example network for configuring the xDSL IPoA Internet access service.
Figure 5-3 Example network for configuring the xDSL IPoA Internet access service
LAN Swith BRAS

0/3 0/7
C
S
R
B
IPMB UA5000
PPPoA/IPoA
Modem
PC
Prerequisite
The number of xDSL ports is under the control of licenses. Make sure that sufficient licenses
are already requested.
Procedure
Create smart VLAN 50.

Step 2 Add two upstream ports to the VLAN.

aggregation.
static mode.
huawei(config)#link-aggregation 0/3 0 0/3 1 egress-ingress workmode lacp-static

NOTE
The aggregated ports must meet the following requirements: The ports must work in the full-duplex mode; the
port rates must be the same and the rate of an electrical port must not be of the auto-negotiation type; the attributes
of the ports, such as the default VLAN ID (PVID) and VLAN, must be the same; one port can belong to only
one aggregation group; the port must not be a mirroring destination port; the port must not be in the auto-
negotiation mode; the start port ID must be smaller than the end port ID.
Step 3 In the case of the ADSL access mode, follow this procedure.
The ID of the ADSL2+ line profile is 3, the downstream rate is 2048 kbit/s, the channel
mode is the interleave mode, the maximum interleave delay is 10 ms, and the SNR margin
is 6 dB.
huawei(config)#adsl line-profile quickadd basic-para full-rate trellis 1
bitswap
1 1 channel interleaved 100 100 adapt fixed snr 5 4 9 5 4 9 rate 2048 2048
1000 1100
2. Activate the ADSL port. The port is port 0/7/0, and ADSL line profile 3 and the default
alarm profile (alarm profile 1) are bound to the port.
NOTE
By default, a port is in the activated state. Before binding a profile to a port, you must deactivate the port.
huawei(config)#interface adsl 0/7/0
huawei(config-if-adsl-0/7/0)#deactivate 0
huawei(config-if-adsl-0/7/0)#activate 0 profile-index 3
huawei(config-if-adsl-0/7/0)#alarm-config 0 1
huawei(config-if-adsl-0/7/0)#quit
3. Run the display traffic table command to query the traffic profiles that exist in the system.
{ <cr>|to-
index<K> }:
Command:
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
SHAPE
-----------------------------------------------------------------------------
0 cbr 2 1024 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--

4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /

off
5 ubr 2 2048 -- -- -- -- -- on /on /--
6 ubr 1 -- -- -- -- -- -- off/off/--
-----------------------------------------------------------------------------
Total Num : 7
-----------------------------------------------------------------------------
According to service requirement, the user access rate is 2048 kbit/s. The query result shows
that traffic profile 5 meets the requirement.
NOTE
l If no traffic profile in the system meets the service requirement, run the traffic table command to
configure a new traffic profile.
l On the UA5000, the user access rate can be limited by either a traffic profile or an xDSL line profile.
4. Run the service-port command to create a service port. The index of the new service port
is 1, the access port is port 0/7/0, traffic profile 5 meets the service requirement, and the S-
VLAN is VLAN 50. The VPI and VCI must be the same as the management VPI and VCI
of the peer modem. Assume that the management VPI and VCI of the modem are 1 and
39. To facilitate the maintenance of the service port, configure description for the service
port.
5
huawei(config)#service-port desc 0/7/0 vpi 1 vci 39 UA5000HW/Vlanid:50/adsl/
smart
5. Set the maximum number of MAC addresses that can be learned by the service port is 16.
This parameter is to limit the maximum number of the MAC addresses that can be learned
by one account, namely, the maximum number of the PCs that can access the Internet
through one account.
Step 4 In the case of the SHDSL access mode, follow this procedure.
1. Configure an SHDSL profile. For details, see "1.11.2 Configuring SHDSL Profiles." The
ID of the SHDSL line profile is 3, the line rate is 2048 kbit/s, and the profile is used to
activate 4-wire ports.
2. Activate the SHDSL port. The port is port 0/7/0, and SHDSL line profile 3 and the default
NOTE

{ <cr>|to-
index<K> }:
Command:
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
SHAPE
-----------------------------------------------------------------------------
0 cbr 2 1024 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /
off
5 ubr 2 2048 -- -- -- -- -- on /on /--
6 ubr 1 -- -- -- -- -- -- off/off/--
-----------------------------------------------------------------------------
Total Num : 7
-----------------------------------------------------------------------------
NOTE

port.
huawei(config)#service-port vlan 50 shdsl mode atm 0/7/0 vpi 1 vci 39 rx-cttr
5 tx-cttr 5
huawei(config)#service-port desc 0/7/0 vpi 1 vci 39 UA5000HW/Vlanid:50/shdsl/
smart
5. Set the maximum number of MAC addresses that can be learned by the service port to 16.
huawei(config)#mac-address max-mac-count shdsl 0/7/0 vpi 1 vci 39 16
Step 5 In the case of the VDSL access mode, follow this procedure.
1. Configure a VDSL profile. For details, see "Configuring the VDSL2 Profile." Configure
the VDSL profile with the following parameters: Profile ID: 3; The downstream
transmission rate: 2048 kbit/s; Channel mode: interleave mode; Downstream maximum
interleave delay: 8 ms; Upstream maximum interleave delay: 2 ms; SNR margin: 6 dB;
Downstream minimum INP: 4; Upstream minimum INP: 2.
huawei(config)#vdsl channel-profile quickadd 3 path-mode atm interleaved-delay
8 2 inp 4 2 rate 128 10000 128 10000
NOTE
{ <cr>|to-
index<K> }:
Command:
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------

SHAPE
-----------------------------------------------------------------------------
0 cbr 2 1024 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /
off
5 ubr 2 2048 -- -- -- -- -- on /on /--
6 ubr 1 -- -- -- -- -- -- off/off/--
-----------------------------------------------------------------------------
Total Num : 7
-----------------------------------------------------------------------------
NOTE
port.
huawei(config)#service-port vlan 50 vdsl mode atm 0/7/0 vpi 1 vci 39 rx-cttr 5
tx-cttr 5
huawei(config)#service-port desc 0/7/0 vpi 1 vci 39 UA5000HW/Vlanid:50/vdsl/
smart
huawei(config)#mac-address max-mac-count vdsl 0/7/0 vpi 1 vci 39 16
Step 6 Enable the IPoA-IPoE protocol conversion.

This step is to configure the IPoA MAC address pool. The start MAC address in the MAC address
pool is 0000-1111-1010, and the maximum number of the MAC addresses in the MAC address
pool is 300. The IPoA-IPoE protocol conversion is enabled, the default gateway address is the
same as the IP address (192.168.1.20) of the upper-layer router, the service encapsulation mode
is LLC-IPoA, the IP address of the modem is 192.168.1.10, and the gateway IP address is
192.168.1.1.
huawei(config)#mac-pool 0 0000-1111-1010 300


dstIP 192.168.1.1
dstIP 192.168.1.1
dstIP 192.168.1.1

huawei(config)#save
----End
Verification
l Step 1: Set the VPI/VCI of the modem to 1/39, encapsulation mode to llc-ipoa, and IP
address to 192.168.1.1.
l Step 2: After the settings on the modem are complete, the network connection is
automatically set up and the user can access the Internet.
l Step 3: To download a file through FTP, open Windows Task Manager, and then click
vlan 50 smart
port vlan 50 0/3 0
port vlan 50 0/3 1
interface ipm 0/3
quit
adsl line-profile quickadd basic-para full-rate trellis 1 bitswap
1100
interface adsl 0/7
deactivate 0
alarm-config 0 1
quit
service-port desc 0/7/0 vpi 1 vci 39 UA5000HW/Vlanid:50/adsl/smart
mac-address max-mac-count adsl 0/7/0 vpi 1 vci 39 16
mac-pool 0 0000-1111-1010 300
ipoa enable
ipoa default gateway 192.168.1.20
encapsulation 0/7/0 vpi 1 vci 39 type ipoa llc srcIP 192.168.1.1
save

vlan 50 smart
port vlan 50 0/3 0
port vlan 50 0/3 1
interface ipm 0/3
quit
shdsl line-profile quickadd 3 line four-wire rate 2048 psd asymmetric transmission
annex-a&b remote enable probe enable
interface sdl 0/7
deactivate 0

activate 0 3
alarm-config 0 1
quit
service-port vlan 50 shdsl mode atm 0/7/0 vpi 1 vci 39 rx-cttr 5 tx-cttr 5
service-port desc 0/7/0 vpi 1 vci 39 UA5000HW/Vlanid:50/shdsl/smart
mac-address max-mac-count shdsl 0/7/0 vpi 1 vci 39 16
mac-pool 0 0000-1111-1010 300
ipoa enable
save

vlan 50 smart
port vlan 50 0/3 0
port vlan 50 0/3 1
interface ipm 0/3
quit
vdsl channel-profile quickadd 3 path-mode atm interleaved-delay 8 2 inp 4 2 rate
128 10000 128 10000
interface vdsl 0/7
deactivate 0
alarm-config 0 1
quit
service-port vlan 50 vdsl mode atm 0/7/0 vpi 1 vci 39 rx-cttr 5 tx-cttr 5
service-port desc 0/7/0 vpi 1 vci 39 UA5000HW/Vlanid:50/vdsl/smart
mac-address max-mac-count vdsl 0/7/0 vpi 1 vci 39 16
mac-pool 0 0000-1111-1010 300
ipoa enable
save
5.1.4 Configuration Example of the xDSL PPPoA Internet Access

Service
mode, and then access the Internet in the PPPoA mode at a rate of 2048 kbit/s.
l The user accesses the Internet in the PPPoA mode.
l User packets, which carry a single VLAN tag, are transmitted in the upstream direction,
and the services of multiple users are converged into one VLAN. This is called the N:1
access.
l PITP is enabled to protect user accounts from theft and roaming.
Figure 5-4 shows the example network for configuring the xDSL PPPoA Internet access service.

Figure 5-4 Example network for configuring the xDSL PPPoA Internet access service
LAN Swith BRAS

0/3 0/7
C
S
R
B
IPMB UA5000
PPPoA/IPoA
Modem
PC
Prerequisite
Procedure
Create smart VLAN 50.


aggregation.

NOTE

mode.
Step 3 In the case of the ADSL access mode, follow this procedure.
The ID of the ADSL2+ line profile is 3, the downstream rate is 2048 kbit/s, the channel
mode is the interleave mode, the maximum interleave delay is 10 ms, and the SNR margin
is 6 dB.
huawei(config)#adsl line-profile quickadd basic-para full-rate trellis 1
bitswap
1 1 channel interleaved 100 100 adapt fixed snr 5 4 9 5 4 9 rate 2048 2048
1000 1100
2. Activate the ADSL port. The port is port 0/7/0, and ADSL line profile 3 and the default
NOTE
huawei(config)#interface adsl 0/7/0
huawei(config-if-adsl-0/7/0)#deactivate 0
huawei(config-if-adsl-0/7/0)#activate 0 profile-index 3
huawei(config-if-adsl-0/7/0)#alarm-config 0 1
huawei(config-if-adsl-0/7/0)#quit
{ <cr>|to-
index<K> }:
Command:
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
SHAPE

-----------------------------------------------------------------------------
0 cbr 2 1024 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /
off
5 ubr 2 2048 -- -- -- -- -- on /on /--
6 ubr 1 -- -- -- -- -- -- off/off/--
-----------------------------------------------------------------------------
Total Num : 7
-----------------------------------------------------------------------------
NOTE
l On the UA5000, the user access rate can be limited by either a traffic profile or an xDSL line profile.
port.
5
huawei(config)#service-port desc 0/7/0 vpi 1 vci 39 UA5000HW/Vlanid:50/adsl/
smart
5. Set the maximum number of MAC addresses that can be learned by the service port is 16.
Step 4 In the case of the SHDSL access mode, follow this procedure.
1. Configure an SHDSL profile. For details, see "1.11.2 Configuring SHDSL Profiles." The
ID of the SHDSL line profile is 3, the line rate is 2048 kbit/s, and the profile is used to
activate 4-wire ports.
2. Activate the SHDSL port. The port is port 0/7/0, and SHDSL line profile 3 and the default
NOTE


{ <cr>|to-
index<K> }:
Command:
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
SHAPE
-----------------------------------------------------------------------------
0 cbr 2 1024 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /
off
5 ubr 2 2048 -- -- -- -- -- on /on /--
6 ubr 1 -- -- -- -- -- -- off/off/--
-----------------------------------------------------------------------------
Total Num : 7
-----------------------------------------------------------------------------
NOTE

port.
huawei(config)#service-port vlan 50 shdsl mode atm 0/7/0 vpi 1 vci 39 rx-cttr
5 tx-cttr 5
huawei(config)#service-port desc 0/7/0 vpi 1 vci 39 UA5000HW/Vlanid:50/shdsl/
smart
huawei(config)#mac-address max-mac-count shdsl 0/7/0 vpi 1 vci 39 16
Step 5 In the case of the VDSL access mode, follow this procedure.
1. Configure a VDSL profile. For details, see "Configuring the VDSL2 Profile." Configure
the VDSL profile with the following parameters: Profile ID: 3; The downstream
transmission rate: 2048 kbit/s; Channel mode: interleave mode; Downstream maximum
interleave delay: 8 ms; Upstream maximum interleave delay: 2 ms; SNR margin: 6 dB;
Downstream minimum INP: 4; Upstream minimum INP: 2.
huawei(config)#vdsl channel-profile quickadd 3 path-mode atm interleaved-delay
8 2 inp 4 2 rate 128 10000 128 10000
NOTE
{ <cr>|to-
index<K> }:
Command:
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
0 1024 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
-----------------------------------------------------------------------------

-----------------------------------------------------------------------------
SHAPE
-----------------------------------------------------------------------------
0 cbr 2 1024 -- -- -- -- -- off/off/--
1 cbr 2 2500 -- -- -- -- -- off/off/--
2 ubr 2 512 -- -- -- -- -- on /on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /on /
off
5 ubr 2 2048 -- -- -- -- -- on /on /--
6 ubr 1 -- -- -- -- -- -- off/off/--
-----------------------------------------------------------------------------
Total Num : 7
-----------------------------------------------------------------------------
NOTE
port.
huawei(config)#service-port vlan 50 vdsl mode atm 0/7/0 vpi 1 vci 39 rx-cttr 5
tx-cttr 5
huawei(config)#service-port desc 0/7/0 vpi 1 vci 39 UA5000HW/Vlanid:50/vdsl/
smart
huawei(config)#mac-address max-mac-count vdsl 0/7/0 vpi 1 vci 39 16
Step 6 Configure the PPPoA-PPPoE protocol conversion.

This step is to configure the PPPoA MAC address pool. The start MAC address in the MAC
address pool is 0000-1111-1010, and the maximum number of the MAC addresses in the MAC
address pool is 300. The PPPoA-PPPoE protocol conversion is enabled and the service
encapsulation mode is LLC.

huawei(config)#mac-pool 0 0000-1111-1010 300

huawei(config)#pppoa enable
Step 7 Configure the user account security.

The PITP P mode can be enabled to protect the user account against theft and roaming. The
RAIO mode can be customized according to actual requirements. Here, the encoding format
required by China Telecom is considered as an example. The encoding format required by China
Telecom is a customized format, corresponding to the cntel option.
huawei(config)#raio-mode cntel pitp-pmode
NOTE
For details about the PITP configuration for the user account security, see "1.13.1 Configuring Anti-Theft and
Roaming of User Account Through PITP."

huawei(config)#save
----End
Verification
l Step 1: Set the VPI/VCI of the modem to 1/39 and encapsulation mode to llc-pppoa.
Configure the user name and password used for dialing (the user name and password must
be the same as those configured on the BRAS.)
l Step 2: After the settings on the modem are complete, dialing is initialized, a network
connection is automatically set up, and the user can access the Internet.
l Step 3: To download a file through FTP, open Windows Task Manager and then click
vlan 50 smart
port vlan 50 0/3 0
port vlan 50 0/3 1
interface ipm 0/3
quit
adsl line-profile quickadd basic-para full-rate trellis 1 bitswap
1100
interface adsl 0/7
deactivate 0
alarm-config 0 1
quit
service-port desc 0/7/0 vpi 1 vci 39 UA5000HW/Vlanid:50/adsl/smart
mac-address max-mac-count adsl 0/7/0 vpi 1 vci 39 16
mac-pool 0 0000-1111-1010 300
pppoa enable
encapsulation 0/7/0 vpi 1 vci 39 type pppoa llc

pitp enable pmode

save

vlan 50 smart
port vlan 50 0/3 0
port vlan 50 0/3 1
interface ipm 0/3
quit
shdsl line-profile quickadd 3 line four-wire rate 2048 psd asymmetric transmission
annex-a&b remote enable probe enable
interface sdl 0/7
deactivate 0
activate 0 3
alarm-config 0 1
quit
service-port vlan 50 shdsl mode atm 0/7/0 vpi 1 vci 39 rx-cttr 5 tx-cttr 5
service-port desc 0/7/0 vpi 1 vci 39 UA5000HW/Vlanid:50/shdsl/smart
mac-address max-mac-count shdsl 0/7/0 vpi 1 vci 39 16
mac-pool 0 0000-1111-1010 300
pppoa enable
pitp enable pmode
save

vlan 50 smart
port vlan 50 0/3 0
port vlan 50 0/3 1
interface ipm 0/3
quit
vdsl channel-profile quickadd 3 path-mode atm interleaved-delay 8 2 inp 4 2 rate
128 10000 128 10000
interface vdsl 0/7
deactivate 0
alarm-config 0 1
quit
service-port vlan 50 vdsl mode atm 0/7/0 vpi 1 vci 39 rx-cttr 5 tx-cttr 5
service-port desc 0/7/0 vpi 1 vci 39 UA5000HW/Vlanid:50/vdsl/smart
mac-address max-mac-count vdsl 0/7/0 vpi 1 vci 39 16
mac-pool x0 0000-1111-1010 300
pppoa enable
pitp enable pmode
save
5.2 Configuration Example of the Multicast Service

This topic describes how to configure the multicast service in the static configuration mode.
l The UA5000 adopts the IGMP proxy L2 multicast protocol.
l Multicast programs are configured statically and multicast users are authenticated.

l The multicast bandwidth control is required.

l The users access the programs provided by the multicast server in the ADSL2+ IPoE mode.
Figure 5-5 shows the example network of the multicast service.
Figure 5-5 Example network of the multicast service

Program1:224.1.1.1
Program2:224.1.1.2
Program3:224.1.1.3
Multicast server
10.10.10.10
Router
0/3/1 VLAN:10 UA5000
I C
P S
M R
D B
Port:0/7/0 0/7 Port:0/7/1
Home Gateway Home Gateway
STB STB
TV TV

Prerequisites
The license for the multicast program and the multicast user is already requested and installed.
Procedure
Step 1 Configure the multicast program and multicast source.
Multicast adopts IGMP proxy and upstream port 0/3/1. Add the upstream port to VLAN 10.
Configure programs 224.1.1.1, 224.1.1.2, and 224.1.1.3 with the static attribute. Program
bandwidth is 6000 kbit/s.
huawei(config)#btv
huawei(config-btv)#igmp uplink-port 0/3/1 100
huawei(config-btv)#igmp program add name program1 ip 224.1.1.1 vlan 10 bind 0/3/1
bandwidth 6000 hostip 10.0.0.254 log enable
Step 2 Configure right profiles named music and movie with the watch right, and bind the right profiles
to the programs.
huawei(config-btv)#igmp profile rename profile1 music
huawei(config-btv)#igmp profile profile-name music program-name program1 watch
huawei(config-btv)#igmp profile profile-name music program-name program2 watch
huawei(config-btv)#igmp profile rename profile2 movie
huawei(config-btv)#igmp profile profile-name movie program-name program3 watch
huawei(config-btv)#quit
Step 3 Configure multicast users.

1. Create the service channels of the multicast users.
Create service channels that belong to VLAN 10 on ADSL2+ ports 0/7/0 and 0/7/1 and use
traffic profile 3.
3
3
2. (Optional) Configure a video service port.
This step is mandatory when you need to create an xDSL traffic flow and set its parameters
to be the same as the default values set by running the igmp video-port command.
3. Configure the attributes of the multicast users.
Configure multicast user 0/7/0 as the authentication type and with log reporting enabled.
Configure multicast user 0/7/1 as the authentication type and with log reporting enabled.
huawei(config)#btv
huawei(config-btv)#igmp user add port 0/7/0 adsl 0 35 auth log enable
huawei(config-btv)#igmp user add port 0/7/1 adsl 0 35 auth log enable
4. Bind the multicast users to the right profiles.
Bind multicast user 0/7/0 to right profile music, and multicast user 0/7/1 to right profile
movie.

huawei(config-btv)#igmp user bind-profile port 0/7/0 profile-name music

huawei(config-btv)#igmp user bind-profile port 0/7/1 profile-name movie
5. Activate the ports, and bind the ports to the line profile and alarm profile.
Bind ADSL2+ port 0/7/0 and port 0/7/1 to the default line profile (line profile 1) and the
default alarm profile (alarm profile 1).
Step 4 Save the configuration.

huawei(config)#save
----End
Result
l User 1 can watch program1 and program2 that are provided by the ISP bound to right profile
music, but user 1 cannot watch program3.
l User 2 can watch program3 that is provided by the ISP bound to right profile movie.
(config)#
vlan 10 smart
btv
igmp mode proxy
y
igmp uplink-port 0/3/1 100
igmp program add name program1 ip 224.1.1.1 vlan 10 bind 0/3/1 bandwidth 6000
hostip 10.0.0.254 log enable
igmp profile rename profile1 music
igmp profile profile-name music program-name program1 watch
igmp profile profile-name music program-name program2 watch
igmp profile rename profile2 movie
igmp profile profile-name movie program-name program3 watch
quit
btv
igmp video-port vpi 0 vci 35
igmp user add port 0/7/0 adsl 0 35 auth log enable
igmp user add port 0/7/1 adsl 0 35 auth log enable
igmp user bind-profile port 0/7/0 profile-name music
igmp user bind-profile port 0/7/1 profile-name movie
quit
interface adsl 0/7
deactivate 0
alarm-config 0 1
deactivate 1
alarm-config 1 1

quit
save
5.3 Configuring the VLAN Stacking Wholesale Service

This topic describes the VLAN stacking wholesale service and how to configure the VLAN
stacking wholesale service supported by the UA5000.
5.3.1 Configuration Example of VLAN Stacking Multi-ISP

Wholesale Access
When there are multiple ISPs in the L2 MAN, the UA5000 accesses the user to the corresponding
ISP according to certain rules.
Prerequisites
The upper-layer network must work in the L2 mode, and must forward packets according to the
VLAN and the MAC address.
l The user accesses the Internet in the PPPoE dialing mode.
l The user bandwidth is 2 Mbit/s.
l User packets carry two VLAN tags, of which the outer VLAN tag identifies the ISP and
the inner VLAN tag identifies the user.
Networking
Figure 5-6 shows the example network for configuring the VLAN stacking multi-ISP wholesale
access.
Users 1 and 2 belong to one ISP, and users 3 and 4 belong to another ISP. Based on the VLAN
stacking feature, the UA5000 adds the outer VLAN tag to differentiate ISPs and inner VLAN
tag to differentiate users and forwards the user packet to the L2 network. Then the L2 LAN
switch forwards the user packets to the specified ISP BRAS based on the outer VLAN tag. The
ISP BRASs remove the outer VLAN tag and identify the users based on the inner VLAN tag.
After passing the authentication, the users can obtain various services provided by the ISP.

Figure 5-6 Example network for configuring the VLAN stacking multi-ISP wholesale access
LSW
ISP1 VLAN ID: 60 VLAN ID: 61 ISP2
BRAS BRAS
UA5000
Modem
User 1 User 2 User 3 User 4
Procedure
Step 1 Create VLANs.
The outer VLAN IDs are 60 and 61, and the VLANs are smart VLANs.
huawei(config)#vlan 60-61 smart
It will take several minutes, and console may be timeout, please use command
idle-timeout to set time limit
Are you sure to add VLANs? (y/n)[n]:y
Step 2 Set the VLAN attribute to stacking.

huawei(config)#vlan attrib 60-61 stacking
Are you sure to continue? (y/n)[n]:y
Step 3 Add an upstream port to the VLANs.

Add upstream port 0/3/0 to VLANs 60 and 61.
huawei(config)#port vlan 60-61 0/3 0
Are you sure to add standard port(s)? (y/n)[n]:y


The profile ID is 10, the CIR is 2 Mbit/s, and packets are scheduled according to the priority
specified in the traffic profile.
huawei(config)#traffic table index 10 ip car 2048 priority 3 priority-policy tag-In-
Package
Step 5 Add service ports to the VLANs.

Add service ports to the VLANs, and use traffic profile 10 that meets the service requirements.
The VPI and the VCI are 0 and 35 respectively, the same as those on the peer modem.
Step 6 Set the inner VLAN tags.

The inner VLAN tag identifies the user. Note that the inner VLAN tag must be unique in one
ISP domain, and the inner VLAN tags can be the same in different ISP domains.


huawei(config)#save
----End
Result
After passing the authentication by the ISP1 BRAS, user 1 and user 2 can obtain the service
provided by ISP1.
After passing the authentication by the ISP2 BRAS, user 3 and user 4 can obtain the service
provided by ISP2.
[global-config]
<global-config>
vlan 60-61 smart
y
vlan attrib 60-61 stacking
y
port vlan 60-61 0/3 0
y
traffic table index 10 ip car 2048 priority 3 priority-policy tag-In-Package
save

5.3.2 Configuration Example of VLAN ID Extension

This topic describes how to configure the VLAN ID extension for increasing the number of users
that can be identified by the VLAN ID by the BRAS.
Networking
Figure 5-7 shows the example network for configuring the VLAN ID extension.
Broadband users that access the WAN through multiple UA5000s are authenticated on the BRAS
to obtain the broadband service provided by the operator. The BRAS supports the user
identification through L2 VLAN. The outer VLAN tag identifies the UA5000 that is accessed
with users, and the inner VLAN tag identifies the users of the device.
Figure 5-7 Example network for configuring the VLAN ID extension
BRAS
VLAN ID:60 VLAN ID:61
UA5000_A UA5000_B
Modem Modem
User 1 User 2 User 3 User 4
Procedure
l Configure UA5000_A.
1. Create a VLAN.
The VLAN ID is 60, and the VLAN is a smart VLAN.
2. Set the VLAN attribute as stacking.


3. Add an upstream port to the VLAN.

Add upstream port 0/3/0 to VLAN 60.
4. Add service ports to the VLAN.

Add a service port to the VLAN. The VPI and the VCI are 0 and 35 respectively, the
same as those on the peer modem.
cttr 0
cttr 0
5. Set the inner VLAN tag.

The inner VLAN tag identifies the user. Note that the inner VLAN tag must be unique
in one ISP domain, and the inner VLAN tags can be the same in different ISP domains.
6. Save the data.

huawei(config)#save
l Configure UA5000_B.
The configuration of UA5000_B is the same as the configuration of UA5000_A, and it is

not described here.
----End
Result
After passing the authentication by the BRAS, the users on UA5000_A and UA5000_B can
access the Internet.
5.4 Configuration Example of the QinQ VLAN

This topic describes how to configure the private line service based on the QinQ feature to
provide security channel for data transmission between private networks of the enterprises.
Prerequisites
The upper-layer network must work in the L2 mode, and must forward packets according to the
VLAN and the MAC address.
The private networks of enterprise A distributed in two places can communicate with each other
in the normal state.
Networking
Figure 5-8 shows the example network for configuring the private line service.
The two branches of enterprise A are connected to the MAN through the UA5000_A and
UA5000_B. On UA5000_A and UA5000_B, the attribute of the upstream VLAN of user packets

is configured as QinQ private line service. In this manner, services and BPDU packets from the
private network of the enterprise can be transparently transmitted to the peer private network.
Figure 5-8 Example network for configuring the private line service
MAN
L2/L3 L2/L3
0/3/0 0/3/0
I C
C I C
C
P S P S
S S
M R M R
R R
B B B B
0/7/0 UA5000_A 0/7/0 UA5000_B
Modem Modem
LSW LSW
Enterprise A Enterprise B
The configuration on UA5000_A is the same as the configuration on UA5000_B. The following
uses the configuration on UA5000_A as an example to describe how to configure the private
line service implemented through a QinQ VLAN.
Procedure
The VLAN ID is 50, and the VLAN is a smart VLAN.
Step 2 Set the VLAN attribute to QinQ.

huawei(config)#vlan attrib 50 q-in-q
Step 3 Enable the transparent transmission of BPDU packets.

Enable the transparent transmission of BPDU packets so that the L2 protocol packets of a private
network can be transparently transmitted through the public network. By default, the transparent
transmission of BPDU packets is disabled.
huawei(config)#bpdu tunnel enable

Step 4 Add an upstream port to the VLAN.

Add upstream port 0/3/0 to VLAN 50.

The profile ID is 10, the CIR is 2 Mbit/s, and packets are scheduled according to the priority
specified in the traffic profile.
Package
Step 6 Add a service port to the VLAN.

Add a service port to the VLAN, and use traffic profile 10 that meets the service requirements.
The VPI and the VCI are 0 and 35 respectively, the same as those on the peer modem. The user
port is 0/7/0.

huawei(config)#save
----End
Result
After the configuration, the two branches of enterprise A can communicate with each other, and
various services between private networks are implemented.
5.5 Configuring the Triple Play

This topic describes how to configure the Triple Play service on the UA5000.
Context
Triple play is a service provisioning mode in which integrated services can be provided to a user.
Currently, the prevailing integrated services include the high-speed Internet access service, voice
over IP (VoIP) service, and IPTV service.
The early broadband access provides only the high-speed Internet access service. As the Internet
is rapidly developing, it can offer much richer services, such as video (IPTV) services. The
development of multiple access modes such as ADSL2+ and VDSL2 access, and the
improvement of broadband access also lay a solid foundation for provisioning the video services.
The early voice signals are transmitted over the narrowband public switched telephone network
(PSTN). Because the PSTN is no longer developed, the services over the PSTN are shifting to
the IP network. Providing the VoIP service over broadband lines can also reduce the equipment
maintenance cost.
For the xDSL access, the UA5000 supports the following triple play modes:
l Single-PVC for multiple services: Single-PVC for multiple services is a triple play mode
in which a single PVC is adopted for carrying multiple services from the access device to
each DSL user terminal. The different services are differentiated by the Ethernet
encapsulation mode (IPoE/PPPoE), VLAN IDs carried in the packets from the DSL user
terminal and so on.

l Multi-PVC for multiple services: Multi-PVC for multiple services is a triple play mode in
which multiple PVCs are adopted for carrying multiple services from the access device to
each DSL user terminal. The Internet access service, VoIP, and IPTV services are carried
by a single PVC to the user. That is, each xDSL port is configured with at least three PVCs.
On the network side, three VLANs are created for the upstream interface to carry different
types of services.
The different services have different request on the bandwidth and priority.
l The bandwidth and delay of the VoIP service are low. High delay may cause problems such
echo, which affects the voice quality. Therefore, the priority of the VoIP service is the
highest among the triple play services.
l The bandwidth occupied by the IPTV service is relatively high, and the bit error ratio/packet
loss ratio is relatively low. If the bit error ratio/packet loss ratio is high, the video frame is
lost so that mosaic images occur or even erratic display occurs, which affects the user
experience. Therefore, the priority of the IPTV service is lower than that of the VoIP service,
but is higher than that of the Internet access service.
l The common Internet access service, such as web browsing, has low requirements on real-
time performance and lower requirements on packet loss ratio than the IPTV service
because the reliability of the transmission is ensured through the retransmission
mechanism. Therefore, the priority of the high-speed Internet access service is the lowest
among the triple play services.
5.5.1 Configuration Example of the Triple Play Application (Multi-

PVC for Multiple Services)
This topic describes how to configure the triple play application in the multi-PVC for multiple
services mode. The user home gateway is connected to multiple terminals to implement the
access of multiple services such as Internet service, VoIP service, and IPTV service.
l ADSL user 1 and ADSL user 2 are connected to the UA5000 to implement the triple play
application.
l The Internet service is provided in the PPPoE mode.
l The VoIP service and the IPTV service are provided in the DHCP mode, obtaining IP
addresses from the DHCP server in the standard DHCP mode.
l After receiving different traffic streams, the UA5000 provides different QoS guarantees to
the traffic streams according to the traffic priorities in the PVC.
Figure 5-9 shows the example network for configuring the triple play application in the multi-
PVC for multiple services mode.

Figure 5-9 Example network for configuring the triple play application in the multi-PVC for
multiple services mode
Program1:224.1.1.1
Program2:224.1.1.2
Muticast source
OSS & RADIUS Server/RADIUS Proxy
BMS
GW
IPTV DHCP IP1:20.2.2.2
Server IP2:20.2.2.3
BRAS Router VoIP DHCP IP1:20.1.1.2

Server IP2:20.1.1.3
LSW
UA5000
Home Gateway 2
Home Gateway 1 DHCP PPPoE DHCP
DHCP VPI/VCI:0/36 VPI/VCI:0/37 VPI/VCI:0/35

PPPoE DHCP VLAN:3 VLAN:2 VLAN:4
STB STB
Ephone PC TV Ephone PC TV
User 1 User 2
Procedure
l Configure the Internet service.
2. Add a traffic profile.

NOTE
Because the VoIP, IPTV, and Internet services are provided through the same port, you must set the
802.1p priority of each service. Generally, the priorities are in a descending order for the VoIP
service, IPTV service, and Internet service.
Add traffic profile 7, set the committed information rate (CIR) to 2 Mbit/s, and set the
802.1p priority of the Internet service to 1.

huawei(config)#traffic table index 7 ip car 2048 priority 1 priority-

policy pvc-Setting
3. Add a service port to the VLAN.
Add a service port to the VLAN and use the traffic profile added in the preceding step.
cttr 7
cttr 7
4. Save the data.

huawei(config)#save
l Configure the VoIP service.

Add traffic profile 8, set the CIR to 1 Mbit/s, and set the 802.1p priority of the voice
service to 6.
policy pvc-Setting
Add a service port to the VLAN 3 and use the traffic profile 8 added in the preceding
step.
cttr 8
cttr 8
4. Configure the DHCP relay.

Configure the first IP address of DHCP server 1 to 20.1.1.2, and the second IP address
to 20.1.1.3. Configure the IP address of the VLAN L3 interface to 10.1.1.1 and subnet
mask to 255.255.255.0, and bind the VLAN L3 interface to DHCP server 1.
5. Save the data.

huawei(config)#save
l Configure the IPTV service.

Add traffic profile 9 without limiting the rate of the packet, and set the 802.1p priority
of the IPTV service to 5.
huawei(config)#traffic table index 9 ip car off priority 5 priority-policy
pvc-Setting

NOTICE
On the UA5000, if the PVC is configured with a priority, the priority of the multicast
packets carried by the PVC does not take effect.
Add a service port to VLAN 4 and use traffic profile 9.

cttr 9
cttr 9

5. Configure the multicast data.

– Multicast mode: IGMP proxy
– Rights profile profile0 of multicast user 1: watch program BTV-1 only
– Multicast upstream port: 0/3/0
– Multicast program BTV-1: IP address 224.1.1.1 and source IP address 10.10.10.10
– Multicast program BTV-2: IP address 224.1.1.2 and source IP address 10.10.10.10
– Multicast user 1 and multicast user 2: added to multicast VLAN 4
huawei(config)#btv
huawei(config-btv)#igmp uplink-port-mode program
Are you sure to change the uplink port mode?(y/n)[n]:y
huawei(config-btv)#igmp program add name BTV-1 ip 224.1.1.1 vlan 4 bind
0/3/0
0/3/0
huawei(config-btv)#igmp profile profile-name profile0 program-name BTV-1
watch
huawei(config-btv)#igmp user add port 0/7/0 adsl 0 35 no-auth
huawei(config-btv)#igmp user add port 0/8/0 adsl 0 35 auth
huawei(config-btv)#igmp user bind-profile port 0/8/0 profile-name profile0
6. Save the data.

huawei(config)#save
----End

Result
After the related upstream device and downstream device are configured, the triple play
application (Internet, VoIP, and IPTV services) is available.
l The Internet user can access the Internet through PPPoE dialup.
l VoIP users can call each other.
l The IPTV user connected to port 0/7/0 can watch all the programs, and the IPTV user
connected to port 0/8/0 can watch only program BTV-1.
Internet:
vlan 2 smart
port vlan 2 0/3 0
traffic table index 7 ip car 2048 priority 1 priority-policy pvc-Setting
dhcp mode layer-3 standard
dhcp-server 1 ip 20.1.1.2 20.1.1.3
save
VoIP:
vlan 3 smart
port vlan 3 0/3 0
dhcp-server 1 ip 20.1.1.2 20.1.1.3
interface vlanif 3
dhcp-server 1
quit
save
IPTV:
vlan 4 smart
port vlan 4 0/3 0
traffic table index 9 ip car off priority 5 priority-policy pvc-Setting
dhcp-server 2 ip 20.2.2.2 20.2.2.3
interface vlanif 4
dhcp-server 2
quit
btv
igmp mode proxy
igmp uplink-port 0/3/0
igmp uplink-port-mode program
igmp program add name BTV-1 ip 224.1.1.1 vlan 4 bind 0/3/0
igmp profile profile-name profile0 program-name BTV-1 watch
igmp user add port 0/7/0 adsl 0 35 no-auth
igmp user add port 0/8/0 adsl 0 35 auth
igmp user bind-profile port 0/8/0 profile-name profile0
quit
save

5.5.2 Configuration Example of the Triple Play Application (Single-

PVC for Multiple Services)
This topic describes how to configure the triple play application in the single-PVC for multiple
services mode. The user home gateway is connected to multiple terminals to implement the
access of multiple services such as Internet service, VoIP service, and IPTV service.
Prerequisite
The service board and the upstream board must be added properly.
l ADSL user 1 and ADSL user 2 are connected to the UA5000 to implement the triple play
application.
l The Internet service is accessed in the PPPoE mode.
l The VoIP service and the IPTV service are provided in the DHCP mode, obtaining IP
addresses from the DHCP server in the standard DHCP mode.
l After receiving different traffic streams through the same PVC, the UA5000 provides
different QoS guarantees to the traffic streams according to the user-side VLANs.
NOTE
The UA5000 can differentiate services by the following means:
l Ethernet type (IPoE/PPPoE)
l User-side VLAN ID
l User-side 802.1p value
Figure 5-10 shows the example network for configuring the triple play application in the single-
PVC for multiple services mode.

Figure 5-10 Example network for configuring the triple play application in the single-PVC for
multiple services mode
Program1:224.1.1.1
Program2:224.1.1.2
Muticast source
OSS & RADIUS Server/RADIUS Proxy
BMS
GW
IPTV DHCP IP1:20.2.2.2
Server IP2:20.2.2.3
BRAS Router VoIP DHCP IP1:20.1.1.2

Server IP2:20.1.1.3
LSW
UA5000
Home Gateway 2
DHCP PPPoE DHCP

Home Gateway 1
VPI/VCI:0/35 VPI/VCI:0/35 VPI/VCI:0/35
DHCP PPPoE DHCP SVLAN:3 SVLAN:2 SVLAN:4
CVLAN:30 CVLAN20 CVLAN:40
STB STB
Ephone PC TV Ephone PC TV
User 1 User 2
Procedure
l Configure the Internet service.

NOTE
Because the VoIP, IPTV, and Internet services are provided through the same port, you must set the
802.1p priority of each service. Generally, the priorities are in a descending order for the VoIP
service, IPTV service, and Internet service.
Add traffic profile 7, set the committed information rate (CIR) to 2 Mbit/s, and set the
802.1p priority of the Internet service to 1.


policy pvc-Setting
Add a service port to VLAN 2 and use the traffic profile added in the preceding step.
huawei(config)#service-port vlan 2 adsl 0/7/0 vpi 0 vci 35 multi-service
user-vlan 20 rx-cttr 7 tx-cttr 7
4. Save the data.

huawei(config)#save
l Configure the VoIP service.

Add traffic profile 8, set the CIR to 1 Mbit/s, and set the 802.1p priority of the voice
service to 6.
policy pvc-Setting
Add a service port to the VLAN 3 and use the traffic profile 8 added in the preceding
step.

5. Save the data.

huawei(config)#save
l Configure the IPTV service.

Add traffic profile 9 without limiting the rate of the packet, and set the 802.1p priority
of the IPTV service to 5.
huawei(config)#traffic table index 9 ip car off priority 5 priority-policy
pvc-Setting

NOTICE
On the UA5000, if the PVC is configured with a priority, the priority of the multicast
packets carried by the PVC does not take effect.
Add a service port to VLAN 4 and use traffic profile 9.


5. Configure the multicast data.

– Multicast mode: IGMP proxy
– Rights profile profile0 of multicast user 1: watch program BTV-1 only
– VPI/VCI of the default multicast service port: 0/35
– User-side service encapsulation type of the default multicast service port: IPoE
– User-side VLAN ID of the default multicast service port: 40
CAUTION
Multicast video streams can be transmitted only if the parameters values of the default
multicast service port are the same as those of a service port set by running the service-
port command.
huawei(config)#btv
huawei(config-btv)#igmp uplink-port-mode program
Are you sure to change the uplink port mode?(y/n)[n]:y
huawei(config-btv)#igmp video-port user-vlan 40
0/3/0
0/3/0
huawei(config-btv)#igmp profile profile-name profile0 program-name BTV-1
watch
huawei(config-btv)#igmp user add port 0/7/0 adsl 0 35 no-auth

huawei(config-btv)#igmp user add port 0/8/0 adsl 0 35 auth

huawei(config-btv)#igmp user bind-profile port 0/8/0 profile-name profile0
6. Save the data.

huawei(config)#save
----End
Result
After the related upstream device and downstream device are configured, the triple play
application (Internet, VoIP, and IPTV services) is available.
l The Internet user can access the Internet through PPPoE dialup.
l VoIP users can call each other.
l The IPTV user connected to port 0/7/0 can watch all the programs, and the IPTV user
connected to port 0/8/0 can watch only program BTV-1.
Internet:
vlan 2 smart
port vlan 2 0/3 0
service-port vlan 2 adsl 0/7/0 vpi 0 vci 35 multi-service user-vlan 20 rx-cttr 7 tx-
cttr 7
cttr 7
dhcp-server 1 ip 20.1.1.2 20.1.1.3
save
VoIP:
vlan 3 smart
port vlan 3 0/3 0
cttr 8
cttr 8
dhcp-server 1 ip 20.1.1.2 20.1.1.3
interface vlanif 3
dhcp-server 1
quit
save
IPTV:
vlan 4 smart
port vlan 4 0/3 0
traffic table index 9 ip car off priority 5 priority-policy pvc-Setting
cttr 9
cttr 9
dhcp-server 2 ip 20.2.2.2 20.2.2.3
interface vlanif 4

dhcp-server 2
quit
btv
igmp mode proxy
igmp uplink-port 0/3/0
igmp uplink-port-mode program
igmp video-port user-vlan 40
igmp profile profile-name profile0 program-name BTV-1 watch
igmp user add port 0/7/0 adsl 0 35 no-auth
igmp user add port 0/8/0 adsl 0 35 auth
igmp user bind-profile port 0/8/0 profile-name profile0
quit
save
5.6 Configuration Example of the EPON Upstream

Transmission
The UA5000 MiniMSAN, which is an optical network unit (ONU), provides the EPON upstream
port and works with the optical line terminal (OLT) to form an Ethernet passive optical network
(EPON) network.
l The UA5000 MiniMSAN adopts the EPON upstream transmission through the EP1A
board.
l The user accesses the Internet through PPPoE dialup.
l This section describes the configuration only on the UA5000 MiniMSAN side. For the
configuration on the OLT side, see related manuals. For example, if the OLT is the
MA5680T provided by Huawei, see the MA5680T Configuration Guide.
l The configuration of UA5000 MiniMSAN_A is the same as the configuration of UA5000
MiniMSAN_B. In this section, the configuration of UA5000 MiniMSAN_A is considered
as an example.
Networking
Figure 5-11 shows the example network for configuring the EPON upstream transmission.

Figure 5-11 Example network for configuring the EPON upstream transmission
Router
OLT
EPON 0/6/0
Splitter I E C
C
P P S
S
M 1 R
D A R
EPON B
0/7/0
EPON
UA5000_A
UA5000_B
Modem
Splitter
Modem
PC PC
Phone
Prerequisite
l When the UA5000 provides the AAA function, configure the AAA by referring to
"Configuring the AAA."
l The network devices and the lines must be normal.
l The interface VLAN of the upper-layer device of the UA5000 MiniMSAN must be the
same as the VLAN configured on the upstream port on the UA5000 MiniMSAN.
Data Plan
Table 5-1 provides the data plan for configuring the EPON upstream transmission.

Table 5-1 Data plan for the configuring the EPON upstream transmission
Configuration Item Data Remarks
UA5000 MiniMSAN_A Shelf/Slot of the control Control board: Configure an

board: 0/3 upstream port and a VLAN
Shelf/Slot of the EP1A board: on the control board. The
0/6 packet is transmitted to the
EP1A board through the
backplane.
EP1A board: The EP1A
board provides the EPON
port to interconnect to the
upper-layer OLT.
Traffic profile Index: 7 Configure the access rate,

Access rate: 3072 kbit/s priority, and priority policy in
the traffic profile. When you
Priority: 6 add a service port, you can
Priority policy: Pvc-Setting specify the traffic profile to
restrict the access rate,
priority, and priority policy.
In theory, the downstream
bandwidth should be 3072
kbit/s. Therefore, you need to
configure the access rate to
3072 kbit/s in the traffic
profile. The actual qualified
rate of the port may be lower
than 96%. In this case,
increase the access rate to
meet the requirements of the
user.
Line profile Index: 1002 (the default) When you activate the ADSL
port, the ADSL port
determines the actual
transmission parameters
according to the negotiation
between the line profile and
the customer premises
equipment (CPE).

Alarm profile Index: 1 Alarm thresholds of

parameters are configured in
the alarm profile. After the
alarm profile is bound to a
port, the alarm profile
monitors the line status.
The default profile is used in
this example. All the alarm
thresholds are set to 0, which
indicates that line monitoring
is not performed.
CSRB ADSL2+ port: 0/7/0 -
VLAN ID: 10 It must be consistent with the

VPI: 0; VCI: 35 upper-layer device.
Encapsulation mode: PPPoE
EP1A Upstream port: 0/6/0 -
Procedure
Step 1 The system automatically finds the EP1A board or manually add the EP1A board and then
confirm the board. The command for adding the EP1A board is as follows.
huawei(config)#board add 0/6 h601ep1a
huawei(config)#board confirm 0/6
Step 2 Configure the service.

1. Query and configure the traffic profile.
Command:
--------------------------------------------------------------------------
--------------------------------------------------------------------------
0 960 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
7 3072 6 pvc-pri
--------------------------------------------------------------------------

--------------------------------------------------------------------------
TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/SHAPE
--------------------------------------------------------------------------
0 cbr 2 1000 -- -- -- -- -- off/--

1 cbr 2 2500 -- -- -- -- -- off/--

2 ubr 2 512 -- -- -- -- -- on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /off
5 ubr 2 2048 -- -- -- -- -- on /--
6 ubr 1 -- -- -- -- -- -- off/--
7 ubr 2 3072 -- -- -- -- -- on /--
--------------------------------------------------------------------------
Total Num : 8
--------------------------------------------------------------------------
The query result shows that traffic profile 7 is available. If no traffic profile is available,
you can run the traffic table command to create a traffic profile.
2. Configure a VLAN and add the service port and upstream port to the VLAN.
huawei(config)#service-port vlan 10 adsl 0/7/0 vpi 0 vci 35 multi-service user-
encap pppoe rx-cttr 7 tx-cttr 7
3. Configure the ADSL2+ line profile.

If no line profile is available, add a new line profile. This example uses the default line
profile 1002.
4. Bind the line profile and activate ADSL2+ port 0/7/0.
5. Bind the default alarm profile 1.


huawei(config)#save
----End
Verification
l Step 1: Configure the user account and password on the modem. Ensure that the
configuration is the same as the configuration on the BRAS; or dial up on the PC using the
PPPoE dialup software. After the dialup is successful, the user can access the Internet.
l Step 2: When FTP is used to download files, after the dialup is performed through the
PPPoE dialup software, the PPPoE dialup software prompts a message indicating that the
dialup is successful and the user can access the Internet through PPPoE dialup.
board add 0/6 h601ep1a
vlan 10 smart
port vlan 10 0/3 0
service-port vlan 10 adsl 0/7/0 vpi 0 vci 35 multi-service user-encap pppoe rx-cttr
7 tx-cttr 7
interface adsl 0/7
deactivate 0


alarm-config 0 1
quit
save
5.7 Configuration Example of the GPON Upstream

Transmission
The UA5000 MiniMSAN functions as the optical network unit (ONU), provides the GPON
upstream port, and works with the optical line terminal (OLT) to form the GPON.
l The UA5000 MiniMSAN adopts the GPON upstream transmission through the GP1A
board.
l The user accesses the Internet through PPPoE dialup.
l The GPON networking uses the P2MP technology and the access link shared by multiple
points to implement the access services. The GPON supports multiple networking modes
through subtending, including fiber to the curb (FTTC), fiber to the building (FTTB), and
fiber to the home (FTTH).
l This section describes the configuration only on the UA5000 MiniMSAN side. For the
configuration on the OLT side, see related manuals. For example, if the OLT is the
MA5680T provided by Huawei, see the MA5680T Configuration Guide.
l The configuration of UA5000 MiniMSAN_A is the same as the configuration of UA5000
MiniMSAN_B. In this section, the configuration of UA5000 MiniMSAN_A is considered
as an example.
Networking
Figure 5-12 shows the example network for configuring the GPON upstream transmission.

Figure 5-12 Example network for configuring the GPON upstream transmission
Router
OLT
GPON 0/6/0
Splitter I G C
C
P P S
S
M 1 R
GPON D A R
B
0/7/0
GPON
UA5000 _B
UA5000_A
Modem
Splitter
Modem
PC PC
Phone
Prerequisite
l The network devices and the lines must be normal.
l The interface VLAN of the upper-layer device of the UA5000 MiniMSAN must be the
same as the VLAN configured on the upstream port on the UA5000 MiniMSAN.
Data Plan
Table 5-2 provides the data plan for configuring the GPON upstream transmission.

Table 5-2 Data plan for the configuring the GPON upstream transmission
UA5000 MiniMSAN_A Shelf/Slot of the control Control board: Configure an

board: 0/3 upstream port and a VLAN
Shelf/Slot of the GP1A on the control board. The
board: 0/6 packet is transmitted to the
GP1A board through the
backplane.
GP1A board: The GP1A
board provides the GPON
port to interconnect with the
upper-layer OLT.
Traffic profile Index: 8 Configure the access rate,

Access rate: 10240 kbit/s priority, and priority policy in
the traffic profile. When you
Priority: 6 add a service port, you can
Priority policy: Pvc-Setting specify the traffic profile to
restrict the access rate,
priority, and priority policy.
In theory, the downstream
bandwidth should be 3072
kbit/s. Therefore, you need to
configure the access rate to
3072 kbit/s in the traffic
profile. The actual qualified
rate of the port may be lower
than 96%. In this case,
increase the access rate to
meet the requirements of the
user.
Line profile Index: 1002 (the default When you activate the ADSL
profile) port, the ADSL port
determines the actual
transmission parameters
according to the negotiation
between the line profile and
the customer premises
equipment (CPE).

Alarm profile Index: 1 The alarm thresholds of the

line parameters are
configured in the alarm
profile. By binding the
threshold to ports, you can
monitor the line conditions.
The default profile is used in
this example. All the alarm
thresholds are set to 0, which
indicates that line monitoring
is not performed.
CSRB ADSL2+ port: 0/7/0 -
VLAN ID: 10 They must be consistent with

VPI: 0; VCI: 35 those of the upper-layer
device.
Encapsulation mode: PPPoE
GP1A Upstream port: 0/3/0 -
Procedure
Step 1 The system automatically finds the EP1A board or manually add the EP1A board and then
confirm the board. The command for adding the EP1A board is as follows.
huawei(config)#board add 0/6 h601ep1a
Step 2 Configure the services.

1. Query the traffic profile.
Command:
--------------------------------------------------------------------------
--------------------------------------------------------------------------
0 960 6 tag-pri
1 2496 6 tag-pri
2 512 0 tag-pri
3 576 2 tag-pri
4 64 4 tag-pri
5 2048 0 tag-pri
6 -- 0 tag-pri
7 3072 6 pvc-pri
--------------------------------------------------------------------------

--------------------------------------------------------------------------
TID Service Traf CLP01PCR CLP0PCR CLP01SCR CLP0SCR MBS CDVT PPD/SHAPE
--------------------------------------------------------------------------
0 cbr 2 1000 -- -- -- -- -- off/--

1 cbr 2 2500 -- -- -- -- -- off/--

2 ubr 2 512 -- -- -- -- -- on /--
3 nrt-vbr 5 1200 -- 600 -- 250 -- on /--
4 rt-vbr 15 128 -- -- 64 300 10000000 on /off
5 ubr 2 2048 -- -- -- -- -- on /--
6 ubr 1 -- -- -- -- -- -- off/--
7 ubr 2 3072 -- -- -- -- -- on /--
--------------------------------------------------------------------------
Total Num : 8
--------------------------------------------------------------------------
2. If no proper traffic profile exists after the query, you can run the traffic table command to
create a traffic profile with index 8 and access rate 10 Mbit/s. The configuration is as
follows:
Setting
3. Create a VLAN and add the service port and the upstream port to the VLAN.
huawei(config)#service-port vlan 10 adsl 0/7/0 vpi 0 vci 35 multi-service user-
encap pppoe rx-cttr 8 tx-cttr 8
4. Configure the ADSL2+ line profile.

If no proper line profile exists in the system, you need to add a line profile. The default line
profile 1002 is used in this example.
5. Bind the line profile and activate ADSL2+ port 0/7/0.
6. Bind the default alarm profile 1.


huawei(config)#save
----End
Verification
l Step 1: Configure the user account and password on the modem. Ensure that the
configuration is the same as the configuration on the BRAS.
l Step 2: Dial up on the PC using the PPPoE dialup software. After the dialup is successful,
the user can access the Internet.
l Step 3: When FTP is used to download files, after the dialup is performed through the
PPPoE dialup software, the PPPoE dialup software prompts a message indicating that the
dialup is successful and the user can access the Internet through PPPoE dialup.
board add 0/6 h601gp1a

traffic table ip car 10240 priority 6 priority-policy pvc-Setting

vlan 10 smart
port vlan 10 0/3 0
service-port vlan 10 adsl 0/7/0 vpi 0 vci 35 multi-service user-encap pppoe rx-cttr
8 tx-cttr 8
interface adsl 0/7
deactivate 0
alarm-config 0 1
quit
save

Configuration Guide-IPM CLI 6 Configuring the Uplink Redundancy Backup
6 Configuring the Uplink Redundancy

Backup
About This Chapter
This topic describes the uplink redundancy backup and how to configure the uplink redundancy
backup on the UA5000.
Context
Uplink redundancy backup includes the following information:
l Uplink aggregation group: Aggregate multiple Ethernet ports as an aggregation group to
expand the bandwidth and balance the input and output load among member ports. In
addition, the ports in an aggregation group back up each other, which enhances the link
security.
NOTE
The IPM board supports the configuration of the aggregation group.

l Upstream port protection group: An upstream port protection group contains a working
port and a protection port. In the normal working state, the working port carries services.
When the link of the working port fails, the system automatically switches the service on
the working port to the protection port to ensure normal service transmission, thus
protecting the uplink.

NOTE
A protection group works in either of the following modes:
1. Port status detection mode
l Two ports in a protection group or the transmit ports on two boards are enabled. You can determine
whether to perform a switchover according to the port status.
l When the number of ports (in a protection group) that are in the up state on the standby board is
greater than the number of ports (in a protection group) that are in the up state on the active board,
a switchover is triggered.
2. Delay detection mode
l Only one transmit port in a protection group is enabled and the other port is disabled.
l When the enabled transmit port is in the down state, disable this transmit port and enable the other
transmit port.
l If the other transmit port is in the up state, perform the switchover. Otherwise, disable the port that
is in the up state and enable the other port to proceed with the detection.
3. Link Aggregation Control Protocol (LACP) detection mode
In this mode, the UA5000 detects port faults and triggers the switchover through the LACP protocol.
Before creating an LACP protection group, create an LACP aggregation group.
6.1 Configuring the Uplink Redundancy Backup (in the Upstream Port Aggregation Mode)
This topic describes how to back up the uplink in the upstream port aggregation mode. This is
used to protect the uplinks on the IPM board. In addition, this increases the bandwidth of the
upstream port and balances the load.
6.2 Configuring the Uplink Redundancy Backup (in the Protection Group Mode)
This topic describes how to configure a protection group of ports, which works with the active/
standby switchover mechanism to implement the service protection on an upstream port. This
is used to protect the uplinks on the IPM active and standby control boards. Three detection
modes are available, including the port status detection, delay detection, and LACP detection.
In the LACP detection mode, the upper-layer device is required to support the LACP mode.
6.3 Configuring the Uplink Redundancy Backup (in the Upstream Port Aggregation + Protection
Group Mode)
This topic describes how to set the LACP detection mode, which works with the active/standby
switchover mechanism to implement the service protection on an upstream port. This is used to
protect the uplinks of the ports on the active control board and the uplinks of the active and
standby control boards. Therefore, the reliability is high.

6.1 Configuring the Uplink Redundancy Backup (in the

Upstream Port Aggregation Mode)
This topic describes how to back up the uplink in the upstream port aggregation mode. This is
used to protect the uplinks on the IPM board. In addition, this increases the bandwidth of the
upstream port and balances the load.
Two upstream ports are on the same upstream board and they must be of the same port type.
Networking
Figure 6-1 shows the example network for configuring the uplink redundancy backup.
Figure 6-1 Example network for configuring the uplink redundancy backup
Router
I
P C
M S
R
0/3/0 B
0/3/1
UA5000
Modem
PC
Procedure
Step 1 Aggregate upstream ports.
huawei(config-if-ipm-0/3)#link-aggregation 0,1 egress-ingress

Step 3 Add an upstream port to the VLAN.

Step 4 Add a service port to the VLAN.


huawei(config)#save
----End
Verification
After the configuration, the user should be able to access the Internet. When the uplink of
upstream port 0/3/0 fails, the system automatically transfers the service carried on port 0/3/0 to
the uplink of upstream port 0/3/1 for transmission. In this manner, the user can still access the
Internet.
interface ipm 0/3
link-aggregation 0,1 egress-ingress
quit
vlan 10 smart
port vlan 10 0/3 0-1
save

Protection Group Mode)
This topic describes how to configure a protection group of ports, which works with the active/
standby switchover mechanism to implement the service protection on an upstream port. This
is used to protect the uplinks on the IPM active and standby control boards. Three detection
modes are available, including the port status detection, delay detection, and LACP detection.
In the LACP detection mode, the upper-layer device is required to support the LACP mode.
Two ports in a protection group are on two upstream boards and they must be of the same port
type.
Networking
Figure 6-2 shows the example network for setting the port state detection mode.

Figure 6-2 Example network for setting the port state detection mode
NMS
Router
0 0
1 1
0/2 0/3 UA5000

Primary IPM Secondary IPM
Procedure
Step 1 Enter the protect mode.
huawei(config)#protect
Step 2 Configure the protection group and set the port state detection mode for the protection group.
huawei(config-protect)#protect-group first 0/2/0 second 0/3/0 eth workmode
portstate enable
Step 3 Query the information about the protection group of the port.
huawei(config-protect)#display protect-group
{ <cr>|frameid/slotid<S><1,15>|frameid/slotid/portid<S><1,15> }:
Command:
display protect-group
---------------------------------------------------------------------------
NO. FirstIntf SecondIntf Enable ActiveFlag ProtectType WorkMode
---------------------------------------------------------------------------
0 0/2/0 0/3/0 Enable First ETH PortState
---------------------------------------------------------------------------
Total : 1

huawei(config-protect)#quit
huawei(config)#save
----End

Verification
When the service is interrupted due to the physical disconnection from the upper-layer device,
the configuration of the protection group implements the active/standby protection through the
switching of the service transmission from the faulty link to the standby link. This ensures the
normal transmission of the user data.
protect
protect-group first 0/2/0 second 0/3/0 eth workmode portstate enable
quit
save

Upstream Port Aggregation + Protection Group Mode)
This topic describes how to set the LACP detection mode, which works with the active/standby
switchover mechanism to implement the service protection on an upstream port. This is used to
protect the uplinks of the ports on the active control board and the uplinks of the active and
standby control boards. Therefore, the reliability is high.
Prerequisites
l The upper-layer device must be configured with LACP.
l The two control boards and the two ports in a protection group must be of the same type.
l Implement the link protection on the two control boards and on the two ports on the control
board respectively.
l If the LACP protection group triggers the protection switching, the service interruption
time is not longer than 4s.
Networking
Figure 6-3 shows the example network for configuring the uplink redundancy backup.

Figure 6-3 Example network for configuring the uplink redundancy backup
NMS
Router
0 0
UA5000
1 1
0/2 0/3
Primary IPM Secondary IPM
Procedure
Step 1 Configure the LACP static protocol on a specified port to generate the aggregation group.
Step 2 Configure the protection group and set the LACP detection mode for the protection group.
huawei(config)#protect
huawei(config-protect)#protect-group first 0/2/0 second 0/3/0 eth workmode lacp
enable
Step 3 Query the configuration information about the protection group.

huawei(config-protect)#display protect-group
---------------------------------------------------------------------------
NO. FirstIntf SecondIntf Enable ActiveFlag ProtectType WorkMode
---------------------------------------------------------------------------
0 0/ 2/0 0/ 3/0 Enable First ETH LACP
---------------------------------------------------------------------------
Total : 1
Step 4 Query the information about the aggregation group generated through the LACP static protocol.
huawei(config-protect)#quit

huawei(config)#display lacp link-aggregation summary

Actor
Priority : 32768 MAC Address: 00e0-cfc5-1999
Short Period: 1 s Long Period: 30 s
----------------------------------------------------------------
Agg Partner Partner Select Standby Load Backup Master
ID Pri MAC Ports Ports Sharing Protect Port
----------------------------------------------------------------
1 - - 0 2 YES YES 0/ 2/ 0
----------------------------------------------------------------
huawei(config)#display lacp link-aggregation verbose 1
System Priority: 32768
MAC Address : 00e0-cfc5-1999
Protect Mode : BackupProtect
Master Port: 0/2/0

Actor Port Priority : 16384 Oper-key : 1
Port Role : STANDBY Port Status: Non-C&D
Sub Port: 0/2/1

Actor Port Priority : 16384 Oper-key : 1
Port Role : STANDBY Port Status: Non-C&D

huawei(config)#save
----End
Verification
Configure the LACP detection mode to work with the active/standby switchover mechanism of
the UA5000. The service protection of the upstream port uses the LACP detection mode.
interface ipm 0/2
quit
protect
protect-group first 0/2/0 second 0/3/0 eth workmode lacp enable
display protect-group
quit
display lacp link-aggregation summary
display lacp link-aggregation verbose 1
save

Configuration Guide-IPM CLI 7 Configuration Example of Device Subtending
7 Configuration Example of Device

Subtending
Two or more UA5000s can subtend with each other through the GE port. The subtending of
UA5000s does not require the transfer board.
Prerequisites
l The network devices and lines are in the normal state.
l GE port 0/3/1 on UA5000_A and GE port 0/3/0 on UA5000_B must be of the same port
type. The port rate must be configured and the duplex mode must be configured to auto-
negotiation through the auto-neg command.
l The service configuration must be complete.
Networking
Figure 7-1 shows the example network for configuring device subtending.
NOTE
The subtending of UA5000s can be implemented through the IPMB or IPMD board. This section considers the
IPMB board as an example.

Figure 7-1 Example network for configuring device subtending
GE0/3/0
GE0/3/1
IPMB UA5000_A
GE0/3/0
IPMB UA5000_B
Procedure
1. Create a VLAN. This section considers the standard VLAN as an example.

3. Add a subtending port to the VLAN.


1. Create a VLAN. This section considers the standard VLAN as an example.

----End
Verification
After the configuration, the two subtended devices should be able to be configured with various
services and the services are in the normal state.
vlan 2 standard
port vlan 2 0/3 0
port vlan 2 0/3 1
vlan 2 standard
port vlan 2 0/3 0

Configuration Guide-IPM CLI 8 Configuring the Integrated Data and Voice Networking
8 Configuring the Integrated Data and Voice

Networking
About This Chapter
This topic describes the related operation for configuring the integrated data and voice
networking of the UA5000.
8.1 Networking
The UA5000 accesses the voice and data services through the A32 and ETDB service boards,
and then transmits the IP service upstream to the IP network through the IPM board and transmits
the traditional voice service upstream to the PSTN network through the PVM board.
8.2 Prerequisites
This topic describes the prerequisites for the integrated data and voice networking of the
UA5000.
8.3 Data Plan (IPM)

Before the service configuration, it is recommended that you plan the data for the broadband
services to be configured, such as ADSL access service and SHDSL access service. Then,
configure the service according to the data plan.
8.4 Data Plan (PVM)

Before the configuration, it is recommended that you implement the service data plan for the
required voice services such as the ISDN service. When configuring the service, configure
according to the planned data.
8.5 Configuration Procedure (IPM)

This topic describes how to configure the broadband service of the UA5000 IPM through a serial
port or a network port (Telnet) based on the planned broadband data.
8.6 Configuration Procedure (PVM)

Log in to the PVM through the serial port or the Telnet mode to configure the narrowband
services of the UA5000 according to the planned voice service data.
8.7 Verification

This topic describes how to verify the integrated data and voice networking of the UA5000. If
the broadband service is successfully configured, the user can access the Internet. If the
narrowband service is successfully configured, the user can make and receive calls.

8.1 Networking
The UA5000 accesses the voice and data services through the A32 and ETDB service boards,
and then transmits the IP service upstream to the IP network through the IPM board and transmits
the traditional voice service upstream to the PSTN network through the PVM board.
Figure 8-1 shows the integrated networking of the UA5000.
Figure 8-1 Integrated networking of the UA5000
OSS
NMS
DHCP Server
MGC Multicast Server
BRAS Router
00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17
P P I I P P A C S V E E D E T
W W P P V V S H D D D S D S
3
X X M M M M R L M T T L T S
2
B B B B B B B B B B B D B B
Splitter NT1 PBX
phone phone phone

ISDN Phone ISDN Phone
STB
PC TV
8.2 Prerequisites
This topic describes the prerequisites for the integrated data and voice networking of the
UA5000.

l The hardware commissioning must be complete, and the system must be available for
service configuration.
l The modem must be connected and must be in the normal state.
l The upper-layer devices, including the BRAS, DHCP sever, multicast sever, MGC, and
BMS workstation must work in the normal state.
8.3 Data Plan (IPM)

Before the service configuration, it is recommended that you plan the data for the broadband
services to be configured, such as ADSL access service and SHDSL access service. Then,
configure the service according to the data plan.
Table 8-1 provides the data plan for configuring the integrated data and voice network of the
UA5000.
Table 8-1 Data plan for configuring the integrated data and voice network
Item Data Remarks
Upstream port l Port number: 0/2/0 If the upstream port is a

l Rate: 100 Mbit/s GE port, use the default
configuration.
l Flow control switch state: enabled
Inband BMS l NM VLAN ID: 31 -

l type: standard
IP address of the L3 interface: 10.5.24.3
IP address of the next hop router: 10.5.24.2
IP address of the BMS host: 10.140.5.79
l Community name: public, with the -

read-only right.
l Community name: private, with the
read-write right.
l Enable the standard SNMP trap
message.
ADSL service Subscriber access port number: -

0/7/0-0/7/31
l VPI: 8
l VCI: 35
l VLAN ID: 32-63

l type: MUX
Line profile: Upstream bandwidth 512

kbit/s, downstream bandwidth 1 Mbit/s

Item Data Remarks
Alarm profile: Default alarm profile with

ID 1. Therefore, the alarm profile need not
be configured.
Traffic entry priority: 1
SHDSL service Subscriber access port number: -

0/8/0-0/8/15
VPI: 8; VCI: 35
l VLAN ID: 64-79

l type: MUX
Line profile: 1 Mbit/s
Alarm profile: Default alarm profile with

ID 1. Therefore, the alarm profile need not
be configured.
Multicast service l VLAN ID: 104 The multicast service

l type: Smart uses the DHCP mode to
obtain the IP address.
Subscriber access port number: The priority of the
0/7/0-0/7/31 multicast traffic entry is
higher than the priority
l VPI: 0 of the Internet access
l VCI: 35 subscriber.
IP address of the L3 interface: 10.2.2.1
IP addresses of the DHCP server: 10.2.2.2,

10.2.2.3
IP address of the multicast program:

224.1.1.1
Right profile name: profile0
Program name: program1
Traffic entry priority: 5
Internet access mode xDSL service: VPI 8, VCI 35, PPPoE The xDSL services use
mode, set the modem to the bridge mode. the PC dialing method.
If the modem dialing
method is required, set

Item Data Remarks
Multicast service: VPI 0, VCI 35, IPoE the modem to the

mode, set the modem to the bridge mode. bridged PPPoE mode.
Log host l IP address of log host 1: 10.188.56.40 -

l Name of log host 1: syslog-1
l IP address of log host 2: 10.188.57.40

l Name of log host 2: syslog-2
8.4 Data Plan (PVM)

Before the configuration, it is recommended that you implement the service data plan for the
required voice services such as the ISDN service. When configuring the service, configure
according to the planned data.
Table 8-2 provides the data plan for configuring the integrated data and voice networking of the
UA5000.
Table 8-2 Data plan for configuring the integrated data and voice networking
Item Data
MG interface mgid: 0
code: text
Protocol: H.248
MG port: 2944; MGC: 2944
Whether the termination ID on the MG interface supports the

layering configuration: Yes
System parameter Overseas version flag: Britain
IP address Signaling IP address of MG interface 0 of the UA5000:

133.140.24.10/24
Media IP address of MG interface 0 of the UA5000:

133.140.24.10/24
Default gateway of MG interface 0 of the UA5000:

133.140.24.1/24
IP address of the MGC: 133.140.25.10/24
(Optional)Type of IP priority and ToS priority: Default values

service (ToS) strategy

Item Data
ISDN BRA service IUA IUA link set number: 1

link parameters
IUA link number: 15
Local port number: 1401
Peer port number: 1400
ISDN PRA service IUA IUA link set number: 2

link parameters
IUA link number: 1
Local port number: 1402
Peer port number: 1404
8.5 Configuration Procedure (IPM)

This topic describes how to configure the broadband service of the UA5000 IPM through a serial
port or a network port (Telnet) based on the planned broadband data.
Procedure
Step 1 Query the host software version.
huawei(config)#display language
NOTE
If the version does not match the planned version, see the version upgrade guide to update the host software
to the planned host software version.
Step 2 Query and confirm the board.

huawei(config)#display board 0
huawei(config)#board confirm 0
Step 3 Configure the upstream port of the UA5000.

huawei(config-if-ipm-0/2)#flow-control 0
Step 4 Configure the log host.

huawei(config)#loghost add 10.188.56.40 syslog-1
huawei(config)#loghost activate ip 10.188.56.40
huawei(config)#loghost add 10.188.57.40 syslog-2
huawei(config)#loghost activate ip 10.188.57.40
Step 5 Add a standard VLAN, and assign FE ports 6 and 7 and IP upstream port 0 to the VLAN.
Step 6 Configure the inband BMS.


huawei(conffig-if-vlanif31)#ip address 10.5.24.3 255.255.255.0
huawei(conffig-if-vlanif31)#quit
huawei(config)#snmp-agent community read public
huawei(config)#snmp-agent community write private
huawei(config)#snmp-agent trap enable standard
huawei(config)#snmp-agent target-host trap address 10.140.5.79 securityname
private
huawei(config)#snmp-agent trap source vlanif 31
Step 7 Configure the ADSL service.

huawei(config)#vlan 32 to 63 mux
huawei(config)#port vlan 32 to 63 0/2 0
Package
huawei(config)#adsl line-profile add 3
Command:
adsl line-profile add
3
Start adding
profile
Press 'Q' to quit the current configuration and new configuration will be
neglected
> Do you want to name the profile (y/n)
[n]:
> Please choose default value type 0-adsl 1-adsl2+ (0~1)
[0]:
> Will you set basic configuration for modem? (y/n)[n]:
> Please select channel mode 0-interleaved 1-fast (0~1) [0]:
> Will you set interleaved delay? (y/n)
[n]:
> Please select form of transmit rate adaptation in downstream:

> 0-fixed 1-adaptAtStartup 2-adaptAtRuntime (0~2) [1]:1

> Will you set SNR margin for modem? (y/n)[n]:y
> Target SNR margin in downstream(0~15 dB) [6]:
> Minimum SNR margin in downstream (0~6 dB) [0]:
> Maximum SNR margin in downstream (6~31 dB) [31]:
> Target SNR margin in upstream (0~15 dB) [6]:
> Minimum SNR margin in upstream (0~6 dB)
[0]:
> Maximum SNR margin in upstream (6~31 dB) [31]:
> Will you set parameters for rate? (y/n)[n]:y
> Minimum transmit rate in downstream (32~8160 Kbps) [32]:
> Maximum transmit rate in downstream (32~8160 Kbps) [6144]:1024
> Minimum transmit rate in upstream (32~896 Kbps)
[32]:
> Maximum transmit rate in upstream (32~896 Kbps) [640]:512
Add profile 3 successfully
huawei(config-if-adsl-0/7)#deactivate all
huawei(config-if-adsl-0/7)#activate all profile-index 3
Step 8 Configure the SHDSL service.

huawei(config)#vlan 64 to 79 mux
huawei(config)#port vlan 64 to 79 0/2 0
huawei(config)#service-port vlan 64 shdsl 0/8/0 vpi 8 vci 35 rx-cttr 6 tx-cttr 6
huawei(config)#shdsl line-profile add 2
Command:
shdsl line-profile add
Start adding profile 2
During inputting,press 'Q' to quit,then settings at this time will be ignored
> G.SHDSL interface mode of line (1--two wire;2--four wire)
[1]:
> Do you use the default data to create a line profile?(y/n)
[y]:n
> G.SHDSL minimum line
rate
(Value must be multiple of 64,except 2312kbps,192~2304,2312 kbps)[2048]:1024
> G.SHDSL maximum line
rate
(Value must be multiple of 64,except 2312kbps,1024~2304,2312 kbps)[2048]:
1024
> Power Spectral Density mode (1--symmetric;2--asymmetric)
[1]:
> Transmission mode (1--G.991.2 Annex A;2--G.991.2 Annex
B;
3--support Annex A)
[3]:
> Remote enable (1--enabled;2--disabled)
[1]:
> Probe enable (1--disabled;2--enabled)
[1]:
> Do you config the target SNR margin?(y/n)

[n]:
Add profile 2 successfully
huawei(config-if-sdl-0/8)#deactivate all
huawei(config-if-sdl-0/8)#activate all 2
Step 9 Configure the multicast service.

Package
huawei(config)#dhcp mode layer-3 option-60
huawei(config)#dhcp domain video //Refer to the actual DHCP option60 threshold.
huawei(config-dhcp-domain-video)#dhcp-server 2
huawei(config-if-vlanif104)#dhcp domain video gateway 10.2.2.1
huawei(config-if-ipm-0/2)#native-vlan 0 vlan 104
huawei(config)#btv
huawei(config-btv)#igmp profile profile0 program-name program1 watch
huawei(config-btv)#igmp user add slot 0/7 auth
huawei(config-btv)#igmp user bind-profile slot 0/7 profile-name profile0
Step 10 Configure the Internet access mode and the multicast channel (configure the modem).
l PPPoE mode
– Set the modem to be in the bridge mode.

– Set the VPI/VCI of the WAN port on the modem to 8/35.

– Install the PPPoE dialup software on the computer terminal, and set the user name and
password.
l Multicast channel
– Set the modem to be in the bridge mode.
– Set the VPI/VCI of the WAN port on the modem to 0/35.
----End
8.6 Configuration Procedure (PVM)

Log in to the PVM through the serial port or the Telnet mode to configure the narrowband
services of the UA5000 according to the planned voice service data.
Procedure
Step 1 Configure the system networking mode to the integrated access networking.
huawei(config)#working mode integrated
Step 2 Query the host software version.

huawei(config)#display language
NOTE
If the version does not match, see the version upgrading guide to update the host software to a proper
version.
Step 3 Set the IP address of service network port.

huawei(config)#interface eth
huawei(interface-eth)#ip address 133.140.24.10 255.255.255.0 133.140.24.1 vlan_tag
1001
huawei(interface-eth)#display ip address
Step 4 Configure the QoS IP strategy.

huawei(config)#qos ip 133.140.24.10 strategy tos
Step 5 Configure the overseas version flag.

huawei(config)#system parameters 1 8
huawei(config)#display system parameters 1
Step 6 Configure the VoIP voice service.

huawei(config)#board add 0/6 a32
huawei(config)#interface h248 0
Are you sure to add MG interface? (y/n)[n]:y
huawei(config-if-h248-0)#if-h248 attribute mgip 133.140.24.10 mgport
2944 code text transfer udp domainName UA5000.com mgcip_1 133.140.25.10
mgcport_1 2944 mg-media-ip 133.140.24.10 start-nego tiate-versi 2
huawei(config-if-h248-0)#display if-h248 attribute
huawei(config-if-h248-0)#display mg-software parameter 0
huawei(config-if-h248-0)#reset
Are you sure to reset MG interface?(y/n)[n]:y
huawei(config-if-h248-0)#quit
huawei(config)#display if-h248 all
huawei(config)#esl user
huawei(config-esl-user)#mgpstnuser batadd 0/6/0 0/6/31 0 telno 12340001
huawei(config-esl-user)#display mgpstnuser 0/6

huawei(config-esl-user)#quit
huawei(config)#save
Step 7 Configure the ISDN BRA service.

huawei(config)#board add 0/12 h601dsld
huawei(config)#sigtran
huawei(config-sigtran)#iua-linkset add 1 0 pendingtime 4
huawei(config-sigtran)#iua-link add 15 1 1401 133.140.24.10 1400 133.140.25.10
huawei(config-sigtran)#display iua-link attribute
huawei(config-sigtran)#display iua-link state
huawei(config-sigtran)#quit
huawei(config-esl-user)#mgbrauser batadd 0/12/0 0/12/1 1 15
huawei(config-esl-user)#display port state 0/12
huawei(config-esl-user)#display mgbrauser 0/12
huawei(config)#save
Step 8 Configure the ISDN PRA service.

huawei(config)#board add 0/15 h601edtb
huawei(config)#interface edt 0/15
huawei(config-if-edt-0/13)#runmode indep
huawei(config-if-edt-0/13)#quit
huawei(config)#sigtran
huawei(config-sigtran)#iua-linkset add 2 0 pendingtime 4
huawei(config-sigtran)#iua-link add 1 2 1402 133.140.24.10 1404 133.140.25.10
huawei(config-sigtran)#display iua-link attribute
huawei(config-sigtran)#display iua-link state
huawei(config-sigtran)#quit
huawei(config-esl-user)#mgprauser add 0/15/0 2 10
huawei(config-esl-user)#display port state 0/15/0
huawei(config-esl-user)#display mgprauser 0/15
huawei(config)#save
----End
8.7 Verification
This topic describes how to verify the integrated data and voice networking of the UA5000. If
the broadband service is successfully configured, the user can access the Internet. If the
narrowband service is successfully configured, the user can make and receive calls.

Configuration Guide-IPM CLI A FAQ
A FAQ
A.1 How to Ensure the System and User Security Through the Proper Configuration?
A.2 How Many PVCs are Supported by Each xDSL Port?
A.3 Does the PVC Have Priority?
A.4 How to Configure the Static User?
A.5 How to Configure the Network Management VLAN?
A.6 How to Change the Network Management VLAN?
A.7 How to Change the Service VLAN to Which the xDSL Port Belongs?
A.8 How to Delete the VLAN to Which the Upstream Port Is Bound?
A.9 How to Transparently Transmit the VLAN on the IPM Board?
A.10 Why Is the Actual Rate of the User Lower Than the Rate of the Bound Line Profile?
A.11 How to Query MAC Addresses of Online Users and Query the Ports that Provide the Access
for the Users According to the MAC Addresses?
A.12 How to Delete the Service Board?

A.1 How to Ensure the System and User Security Through

the Proper Configuration?
A: The common improper configurations that affect the system security are as follows:
l The ring network detection function and the anti-MAC address-spoofing function are
disabled. When the anti-MAC address-spoofing function is disabled, the illegal user sends
the PPPoE and DHCP control packets by forging the MAC address of a legal user. In this
case, the security of the system is affected.
Run the ring check command to enable the ring network detection function on the user
side. For details, see "1.13.4 Configuring the Ring Network Detection on the User
Side."
Run the security anti-macspoofing enable command to enable the anti-MAC address-
spoofing function. For details, see "1.13.3 Configuring Anti-Malicious Attacks to
Users."
l Manage the device by using the IP addresses of the public network, and the access
authorities are not limited strictly when the ACL rule is configured. In this case, the network
is attacked.
To ensure the security of the device, manage the device by using the IP addresses of the
private network. When configuring the ACL rule, you must comply with the principle of
the minimum authorization to configure the accessible address segment. The accessible
address segment can contain only the mandatory IP addresses of the management network
segment. Other IP addresses cannot access the device management interface. For details,
see "1.12.3 Preventing the Access of Illegal Users."
l The packets that access the device management interface are not controlled so that the
device is attacked by the packets. In this case, the system is caused to be busy and the
services are affected.
Run the firewall packet-filter command to apply the packet filtering rules of the firewall
to the interface.
A.2 How Many PVCs are Supported by Each xDSL Port?

A: If the control board is the IPMB board, each xDSL port supports six PVCs. If the control
board is the IPMD board (including the H601IPMD and H612IPMD boards), each xDSL port
supports eight PVCs.
A.3 Does the PVC Have Priority?

A: The PVC has priority. Run the traffic table command to create the traffic entry and set the
priority policy to Pvc-Setting. Then, reference the corresponding traffic index when creating
the service port to configure the priority of the PVC.

A.4 How to Configure the Static User?

A: "Static" and "dynamic" refer to the modes in which the user obtains the IP address. In the
static mode, the IP address of the user is manually added on PC. Therefore, the static user is also
called the user with the fixed IP address. The user should be specified as the static user on the
BRAS. In the dynamic mode, the IP address is allocated by the BRAS and automatically obtained
on PC.
The static user is a type of user on the BRAS. The data of the static user is configured on the
BRAS. The procedure for adding a static user on the UA5000 is the same as the procedure for
adding a dynamic user on the UA5000. You need only to create a VLAN, and add the upstream
port and service port to the VLAN.
A.5 How to Configure the Network Management VLAN?

A: The procedure for configuring the network management VLAN is the same as the procedure
for configuring the service VLAN. It is recommended that you use the standard VLAN for the
network management VLAN.
The procedure for configuring the network management VLAN is as follows:

1. Run the vlan command to add the standard VLAN as the network management VLAN.
2. Run the port vlan command to add the upstream port to this VLAN.
3. Run the interface vlanif command to create the VLAN interface in the global config mode
and enter the corresponding VLANIF mode. Run the ip address command to configure
the IP address of the layer 3 interface for the network management VLAN.
NOTE
For the devices of early versions, the "network management VLAN" is called "management VLAN". The
name is unified as "network management VLAN" on the UA5000. The configuration of the "network
management VLAN" is different from the configuration of the previous "management VLAN".
A.6 How to Change the Network Management VLAN?

A: If you need to change the network management VLAN, use the new network management
VLAN when reconfiguring the BMS service by using the method of configuring the BMS
service. Configure the new network management VLAN by using the method of configuring
the network management VLAN.
NOTICE
Changing the network management VLAN interrupts the BMS service temporarily until the
configuration of the new BMS service is complete.

A.7 How to Change the Service VLAN to Which the xDSL

Port Belongs?
A: Modifying the service VLAN is modifying the service port because the port is bound to the
service VLAN through the service port. For the devices of early versions, the service port is
called PVC.
To modify the service VLAN, do as follows:
1. Run the undo service-port command to delete the service port (PVC).
2. Reconfigure the VLAN to which the xDSL belongs.
NOTE
For information about the restriction on deleting the service port, see the usage guidelines of the undo
service-port command.
A.8 How to Delete the VLAN to Which the Upstream Port

Is Bound?
A: To delete the VLAN to which the upstream port is bound, do as follows:
1. Run the undo port vlan command to delete the upstream port of the VLAN.
2. Run the undo vlan command to delete the VLAN.
A.9 How to Transparently Transmit the VLAN on the IPM

Board?
A: To transparently transmit the VLAN on the IPM board, ensure that the native VLAN of the
upstream port is different from the VLAN on the user side.
A.10 Why Is the Actual Rate of the User Lower Than the Rate
of the Bound Line Profile?
A: The UA5000 can limit the user rate through the line profile or through the traffic table. When
the user rate is limited through both the line profile and the traffic table, the actual rate of the
user is the lower rate limited by the two items. Therefore, when the actual rate of the user is
lower than the rate of the bound line profile, check the rate of the traffic table to which the
corresponding service port (PVC) of the user is bound. Then, change the traffic table or the rate
of the traffic table to which the service port is bound according to the requirement.

A.11 How to Query MAC Addresses of Online Users and

Query the Ports that Provide the Access for the Users
According to the MAC Addresses?
A: Run the display mac-address all command to query the MAC addresses of all the online
users, and then run the display location command to query the ports that provide the access for
the users according to the specified MAC addresses.
A.12 How to Delete the Service Board?

A: Delete the PVC (namely, the created service port) allocated for the board, and then delete the
board. In the case of the board that is prohibited on site, it is recommended that you delete the
board after unprohibiting the board.

Configuration Guide-IPM CLI B Acronym and Abbreviation
B Acronym and Abbreviation
AAA Authentication, Authorization and Accounting
ABR Area Border Router
ACL Access Control List
ADSL Asymmetrical Digital Subscriber Line
ADSL2+ Asymmetrical Digital Subscriber Line 2 plus
ARP Address Resolution Protocol
BMS HUAWEI iManager N2000 broadband integrated

network management system
BPDU Bridge Protocol Data Unit
BTV Broadcast TV
CAR Committed Access Rate
CC Connection Confirm
CIDR Classless Inter-Domain Routing
CLI Command Line Interface
CRC Cyclic Redundancy Code
DHCP Dynamic Host Configuration Protocol
DHCP option82 DHCP relay agent option 82

DoD Downstream on Demand
DoS Denial of Service
DR Designated Router
DSLAM Digital Subscriber Line Access Multiplexer
DU Downstream Unsolicited
EMU Environment Monitoring Unit
FE Fast Ethernet
FEC Forward Error Correction
FTP File Transfer Protocol
FIFO First In First Out
GE Gigabit Ethernet
Internet Control Message Protocol Label

ICMP
Distribution Protocol
IGMP Internet Group Management Protocol
IP Internet Protocol
IPoA Internet Protocol Over ATM
IPoE IP over Ethernet
ISP Internet Service Provider
LAN Local Area Network
MA Maintenance Association
MAC Medium Access Control
MTU Maximum Transmission Unit

NMS Network Management System
OSPF Open Shortest Path First
PITP Policy Information Transfer Protocol
PPPoA Point-to-Point Protocol Over ATM
PPPoE Point-to-Point Protocol Over Ethernet
PQ Priority Queuing
PPP Peer-Peer Protocol
QoS Quality of Service
RADIUS Remote Authentication Dial in User Service
RIP Routing Information Protocol
SNMP Simple Network Management Protocol
SSH Secure Shell
STB Set Top Box
STP Spanning Tree Protocol
TCP/IP Transmission Control Protocol/Internet Protocol
TTL Time To Live
UDP User Datagram Protocol
VLAN Virtual LAN
WRR Weighted Round Robin

xDSL x Digital Subscriber Line


UA5000 (IPM) V100R017 Configuration Guide 09

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

UA5000 (IPM) V100R017 Configuration Guide 09

Transféré par

Droits d'auteur :

Formats disponibles

UA5000 Universal Access Unit

Configuration Guide-IPM CLI

HUAWEI TECHNOLOGIES CO., LTD.

Trademarks and Permissions

Huawei Technologies Co., Ltd.

Issue 09 (2013-10-30) Huawei Proprietary and Confidential i

About This Document

The intended audience of this document is:

l Installation and commissioning engineers

Issue 09 (2013-10-30) Huawei Proprietary and Confidential ii

Indicates a hazard with a high level of risk which, if not

Indicates a hazard with a medium or low level of risk

Indicates a potentially hazardous situation that, if not

Indicates a tip that may help you solve a problem or save

Provides additional information to emphasize or

Boldface The keywords of a command line are in boldface.

Italic Command arguments are in italic.

[] Items (keywords or arguments) in square brackets [ ] are

{ x | y | ... } Alternative items are grouped in braces and separated by

[ x | y | ... ] Optional alternative items are grouped in square brackets

{ x | y | ... } * Alternative items are grouped in braces and separated by

[ x | y | ... ] * Optional alternative items are grouped in square brackets

Boldface Buttons, menus, parameters, tabs, window, and dialog

Issue 09 (2013-10-30) Huawei Proprietary and Confidential iii

> Multi-level menus are in boldface and separated by the ">"

Updates in Issue 09 (2013-10-30)

Updates in Issue 08 (2011-11-15)

Updates in Issue 07 (2010-11-30)

The following information is modified:

Updates in Issue 06 (2010-05-30)

Updates in Issue 05 (2009-04-30)

The following information is modified:

Issue 09 (2013-10-30) Huawei Proprietary and Confidential iv

l Configuring the ADSL2+ Service

Updates in Issue 04 (2008-11-20)

The following information is added:

The following information is modified:

Updates in Issue 03 (2008-08-20)

The following information is added:

The following information is modified:

Updates in Issue 02 (2008-05-20)

The following information is modified:

Issue 09 (2013-10-30) Huawei Proprietary and Confidential v

About This Document.....................................................................................................................ii

Issue 09 (2013-10-30) Huawei Proprietary and Confidential vi

1.13.4 Configuring the Ring Network Detection on the User Side....................................................................................54

3 Configuring the xDSL Internet Access Service...................................................................108

4 Configuring the Multicast Service.........................................................................................128

Issue 09 (2013-10-30) Huawei Proprietary and Confidential vii

4.4 Configuring the Multicast Service in an RSTP Network...........................................................................................147

5 Configuration Examples of Services......................................................................................150

6 Configuring the Uplink Redundancy Backup.....................................................................214

7 Configuration Example of Device Subtending...................................................................222

Issue 09 (2013-10-30) Huawei Proprietary and Confidential viii

A.9 How to Transparently Transmit the VLAN on the IPM Board?...............................................................................240

B Acronym and Abbreviation....................................................................................................242

Issue 09 (2013-10-30) Huawei Proprietary and Confidential ix

About This Chapter

1.1 Configuring the License

Issue 09 (2013-10-30) Huawei Proprietary and Confidential 1

1.8 Configuring the Ethernet Port Load Balancing

1.9 Configuring DHCP

1.10 Configuring a VLAN